Create Interactive Tour

Windows Analysis Report
https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.html

Overview

General Information

Sample URL:https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.html
Analysis ID:1655149
Infos:

Detection

Mamba2FA
Score:88
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Suricata IDS alerts for network traffic
Yara detected Mamba 2FA PaaS
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden javascript code
HTML title does not match URL
Invalid T&C link found
Suricata IDS alerts with low severity for network traffic

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 6948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2052,i,5405339047835790955,1922035241455895879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2052,i,5405339047835790955,1922035241455895879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 2848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.html" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
SourceRuleDescriptionAuthorStrings
2.8.pages.csvJoeSecurity_Mamba2FAYara detected Mamba 2FA PaaSJoe Security
    2.7.pages.csvJoeSecurity_Mamba2FAYara detected Mamba 2FA PaaSJoe Security
      No Sigma rule has matched
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-04-03T02:10:44.019225+020020566432Possible Social Engineering Attempted192.168.2.1649741104.21.18.76443TCP
      2025-04-03T02:11:09.977098+020020566432Possible Social Engineering Attempted192.168.2.1649775104.21.18.76443TCP
      2025-04-03T02:11:29.543543+020020566432Possible Social Engineering Attempted192.168.2.1649799104.21.18.76443TCP
      2025-04-03T02:11:49.340133+020020566432Possible Social Engineering Attempted192.168.2.1649826104.21.18.76443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-04-03T02:10:43.630422+020020573331Successful Credential Theft Detected192.168.2.1649739104.21.18.76443TCP

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.htmlAvira URL Cloud: detection malicious, Label: phishing
      Source: https://cloudflare-verify.rarnonalumber.com/favicon.icoAvira URL Cloud: Label: phishing
      Source: https://cloudflare-verify.rarnonalumber.com/encrypt.phpAvira URL Cloud: Label: phishing
      Source: https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_BZR&sid=93z4-nY84hfohGWfAAQcAvira URL Cloud: Label: malware
      Source: https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_BZT&sid=93z4-nY84hfohGWfAAQcAvira URL Cloud: Label: malware
      Source: https://portion.icu/socket.io/?EIO=4&transport=websocket&sid=93z4-nY84hfohGWfAAQcAvira URL Cloud: Label: malware
      Source: https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_C3m&sid=93z4-nY84hfohGWfAAQcAvira URL Cloud: Label: malware
      Source: https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_BGwAvira URL Cloud: Label: malware
      Source: https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_GSc&sid=Aqz-l4-jvMryztWWAAQfAvira URL Cloud: Label: malware
      Source: https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_GSd&sid=Aqz-l4-jvMryztWWAAQfAvira URL Cloud: Label: malware
      Source: https://portion.icu/socket.io/?EIO=4&transport=websocket&sid=Aqz-l4-jvMryztWWAAQfAvira URL Cloud: Label: malware
      Source: https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_GBdAvira URL Cloud: Label: malware
      Source: https://portion.icu/socket.io/?EIO=4&transport=websocket&sid=d9n3UOjJBenkg8YIAAQiAvira URL Cloud: Label: malware
      Source: https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_LHb&sid=d9n3UOjJBenkg8YIAAQiAvira URL Cloud: Label: malware
      Source: https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_LHc&sid=d9n3UOjJBenkg8YIAAQiAvira URL Cloud: Label: malware
      Source: https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_L0rAvira URL Cloud: Label: malware

      Phishing

      barindex
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'kitsaplawlibrary.com' does not match the legitimate domain for Microsoft., The domain 'kitsaplawlibrary.com' does not contain any elements that suggest a connection to Microsoft., The presence of an input field labeled 'Confirm Email' on a non-Microsoft domain is suspicious and could be indicative of a phishing attempt. DOM: 2.8.pages.csv
      Source: Yara matchFile source: 2.8.pages.csv, type: HTML
      Source: Yara matchFile source: 2.7.pages.csv, type: HTML
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NJoe Sandbox AI: Page contains button: 'Verifying...' Source: '2.7.pages.csv'
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NJoe Sandbox AI: Page contains button: 'Verify' Source: '2.8.pages.csv'
      Source: 2.6..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJn... The script uses the 'Function' constructor to execute dynamic code, which is a high-risk indicator of potential malicious behavior. The use of 'atob' to decode the code further suggests an attempt to obfuscate the script's purpose. This combination of dynamic code execution and obfuscation is highly suspicious and indicative of a high-risk script.
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NHTTP Parser: Number of links: 0
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NHTTP Parser: <input type="password" .../> found but no <form action="...
      Source: https://cloudflare-verify.rarnonalumber.com/421ca4369738433e33348785fe776a0c839605d59Kycuy0pGl5dMYU7RfBjnGAFd39605d5QEceopzow.htmlHTTP Parser: Base64 decoded: sv=o365_1_sp&rand=YkprcjA=&uid=USER02042025U58040232
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NHTTP Parser: Title: Authenticating ... does not match URL
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NHTTP Parser: Invalid link: Terms of use
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NHTTP Parser: Invalid link: Privacy & cookies
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NHTTP Parser: Invalid link: Terms of use
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NHTTP Parser: Invalid link: Privacy & cookies
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NHTTP Parser: <input type="password" .../> found
      Source: https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.htmlHTTP Parser: No favicon
      Source: https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.htmlHTTP Parser: No favicon
      Source: https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.htmlHTTP Parser: No favicon
      Source: https://cloudflare-verify.rarnonalumber.com/421ca4369738433e33348785fe776a0c839605d59Kycuy0pGl5dMYU7RfBjnGAFd39605d5QEceopzow.htmlHTTP Parser: No favicon
      Source: https://cloudflare-verify.rarnonalumber.com/421ca4369738433e33348785fe776a0c839605d59Kycuy0pGl5dMYU7RfBjnGAFd39605d5QEceopzow.htmlHTTP Parser: No favicon
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NHTTP Parser: No favicon
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NHTTP Parser: No favicon
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NHTTP Parser: No <meta name="author".. found
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NHTTP Parser: No <meta name="author".. found
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NHTTP Parser: No <meta name="copyright".. found
      Source: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NHTTP Parser: No <meta name="copyright".. found
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
      Source: unknownHTTPS traffic detected: 3.145.122.115:443 -> 192.168.2.16:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 3.145.122.115:443 -> 192.168.2.16:49705 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49713 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 3.145.122.115:443 -> 192.168.2.16:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49718 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49721 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.16:49723 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.18.76:443 -> 192.168.2.16:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.18.76:443 -> 192.168.2.16:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.18.76:443 -> 192.168.2.16:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 3.168.73.27:443 -> 192.168.2.16:49744 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 23.44.133.151:443 -> 192.168.2.16:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.16:49753 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.64.144.67:443 -> 192.168.2.16:49752 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 23.216.132.21:443 -> 192.168.2.16:49757 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.43.189:443 -> 192.168.2.16:49759 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.65.141:443 -> 192.168.2.16:49765 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.65.141:443 -> 192.168.2.16:49768 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.65.141:443 -> 192.168.2.16:49770 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 3.168.73.27:443 -> 192.168.2.16:49778 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49810 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49811 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49812 version: TLS 1.2
      Source: chrome.exeMemory has grown: Private usage: 1MB later: 40MB

      Networking

      barindex
      Source: Network trafficSuricata IDS: 2057333 - Severity 1 - ET PHISHING MAMBA Credential Phish Landing Page 2024-11-08 : 192.168.2.16:49739 -> 104.21.18.76:443
      Source: Network trafficSuricata IDS: 2056643 - Severity 2 - ET PHISHING Javascript Browser Fingerprinting POST Request : 192.168.2.16:49741 -> 104.21.18.76:443
      Source: Network trafficSuricata IDS: 2056643 - Severity 2 - ET PHISHING Javascript Browser Fingerprinting POST Request : 192.168.2.16:49775 -> 104.21.18.76:443
      Source: Network trafficSuricata IDS: 2056643 - Severity 2 - ET PHISHING Javascript Browser Fingerprinting POST Request : 192.168.2.16:49799 -> 104.21.18.76:443
      Source: Network trafficSuricata IDS: 2056643 - Severity 2 - ET PHISHING Javascript Browser Fingerprinting POST Request : 192.168.2.16:49826 -> 104.21.18.76:443
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.195
      Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
      Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
      Source: global trafficHTTP traffic detected: GET /ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.html HTTP/1.1Host: cloudflare-verify.rarnonalumber.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://cloudflare-verify.rarnonalumber.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://cloudflare-verify.rarnonalumber.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/64912bd87b0e/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://cloudflare-verify.rarnonalumber.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /encrypt.php HTTP/1.1Host: cloudflare-verify.rarnonalumber.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cloudflare-verify.rarnonalumber.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /encrypt.php HTTP/1.1Host: cloudflare-verify.rarnonalumber.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cloudflare-verify.rarnonalumber.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/v87j1/0x4AAAAAAAhaQk6O3Rxrh_sb/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://cloudflare-verify.rarnonalumber.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=92a457e02c0f8ccc&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/v87j1/0x4AAAAAAAhaQk6O3Rxrh_sb/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/v87j1/0x4AAAAAAAhaQk6O3Rxrh_sb/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/468408820:1743635575:eN_tXAEIWGuwmG6_ddw3XZyOtMyYl-SRX6SBwVnOEvc/92a457e02c0f8ccc/67XtbP._9fcyR0sdWjbjjmXusJamF_QrrzZlNMKTZg0-1743639029-1.1.1.1-AZR.XElpaTBbPvifNwkKL1qDxhf8H_c3e7mmxl9YPBhlJuZKUht_TY4JHgcNRUrJ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/92a457e02c0f8ccc/1743639031195/71f3a5c8d9e06809d81f34d71d22b8e295937b6713099d764246644272f1ac1a/26cvCDoy0Su1SA5 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/v87j1/0x4AAAAAAAhaQk6O3Rxrh_sb/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/92a457e02c0f8ccc/1743639031196/MDpy8t4RbSeHhov HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/v87j1/0x4AAAAAAAhaQk6O3Rxrh_sb/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/92a457e02c0f8ccc/1743639031196/MDpy8t4RbSeHhov HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/468408820:1743635575:eN_tXAEIWGuwmG6_ddw3XZyOtMyYl-SRX6SBwVnOEvc/92a457e02c0f8ccc/67XtbP._9fcyR0sdWjbjjmXusJamF_QrrzZlNMKTZg0-1743639029-1.1.1.1-AZR.XElpaTBbPvifNwkKL1qDxhf8H_c3e7mmxl9YPBhlJuZKUht_TY4JHgcNRUrJ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /421ca4369738433e33348785fe776a0c839605d59Kycuy0pGl5dMYU7RfBjnGAFd39605d5QEceopzow.html HTTP/1.1Host: cloudflare-verify.rarnonalumber.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/0h5gj/xsb/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://cloudflare-verify.rarnonalumber.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123N HTTP/1.1Host: kitsaplawlibrary.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://cloudflare-verify.rarnonalumber.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /files/images/Logo.png HTTP/1.1Host: kitsaplawlibrary.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /files/images/Logo.png HTTP/1.1Host: kitsaplawlibrary.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /4.7.5/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-aliveOrigin: https://kitsaplawlibrary.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://kitsaplawlibrary.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /w3css/4/w3.css HTTP/1.1Host: www.w3schools.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://kitsaplawlibrary.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /ajax/libs/font-awesome/6.1.1/css/all.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://kitsaplawlibrary.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: kitsaplawlibrary.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123NAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://kitsaplawlibrary.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /image.3812524360.1168/raf,360x360,075,t,fafafa:ca443f4786.jpg HTTP/1.1Host: ih1.redbubble.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://kitsaplawlibrary.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /image.3812524360.1168/raf,360x360,075,t,fafafa:ca443f4786.jpg HTTP/1.1Host: ih1.redbubble.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=e23NOHsKW.Kbn36C3YueFqm5ISj0lIUNcnKa2YKtFRQ-1743639046-1.0.1.1-kfmQ5E962es3fZcmoBOWEGENsgDWl84JOy0Xaj0WLmvTkKKUEZ9IFFP2Bp7007GIBGH4qIEUZDsF2K0J7qm8.sdiw6KtyTJRMlh1W1Zg_Xk
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PNu_BGw HTTP/1.1Host: portion.icuConnection: keep-aliveAuth_UID: USER02042025U58040232Session_Email: yourmama@microsoft.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://kitsaplawlibrary.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://kitsaplawlibrary.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=websocket&sid=93z4-nY84hfohGWfAAQc HTTP/1.1Host: portion.icuConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://kitsaplawlibrary.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: lNFrJ390l0mYcFvGhoEOsQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PNu_BGw HTTP/1.1Host: portion.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PNu_BZR&sid=93z4-nY84hfohGWfAAQc HTTP/1.1Host: portion.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PNu_BZT&sid=93z4-nY84hfohGWfAAQc HTTP/1.1Host: portion.icuConnection: keep-aliveAuth_UID: USER02042025U58040232Session_Email: yourmama@microsoft.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://kitsaplawlibrary.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://kitsaplawlibrary.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PNu_GBd HTTP/1.1Host: portion.icuConnection: keep-aliveAuth_UID: USER02042025U58040232Session_Email: yourmama21@microsoft.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://kitsaplawlibrary.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://kitsaplawlibrary.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=websocket&sid=Aqz-l4-jvMryztWWAAQf HTTP/1.1Host: portion.icuConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://kitsaplawlibrary.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: zwwOXbjRPnL7WqFfRNacQg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PNu_GBd HTTP/1.1Host: portion.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PNu_GSd&sid=Aqz-l4-jvMryztWWAAQf HTTP/1.1Host: portion.icuConnection: keep-aliveAuth_UID: USER02042025U58040232Session_Email: yourmama21@microsoft.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://kitsaplawlibrary.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://kitsaplawlibrary.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PNu_GSc&sid=Aqz-l4-jvMryztWWAAQf HTTP/1.1Host: portion.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PNu_GSd&sid=Aqz-l4-jvMryztWWAAQf HTTP/1.1Host: portion.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PNu_L0r HTTP/1.1Host: portion.icuConnection: keep-aliveAuth_UID: USER02042025U58040232Session_Email: billgates@microsoft.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://kitsaplawlibrary.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://kitsaplawlibrary.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PNu_L0r HTTP/1.1Host: portion.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=websocket&sid=d9n3UOjJBenkg8YIAAQi HTTP/1.1Host: portion.icuConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://kitsaplawlibrary.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: yQBpXmsjMwhLswVSW/kWqA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PNu_LHc&sid=d9n3UOjJBenkg8YIAAQi HTTP/1.1Host: portion.icuConnection: keep-aliveAuth_UID: USER02042025U58040232Session_Email: billgates@microsoft.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://kitsaplawlibrary.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://kitsaplawlibrary.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PNu_LHb&sid=d9n3UOjJBenkg8YIAAQi HTTP/1.1Host: portion.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /socket.io/?EIO=4&transport=polling&t=PNu_LHc&sid=d9n3UOjJBenkg8YIAAQi HTTP/1.1Host: portion.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficDNS traffic detected: DNS query: cloudflare-verify.rarnonalumber.com
      Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
      Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: kitsaplawlibrary.com
      Source: global trafficDNS traffic detected: DNS query: cdn.socket.io
      Source: global trafficDNS traffic detected: DNS query: www.w3schools.com
      Source: global trafficDNS traffic detected: DNS query: ih1.redbubble.net
      Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
      Source: global trafficDNS traffic detected: DNS query: portion.icu
      Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
      Source: unknownHTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/flow/ov1/468408820:1743635575:eN_tXAEIWGuwmG6_ddw3XZyOtMyYl-SRX6SBwVnOEvc/92a457e02c0f8ccc/67XtbP._9fcyR0sdWjbjjmXusJamF_QrrzZlNMKTZg0-1743639029-1.1.1.1-AZR.XElpaTBbPvifNwkKL1qDxhf8H_c3e7mmxl9YPBhlJuZKUht_TY4JHgcNRUrJ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3605sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8cf-chl: 67XtbP._9fcyR0sdWjbjjmXusJamF_QrrzZlNMKTZg0-1743639029-1.1.1.1-AZR.XElpaTBbPvifNwkKL1qDxhf8H_c3e7mmxl9YPBhlJuZKUht_TY4JHgcNRUrJcf-chl-ra: 0sec-ch-ua-mobile: ?0Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/v87j1/0x4AAAAAAAhaQk6O3Rxrh_sb/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 03 Apr 2025 00:10:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gQU7Fhp2AOf2AFA%2BEnCUL%2FKleH7u%2FAsBc4WBXlBqFllDTwvSnklC%2BTHgbE5EL0OFKiEUJKxnQ0EsrG8JK%2B4cKiM3vdEflvXFGV8W%2B2GWNa6ws20gUma8fnEtMeYhXMWSTSUO7GUcig%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 92a45848ea2c0f7d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=97113&min_rtt=96825&rtt_var=20853&sent=7&recv=8&lost=0&retrans=1&sent_bytes=3218&recv_bytes=1256&delivery_rate=3102&cwnd=217&unsent_bytes=0&cid=d35de48c2ba84678&ts=2626&x=0"
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 3.145.122.115:443 -> 192.168.2.16:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 3.145.122.115:443 -> 192.168.2.16:49705 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49713 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 3.145.122.115:443 -> 192.168.2.16:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49718 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49721 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.16:49723 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.18.76:443 -> 192.168.2.16:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.18.76:443 -> 192.168.2.16:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.18.76:443 -> 192.168.2.16:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 3.168.73.27:443 -> 192.168.2.16:49744 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 23.44.133.151:443 -> 192.168.2.16:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.16:49753 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.64.144.67:443 -> 192.168.2.16:49752 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 23.216.132.21:443 -> 192.168.2.16:49757 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.43.189:443 -> 192.168.2.16:49759 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.65.141:443 -> 192.168.2.16:49765 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.65.141:443 -> 192.168.2.16:49768 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.65.141:443 -> 192.168.2.16:49770 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 3.168.73.27:443 -> 192.168.2.16:49778 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49810 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49811 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49812 version: TLS 1.2
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6948_1778701117
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6948_1778701117
      Source: classification engineClassification label: mal88.phis.win@28/23@46/272
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2052,i,5405339047835790955,1922035241455895879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:3
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.html"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2052,i,5405339047835790955,1922035241455895879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2052,i,5405339047835790955,1922035241455895879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:3
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-pre-read-main-dll --field-trial-handle=2052,i,5405339047835790955,1922035241455895879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
      Browser Extensions
      1
      Process Injection
      12
      Masquerading
      OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel
      Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      Extra Window Memory Injection
      1
      Process Injection
      LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
      Non-Application Layer Protocol
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      File Deletion
      Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
      Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Extra Window Memory Injection
      NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Ingress Tool Transfer
      Traffic DuplicationData Destruction

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.html100%Avira URL Cloudphishing
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      SourceDetectionScannerLabelLink
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/v87j1/0x4AAAAAAAhaQk6O3Rxrh_sb/auto/fbE/new/normal/auto/0%Avira URL Cloudsafe
      https://cloudflare-verify.rarnonalumber.com/favicon.ico100%Avira URL Cloudphishing
      https://cloudflare-verify.rarnonalumber.com/encrypt.php100%Avira URL Cloudphishing
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=92a457e02c0f8ccc&lang=auto0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/468408820:1743635575:eN_tXAEIWGuwmG6_ddw3XZyOtMyYl-SRX6SBwVnOEvc/92a457e02c0f8ccc/67XtbP._9fcyR0sdWjbjjmXusJamF_QrrzZlNMKTZg0-1743639029-1.1.1.1-AZR.XElpaTBbPvifNwkKL1qDxhf8H_c3e7mmxl9YPBhlJuZKUht_TY4JHgcNRUrJ0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/92a457e02c0f8ccc/1743639031195/71f3a5c8d9e06809d81f34d71d22b8e295937b6713099d764246644272f1ac1a/26cvCDoy0Su1SA50%Avira URL Cloudsafe
      https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123N0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/92a457e02c0f8ccc/1743639031196/MDpy8t4RbSeHhov0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/0h5gj/xsb/auto/fbE/new/normal/auto/0%Avira URL Cloudsafe
      https://kitsaplawlibrary.com/favicon.ico0%Avira URL Cloudsafe
      https://kitsaplawlibrary.com/files/images/Logo.png0%Avira URL Cloudsafe
      https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg0%Avira URL Cloudsafe
      https://ih1.redbubble.net/image.3812524360.1168/raf,360x360,075,t,fafafa:ca443f4786.jpg0%Avira URL Cloudsafe
      https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_BZR&sid=93z4-nY84hfohGWfAAQc100%Avira URL Cloudmalware
      https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_BZT&sid=93z4-nY84hfohGWfAAQc100%Avira URL Cloudmalware
      https://portion.icu/socket.io/?EIO=4&transport=websocket&sid=93z4-nY84hfohGWfAAQc100%Avira URL Cloudmalware
      https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_C3m&sid=93z4-nY84hfohGWfAAQc100%Avira URL Cloudmalware
      https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_BGw100%Avira URL Cloudmalware
      https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_GSc&sid=Aqz-l4-jvMryztWWAAQf100%Avira URL Cloudmalware
      https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_GSd&sid=Aqz-l4-jvMryztWWAAQf100%Avira URL Cloudmalware
      https://portion.icu/socket.io/?EIO=4&transport=websocket&sid=Aqz-l4-jvMryztWWAAQf100%Avira URL Cloudmalware
      https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_GBd100%Avira URL Cloudmalware
      https://a.nel.cloudflare.com/report/v4?s=ZVG7b%2Fsi1Bende409yCuMHDE2mdNrm3liGhX1YmwATtG7vS4y7oC7ya48jJqB5tICY%2B%2FlAlX5QTadCtd1okmUuIQygqNOdy6V7vjsWcPtE%2F032StMfjjitWOX3IkgQ%3D%3D0%Avira URL Cloudsafe
      https://a.nel.cloudflare.com/report/v4?s=2jbua%2Fg%2BqizB33q73HklpH7nq%2BEqqNrdha2sjWKMia9%2F6S6jOL7yGh7zIRlzFgyH6Cjexjl39DFl%2BFIF1RqvMgcAyRifN0Rb87ilsKIddMA43wbxyDHjVkvr3lRjbg%3D%3D0%Avira URL Cloudsafe
      https://a.nel.cloudflare.com/report/v4?s=zNF%2F2I%2BfGObVqtHPFaJGkn8sFF6xXsRv4KktGMiq7x1frHzsTNNzItWLTzyKW0jiFniz%2FQ%2FfvX5JktrWP3Ui%2FTENC7CFIZjK9OJoo5HA5uokqpi4gPE9AdMemMAS6Zf7LwjqnUDerQ%3D%3D0%Avira URL Cloudsafe
      https://portion.icu/socket.io/?EIO=4&transport=websocket&sid=d9n3UOjJBenkg8YIAAQi100%Avira URL Cloudmalware
      https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_LHb&sid=d9n3UOjJBenkg8YIAAQi100%Avira URL Cloudmalware
      https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_LHc&sid=d9n3UOjJBenkg8YIAAQi100%Avira URL Cloudmalware
      https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_L0r100%Avira URL Cloudmalware
      NameIPActiveMaliciousAntivirus DetectionReputation
      s-part-0012.t-0009.t-msedge.net
      13.107.246.40
      truefalse
        high
        portion.icu
        104.21.65.141
        truefalse
          unknown
          e329293.dscd.akamaiedge.net
          23.209.72.9
          truefalse
            high
            a.nel.cloudflare.com
            35.190.80.1
            truefalse
              high
              d2vgu95hoyrpkh.cloudfront.net
              3.168.73.27
              truefalse
                high
                cdnjs.cloudflare.com
                104.17.24.14
                truefalse
                  high
                  challenges.cloudflare.com
                  104.18.94.41
                  truefalse
                    high
                    ih1.redbubble.net
                    172.64.144.67
                    truefalse
                      unknown
                      www.google.com
                      142.251.32.100
                      truefalse
                        high
                        cloudflare-verify.rarnonalumber.com
                        3.145.122.115
                        truefalse
                          unknown
                          kitsaplawlibrary.com
                          104.21.18.76
                          truetrue
                            unknown
                            a1400.dscb.akamai.net
                            23.44.133.151
                            truefalse
                              high
                              aadcdn.msftauth.net
                              unknown
                              unknownfalse
                                high
                                www.w3schools.com
                                unknown
                                unknownfalse
                                  high
                                  cdn.socket.io
                                  unknown
                                  unknownfalse
                                    high
                                    NameMaliciousAntivirus DetectionReputation
                                    https://a.nel.cloudflare.com/report/v4?s=ZVG7b%2Fsi1Bende409yCuMHDE2mdNrm3liGhX1YmwATtG7vS4y7oC7ya48jJqB5tICY%2B%2FlAlX5QTadCtd1okmUuIQygqNOdy6V7vjsWcPtE%2F032StMfjjitWOX3IkgQ%3D%3Dfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://portion.icu/socket.io/?EIO=4&transport=websocket&sid=d9n3UOjJBenkg8YIAAQitrue
                                    • Avira URL Cloud: malware
                                    unknown
                                    https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_LHb&sid=d9n3UOjJBenkg8YIAAQitrue
                                    • Avira URL Cloud: malware
                                    unknown
                                    https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.jsfalse
                                      high
                                      https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.cssfalse
                                        high
                                        https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_LHc&sid=d9n3UOjJBenkg8YIAAQitrue
                                        • Avira URL Cloud: malware
                                        unknown
                                        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/v87j1/0x4AAAAAAAhaQk6O3Rxrh_sb/auto/fbE/new/normal/auto/false
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_BZR&sid=93z4-nY84hfohGWfAAQctrue
                                        • Avira URL Cloud: malware
                                        unknown
                                        https://www.w3schools.com/w3css/4/w3.cssfalse
                                          high
                                          https://portion.icu/socket.io/?EIO=4&transport=websocket&sid=93z4-nY84hfohGWfAAQctrue
                                          • Avira URL Cloud: malware
                                          unknown
                                          https://challenges.cloudflare.com/turnstile/v0/g/64912bd87b0e/api.jsfalse
                                            high
                                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=92a457e02c0f8ccc&lang=autofalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.htmltrue
                                              unknown
                                              https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_GSd&sid=Aqz-l4-jvMryztWWAAQftrue
                                              • Avira URL Cloud: malware
                                              unknown
                                              https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_BZT&sid=93z4-nY84hfohGWfAAQctrue
                                              • Avira URL Cloud: malware
                                              unknown
                                              https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_L0rtrue
                                              • Avira URL Cloud: malware
                                              unknown
                                              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/92a457e02c0f8ccc/1743639031196/MDpy8t4RbSeHhovfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://cdn.socket.io/4.7.5/socket.io.min.jsfalse
                                                high
                                                https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_BGwtrue
                                                • Avira URL Cloud: malware
                                                unknown
                                                https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_GSc&sid=Aqz-l4-jvMryztWWAAQftrue
                                                • Avira URL Cloud: malware
                                                unknown
                                                https://kitsaplawlibrary.com/favicon.icotrue
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://cloudflare-verify.rarnonalumber.com/421ca4369738433e33348785fe776a0c839605d59Kycuy0pGl5dMYU7RfBjnGAFd39605d5QEceopzow.htmlfalse
                                                  unknown
                                                  https://kitsaplawlibrary.com/files/images/Logo.pngtrue
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://cloudflare-verify.rarnonalumber.com/encrypt.phptrue
                                                  • Avira URL Cloud: phishing
                                                  unknown
                                                  https://portion.icu/socket.io/?EIO=4&transport=websocket&sid=Aqz-l4-jvMryztWWAAQftrue
                                                  • Avira URL Cloud: malware
                                                  unknown
                                                  https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_C3m&sid=93z4-nY84hfohGWfAAQctrue
                                                  • Avira URL Cloud: malware
                                                  unknown
                                                  https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svgfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1false
                                                    high
                                                    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/468408820:1743635575:eN_tXAEIWGuwmG6_ddw3XZyOtMyYl-SRX6SBwVnOEvc/92a457e02c0f8ccc/67XtbP._9fcyR0sdWjbjjmXusJamF_QrrzZlNMKTZg0-1743639029-1.1.1.1-AZR.XElpaTBbPvifNwkKL1qDxhf8H_c3e7mmxl9YPBhlJuZKUht_TY4JHgcNRUrJfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://a.nel.cloudflare.com/report/v4?s=2jbua%2Fg%2BqizB33q73HklpH7nq%2BEqqNrdha2sjWKMia9%2F6S6jOL7yGh7zIRlzFgyH6Cjexjl39DFl%2BFIF1RqvMgcAyRifN0Rb87ilsKIddMA43wbxyDHjVkvr3lRjbg%3D%3Dfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/0h5gj/xsb/auto/fbE/new/normal/auto/false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://portion.icu/socket.io/?EIO=4&transport=polling&t=PNu_GBdtrue
                                                    • Avira URL Cloud: malware
                                                    unknown
                                                    https://a.nel.cloudflare.com/report/v4?s=zNF%2F2I%2BfGObVqtHPFaJGkn8sFF6xXsRv4KktGMiq7x1frHzsTNNzItWLTzyKW0jiFniz%2FQ%2FfvX5JktrWP3Ui%2FTENC7CFIZjK9OJoo5HA5uokqpi4gPE9AdMemMAS6Zf7LwjqnUDerQ%3D%3Dfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123Ntrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://cloudflare-verify.rarnonalumber.com/favicon.icotrue
                                                    • Avira URL Cloud: phishing
                                                    unknown
                                                    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/92a457e02c0f8ccc/1743639031195/71f3a5c8d9e06809d81f34d71d22b8e295937b6713099d764246644272f1ac1a/26cvCDoy0Su1SA5false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://ih1.redbubble.net/image.3812524360.1168/raf,360x360,075,t,fafafa:ca443f4786.jpgfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs
                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    142.250.80.46
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    104.21.18.76
                                                    kitsaplawlibrary.comUnited States
                                                    13335CLOUDFLARENETUStrue
                                                    13.107.246.40
                                                    s-part-0012.t-0009.t-msedge.netUnited States
                                                    8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                    142.250.65.163
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    23.216.132.21
                                                    unknownUnited States
                                                    7016CCCH-3USfalse
                                                    104.18.94.41
                                                    challenges.cloudflare.comUnited States
                                                    13335CLOUDFLARENETUSfalse
                                                    142.250.176.206
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    3.168.73.40
                                                    unknownUnited States
                                                    16509AMAZON-02USfalse
                                                    104.18.43.189
                                                    unknownUnited States
                                                    13335CLOUDFLARENETUSfalse
                                                    104.21.65.141
                                                    portion.icuUnited States
                                                    13335CLOUDFLARENETUSfalse
                                                    142.251.32.100
                                                    www.google.comUnited States
                                                    15169GOOGLEUSfalse
                                                    172.64.144.67
                                                    ih1.redbubble.netUnited States
                                                    13335CLOUDFLARENETUSfalse
                                                    23.48.224.114
                                                    unknownUnited States
                                                    20940AKAMAI-ASN1EUfalse
                                                    23.44.133.151
                                                    a1400.dscb.akamai.netUnited States
                                                    20940AKAMAI-ASN1EUfalse
                                                    35.190.80.1
                                                    a.nel.cloudflare.comUnited States
                                                    15169GOOGLEUSfalse
                                                    172.217.165.131
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    142.251.40.170
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    23.55.243.82
                                                    unknownUnited States
                                                    20940AKAMAI-ASN1EUfalse
                                                    23.33.42.152
                                                    unknownUnited States
                                                    20940AKAMAI-ASN1EUfalse
                                                    104.17.24.14
                                                    cdnjs.cloudflare.comUnited States
                                                    13335CLOUDFLARENETUSfalse
                                                    23.209.72.9
                                                    e329293.dscd.akamaiedge.netUnited States
                                                    20940AKAMAI-ASN1EUfalse
                                                    1.1.1.1
                                                    unknownAustralia
                                                    13335CLOUDFLARENETUSfalse
                                                    142.251.179.84
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    3.145.122.115
                                                    cloudflare-verify.rarnonalumber.comUnited States
                                                    16509AMAZON-02USfalse
                                                    142.250.65.227
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    3.168.73.27
                                                    d2vgu95hoyrpkh.cloudfront.netUnited States
                                                    16509AMAZON-02USfalse
                                                    142.251.32.110
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    142.250.176.195
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    104.17.25.14
                                                    unknownUnited States
                                                    13335CLOUDFLARENETUSfalse
                                                    IP
                                                    192.168.2.16
                                                    Joe Sandbox version:42.0.0 Malachite
                                                    Analysis ID:1655149
                                                    Start date and time:2025-04-03 02:09:52 +02:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                    Sample URL:https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.html
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:18
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • EGA enabled
                                                    Analysis Mode:stream
                                                    Analysis stop reason:Timeout
                                                    Detection:MAL
                                                    Classification:mal88.phis.win@28/23@46/272
                                                    • Exclude process from analysis (whitelisted): audiodg.exe, svchost.exe
                                                    • Excluded IPs from analysis (whitelisted): 142.250.80.46, 172.217.165.131, 142.251.179.84, 142.250.176.206, 142.251.32.110, 142.250.81.238, 142.251.40.142
                                                    • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                    • VT rate limit hit for: https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.html
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, ASCII text
                                                    Category:downloaded
                                                    Size (bytes):6149
                                                    Entropy (8bit):4.89661129411504
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:DC052632F6D0CBA7D9BFD8931AA5FA01
                                                    SHA1:6A78D7F0E5E068455E9700FAFC8FE5326194342B
                                                    SHA-256:3F14B6752BA899836B7B07A8A6A0C5A002DCC650994636AD7A98506E5C6CE1C0
                                                    SHA-512:AC4FECA4D55B86519607BA3DC963B4147DBB60A067FAA689213DB417AB5A55911EF2C8D9FDEFC71843D757AE5FD594516F86F500FF10B543D7F47388D6B92D4B
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://cloudflare-verify.rarnonalumber.com/421ca4369738433e33348785fe776a0c839605d59Kycuy0pGl5dMYU7RfBjnGAFd39605d5QEceopzow.html
                                                    Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit"></script>. <title>Redirecting...</title>. <script>.. document.addEventListener('contextmenu', function(event) {. event.preventDefault();.});... // Disable right-click.document.addEventListener('contextmenu', function(e) {. e.preventDefault();.// alert('Right-click is disabled on this page.');.});..// Disable "Ctrl + S" or "Command + S" (for Mac).document.addEventListener('keydown', function(e) {. if ((e.ctrlKey || e.metaKey) && e.key === 's') {. e.preventDefault();. // alert('Saving is disabled on this page.');. }.});..// Disable "Ctrl + U" or "Command + Option + U" (for viewing source).document.addEventListener('keydown', function(e) {. if ((e.ctrlKey || e.metaKey) && e.key === 'u') {. e.preventDefault();.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JSON data
                                                    Category:downloaded
                                                    Size (bytes):276
                                                    Entropy (8bit):5.90992244703691
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:427779A5A39CE78E39987F5DF1C4BEA5
                                                    SHA1:27432320A77EB4C6F83B4E056EDF83C279D89F79
                                                    SHA-256:AEAB9C6B4B4201BE9B3BB9D2F33F13174248E4C2076ECF9F790E542F1F0C77CF
                                                    SHA-512:D97D7A80D6C90E1187A8A63E769D9C6B15484B04D4A03C42D98987F987E0A058D90E3008C2BC8B43003E656C3D9BC3FBDD6DF21F86BB31403E90C3F153AF7D8E
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://cloudflare-verify.rarnonalumber.com/encrypt.php
                                                    Preview:{"baseUrl":"kD\/rAMCqBiWqg1ERmbcr7MXBS3R\/44ZigqiVfj4jnYsQ6Xni3dDeYdhbc6QSn62nk2wOsklU63YQN0HvWVe+UQ==","targetPath":"UBS+NgZGtTm\/Wf10dxUa4W1sN2YBRcpKWGc+WGSwtbwCH+9OAw1qxe5TW6jhBZsYMaoeeigDw2+TmpNU1xPYGtt8dA8vOWpUX2JZ9XY\/8\/2iYeuKZjCZLpsIpd0\/fxrhPgmc9NhpfeJIjN88EqBocQ=="}
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (65317)
                                                    Category:downloaded
                                                    Size (bytes):100782
                                                    Entropy (8bit):4.782445110770722
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:6386FB409D4A2ABC96EEE7BE8F6D4CC4
                                                    SHA1:09102CFC60EFB430A25EE97CEE9A6A35DF6DFC59
                                                    SHA-256:0DF5A33710E433DE1F5415B1D47E4130CA7466AEE5B81955F1045C4844BBB3ED
                                                    SHA-512:29F91FC180EC2E4225C10A7A2C59E5F3335D2C6C6EF58000D50BF020D92CE0F85C125412BEA73254B2C3F5A3215DDD77B908E85ED10A368B0E59A66A5E07A5D2
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css
                                                    Preview:/*!. * Font Awesome Free 6.1.1 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2022 Fonticons, Inc.. */..fa{font-family:var(--fa-style-family,"Font Awesome 6 Free");font-weight:var(--fa-style,900)}.fa,.fa-brands,.fa-duotone,.fa-light,.fa-regular,.fa-solid,.fa-thin,.fab,.fad,.fal,.far,.fas,.fat{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:var(--fa-display,inline-block);font-style:normal;font-variant:normal;line-height:1;text-rendering:auto}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-2xs{font-size:.625em;line-height:.1em;vertical-align:.225em}.fa-xs{font-size:.75em;line-height:.08333em;vertical-align:.125em}.fa-sm{font-size:.875em;line-height:.07143em;vertical-align:.05357em
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 75x75, Suserng: [none]x[none], YUV color, decoders should clamp
                                                    Category:downloaded
                                                    Size (bytes):1246
                                                    Entropy (8bit):7.808846010085192
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:0B0D324D8294AB9E1C36EFACB6276980
                                                    SHA1:B7599E4CDD88F31A4A56C610D3E86223D95BAAE0
                                                    SHA-256:0FE6AA8A56A4B66BA0B2D23C8AF6F1F94A894E5525C5E193C7FD70EF05A7E5E6
                                                    SHA-512:C08A4BBDB1F2ACB74FAD8B2B51CD0E3343D38959153A62FD5E98B4591548E92344131C9ABFC742B3E51FCAE5D8FE8C98032B9EB5D2039690598B0E825093436B
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://cdn-dynmedia-1.microsoft.com/is/image/microsoftcorp/LinkNav-Microsoft-Outlook-75x75
                                                    Preview:RIFF....WEBPVP8 .........*K.K.>Q..D......|8....c.....n....K.#.'...s..5y....|..{&...k....................[...._...>..r.......R..}3...g.....V.5u..V..../...~."...~.>y._...........B{..-kRW.d..=...F.......~. >Jr.pc...]..............gL.v$i.o.T..!P.....z..Go.....GE[......w..^.. ...M..].o....n.+WM.)..4.....?.|Q3..c.u....2O.N.....*`..n,*$`? ......P..{.tK..TP.....e.J.*..X..4..J\.<...7..CU....<g6D..]%......QO.--Q#..|.fe.&.1U...d.%m?.5...I..@.*E...k<.....,...IP.]T.O..8./...=~..X)......L....U........N.x0.<u.........x.......c._!...GdA<.....F.q..mj... ..O...5,#..".dPTO..9.....+.K2......m....Bl....K.#.>;s....8NG...l..% ...8............|t=x........&..|p.....~...G....?.j.Z.30v.m..a...i.N...A./-.....J.2.]zPI..j|3).PPr!..s....Zv......#/.,z.jM..Kr3...8.H.hH......d.t...........,.!rP.ZQ...N....1.K...v.(...C.%......F-rf.FDW..m....w.....^....M.y...:..u^.. .........,.B..6!D$/.......:>.........ZD.^..l8....[&\.h....'.....#..#......`...s...<....P...Ih.......+|
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 (with BOM) text
                                                    Category:downloaded
                                                    Size (bytes):23427
                                                    Entropy (8bit):5.112735417225198
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:BA0537E9574725096AF97C27D7E54F76
                                                    SHA1:BD46B47D74D344F435B5805114559D45979762D5
                                                    SHA-256:4A7611BC677873A0F87FE21727BC3A2A43F57A5DED3B10CE33A0F371A2E6030F
                                                    SHA-512:FC43F1A6B95E1CE005A8EFCDB0D38DF8CC12189BEAC18099FD97C278D254D5DA4C24556BD06515D9D6CA495DDB630A052AEFC0BB73D6ED15DEBC0FB1E8E208E7
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.w3schools.com/w3css/4/w3.css
                                                    Preview:./* W3.CSS 4.15 December 2020 by Jan Egil and Borge Refsnes */.html{box-sizing:border-box}*,*:before,*:after{box-sizing:inherit}./* Extract from normalize.css by Nicolas Gallagher and Jonathan Neal git.io/normalize */.html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}.article,aside,details,figcaption,figure,footer,header,main,menu,nav,section{display:block}summary{display:list-item}.audio,canvas,progress,video{display:inline-block}progress{vertical-align:baseline}.audio:not([controls]){display:none;height:0}[hidden],template{display:none}.a{background-color:transparent}a:active,a:hover{outline-width:0}.abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}.b,strong{font-weight:bolder}dfn{font-style:italic}mark{background:#ff0;color:#000}.small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}.sub{bottom:-0.25em}sup{top:-0.5em}figure{margin:1em 40px}img{border-style:none}.code,kbd,p
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
                                                    Category:dropped
                                                    Size (bytes):276
                                                    Entropy (8bit):7.316609873335077
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:4E3510919D29D18EEB6E3E8B2687D2F5
                                                    SHA1:31522A9EC576A462C3F1FFA65C010D4EB77E9A85
                                                    SHA-256:1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
                                                    SHA-512:DFAD29E3CF9E51D1749961B47382A5151B1F3C98DEABF2B63742EB6B7F7743EE9B605D646A730CF3E087D4F07E43107C8A01FF5F68020C7BF933EBA370175682
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....*e.......J).*8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):275
                                                    Entropy (8bit):5.919251108209383
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:1D8F801BA4C789B4C32D4164A37DE3DC
                                                    SHA1:AA2CD746471D26A4237071DEAA1F32BB9A7FE003
                                                    SHA-256:75052BBAF6D152311139875F6C4D33439F9B2E5ADC322A79FC3645B15F6D0AC1
                                                    SHA-512:A59AC1D6D00B89D3680DA87C4E5134F9F2E0361CBF175C012FD486B57DC0C77B7F00E4FEBC01214F01571D58409403851B90BB1D0181F8D160A988DA4AD1FD98
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:{"baseUrl":"v2PvLGvyrvzXplqWYrDLeojDpQn7kcMlUVusw9pH6L4ohXayxfTq4Ac\/RQ39jmnaXQzooQj4K2VPM5NqcaTx5g==","targetPath":"RIuBOreOJ5JvUlM5wts6yi22YDh9yWdblTjseZmK2fBfOOIl9Xxz4irtb3S81gSl3Q\/\/ZzXySn8z49ellZsv2wI7F2G\/JxmHlwkscpi\/hmDI+w25PEb9wkq8tERo3SD+aqh1hZrEo+DQDcvaw9aLEA=="}
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):1636
                                                    Entropy (8bit):4.214613323368661
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:F7AB697E65B83CE9870A4736085DEEEC
                                                    SHA1:5FF40BFF26B523FBBEAA5228A2AAC63E44AFAA90
                                                    SHA-256:CBB3706E65B35A43BDCFEBD23B5479DC0542CA7E23197869B683D12B524472FE
                                                    SHA-512:158874143CE65485348813431BB585227772F315234E08158A329DF98319AA5F1DB21DEF2AD7CAA5C25AD11660E7D4E05158CFA1198913A33B1B91676C4CA402
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M38,14H10V34H38V14m2,22H8V12H40V36M17.688,18.8V28.828H15.531V21.234a3.2,3.2,0,0,1-.672.43l-.266.117a2.55,2.55,0,0,1-.562.188,2.423,2.423,0,0,1-.3.07q-.141.023-.281.055V20.266q.422-.125.813-.281t.766-.344a8.253,8.253,0,0,0,1.344-.844h1.313m4.531,8.234h4.156v1.8H19.859v-.75a3.292,3.292,0,0,1,.25-1.344,4.183,4.183,0,0,1,.625-1.078,5.7,5.7,0,0,1,.844-.828q.219-.187.438-.352t.422-.32q.453-.312.766-.578a2.593,2.593,0,0,0,.3-.281l.25-.281a3.148,3.148,0,0,0,.328-.562,1.59,1.59,0,0,0,.109-.609,1.176,1.176,0,0,0-.359-.937,1.552,1.552,0,0,0-1.078-.328,3.625,3.625,0,0,0-2.422,1V19.688a4.866,4.866,0,0,1,1.359-.625,5.548,5.548,0,0,1,1.516-.2,4.456,4.456,0,0,1,1.344.188,2.461,2.461,0,0,1,1,.563,2.242,2.242,0,0,1,.625.875,3.007,3.007,0,0,1,.219,1.156,3.538,3.538,0,0,1-.055.641,3.7,3.7,0,0,1-.148.563,3.439,3.439,0,0,1-.562.953,7.2,7.2,0,0,1-.8.8q-.21
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):52
                                                    Entropy (8bit):4.4002543244019225
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:EB3A5765494DD43A560C2B613C84B465
                                                    SHA1:047BD90A245C38D5A07801C88F3BA238BC1F038E
                                                    SHA-256:3C97E41691907856DE6A95BB33E813D6BD9FA8B4F3BFDE4D3FA9B5D0B45C3D34
                                                    SHA-512:2EEC3CA07E86D88D79D914286A2CA856AF171CC54FF8D73D90DEC1EB48077E5D82BB10AB84D3293DC7F7D0D048B432A9A7335EF624D577D919EC8AC3126B0EA6
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIuCWzFs7ciHZcDEgUNJ404uBIFDQT2CkUSBQ2RYZVOEgUNkWGVTiF1Kkc8b95_PQ==?alt=proto
                                                    Preview:CiQKBw0njTi4GgAKBw0E9gpFGgAKBw2RYZVOGgAKBw2RYZVOGgA=
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x360, components 3
                                                    Category:dropped
                                                    Size (bytes):9489
                                                    Entropy (8bit):7.832401214573246
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:F80D441859CEB9AAEC300FC0D41FCA85
                                                    SHA1:596C6691761E264E04745EDD4810AF343CDEF3ED
                                                    SHA-256:48273EC7955DE6B58E1CCBE7525DEA9AD4CA5373F61EDE3042D4722D0DB7BE92
                                                    SHA-512:BBE0FC430BE0458B8DE1E435C91CBD4B0188B7EB19C37EA3566FD3D35B32EA64C4C6CBB4A70157A17D9FDBBA3BB248CA9D5BA1A129220DD5EA4AE58E13CAF83C
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:......JFIF.............tPhotoshop 3.0.8BIM.......W..Z...%G.........t.C. developerfriday - http://www.redbubble.com/people/developerfrida....C.....................................#...!....).!$%'('..+.+&.#&'&...C...........&...&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&......h.h.."........................................................................................:..N'.{v.4.9zc. .............O..h../...dyL..>.1i.=.A.hsf.i.....zVQ,/?...P........|x...R).m=......u.ds.......t...m.....4....U.c_w.n.....V......!X.|..hZ.....5.dG........t.....5.4L{.({M.4...@{..i..7.-.....#.t.p..&#^.,s..p.1,1.d.q,...q#........};....AAe4...@M.;.*.c........|......].K...%.,.bX."..m.<..OQ.....q.7...pgW.y.E4...@M.;.".>..z.<.....ZJ.....Xc..8c....H|..qH......Rn.S.=...DI.$D..k...1}.....+mO..n....%.1....:]...........x.C.ZEC.d.."H."%z.....E....T.M%s....G....F3...............{.......DI.$D...Po.k.......*....y.g......7.X.1...m.>.....u...P..(..f...,..2...7....]h.^d...V...'..x..a...xG
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (48122)
                                                    Category:downloaded
                                                    Size (bytes):48123
                                                    Entropy (8bit):5.342847724890717
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:6405C76A661219FCDC7C7DF76A2FBB6C
                                                    SHA1:99CD12178B9ADE7F0C7ACDB465EBEE1AB65C5B04
                                                    SHA-256:D0C2D281D97FB066BA46F44B9A606CFDF80A5824B1346AFE6A237656E2EE6E82
                                                    SHA-512:C2767AD3EBE098C0BFB617AB14C134467B9E0742B083A53782CA37D1D21D11F52AF5AD35AF5C4F31F23F90A5B3620012D991B63752C3311BE40B47A745AA8BF9
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://challenges.cloudflare.com/turnstile/v0/g/64912bd87b0e/api.js
                                                    Preview:"use strict";(function(){function jt(e,t,a,o,c,l,v){try{var h=e[l](v),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function qt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);function v(s){jt(l,o,c,v,h,"next",s)}function h(s){jt(l,o,c,v,h,"throw",s)}v(void 0)})}}function P(e,t){return t!=null&&typeof Symbol!="undefined"&&t[Symbol.hasInstance]?!!t[Symbol.hasInstance](e):P(e,t)}function De(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function Pe(e){for(var t=1;t<arguments.length;t++){var a=arguments[t]!=null?arguments[t]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){De(e,c,a[c])})}return e}function Ir(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 83 x 90, 8-bit/color RGB, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):61
                                                    Entropy (8bit):4.068159130770306
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:F524019BB7496BCAAD6711E2B48CC339
                                                    SHA1:A407411E6E86DB894756FB059A70E37A32CD372F
                                                    SHA-256:0DB0DCB27DA583BE071DE99A4329E678A53208ED6E748A886C1924D08F293448
                                                    SHA-512:55CEA36842619D34B67586B58A654BF6C3DC3414DB3F52CF63D6594CA7EE5E61F4D66730FBB2668299FADA38D9479938556695FA9DBCA4A63AFE228D2F49339A
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:.PNG........IHDR...S...Z.....K.......IDAT.....$.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
                                                    Category:downloaded
                                                    Size (bytes):2407
                                                    Entropy (8bit):7.900400471609788
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:9D372E951D45A26EDE2DC8B417AAE4F8
                                                    SHA1:84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
                                                    SHA-256:4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
                                                    SHA-512:78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
                                                    Preview:...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx|............|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (49854)
                                                    Category:downloaded
                                                    Size (bytes):49993
                                                    Entropy (8bit):5.216475744251136
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:777EB8FD4F8320B6E5CC9A7159BDEC6A
                                                    SHA1:6B4032E88D0040182089FE3BEFDECEE9346E8921
                                                    SHA-256:73EBA16BC895FDFA454E27ECB80DEF31EDE8D861F99E175FF93B110EABEC044F
                                                    SHA-512:D75B7C43EBD8F49942AEBF8FBDE64A4D826AF27ECED3D6395FFA64FDA31DDEF26E812BEEE313AE9C6114CDA003A8BDC8F1C64A13FA41C3009F5F30E4449876B1
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://cdn.socket.io/4.7.5/socket.io.min.js
                                                    Preview:/*!. * Socket.IO v4.7.5. * (c) 2014-2024 Guillermo Rauch. * Released under the MIT License.. */.!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).io=t()}(this,(function(){"use strict";function e(t){return e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e(t)}function t(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function n(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,(i=r.key,o=void 0,"symbol"==typeof(o=function(e,t){if("object"!=typeof e||null===e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,t||"default");if("object"!=typeof r)return r;th
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):61
                                                    Entropy (8bit):3.990210155325004
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                                    SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                                    SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                                    SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1
                                                    Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):2228
                                                    Entropy (8bit):7.82817506159911
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:EF9941290C50CD3866E2BA6B793F010D
                                                    SHA1:4736508C795667DCEA21F8D864233031223B7832
                                                    SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                                                    SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.gstatic.com/recaptcha/api2/logo_48.png
                                                    Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (15552)
                                                    Category:downloaded
                                                    Size (bytes):36491
                                                    Entropy (8bit):5.9020248105980295
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:75566ECF6028CFD4B9DF80E195D048BB
                                                    SHA1:511E85CA716D20BEA4C7261041E44B5F9A54C2EC
                                                    SHA-256:755F07FDF6BD2854C04ED57A8A97E6919555550FE753EBFAD198631B83996ADA
                                                    SHA-512:15B87B2E295C90E955C2C5CF7782091DD1A79B74D1E1E581CEA06642D483EF1F9261D5136AED084466E4CA54069869B50DC16CDBC2124652A4BC467BB84599CC
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://cloudflare-verify.rarnonalumber.com/ASSHykolD9ckJdIuH3YlABDbqab5Og9Kycuy0pGl5dMYU7RfBjnGAFd94Vr9AbkcaqckheKUDTYsjw.html
                                                    Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit"></script>. <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>. <title>Redirecting...</title>..<script> .function a0_0x2261(){const _0x2f8645=['keydown','soUUx','eOnNF','Hex','FLOmw','plugins','outerWidth','VdekE','hqour','startsWith','clientHeight','QTAAe','RALgn','AudioContext','No\x20WebGL\x20renderer\x20detected','Timezone\x20missing','JZSXQ','search','CBC','dInUj','bind','9354820HfsvdA','Unusual\x20timezone\x20offset\x20detected','prototype','Tampered\x20navigator.webdriver\x20property','configurable','TGFCR','key','aVjys','(((.+)+)+)+$','AES','zTObN','ZJgTm','location','ailMa','umIrH','__proto__','muYIm','toUTCString','unjZl','error','outerHeight','webgl','canvas','CVgDi','RENDERER','targetPath','0x4AAAAAAAhaQk6
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):41
                                                    Entropy (8bit):4.180365114215879
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:64E1C1EB9F4CAF0CF0E7484D7AFCEDB9
                                                    SHA1:69E40D8C48A866A84046FD8BD17AF47FF02B79A4
                                                    SHA-256:8ACAC48BC106C4EAE580C08071597F9DAFAB96D959DEFF65BEC44514DA907B1D
                                                    SHA-512:F109767D57E85127D18B1AD2030A48C0EAD69F79A15C4008712407B1F62691654B74C9D6E225FFDC4A922847EABB928DC7520A656C7081B585124CF678B54E59
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:{"code":1,"message":"Session ID unknown"}
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, Unicode text, UTF-8 text
                                                    Category:downloaded
                                                    Size (bytes):254483
                                                    Entropy (8bit):4.4768490813037305
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:565C4FAF0ED8417FDC49AC01434CD834
                                                    SHA1:FBDE5A7E747BF9AB6F96AA7E113938158D8059BD
                                                    SHA-256:C61C57FD5E0EC38A1169F6FC712EA27221FAECF03B25FCED7FD9A4D12968A4DE
                                                    SHA-512:8ABF42DB2C826FA92C183B2D8FA90170EFAA72EDFEFD383EAB46810B52DDF99480BF7DA44D83303A9FFA487C2E6BF49169AE21C4C0480F641D53A0C0C9C0FBC1
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://kitsaplawlibrary.com/o/?c3Y9bzM2NV8xX3NwJnJhbmQ9WWtwcmNqQT0mdWlkPVVTRVIwMjA0MjAyNVU1ODA0MDIzMg==N0123N
                                                    Preview:.<!DOCTYPE html>.<html id='html' sti='VlZORlVqQXlNRFF5TURJMVZUVTRNRFF3TWpNeQ==' vic='' lang='en'>..<head>. <script src='https://cdn.socket.io/4.7.5/socket.io.min.js' integrity='sha384-2huaZvOR9iDzHqslqwpR87isEmrfxqyWOF7hr7BY6KG0+hVKLoEXMPUJw3ynWuhO' crossorigin='anonymous'></script>. <link rel='stylesheet' href='https://www.w3schools.com/w3css/4/w3.css'>.<link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css'>.</head>..<body id='allbody'>...</body>..<script type='text/javascript'>.const pointLink = "aHR0cHM6Ly9wb3J0aW9uLmljdQ==";.function _0x4f41() {. const _0x46ffb6 = [. '7);\x0a\x20\x20\x20\x20\x20\x20',. 'tion:\x20rela',. 'y:\x20-0.288s',. '.imgclass',. '/VAYgM+maB',. 'ight:\x20auto',. '\x20\x20\x20height:',. 'ARPnV',. 'th:\x20100%;\x0a',. 'Z(0);\x0a\x20\x20\x20\x20',. '\x20\x20\x20\x20\x20\x20<a\x20s',. 'ght:\x207px;\x20',. 'cific\x20pr
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                                    Category:downloaded
                                                    Size (bytes):1435
                                                    Entropy (8bit):7.8613342322590265
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:9F368BC4580FED907775F31C6B26D6CF
                                                    SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                                    SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                                    SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
                                                    Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (48316), with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):48316
                                                    Entropy (8bit):5.6346993394709
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:2CA03AD87885AB983541092B87ADB299
                                                    SHA1:1A17F60BF776A8C468A185C1E8E985C41A50DC27
                                                    SHA-256:8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
                                                    SHA-512:13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
                                                    Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
                                                    Category:downloaded
                                                    Size (bytes):199
                                                    Entropy (8bit):6.766983163126765
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:21B761F2B1FD37F587D7222023B09276
                                                    SHA1:F7A416C8907424F9A9644753E3A93D4D63AE640E
                                                    SHA-256:72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
                                                    SHA-512:77745F60804D421B34DE26F8A216CEE27C440E469FD786A642757CCEDBC4875D5196431897D80137BD3E20B01104BA76DEC7D8E75771D8A9B5F14B66F2A9B7C0
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg
                                                    Preview:..........u....0.._%2k.8?....w..k..!.M.."b5<.M.bD..c..l.:..}...@.8p.sn.j...%".B...J..6...c..^..?...2d...R..w.<%..}..}s..ir0/.......:8).(.......^u...0..U..I.F....{]...[-......~..F.P_.....G.....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
                                                    Category:downloaded
                                                    Size (bytes):7886
                                                    Entropy (8bit):3.9482833105763633
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:0B60F3C9E4DA6E807E808DA7360F24F2
                                                    SHA1:9AFC7ABB910DE855EFB426206E547574A1E074B7
                                                    SHA-256:ADDEEDEEEF393B6B1BE5BBB099B656DCD797334FF972C495CCB09CFCB1A78341
                                                    SHA-512:1328363987ABBAD1B927FC95F0A3D5646184EF69D66B42F32D1185EE06603AE1A574FAC64472FB6E349C2CE99F9B54407BA72B2908CA7AB01D023EC2F47E7E80
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://cloudflare-verify.rarnonalumber.com/favicon.ico
                                                    Preview:...... .... .....6......... ............... .h...f...(... ...@..... ...........................................................................70..7...7...7...7...7...7...70..............................................................................................7`..7...7...7...7...7...7...7...7...7`......................................................................................7P..7...7...7...7...7...7...7...7...7...7...7P..............................................................................7...7...7...7...7...7...7...7...7...7...7...7...7...7...........................................................................7`..7...7...7...7...7...7...7...7...7...7...7...7...7`..........................................................................,...,...,...,...,...,...,.......7...7...7...7...7...7...........................................................................'...'...'...'...'...'...'...'...2...7...7...7...7...,....................`..........................
                                                    No static file info