Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report
output.hta

Overview

General Information

Sample name:output.hta
Analysis ID:1675490
MD5:858f5f1e4a61a614e49cc7c422d7b7f0
SHA1:c90688b0139f8a57b048e4799b7edc4cb09870f1
SHA256:6d401c709dd2a40e41f124164168f994dc9996a68025bda2df2f224ccab1908a
Tags:htauser-abuse_ch
Infos:

Detection

Score:3
Range:0 - 100
Confidence:60%

Signatures

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Searches for the Microsoft Outlook file path
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • mshta.exe (PID: 7904 cmdline: mshta.exe "C:\Users\user\Desktop\output.hta" MD5: 06B02D5C097C7DB1F109749C45F3F505)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Compliance
  • Networking
  • System Summary
  • Data Obfuscation
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.5:49687 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.5:49688 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.5:49690 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 104.18.11.207 104.18.11.207
Source: Joe Sandbox ViewIP Address: 104.18.11.207 104.18.11.207
Source: Joe Sandbox ViewIP Address: 104.17.25.14 104.17.25.14
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: global trafficHTTP traffic detected: GET /ajax/libs/font-awesome/5.15.3/css/all.min.css HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdnjs.cloudflare.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: maxcdn.bootstrapcdn.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: maxcdn.bootstrapcdn.comConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /ajax/libs/font-awesome/5.15.3/css/all.min.css HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdnjs.cloudflare.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: maxcdn.bootstrapcdn.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: maxcdn.bootstrapcdn.comConnection: Keep-Alive
Source: js[1].js.0.drString found in binary or memory: function Qt(a,b){var c=gt(b),d=ht(a,c);if(!d)return 0;var e;e=a==="ag"?it(d):dt(d);for(var f=0,g=0;g<e.length;g++)f=Math.max(f,e[g].timestamp);return f}function Rt(a){for(var b=0,c=l(Object.keys(a)),d=c.next();!d.done;d=c.next())for(var e=a[d.value],f=0;f<e.length;f++)b=Math.max(b,Number(e[f].timestamp));return b}function St(a){var b=Math.max(Qt("aw",a),Rt(at($s())?Us():{})),c=Math.max(Qt("gb",a),Rt(at($s())?Us("_gac_gb",!0):{}));c=Math.max(c,Qt("ag",a));return c>b};function hu(){return Jo("dedupe_gclid",function(){return Ar()})};var iu=/^(www\.)?google(\.com?)?(\.[a-z]{2}t?)?$/,ju=/^www.googleadservices.com$/;function ku(a){a||(a=lu());return a.po?!1:a.nn||a.on||a.rn||a.pn||a.df||a.Wm||a.qn||a.dn?!0:!1}function lu(){var a={},b=fs(!0);a.po=!!b._up;var c=vt();a.nn=c.aw!==void 0;a.on=c.dc!==void 0;a.rn=c.wbraid!==void 0;a.pn=c.gbraid!==void 0;a.qn=c.gclsrc==="aw.ds";a.df=Vt().df;var d=A.referrer?fk(lk(A.referrer),"host"):"";a.dn=iu.test(d);a.Wm=ju.test(d);return a};var mu=["https://www.google.com","https://www.youtube.com","https://m.youtube.com"]; equals www.youtube.com (Youtube)
Source: js[1].js.0.drString found in binary or memory: return f}iI.K="internal.enableAutoEventOnTimer";var $b=ua(["data-gtm-yt-inspected-"]),kI=["www.youtube.com","www.youtube-nocookie.com"],lI,mI=!1; equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253510985.0000000006AFD000.00000004.00000020.00020000.00000000.sdmp, bootstrap.min[1].css.0.dr, bootstrap.min[1].js.0.drString found in binary or memory: http://getbootstrap.com)
Source: js[1].js.0.drString found in binary or memory: https://ad.doubleclick.net/activity;
Source: js[1].js.0.drString found in binary or memory: https://ad.doubleclick.net/activity;register_conversion=1;
Source: js[1].js.0.drString found in binary or memory: https://ade.googlesyndication.com/ddm/activity/
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ajax.googleapis.com/
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js5
Source: mshta.exe, 00000000.00000003.1246566927.0000000006AF8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1246375906.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.jsNC:
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.jsQ
Source: mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.jsjs
Source: mshta.exe, 00000000.00000002.2470220977.000000000510A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.jsn.cssrelstylesheet
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.jsss80
Source: mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.jsx
Source: mshta.exe, mshta.exe, 00000000.00000003.1253149829.0000000006A9D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471129925.0000000006A9D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471259670.0000000006C8C000.00000004.00000010.00020000.00000000.sdmp, js[1].js.0.drString found in binary or memory: https://cct.google/taggy/agent.js
Source: mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/
Source: mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/.
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F51000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css
Source: mshta.exe, 00000000.00000003.1247963839.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.cssC:
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.cssY
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.cssz
Source: mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/i
Source: mshta.exe, 00000000.00000003.1246566927.0000000006AF8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1246375906.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253510985.0000000006AFD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushers
Source: mshta.exe, 00000000.00000003.1253413933.0000000002FDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushersJ
Source: mshta.exe, 00000000.00000003.1246566927.0000000006AF8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FDC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1246375906.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253510985.0000000006AFD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000003007000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1248039122.000000000300F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1248003653.0000000003007000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000003007000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AA9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1068:0
Source: mshta.exeString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/as
Source: mshta.exe, 00000000.00000002.2469377798.0000000003007000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AA9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1068:0
Source: mshta.exe, 00000000.00000003.1248003653.0000000003007000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1068:0Y
Source: all.min[1].css.0.drString found in binary or memory: https://fontawesome.com
Source: all.min[1].css.0.drString found in binary or memory: https://fontawesome.com/license/free
Source: mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/
Source: mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/%
Source: mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/I
Source: mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: mshta.exe, 00000000.00000003.1247812516.0000000006A83000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006A9C000.00000004.00000020.00020000.00000000.sdmp, css[1].css.0.drString found in binary or memory: https://fonts.gstatic.com/l/font?kit=memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0C4m&skey=6
Source: mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253510985.0000000006AFD000.00000004.00000020.00020000.00000000.sdmp, bootstrap.min[1].css.0.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: js[1].js.0.drString found in binary or memory: https://google.com/pagead/form-data
Source: js[1].js.0.drString found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion
Source: mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hpanel.hostinger.com/login
Source: mshta.exe, 00000000.00000003.1253413933.0000000002FDC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000002FDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: js[1].js.0.drString found in binary or memory: https://m.youtube.com
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.b
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/O
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/Y
Source: mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Source: mshta.exe, 00000000.00000003.1247963839.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css2
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css8
Source: mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1246375906.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.cssC:
Source: mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.cssE
Source: mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.cssX
Source: mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.eot
Source: mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.eot?#iefix
Source: mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.eot?#iefixBN
Source: mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.eotmm
Source: mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.ttf
Source: mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff
Source: mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woffjl
Source: mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
Source: mshta.exe, 00000000.00000003.1247963839.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.jsC:
Source: js[1].js.0.drString found in binary or memory: https://pagead2.googlesyndication.com
Source: js[1].js.0.drString found in binary or memory: https://pagead2.googlesyndication.com/ccm/collect
Source: js[1].js.0.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.hostinger.com/en/
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F51000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.hostinger.com/en/articles/1583214-how-to-add-a-domain-to-my-account-how-to-add-websi
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F51000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostinger
Source: js[1].js.0.drString found in binary or memory: https://td.doubleclick.net
Source: js[1].js.0.drString found in binary or memory: https://www.google-analytics.com/analytics.js
Source: js[1].js.0.drString found in binary or memory: https://www.google.com
Source: js[1].js.0.drString found in binary or memory: https://www.google.com/ccm/collect
Source: js[1].js.0.drString found in binary or memory: https://www.google.com/pagead/form-data
Source: js[1].js.0.drString found in binary or memory: https://www.google.com/travel/flights/click/conversion
Source: js[1].js.0.drString found in binary or memory: https://www.googleadservices.com
Source: js[1].js.0.drString found in binary or memory: https://www.googletagmanager.com
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/
Source: js[1].js.0.drString found in binary or memory: https://www.googletagmanager.com/a?
Source: mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469024086.0000000002F51000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1248003653.0000000002FED000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469024086.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-26575989-44
Source: mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-26575989-447
Source: mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-26575989-44L
Source: mshta.exe, 00000000.00000003.1247963839.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1248003653.0000000002FED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-26575989-44_0
Source: mshta.exe, 00000000.00000003.1247963839.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-26575989-44css/all.min.css
Source: mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-26575989-44d
Source: mshta.exe, 00000000.00000003.1247963839.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1248003653.0000000002FED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-26575989-44f
Source: js[1].js.0.drString found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F51000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hostinger.com
Source: mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hostinger.com/
Source: mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hostinger.com/affiliates
Source: mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hostinger.com/tutorials
Source: js[1].js.0.drString found in binary or memory: https://www.youtube.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.5:49687 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.5:49688 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.5:49690 version: TLS 1.2
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: classification engineClassification label: clean3.winHTA@1/6@2/2
Source: C:\Windows\SysWOW64\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeCode function: 0_2_059BCA97 push eax; retf 0_2_059BCA9D
Source: C:\Windows\SysWOW64\mshta.exeCode function: 0_2_06C8FBE3 push es; iretd 0_2_06C8FBE4
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeWindow / User API: threadDelayed 7456Jump to behavior
Source: mshta.exe, 00000000.00000002.2469024086.0000000002F6F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote Services1
Email Collection		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
DLL Side-Loading		LSASS Memory1
Application Window Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account Manager2
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1675490 Sample: output.hta Startdate: 27/04/2025 Architecture: WINDOWS Score: 3 8 maxcdn.bootstrapcdn.com 2->8 10 cdnjs.cloudflare.com 2->10 5 mshta.exe 21 2->5         started        process3 dnsIp4 12 cdnjs.cloudflare.com 104.17.25.14, 443, 49690 CLOUDFLARENETUS United States 5->12 14 maxcdn.bootstrapcdn.com 104.18.11.207, 443, 49687, 49688 CLOUDFLARENETUS United States 5->14

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
output.hta0%VirustotalBrowse
output.hta0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://support.hostinger.com/en/0%Avira URL Cloudsafe
https://support.hostinger.com/en/articles/1583214-how-to-add-a-domain-to-my-account-how-to-add-websi0%Avira URL Cloudsafe
https://support.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostinger0%Avira URL Cloudsafe
https://maxcdn.b0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
cdnjs.cloudflare.com
104.17.25.14
truefalse
    		high
    maxcdn.bootstrapcdn.com
    		104.18.11.207
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.jsfalse
        		high
        https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.cssfalse
          		high
          https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.cssfalse
            		high
            NameSourceMaliciousAntivirus DetectionReputation
            https://ad.doubleclick.net/activity;register_conversion=1;js[1].js.0.drfalse
              		high
              https://support.hostinger.com/en/articles/1583214-how-to-add-a-domain-to-my-account-how-to-add-websimshta.exe, 00000000.00000002.2469024086.0000000002F51000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.cssYmshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://google.com/pagead/form-datajs[1].js.0.drfalse
                  		high
                  https://support.hostinger.com/en/mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://googleads.g.doubleclick.net/pagead/viewthroughconversionjs[1].js.0.drfalse
                    		high
                    https://fontawesome.com/license/freeall.min[1].css.0.drfalse
                      		high
                      https://www.youtube.comjs[1].js.0.drfalse
                        		high
                        https://fontawesome.comall.min[1].css.0.drfalse
                          		high
                          https://www.google.comjs[1].js.0.drfalse
                            		high
                            https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.cssC:mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1246375906.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1068:0Ymshta.exe, 00000000.00000003.1248003653.0000000003007000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://www.hostinger.com/tutorialsmshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://hpanel.hostinger.com/loginmshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.google.com/travel/flights/click/conversionjs[1].js.0.drfalse
                                      		high
                                      https://www.hostinger.com/affiliatesmshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://m.youtube.comjs[1].js.0.drfalse
                                          		high
                                          http://getbootstrap.com)mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253510985.0000000006AFD000.00000004.00000020.00020000.00000000.sdmp, bootstrap.min[1].css.0.dr, bootstrap.min[1].js.0.drfalse
                                            		high
                                            https://csp.withgoogle.com/csp/hosted-libraries-pushersJmshta.exe, 00000000.00000003.1253413933.0000000002FDC000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.hostinger.commshta.exe, 00000000.00000002.2469024086.0000000002F51000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushersmshta.exe, 00000000.00000003.1246566927.0000000006AF8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FDC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1246375906.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253510985.0000000006AFD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://cdnjs.cloudflare.com/.mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.google.com/pagead/form-datajs[1].js.0.drfalse
                                                      		high
                                                      https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1068:0mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000003007000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1248039122.000000000300F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1248003653.0000000003007000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000003007000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AA9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css8mshta.exe, 00000000.00000002.2469024086.0000000002F51000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://cdnjs.cloudflare.com/mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.eotmmmshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.cssC:mshta.exe, 00000000.00000003.1247963839.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://maxcdn.bootstrapcdn.com/mshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://maxcdn.bootstrapcdn.com/Omshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1068:0mshta.exe, 00000000.00000002.2469377798.0000000003007000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AA9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woffmshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://maxcdn.bootstrapcdn.com/Ymshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://csp.withgoogle.com/csp/hosted-libraries-pushersmshta.exe, 00000000.00000003.1246566927.0000000006AF8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1246375906.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253510985.0000000006AFD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1247868282.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://cct.google/taggy/agent.jsmshta.exe, mshta.exe, 00000000.00000003.1253149829.0000000006A9D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471129925.0000000006A9D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471259670.0000000006C8C000.00000004.00000010.00020000.00000000.sdmp, js[1].js.0.drfalse
                                                                              		high
                                                                              https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.ttfmshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css2mshta.exe, 00000000.00000003.1247963839.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.eot?#iefixmshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.hostinger.com/mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.cssXmshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://cdnjs.cloudflare.com/imshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://maxcdn.bmshta.exe, 00000000.00000002.2469024086.0000000002F51000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://ad.doubleclick.net/activity;js[1].js.0.drfalse
                                                                                            		high
                                                                                            https://td.doubleclick.netjs[1].js.0.drfalse
                                                                                              		high
                                                                                              https://csp.withgoogle.com/csp/scaffolding/asmshta.exefalse
                                                                                                		high
                                                                                                https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woffjlmshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.csszmshta.exe, 00000000.00000002.2469024086.0000000002F94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://github.com/twbs/bootstrap/blob/master/LICENSE)mshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253510985.0000000006AFD000.00000004.00000020.00020000.00000000.sdmp, bootstrap.min[1].css.0.drfalse
                                                                                                      		high
                                                                                                      https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.cssEmshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.eot?#iefixBNmshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.google.com/ccm/collectjs[1].js.0.drfalse
                                                                                                            		high
                                                                                                            https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.jsC:mshta.exe, 00000000.00000003.1247963839.0000000002FE6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2469377798.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253413933.0000000002FE2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.eotmshta.exe, 00000000.00000002.2471159012.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253149829.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1253459543.0000000006AC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://support.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostingermshta.exe, 00000000.00000002.2469024086.0000000002F51000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.2471077060.0000000006A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown

                                                                                                                World Map of Contacted IPs

                                                                                                                • No. of IPs < 25%
                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                • 75% < No. of IPs

                                                                                                                Public IPs

                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                104.18.11.207
                                                                                                                		maxcdn.bootstrapcdn.comUnited States
                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                104.17.25.14
                                                                                                                		cdnjs.cloudflare.comUnited States
                                                                                                                		13335CLOUDFLARENETUSfalse

                                                                                                                General Information

                                                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                                                Analysis ID:1675490
                                                                                                                Start date and time:2025-04-27 16:58:26 +02:00
                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                Overall analysis duration:0h 4m 15s
                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                Report type:full
                                                                                                                Cookbook file name:default.jbs
                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                Number of analysed new started processes analysed:10
                                                                                                                Number of new started drivers analysed:0
                                                                                                                Number of existing processes analysed:0
                                                                                                                Number of existing drivers analysed:0
                                                                                                                Number of injected processes analysed:0
                                                                                                                Technologies:
                                                                                                                • HCA enabled
                                                                                                                • EGA enabled
                                                                                                                • AMSI enabled
                                                                                                                Analysis Mode:default
                                                                                                                Analysis stop reason:Timeout
                                                                                                                Sample name:output.hta
                                                                                                                Detection:CLEAN
                                                                                                                Classification:clean3.winHTA@1/6@2/2
                                                                                                                EGA Information:Failed
                                                                                                                HCA Information:
                                                                                                                • Successful, ratio: 100%
                                                                                                                • Number of executed functions: 0
                                                                                                                • Number of non-executed functions: 0
                                                                                                                Cookbook Comments:
                                                                                                                • Found application associated with file extension: .hta
                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                • Excluded IPs from analysis (whitelisted): 142.250.69.10, 192.178.49.170, 142.250.69.8, 192.178.49.195, 184.29.183.29, 52.149.20.212
                                                                                                                • Excluded domains from analysis (whitelisted): c2a9c95e369881c67228a6591cac2686.clo.footprintdns.com, ax-ring.msedge.net, fonts.googleapis.com, fs.microsoft.com, slscr.update.microsoft.com, ajax.googleapis.com, www.googletagmanager.com, fonts.gstatic.com, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
                                                                                                                • Execution Graph export aborted for target mshta.exe, PID 7904 because there are no executed function
                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                Simulations

                                                                                                                Behavior and APIs

                                                                                                                No simulations

                                                                                                                Joe Sandbox View / Context

                                                                                                                IPs

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                104.18.11.207http://googlle.comGet hashmaliciousUnknownBrowse
                                                                                                                • maxcdn.bootstrapcdn.com/font-awesome/4.1.0/fonts/fontawesome-webfont.woff?v=4.1.0
                                                                                                                https://city-of-goodyear.webnode.page/Get hashmaliciousUnknownBrowse
                                                                                                                • maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap-theme.min.css
                                                                                                                http://Voyages.CNTraveler.comGet hashmaliciousUnknownBrowse
                                                                                                                • maxcdn.bootstrapcdn.com/font-awesome/4.3.0/fonts/fontawesome-webfont.woff2?v=4.3.0
                                                                                                                http://185.67.82.114Get hashmaliciousUnknownBrowse
                                                                                                                • maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js
                                                                                                                SecuriteInfo.com.Exploit.Siggen3.17149.4489.xlsGet hashmaliciousUnknownBrowse
                                                                                                                • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                SecuriteInfo.com.Exploit.Siggen3.17149.3543.xlsGet hashmaliciousUnknownBrowse
                                                                                                                • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                SecuriteInfo.com.Exploit.Siggen3.17149.3543.xlsGet hashmaliciousUnknownBrowse
                                                                                                                • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                SecuriteInfo.com.Exploit.Siggen3.17149.24514.xlsGet hashmaliciousUnknownBrowse
                                                                                                                • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                SecuriteInfo.com.Exploit.Siggen3.17149.12724.xlsGet hashmaliciousUnknownBrowse
                                                                                                                • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                SecuriteInfo.com.Exploit.Siggen3.17149.8245.xlsGet hashmaliciousUnknownBrowse
                                                                                                                • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                104.17.25.14http://tvchd.comGet hashmaliciousUnknownBrowse
                                                                                                                • cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2

                                                                                                                Domains

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                cdnjs.cloudflare.comhttps://newsletter-editor.poweredbyintegra.dk/?NewsLetterTracker=true&bio=holstebrony&newsletter_ID=1&Text=Eget%20billede%20(ingen%20mellemrum)&Code=106&utcmabite=f9d0de3f-59af-46e8-b932-e8ab5db62f67&biocode=holstebrony&RedirectUrl=artisanglobaltour.com/fcrfr6/505388/bXRvcnJlc0B3YXRlcndvcmtzLmNvbQ==Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                • 104.17.24.14
                                                                                                                https://colegiojuancalvino.com/cloud/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 104.17.24.14
                                                                                                                https://newsletter-editor.poweredbyintegra.dk/?NewsLetterTracker=true&bio=holstebrony&newsletter_ID=1&Text=Eget%20billede%20(ingen%20mellemrum)&Code=106&utcmabite=f9d0de3f-59af-46e8-b932-e8ab5db62f67&biocode=holstebrony&RedirectUrl=artisanglobaltour.com/fcrfr6/505388/bXRvcnJlc0B3YXRlcndvcmtzLmNvbQ==Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                • 104.17.25.14
                                                                                                                https://hbNVEb4OA8z1FhMfKL0z.ateeoky.es/O3GHNsy/Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                • 104.17.24.14
                                                                                                                https://bit.ly/3WzcrWSGet hashmaliciousUnknownBrowse
                                                                                                                • 104.17.25.14
                                                                                                                https://bit.ly/3WzcrWSGet hashmaliciousUnknownBrowse
                                                                                                                • 104.17.25.14
                                                                                                                Re 2025 Seniors Roundtable - Friday June 6.msgGet hashmaliciousUnknownBrowse
                                                                                                                • 104.17.24.14
                                                                                                                http://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=qBF6XnWMPE-Egl3Cny39jo0zZ5NLG05MuWSz_MgG_0NUNFBQNkdZVVBaWklNREQ4UE00WE9DTlFRVC4uGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                • 104.17.24.14
                                                                                                                https://pkmn-hoenn.boards.netGet hashmaliciousUnknownBrowse
                                                                                                                • 104.17.24.14
                                                                                                                https://cemiteriosaojose.com.br/%20%20%20%20%201/Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                • 104.17.24.14
                                                                                                                maxcdn.bootstrapcdn.comhttps://colegiojuancalvino.com/cloud/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 104.18.11.207
                                                                                                                https://pkmn-hoenn.boards.netGet hashmaliciousUnknownBrowse
                                                                                                                • 104.18.11.207
                                                                                                                https://gertyuirjwrethgogyuoihgeruijrgyu3ewtyuiwejruio.pages.dev/?e=ahazen@kitchentuneup.com&rtyeuGet hashmaliciousUnknownBrowse
                                                                                                                • 104.18.10.207
                                                                                                                https://monitor.clickcease.com/tracker/tracker.aspx?id=s88HWTUdrGJXaT&kw=pest%20control%20houston&nw=g&url=https://ujryrhdkdokmxq.metrogeriatric.it.com/AXs16/?e=nas@nancyspector.netGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 104.18.10.207
                                                                                                                https://su9er-we11ness923049.tonnement.de/pdHye/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 104.18.10.207
                                                                                                                https://link.edgepilot.com/s/4de0ca18/-2R67XoxwUSezyldgoyevA?u=https://m2nbhggdfyeitg4g6jd5aj9g967bfkshskshsgs45576235.sharefile.com/public/share/web-s447bd7763d384acdb1f2bea2276285a6&c=E,1,W04V-xRNJCEo79VxpFS9PRrcxlmJZQP-DL70RYquF0NWY0s9x0dqRxfTA7AHfMEn01fGxbKyg1XpOvF69uqjBCEwM6UEIgSd-2VDt3EHuU0T0g,,&typo=1Get hashmaliciousUnknownBrowse
                                                                                                                • 104.18.10.207
                                                                                                                e-document.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 104.18.11.207
                                                                                                                https://imaginary-band-thumb.glitch.me/#couture.yvan@outlook.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 104.18.11.207
                                                                                                                https://atc-secure.com/wetran/wetran.html#gupi@gupek.plGet hashmaliciousUnknownBrowse
                                                                                                                • 104.18.11.207
                                                                                                                https://kolibantang.sn/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 104.18.11.207

                                                                                                                ASNs

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                CLOUDFLARENETUS250427-ryd2tassex.bin.exeGet hashmaliciousAmadey, Credential Flusher, Healer AV Disabler, LummaC StealerBrowse
                                                                                                                • 104.21.85.126
                                                                                                                250427-rzwcgsvn14.bin.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                • 172.67.155.125
                                                                                                                250427-p7bxps1sgx.bin.exeGet hashmaliciousAmadey, Credential Flusher, Healer AV Disabler, LummaC StealerBrowse
                                                                                                                • 104.21.85.126
                                                                                                                250427-p5qcba1sdw.bin.exeGet hashmaliciousAmadey, Credential Flusher, Healer AV Disabler, JasonRAT, LummaC StealerBrowse
                                                                                                                • 172.67.205.184
                                                                                                                random.exeGet hashmaliciousAmadey, Credential Flusher, GhostRat, Healer AV Disabler, LummaC StealerBrowse
                                                                                                                • 172.67.205.184
                                                                                                                random.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                • 162.159.200.1
                                                                                                                random.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                • 104.21.85.126
                                                                                                                random.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                • 172.67.205.184
                                                                                                                random.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                • 172.67.212.67
                                                                                                                random.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                • 162.159.200.123
                                                                                                                CLOUDFLARENETUS250427-ryd2tassex.bin.exeGet hashmaliciousAmadey, Credential Flusher, Healer AV Disabler, LummaC StealerBrowse
                                                                                                                • 104.21.85.126
                                                                                                                250427-rzwcgsvn14.bin.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                • 172.67.155.125
                                                                                                                250427-p7bxps1sgx.bin.exeGet hashmaliciousAmadey, Credential Flusher, Healer AV Disabler, LummaC StealerBrowse
                                                                                                                • 104.21.85.126
                                                                                                                250427-p5qcba1sdw.bin.exeGet hashmaliciousAmadey, Credential Flusher, Healer AV Disabler, JasonRAT, LummaC StealerBrowse
                                                                                                                • 172.67.205.184
                                                                                                                random.exeGet hashmaliciousAmadey, Credential Flusher, GhostRat, Healer AV Disabler, LummaC StealerBrowse
                                                                                                                • 172.67.205.184
                                                                                                                random.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                • 162.159.200.1
                                                                                                                random.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                • 104.21.85.126
                                                                                                                random.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                • 172.67.205.184
                                                                                                                random.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                • 172.67.212.67
                                                                                                                random.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                • 162.159.200.123

                                                                                                                JA3 Fingerprints

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                37f463bf4616ecd445d4a1937da06e19checking.htaGet hashmaliciousPureCrypter, Mimikatz, PowerSploit, XmrigBrowse
                                                                                                                • 104.18.11.207
                                                                                                                • 104.17.25.14
                                                                                                                random.exeGet hashmaliciousCryptOneBrowse
                                                                                                                • 104.18.11.207
                                                                                                                • 104.17.25.14
                                                                                                                random.exeGet hashmaliciousAmadey, CryptOne, LummaC StealerBrowse
                                                                                                                • 104.18.11.207
                                                                                                                • 104.17.25.14
                                                                                                                random.exeGet hashmaliciousCryptOneBrowse
                                                                                                                • 104.18.11.207
                                                                                                                • 104.17.25.14
                                                                                                                random.exeGet hashmaliciousCryptOneBrowse
                                                                                                                • 104.18.11.207
                                                                                                                • 104.17.25.14
                                                                                                                random.exeGet hashmaliciousAmadey, LummaC Stealer, Quasar, RedLine, Vidar, XmrigBrowse
                                                                                                                • 104.18.11.207
                                                                                                                • 104.17.25.14
                                                                                                                random.exeGet hashmaliciousCryptOneBrowse
                                                                                                                • 104.18.11.207
                                                                                                                • 104.17.25.14
                                                                                                                random.exeGet hashmaliciousCryptOneBrowse
                                                                                                                • 104.18.11.207
                                                                                                                • 104.17.25.14
                                                                                                                random.exeGet hashmaliciousCryptOneBrowse
                                                                                                                • 104.18.11.207
                                                                                                                • 104.17.25.14
                                                                                                                Ro4bYKEVnD.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 104.18.11.207
                                                                                                                • 104.17.25.14

                                                                                                                Dropped Files

                                                                                                                No context

                                                                                                                Created / dropped Files

                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\js[1].js

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\mshta.exe
                                                                                                                File Type:ASCII text, with very long lines (5436)
                                                                                                                Category:dropped
                                                                                                                Size (bytes):271323
                                                                                                                Entropy (8bit):5.575903590276976
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3072:oq2drV9tD1DN3FlUWg0fqnaGdV35Gk5+FioUJoqunfVyeD0/NPg7zFc:j2vp53FlU+0aAPYFFlnfn0/NPg7u
                                                                                                                MD5:FAC7A562561B62A226072EAAC73B0B2B
                                                                                                                SHA1:CAD922DAAC9B5CBD00EAC5B770112AC154E47ACE
                                                                                                                SHA-256:DECE29E95F4E97A6F8A1B4360D3371D28A18B93F068647FE29AB52B29B5EB6D9
                                                                                                                SHA-512:E4164CEA376FBC452D67FED9022C8DB3E2B8B4F3D7A2C79A167C108F3B69B8BE00EA7161D94FB8DF7095F367EE63D37180ECAC60D3701841468407FD8BB9B42D
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_1p_data_v2","priority":2,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_autoEmailEnabled":true,"vtp_autoPhoneEnabled":false,"vtp_autoAddressEnabled":false,"vtp_isAutoCollectPiiEnabledFlag":false,"tag_id":6},{"function":"__ccd_ga_first","priority":1,"vtp_instanceDestinationId":"UA-26575989-44","tag_id":9},{"function":"__rep","vtp_containerId":"UA-26575989-44","vtp_remoteConfig":["map"],"tag_id":1},{"function":"__zone","vtp_childContainers":["list",["map","publicId","G-S4HMJ5EXYY"]],"vtp_inheritParentConfig":true,"vtp_enableConfiguration":false,"tag_id":3},{"function":"__ccd_ga_last","priority":0,"vtp_instanceDestinationId":"UA-26575989-44","tag_id":8}],. "predicates":[{"function":"_eq","arg0":["macro",0],"arg1":"gtm.js"},{"function":

                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\all.min[1].css

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\mshta.exe
                                                                                                                File Type:ASCII text, with very long lines (59158)
                                                                                                                Category:dropped
                                                                                                                Size (bytes):59344
                                                                                                                Entropy (8bit):4.717040228413791
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:0Eh31IPiyXNq4YxBowbgJlkwF//zMQyYJYX9Bft6VSzl:0E0PxXE4YXJgndFTfy9lt5B
                                                                                                                MD5:74BAB4578692993514E7F882CC15C218
                                                                                                                SHA1:B6293BCFD851F963EDBE859498570C4C0C7EAAE4
                                                                                                                SHA-256:D87DDF917B7A1449AB45E2B8E3C98354629BDD65B6659C37E6023BBEA1CE1386
                                                                                                                SHA-512:8810579BC7D6F74FA7B8B7122A56E6ACF70B6B4393F76C4ED4122C67ECB00D6642BEAB1681C715DE0168441BF4CFEF1D2C9832007221477E5565CDA833F808D7
                                                                                                                Malicious:false
                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                Preview:/*!. * Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */..fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pu

                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\bootstrap.min[1].css

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\mshta.exe
                                                                                                                File Type:ASCII text, with very long lines (65371)
                                                                                                                Category:dropped
                                                                                                                Size (bytes):121200
                                                                                                                Entropy (8bit):5.0982146191887106
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:Vy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1FS:nw/a1fIuiHlq5mN8lDbNmPbh
                                                                                                                MD5:EC3BB52A00E176A7181D454DFFAEA219
                                                                                                                SHA1:6527D8BF3E1E9368BAB8C7B60F56BC01FA3AFD68
                                                                                                                SHA-256:F75E846CC83BD11432F4B1E21A45F31BC85283D11D372F7B19ACCD1BF6A2635C
                                                                                                                SHA-512:E8C5DAF01EAE68ED7C1E277A6E544C7AD108A0FA877FB531D6D9F2210769B7DA88E4E002C7B0BE3B72154EBF7CBF01A795C8342CE2DAD368BD6351E956195F8B
                                                                                                                Malicious:false
                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                Preview:/*!. * Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr

                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\bootstrap.min[1].js

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\mshta.exe
                                                                                                                File Type:ASCII text, with very long lines (32033)
                                                                                                                Category:dropped
                                                                                                                Size (bytes):37045
                                                                                                                Entropy (8bit):5.174934618594778
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:o2rGy27UwlNqMl95qNmCFejhqs8snmi+CSFXfbx8Gf3Zq7Q:Jg73zhq0GvbJ3ZKQ
                                                                                                                MD5:5869C96CC8F19086AEE625D670D741F9
                                                                                                                SHA1:430A443D74830FE9BE26EFCA431F448C1B3740F9
                                                                                                                SHA-256:53964478A7C634E8DAD34ECC303DD8048D00DCE4993906DE1BACF67F663486EF
                                                                                                                SHA-512:8B3B64A1BB2F9E329F02D4CD7479065630184EBAED942EE61A9FF9E1CE34C28C0EECB854458977815CF3704A8697FA8A5D096D2761F032B74B70D51DA3E37F45
                                                                                                                Malicious:false
                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                Preview:/*!. * Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under the MIT license. */.if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(a){"use strict";var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9||1==b[0]&&9==b[1]&&b[2]<1||b[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one("bsTransitionEnd",function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.

                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\jquery.min[1].js

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\mshta.exe
                                                                                                                File Type:ASCII text, with very long lines (32058)
                                                                                                                Category:dropped
                                                                                                                Size (bytes):86659
                                                                                                                Entropy (8bit):5.36781915816204
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:YNhEyjjTikEJO4edXXe9J578go6MWX2xkj8e4c4j2ll2AckaXEP6n15HZ+FhFcQ7:uxc2yjx4j2uX/kcQDU8Cu9
                                                                                                                MD5:C9F5AEECA3AD37BF2AA006139B935F0A
                                                                                                                SHA1:1055018C28AB41087EF9CCEFE411606893DABEA2
                                                                                                                SHA-256:87083882CC6015984EB0411A99D3981817F5DC5C90BA24F0940420C5548D82DE
                                                                                                                SHA-512:DCFF2B5C2B8625D3593A7531FF4DDCD633939CC9F7ACFEB79C18A9E6038FDAA99487960075502F159D44F902D965B0B5AED32B41BFA66A1DC07D85B5D5152B58
                                                                                                                Malicious:false
                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                Preview:/*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var

                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\css[1].css

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\mshta.exe
                                                                                                                File Type:ASCII text
                                                                                                                Category:dropped
                                                                                                                Size (bytes):244
                                                                                                                Entropy (8bit):5.427168608743296
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:0IFFm15+56ZRWHMVgjWizlpdUD4uFl8vpAnf0RHC:jFMO6ZRoMYW6pSZE6nf0Ri
                                                                                                                MD5:8DB3128B8209F0CCB0E21630C31276C2
                                                                                                                SHA1:B56991C7DDE7678C4430391BBECFEC5E829786CA
                                                                                                                SHA-256:CF7C74B7D584CFC4457784AA26A4579663F0DA26DC13322A16B6B758FC5D61B2
                                                                                                                SHA-512:7C5E4347F93F26618C2CCA12951E734BB3AD1178FE7F0F8CC8F791D9C8FB144EC273F42546F2ED32B3598D69409CB29479977E1499960E8D40905195AC6117E9
                                                                                                                Malicious:false
                                                                                                                Preview:@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: normal;. src: url(https://fonts.gstatic.com/l/font?kit=memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0C4m&skey=62c1cbfccc78b4b2&v=v40);.}.

                                                                                                                Static File Info

                                                                                                                General

                                                                                                                File type:HTML document, ASCII text, with very long lines (9973), with no line terminators
                                                                                                                Entropy (8bit):5.442273900773002
                                                                                                                TrID:
                                                                                                                  File name:output.hta
                                                                                                                  File size:9'973 bytes
                                                                                                                  MD5:858f5f1e4a61a614e49cc7c422d7b7f0
                                                                                                                  SHA1:c90688b0139f8a57b048e4799b7edc4cb09870f1
                                                                                                                  SHA256:6d401c709dd2a40e41f124164168f994dc9996a68025bda2df2f224ccab1908a
                                                                                                                  SHA512:b2fcb93e619c0968156c1a2cb2ff2c266502d6495bcba5c983c075964a23290ea8d024f777093b721a13c8c751e45ea248d9ecc990d43ec83d5ee7e3d53a755e
                                                                                                                  SSDEEP:192:IRnQ3wfdxD5ubdHKhWicNbktrrNXNSRq2JkPOJkxgmlbdIxbq:aQ3wVxDQK0N4XNSRq2GPOJkxgmhdIxbq
                                                                                                                  TLSH:3322E9635610703F71674DCB30C7364C7066904BE8A74C56EA756B98CEE099BAA2EF4C
                                                                                                                  File Content Preview:<!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device

                                                                                                                  Network Behavior

                                                                                                                  Download Network PCAP: filteredfull

                                                                                                                  Network Port Distribution

                                                                                                                  • Total Packets: 161
                                                                                                                  • 443 (HTTPS)
                                                                                                                  • 53 (DNS)
                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Apr 27, 2025 16:59:14.789036036 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:14.789067984 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:14.789175987 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:14.789623022 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:14.789663076 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:14.789719105 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:14.796612978 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:14.796623945 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:14.796705961 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:14.819051981 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:14.819065094 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:14.819184065 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:14.819199085 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:14.819726944 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:14.819736958 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.111747026 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.111759901 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.111768961 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.111852884 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.111855030 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.114242077 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.182523012 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.182544947 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.183064938 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.183156013 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.183701992 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.183717966 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.183773994 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.183784008 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.184003115 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.184021950 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.184056044 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.184077024 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.185110092 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.185386896 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.185504913 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.228272915 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.228281021 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.232270956 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.437490940 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.437526941 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.437561035 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.437572002 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.437581062 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.437609911 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.437612057 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.437624931 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.437659025 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.437671900 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.437839985 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.437892914 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.437899113 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.437939882 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.437947035 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.437988043 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.438101053 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.438143015 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.438148022 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.438169956 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.438179970 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.438189983 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.438199997 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.438208103 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.438211918 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.438216925 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.438222885 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.438226938 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.438261032 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.438267946 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.438271046 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.438277006 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.438294888 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.438301086 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.438333988 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.438338041 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.438441038 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.438673973 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.438720942 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.438734055 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.438741922 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.438769102 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.438796997 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.439261913 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439308882 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439322948 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.439332008 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439335108 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439363003 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.439395905 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.439399958 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.439444065 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439527988 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.439559937 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439636946 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.439716101 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439768076 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.439793110 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439841986 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.439846992 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439856052 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439867020 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439888954 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.439913034 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439918995 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.439919949 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439925909 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439932108 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.439939022 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439953089 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439955950 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.439971924 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.439973116 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439985991 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.439991951 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.439996958 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.440001011 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.440002918 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.440018892 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.440038919 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.440053940 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.440071106 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.440078020 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.440090895 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.440125942 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.440129995 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.440181971 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.440642118 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.440699100 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.440706015 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.440730095 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.440747023 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.440752029 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.440763950 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.440778971 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.440803051 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.440825939 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.440843105 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.440850973 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.440881968 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.440911055 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.440913916 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.440954924 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441207886 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441262007 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441262960 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441272974 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441302061 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441313982 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441325903 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441329956 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441355944 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441375971 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441379070 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441418886 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441422939 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441469908 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.441482067 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441518068 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441523075 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441525936 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.441533089 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441565037 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441565990 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.441591978 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441617012 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.441627979 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441628933 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441638947 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441665888 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441694021 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441699028 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441744089 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441746950 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441756964 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441792011 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441796064 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441817999 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441817999 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441817999 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441824913 CEST44349688104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.441844940 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.441878080 CEST49688443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.442150116 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.442203999 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.442209959 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.442245007 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.442245960 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.442250013 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.442296982 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.442296982 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.442303896 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.442338943 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.442348957 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.442354918 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.442384958 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.442454100 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.442903042 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.442953110 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.442960978 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.442965984 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.442996979 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.443034887 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.443038940 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.443047047 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.443083048 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.443092108 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.443110943 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.443115950 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.443121910 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.443149090 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.443170071 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.443733931 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.443785906 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.443789959 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.443810940 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.443824053 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.443835974 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.443840981 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.443855047 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.443857908 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.443865061 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.443881035 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.443909883 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.444693089 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.444694996 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.444762945 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.444785118 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.444786072 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.444792032 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.444801092 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.444802046 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.444809914 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.444817066 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.444832087 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.444886923 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.444886923 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.445267916 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.445319891 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.445368052 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.445414066 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.445417881 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.445456028 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.445461988 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.445499897 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.446010113 CEST49690443192.168.2.5104.17.25.14
                                                                                                                  Apr 27, 2025 16:59:15.446022034 CEST44349690104.17.25.14192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.446053982 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.446095943 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.446099997 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.446130991 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.446139097 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.446144104 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.446168900 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.446192980 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.447000027 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.447046041 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.447050095 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.447073936 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.447099924 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.447107077 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.447129965 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.447154045 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.447649002 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.447701931 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.447705984 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.447737932 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.447751045 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.447756052 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.447778940 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.447798014 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.448402882 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.448455095 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.448460102 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.448510885 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.449215889 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.449275017 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.581392050 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.581454039 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.581464052 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.581511021 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.581967115 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.582042933 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.582056046 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.582114935 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.582751989 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.582813025 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.583549976 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.583595991 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.584059000 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.584115982 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.584541082 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.584594965 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.585253954 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.585285902 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.585309982 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.585315943 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.585338116 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.585364103 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.586083889 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.586139917 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.587366104 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.587414980 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.587811947 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.587872028 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.588531017 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.588661909 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.589093924 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.589128971 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.589165926 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.589170933 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.589195013 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.589209080 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.589217901 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.589235067 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:15.589260101 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.589270115 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.589411974 CEST49687443192.168.2.5104.18.11.207
                                                                                                                  Apr 27, 2025 16:59:15.589421988 CEST44349687104.18.11.207192.168.2.5
                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Apr 27, 2025 16:59:14.640487909 CEST5376953192.168.2.51.1.1.1
                                                                                                                  Apr 27, 2025 16:59:14.641050100 CEST6490053192.168.2.51.1.1.1
                                                                                                                  Apr 27, 2025 16:59:14.781131029 CEST53537691.1.1.1192.168.2.5
                                                                                                                  Apr 27, 2025 16:59:14.794897079 CEST53649001.1.1.1192.168.2.5

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                  Apr 27, 2025 16:59:14.640487909 CEST192.168.2.51.1.1.10xb058Standard query (0)maxcdn.bootstrapcdn.comA (IP address)IN (0x0001)false
                                                                                                                  Apr 27, 2025 16:59:14.641050100 CEST192.168.2.51.1.1.10x50e7Standard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)false

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                  Apr 27, 2025 16:59:14.781131029 CEST1.1.1.1192.168.2.50xb058No error (0)maxcdn.bootstrapcdn.com104.18.11.207A (IP address)IN (0x0001)false
                                                                                                                  Apr 27, 2025 16:59:14.781131029 CEST1.1.1.1192.168.2.50xb058No error (0)maxcdn.bootstrapcdn.com104.18.10.207A (IP address)IN (0x0001)false
                                                                                                                  Apr 27, 2025 16:59:14.794897079 CEST1.1.1.1192.168.2.50x50e7No error (0)cdnjs.cloudflare.com104.17.25.14A (IP address)IN (0x0001)false
                                                                                                                  Apr 27, 2025 16:59:14.794897079 CEST1.1.1.1192.168.2.50x50e7No error (0)cdnjs.cloudflare.com104.17.24.14A (IP address)IN (0x0001)false

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • cdnjs.cloudflare.com
                                                                                                                  • maxcdn.bootstrapcdn.com

                                                                                                                  HTTPS Proxied Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.549690104.17.25.144437904C:\Windows\SysWOW64\mshta.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-27 14:59:15 UTC349OUTGET /ajax/libs/font-awesome/5.15.3/css/all.min.css HTTP/1.1
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-CH
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                  Host: cdnjs.cloudflare.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-04-27 14:59:15 UTC938INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Apr 2025 14:59:15 GMT
                                                                                                                  Content-Type: text/css; charset=utf-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Server: cloudflare
                                                                                                                  Strict-Transport-Security: max-age=15780000
                                                                                                                  Cf-Ray: 936f2ec4f873b829-PHX
                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                  Cache-Control: public, max-age=30672000
                                                                                                                  Etag: W/"6599bda5-317b"
                                                                                                                  Last-Modified: Sat, 06 Jan 2024 21:52:53 GMT
                                                                                                                  Cf-Cdnjs-Via: cfworker/kv
                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                  Timing-Allow-Origin: *
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  Cf-Cache-Status: HIT
                                                                                                                  Age: 254011
                                                                                                                  Expires: Fri, 17 Apr 2026 14:59:15 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qRWSvzoruzZZzhU2ALUiD5USOXjfGjhAyL9n5RebHfEJUgMFBpPXvUCx8d0YbwTsZmFj4M3P77Rq7BAv7PYsWc5JxWoOwJUuaFu1Qv73va9oJrBioZbFttpJJB7B20qdOogJTq2Z"}],"group":"cf-nel","max_age":604800}
                                                                                                                  Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  2025-04-27 14:59:15 UTC431INData Raw: 31 66 66 61 0d 0a 2f 2a 21 0a 20 2a 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 46 72 65 65 20 35 2e 31 35 2e 33 20 62 79 20 40 66 6f 6e 74 61 77 65 73 6f 6d 65 20 2d 20 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 63 6f 6d 0a 20 2a 20 4c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 63 6f 6d 2f 6c 69 63 65 6e 73 65 2f 66 72 65 65 20 28 49 63 6f 6e 73 3a 20 43 43 20 42 59 20 34 2e 30 2c 20 46 6f 6e 74 73 3a 20 53 49 4c 20 4f 46 4c 20 31 2e 31 2c 20 43 6f 64 65 3a 20 4d 49 54 20 4c 69 63 65 6e 73 65 29 0a 20 2a 2f 0a 2e 66 61 2c 2e 66 61 62 2c 2e 66 61 64 2c 2e 66 61 6c 2c 2e 66 61 72 2c 2e 66 61 73 7b 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 67 72 61 79 73 63 61 6c 65 3b
                                                                                                                  Data Ascii: 1ffa/*! * Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) */.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 2d 2e 30 36 36 37 65 6d 7d 2e 66 61 2d 78 73 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 35 65 6d 7d 2e 66 61 2d 73 6d 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 37 35 65 6d 7d 2e 66 61 2d 31 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 2e 66 61 2d 32 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 65 6d 7d 2e 66 61 2d 33 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 65 6d 7d 2e 66 61 2d 34 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 65 6d 7d 2e 66 61 2d 35 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 35 65 6d 7d 2e 66 61 2d 36 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 36 65 6d 7d 2e 66 61 2d 37 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 37 65 6d 7d 2e 66 61 2d 38 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 38 65 6d 7d 2e 66 61 2d 39 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 39 65
                                                                                                                  Data Ascii: tical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9e
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 69 63 49 6d 61 67 65 28 72 6f 74 61 74 69 6f 6e 3d 31 29 22 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 39 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 39 30 64 65 67 29 7d 2e 66 61 2d 72 6f 74 61 74 65 2d 31 38 30 7b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 61 73 69 63 49 6d 61 67 65 28 72 6f 74 61 74 69 6f 6e 3d 32 29 22 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 38 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 38 30 64 65 67 29 7d 2e 66 61 2d 72 6f 74 61 74 65 2d 32 37 30 7b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44
                                                                                                                  Data Ascii: icImage(rotation=1)";-webkit-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";-webkit-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"progid:D
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 3a 22 5c 66 33 36 39 22 7d 2e 66 61 2d 61 63 71 75 69 73 69 74 69 6f 6e 73 2d 69 6e 63 6f 72 70 6f 72 61 74 65 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 36 61 66 22 7d 2e 66 61 2d 61 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 36 34 31 22 7d 2e 66 61 2d 61 64 64 72 65 73 73 2d 62 6f 6f 6b 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 62 39 22 7d 2e 66 61 2d 61 64 64 72 65 73 73 2d 63 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 62 62 22 7d 2e 66 61 2d 61 64 6a 75 73 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 32 22 7d 2e 66 61 2d 61 64 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 37 30 22 7d 2e 66 61 2d 61 64 76 65 72 73 61 6c 3a 62 65 66 6f 72
                                                                                                                  Data Ascii: :"\f369"}.fa-acquisitions-incorporated:before{content:"\f6af"}.fa-ad:before{content:"\f641"}.fa-address-book:before{content:"\f2b9"}.fa-address-card:before{content:"\f2bb"}.fa-adjust:before{content:"\f042"}.fa-adn:before{content:"\f170"}.fa-adversal:befor
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 7d 2e 66 61 2d 61 6e 67 75 6c 61 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 32 30 22 7d 2e 66 61 2d 61 6e 6b 68 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 36 34 34 22 7d 2e 66 61 2d 61 70 70 2d 73 74 6f 72 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 36 66 22 7d 2e 66 61 2d 61 70 70 2d 73 74 6f 72 65 2d 69 6f 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 37 30 22 7d 2e 66 61 2d 61 70 70 65 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 37 31 22 7d 2e 66 61 2d 61 70 70 6c 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 37 39 22 7d 2e 66 61 2d 61 70 70 6c 65 2d 61 6c 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 64 31 22 7d 2e 66 61 2d 61 70
                                                                                                                  Data Ascii: }.fa-angular:before{content:"\f420"}.fa-ankh:before{content:"\f644"}.fa-app-store:before{content:"\f36f"}.fa-app-store-ios:before{content:"\f370"}.fa-apper:before{content:"\f371"}.fa-apple:before{content:"\f179"}.fa-apple-alt:before{content:"\f5d1"}.fa-ap
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 3a 22 5c 66 32 39 65 22 7d 2e 66 61 2d 61 75 74 6f 70 72 65 66 69 78 65 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 31 63 22 7d 2e 66 61 2d 61 76 69 61 6e 65 78 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 37 34 22 7d 2e 66 61 2d 61 76 69 61 74 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 32 31 22 7d 2e 66 61 2d 61 77 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 35 39 22 7d 2e 66 61 2d 61 77 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 37 35 22 7d 2e 66 61 2d 62 61 62 79 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 37 37 63 22 7d 2e 66 61 2d 62 61 62 79 2d 63 61 72 72 69 61 67 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 37 37 64 22 7d
                                                                                                                  Data Ascii: :"\f29e"}.fa-autoprefixer:before{content:"\f41c"}.fa-avianex:before{content:"\f374"}.fa-aviato:before{content:"\f421"}.fa-award:before{content:"\f559"}.fa-aws:before{content:"\f375"}.fa-baby:before{content:"\f77c"}.fa-baby-carriage:before{content:"\f77d"}
                                                                                                                  2025-04-27 14:59:15 UTC918INData Raw: 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 35 62 22 7d 2e 66 61 2d 62 69 62 6c 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 36 34 37 22 7d 2e 66 61 2d 62 69 63 79 63 6c 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 30 36 22 7d 2e 66 61 2d 62 69 6b 69 6e 67 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 38 34 61 22 7d 2e 66 61 2d 62 69 6d 6f 62 6a 65 63 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 33 37 38 22 7d 2e 66 61 2d 62 69 6e 6f 63 75 6c 61 72 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 65 35 22 7d 2e 66 61 2d 62 69 6f 68 61 7a 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 37 38 30 22 7d 2e 66 61 2d 62 69 72 74 68 64 61 79 2d 63 61 6b 65 3a 62 65 66
                                                                                                                  Data Ascii: ore{content:"\f55b"}.fa-bible:before{content:"\f647"}.fa-bicycle:before{content:"\f206"}.fa-biking:before{content:"\f84a"}.fa-bimobject:before{content:"\f378"}.fa-binoculars:before{content:"\f1e5"}.fa-biohazard:before{content:"\f780"}.fa-birthday-cake:bef
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 37 66 66 32 0d 0a 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 64 22 7d 2e 66 61 2d 62 6f 6f 6b 2d 64 65 61 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 36 62 37 22 7d 2e 66 61 2d 62 6f 6f 6b 2d 6d 65 64 69 63 61 6c 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 37 65 36 22 7d 2e 66 61 2d 62 6f 6f 6b 2d 6f 70 65 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 31 38 22 7d 2e 66 61 2d 62 6f 6f 6b 2d 72 65 61 64 65 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 35 64 61 22 7d 2e 66 61 2d 62 6f 6f 6b 6d 61 72 6b 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 65 22 7d 2e 66 61 2d 62 6f 6f 74 73 74 72 61 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 38 33 36 22 7d 2e 66 61 2d
                                                                                                                  Data Ascii: 7ff2re{content:"\f02d"}.fa-book-dead:before{content:"\f6b7"}.fa-book-medical:before{content:"\f7e6"}.fa-book-open:before{content:"\f518"}.fa-book-reader:before{content:"\f5da"}.fa-bookmark:before{content:"\f02e"}.fa-bootstrap:before{content:"\f836"}.fa-
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 74 65 6e 74 3a 22 5c 66 31 33 33 22 7d 2e 66 61 2d 63 61 6c 65 6e 64 61 72 2d 61 6c 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 37 33 22 7d 2e 66 61 2d 63 61 6c 65 6e 64 61 72 2d 63 68 65 63 6b 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 37 34 22 7d 2e 66 61 2d 63 61 6c 65 6e 64 61 72 2d 64 61 79 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 37 38 33 22 7d 2e 66 61 2d 63 61 6c 65 6e 64 61 72 2d 6d 69 6e 75 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 37 32 22 7d 2e 66 61 2d 63 61 6c 65 6e 64 61 72 2d 70 6c 75 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 37 31 22 7d 2e 66 61 2d 63 61 6c 65 6e 64 61 72 2d 74 69 6d 65 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66
                                                                                                                  Data Ascii: tent:"\f133"}.fa-calendar-alt:before{content:"\f073"}.fa-calendar-check:before{content:"\f274"}.fa-calendar-day:before{content:"\f783"}.fa-calendar-minus:before{content:"\f272"}.fa-calendar-plus:before{content:"\f271"}.fa-calendar-times:before{content:"\f
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 66 31 66 33 22 7d 2e 66 61 2d 63 63 2d 61 70 70 6c 65 2d 70 61 79 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 34 31 36 22 7d 2e 66 61 2d 63 63 2d 64 69 6e 65 72 73 2d 63 6c 75 62 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 34 63 22 7d 2e 66 61 2d 63 63 2d 64 69 73 63 6f 76 65 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 66 32 22 7d 2e 66 61 2d 63 63 2d 6a 63 62 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 32 34 62 22 7d 2e 66 61 2d 63 63 2d 6d 61 73 74 65 72 63 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 66 31 22 7d 2e 66 61 2d 63 63 2d 70 61 79 70 61 6c 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 66 34 22 7d 2e 66 61 2d 63 63 2d 73 74 72 69 70 65 3a 62 65
                                                                                                                  Data Ascii: f1f3"}.fa-cc-apple-pay:before{content:"\f416"}.fa-cc-diners-club:before{content:"\f24c"}.fa-cc-discover:before{content:"\f1f2"}.fa-cc-jcb:before{content:"\f24b"}.fa-cc-mastercard:before{content:"\f1f1"}.fa-cc-paypal:before{content:"\f1f4"}.fa-cc-stripe:be


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.549688104.18.11.2074437904C:\Windows\SysWOW64\mshta.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-27 14:59:15 UTC342OUTGET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-CH
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                  Host: maxcdn.bootstrapcdn.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-04-27 14:59:15 UTC966INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Apr 2025 14:59:15 GMT
                                                                                                                  Content-Type: application/javascript; charset=utf-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  CDN-PullZone: 252412
                                                                                                                  CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
                                                                                                                  CDN-RequestCountryCode: US
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                  Cache-Control: public, max-age=31919000
                                                                                                                  ETag: W/"5869c96cc8f19086aee625d670d741f9"
                                                                                                                  Last-Modified: Mon, 25 Jan 2021 22:04:00 GMT
                                                                                                                  CDN-CachedAt: 12/03/2024 10:29:50
                                                                                                                  CDN-ProxyVer: 1.06
                                                                                                                  CDN-RequestPullCode: 200
                                                                                                                  CDN-RequestPullSuccess: True
                                                                                                                  CDN-EdgeStorageId: 1109
                                                                                                                  timing-allow-origin: *
                                                                                                                  cross-origin-resource-policy: cross-origin
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  CDN-Status: 200
                                                                                                                  CDN-RequestTime: 1
                                                                                                                  CDN-RequestId: c6cc4ed1575cab1cdc1b34d77a4da535
                                                                                                                  CDN-Cache: HIT
                                                                                                                  CF-Cache-Status: HIT
                                                                                                                  Age: 880699
                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 936f2ec4ffb5c4c4-PHX
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  2025-04-27 14:59:15 UTC403INData Raw: 37 62 65 62 0d 0a 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 33 2e 33 2e 37 20 28 68 74 74 70 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 36 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 6c 69 63 65 6e 73 65 0a 20 2a 2f 0a 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 6a 51 75 65 72 79 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 42 6f 6f 74 73 74 72 61 70 27 73 20 4a 61 76 61 53 63 72 69 70 74 20 72 65 71 75 69 72 65 73 20 6a 51 75 65 72 79 22 29 3b 2b 66 75 6e 63 74 69 6f 6e 28 61 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 62 3d 61 2e 66 6e
                                                                                                                  Data Ascii: 7beb/*! * Bootstrap v3.3.7 (http://getbootstrap.com) * Copyright 2011-2016 Twitter, Inc. * Licensed under the MIT license */if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(a){"use strict";var b=a.fn
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 20 31 2e 39 2e 31 20 6f 72 20 68 69 67 68 65 72 2c 20 62 75 74 20 6c 6f 77 65 72 20 74 68 61 6e 20 76 65 72 73 69 6f 6e 20 34 22 29 7d 28 6a 51 75 65 72 79 29 2c 2b 66 75 6e 63 74 69 6f 6e 28 61 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 62 28 29 7b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 62 6f 6f 74 73 74 72 61 70 22 29 2c 62 3d 7b 57 65 62 6b 69 74 54 72 61 6e 73 69 74 69 6f 6e 3a 22 77 65 62 6b 69 74 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 22 2c 4d 6f 7a 54 72 61 6e 73 69 74 69 6f 6e 3a 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 2c 4f 54 72 61 6e 73 69 74 69 6f 6e 3a 22 6f 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 20 6f 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 2c 74 72 61 6e
                                                                                                                  Data Ascii: 1.9.1 or higher, but lower than version 4")}(jQuery),+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",tran
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 67 67 65 72 28 62 3d 61 2e 45 76 65 6e 74 28 22 63 6c 6f 73 65 2e 62 73 2e 61 6c 65 72 74 22 29 29 2c 62 2e 69 73 44 65 66 61 75 6c 74 50 72 65 76 65 6e 74 65 64 28 29 7c 7c 28 67 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 22 69 6e 22 29 2c 61 2e 73 75 70 70 6f 72 74 2e 74 72 61 6e 73 69 74 69 6f 6e 26 26 67 2e 68 61 73 43 6c 61 73 73 28 22 66 61 64 65 22 29 3f 67 2e 6f 6e 65 28 22 62 73 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 22 2c 63 29 2e 65 6d 75 6c 61 74 65 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 64 2e 54 52 41 4e 53 49 54 49 4f 4e 5f 44 55 52 41 54 49 4f 4e 29 3a 63 28 29 29 7d 3b 76 61 72 20 65 3d 61 2e 66 6e 2e 61 6c 65 72 74 3b 61 2e 66 6e 2e 61 6c 65 72 74 3d 62 2c 61 2e 66 6e 2e 61 6c 65 72 74 2e 43 6f 6e 73 74 72 75 63 74 6f 72 3d 64 2c 61 2e 66
                                                                                                                  Data Ascii: gger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()||(g.removeClass("in"),a.support.transition&&g.hasClass("fade")?g.one("bsTransitionEnd",c).emulateTransitionEnd(d.TRANSITION_DURATION):c())};var e=a.fn.alert;a.fn.alert=b,a.fn.alert.Constructor=d,a.f
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 65 6c 65 6d 65 6e 74 2e 61 64 64 43 6c 61 73 73 28 22 61 63 74 69 76 65 22 29 29 3a 22 63 68 65 63 6b 62 6f 78 22 3d 3d 63 2e 70 72 6f 70 28 22 74 79 70 65 22 29 26 26 28 63 2e 70 72 6f 70 28 22 63 68 65 63 6b 65 64 22 29 21 3d 3d 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 2e 68 61 73 43 6c 61 73 73 28 22 61 63 74 69 76 65 22 29 26 26 28 61 3d 21 31 29 2c 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 2e 74 6f 67 67 6c 65 43 6c 61 73 73 28 22 61 63 74 69 76 65 22 29 29 2c 63 2e 70 72 6f 70 28 22 63 68 65 63 6b 65 64 22 2c 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 2e 68 61 73 43 6c 61 73 73 28 22 61 63 74 69 76 65 22 29 29 2c 61 26 26 63 2e 74 72 69 67 67 65 72 28 22 63 68 61 6e 67 65 22 29 7d 65 6c 73 65 20 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 2e 61 74 74 72 28 22 61
                                                                                                                  Data Ascii: element.addClass("active")):"checkbox"==c.prop("type")&&(c.prop("checked")!==this.$element.hasClass("active")&&(a=!1),this.$element.toggleClass("active")),c.prop("checked",this.$element.hasClass("active")),a&&c.trigger("change")}else this.$element.attr("a
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 6f 70 74 69 6f 6e 73 3d 63 2c 74 68 69 73 2e 70 61 75 73 65 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 6c 69 64 69 6e 67 3d 6e 75 6c 6c 2c 74 68 69 73 2e 69 6e 74 65 72 76 61 6c 3d 6e 75 6c 6c 2c 74 68 69 73 2e 24 61 63 74 69 76 65 3d 6e 75 6c 6c 2c 74 68 69 73 2e 24 69 74 65 6d 73 3d 6e 75 6c 6c 2c 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 6b 65 79 62 6f 61 72 64 26 26 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 2e 6f 6e 28 22 6b 65 79 64 6f 77 6e 2e 62 73 2e 63 61 72 6f 75 73 65 6c 22 2c 61 2e 70 72 6f 78 79 28 74 68 69 73 2e 6b 65 79 64 6f 77 6e 2c 74 68 69 73 29 29 2c 22 68 6f 76 65 72 22 3d 3d 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 70 61 75 73 65 26 26 21 28 22 6f 6e 74 6f 75 63 68 73 74 61 72 74 22 69 6e 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45
                                                                                                                  Data Ascii: options=c,this.paused=null,this.sliding=null,this.interval=null,this.$active=null,this.$items=null,this.options.keyboard&&this.$element.on("keydown.bs.carousel",a.proxy(this.keydown,this)),"hover"==this.options.pause&&!("ontouchstart"in document.documentE
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 69 74 65 6d 73 2e 6c 65 6e 67 74 68 2d 31 7c 7c 61 3c 30 29 29 72 65 74 75 72 6e 20 74 68 69 73 2e 73 6c 69 64 69 6e 67 3f 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 2e 6f 6e 65 28 22 73 6c 69 64 2e 62 73 2e 63 61 72 6f 75 73 65 6c 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 62 2e 74 6f 28 61 29 7d 29 3a 63 3d 3d 61 3f 74 68 69 73 2e 70 61 75 73 65 28 29 2e 63 79 63 6c 65 28 29 3a 74 68 69 73 2e 73 6c 69 64 65 28 61 3e 63 3f 22 6e 65 78 74 22 3a 22 70 72 65 76 22 2c 74 68 69 73 2e 24 69 74 65 6d 73 2e 65 71 28 61 29 29 7d 2c 63 2e 70 72 6f 74 6f 74 79 70 65 2e 70 61 75 73 65 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7c 7c 28 74 68 69 73 2e 70 61 75 73 65 64 3d 21 30 29 2c 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 2e 66 69 6e 64 28 22 2e 6e 65 78
                                                                                                                  Data Ascii: items.length-1||a<0))return this.sliding?this.$element.one("slid.bs.carousel",function(){b.to(a)}):c==a?this.pause().cycle():this.slide(a>c?"next":"prev",this.$items.eq(a))},c.prototype.pause=function(b){return b||(this.paused=!0),this.$element.find(".nex
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 63 74 69 76 65 22 2c 68 5d 2e 6a 6f 69 6e 28 22 20 22 29 29 2c 69 2e 73 6c 69 64 69 6e 67 3d 21 31 2c 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 2e 24 65 6c 65 6d 65 6e 74 2e 74 72 69 67 67 65 72 28 6d 29 7d 2c 30 29 7d 29 2e 65 6d 75 6c 61 74 65 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 63 2e 54 52 41 4e 53 49 54 49 4f 4e 5f 44 55 52 41 54 49 4f 4e 29 29 3a 28 65 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 22 61 63 74 69 76 65 22 29 2c 66 2e 61 64 64 43 6c 61 73 73 28 22 61 63 74 69 76 65 22 29 2c 74 68 69 73 2e 73 6c 69 64 69 6e 67 3d 21 31 2c 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 2e 74 72 69 67 67 65 72 28 6d 29 29 2c 67 26 26 74 68 69 73 2e 63 79 63 6c 65 28 29 2c 74 68 69 73 7d 7d 3b 76 61 72 20 64 3d 61 2e 66 6e 2e 63 61 72 6f
                                                                                                                  Data Ascii: ctive",h].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger(m)},0)}).emulateTransitionEnd(c.TRANSITION_DURATION)):(e.removeClass("active"),f.addClass("active"),this.sliding=!1,this.$element.trigger(m)),g&&this.cycle(),this}};var d=a.fn.caro
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 67 65 72 3d 61 28 27 5b 64 61 74 61 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 5d 5b 68 72 65 66 3d 22 23 27 2b 62 2e 69 64 2b 27 22 5d 2c 5b 64 61 74 61 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 5d 5b 64 61 74 61 2d 74 61 72 67 65 74 3d 22 23 27 2b 62 2e 69 64 2b 27 22 5d 27 29 2c 74 68 69 73 2e 74 72 61 6e 73 69 74 69 6f 6e 69 6e 67 3d 6e 75 6c 6c 2c 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 70 61 72 65 6e 74 3f 74 68 69 73 2e 24 70 61 72 65 6e 74 3d 74 68 69 73 2e 67 65 74 50 61 72 65 6e 74 28 29 3a 74 68 69 73 2e 61 64 64 41 72 69 61 41 6e 64 43 6f 6c 6c 61 70 73 65 64 43 6c 61 73 73 28 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 2c 74 68 69 73 2e 24 74 72 69 67 67 65 72 29 2c 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 74 6f 67 67 6c 65 26
                                                                                                                  Data Ascii: ger=a('[data-toggle="collapse"][href="#'+b.id+'"],[data-toggle="collapse"][data-target="#'+b.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 5b 30 5d 5b 69 5d 29 7d 7d 7d 7d 2c 64 2e 70 72 6f 74 6f 74 79 70 65 2e 68 69 64 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 74 68 69 73 2e 74 72 61 6e 73 69 74 69 6f 6e 69 6e 67 26 26 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 2e 68 61 73 43 6c 61 73 73 28 22 69 6e 22 29 29 7b 76 61 72 20 62 3d 61 2e 45 76 65 6e 74 28 22 68 69 64 65 2e 62 73 2e 63 6f 6c 6c 61 70 73 65 22 29 3b 69 66 28 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 2e 74 72 69 67 67 65 72 28 62 29 2c 21 62 2e 69 73 44 65 66 61 75 6c 74 50 72 65 76 65 6e 74 65 64 28 29 29 7b 76 61 72 20 63 3d 74 68 69 73 2e 64 69 6d 65 6e 73 69 6f 6e 28 29 3b 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 5b 63 5d 28 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 5b 63 5d 28 29 29 5b 30 5d 2e 6f 66 66 73 65 74 48 65 69 67 68
                                                                                                                  Data Ascii: [0][i])}}}},d.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var b=a.Event("hide.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.dimension();this.$element[c](this.$element[c]())[0].offsetHeigh
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 22 5d 27 2c 66 75 6e 63 74 69 6f 6e 28 64 29 7b 76 61 72 20 65 3d 61 28 74 68 69 73 29 3b 65 2e 61 74 74 72 28 22 64 61 74 61 2d 74 61 72 67 65 74 22 29 7c 7c 64 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 76 61 72 20 66 3d 62 28 65 29 2c 67 3d 66 2e 64 61 74 61 28 22 62 73 2e 63 6f 6c 6c 61 70 73 65 22 29 2c 68 3d 67 3f 22 74 6f 67 67 6c 65 22 3a 65 2e 64 61 74 61 28 29 3b 63 2e 63 61 6c 6c 28 66 2c 68 29 7d 29 7d 28 6a 51 75 65 72 79 29 2c 2b 66 75 6e 63 74 69 6f 6e 28 61 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 76 61 72 20 63 3d 62 2e 61 74 74 72 28 22 64 61 74 61 2d 74 61 72 67 65 74 22 29 3b 63 7c 7c 28 63 3d 62 2e 61 74 74 72 28 22 68 72 65 66 22 29 2c 63 3d 63 26 26 2f 23 5b 41 2d 5a 61 2d 7a
                                                                                                                  Data Ascii: "]',function(d){var e=a(this);e.attr("data-target")||d.preventDefault();var f=b(e),g=f.data("bs.collapse"),h=g?"toggle":e.data();c.call(f,h)})}(jQuery),+function(a){"use strict";function b(b){var c=b.attr("data-target");c||(c=b.attr("href"),c=c&&/#[A-Za-z


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  2192.168.2.549687104.18.11.2074437904C:\Windows\SysWOW64\mshta.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-27 14:59:15 UTC344OUTGET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-CH
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                  Host: maxcdn.bootstrapcdn.com
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-04-27 14:59:15 UTC952INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 27 Apr 2025 14:59:15 GMT
                                                                                                                  Content-Type: text/css; charset=utf-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  CDN-PullZone: 252412
                                                                                                                  CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
                                                                                                                  CDN-RequestCountryCode: US
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                  Cache-Control: public, max-age=31919000
                                                                                                                  ETag: W/"ec3bb52a00e176a7181d454dffaea219"
                                                                                                                  Last-Modified: Mon, 25 Jan 2021 22:03:59 GMT
                                                                                                                  CDN-CachedAt: 01/22/2025 02:47:53
                                                                                                                  CDN-ProxyVer: 1.07
                                                                                                                  CDN-RequestPullCode: 200
                                                                                                                  CDN-RequestPullSuccess: True
                                                                                                                  CDN-EdgeStorageId: 1108
                                                                                                                  timing-allow-origin: *
                                                                                                                  cross-origin-resource-policy: cross-origin
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  CDN-Status: 200
                                                                                                                  CDN-RequestTime: 0
                                                                                                                  CDN-RequestId: 6cec9dd6a8662add3c2d6034db62e568
                                                                                                                  CDN-Cache: HIT
                                                                                                                  CF-Cache-Status: HIT
                                                                                                                  Age: 880699
                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 936f2ec4fce50111-PHX
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  2025-04-27 14:59:15 UTC417INData Raw: 37 62 66 38 0d 0a 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 33 2e 33 2e 37 20 28 68 74 74 70 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 36 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 33 2e 30 2e 33 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 68 74 6d 6c 7b
                                                                                                                  Data Ascii: 7bf8/*! * Bootstrap v3.3.7 (http://getbootstrap.com) * Copyright 2011-2016 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 75 2c 6e 61 76 2c 73 65 63 74 69 6f 6e 2c 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 61 75 64 69 6f 2c 63 61 6e 76 61 73 2c 70 72 6f 67 72 65 73 73 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 5b 68 69 64 64 65 6e 5d 2c 74 65 6d 70 6c 61 74 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 61 3a 61 63 74 69 76 65 2c 61 3a 68 6f 76 65 72 7b 6f 75 74 6c 69 6e 65 3a 30 7d 61 62 62 72 5b 74 69 74 6c 65 5d 7b 62
                                                                                                                  Data Ascii: u,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{b
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 7b 68 65 69 67 68 74 3a 61 75 74 6f 7d 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 74 65 78 74 66 69 65 6c 64 7d 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 65 61 72 63 68 2d 63 61 6e 63 65 6c 2d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 65 61 72 63 68 2d 64 65 63 6f 72 61 74 69 6f 6e 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63
                                                                                                                  Data Ascii: {height:auto}input[type=search]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearanc
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 47 6c 79 70 68 69 63 6f 6e 73 20 48 61 6c 66 6c 69 6e 67 73 27 3b 73 72 63 3a 75 72 6c 28 2e 2e 2f 66 6f 6e 74 73 2f 67 6c 79 70 68 69 63 6f 6e 73 2d 68 61 6c 66 6c 69 6e 67 73 2d 72 65 67 75 6c 61 72 2e 65 6f 74 29 3b 73 72 63 3a 75 72 6c 28 2e 2e 2f 66 6f 6e 74 73 2f 67 6c 79 70 68 69 63 6f 6e 73 2d 68 61 6c 66 6c 69 6e 67 73 2d 72 65 67 75 6c 61 72 2e 65 6f 74 3f 23 69 65 66 69 78 29 20 66 6f 72 6d 61 74 28 27 65 6d 62 65 64 64 65 64 2d 6f 70 65 6e 74 79 70 65 27 29 2c 75 72 6c 28 2e 2e 2f 66 6f 6e 74 73 2f 67 6c 79 70 68 69 63 6f 6e 73 2d 68 61 6c 66 6c 69 6e 67 73 2d 72 65 67 75 6c 61 72 2e 77 6f 66
                                                                                                                  Data Ascii: :1px solid #ddd!important}}@font-face{font-family:'Glyphicons Halflings';src:url(../fonts/glyphicons-halflings-regular.eot);src:url(../fonts/glyphicons-halflings-regular.eot?#iefix) format('embedded-opentype'),url(../fonts/glyphicons-halflings-regular.wof
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 5c 65 30 31 30 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 74 68 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 31 31 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 74 68 2d 6c 69 73 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 31 32 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 6f 6b 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 31 33 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 72 65 6d 6f 76 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 31 34 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 7a 6f 6f 6d 2d 69 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 31 35 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 7a 6f 6f 6d 2d 6f 75 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 31 36 22 7d 2e 67 6c 79 70 68
                                                                                                                  Data Ascii: \e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyph
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 63 6f 6e 2d 62 6f 6f 6b 6d 61 72 6b 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 34 34 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 70 72 69 6e 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 34 35 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 63 61 6d 65 72 61 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 34 36 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 66 6f 6e 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 34 37 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 62 6f 6c 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 34 38 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 69 74 61 6c 69 63 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 34 39 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 74 65 78 74 2d 68 65 69
                                                                                                                  Data Ascii: con-bookmark:before{content:"\e044"}.glyphicon-print:before{content:"\e045"}.glyphicon-camera:before{content:"\e046"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-hei
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 70 68 69 63 6f 6e 2d 73 74 65 70 2d 66 6f 72 77 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 37 37 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 65 6a 65 63 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 37 38 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 63 68 65 76 72 6f 6e 2d 6c 65 66 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 37 39 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 63 68 65 76 72 6f 6e 2d 72 69 67 68 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 38 30 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 70 6c 75 73 2d 73 69 67 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 38 31 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 6d 69 6e 75 73 2d 73 69 67 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74
                                                                                                                  Data Ascii: phicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{cont
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 63 6f 6d 6d 65 6e 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 31 31 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 6d 61 67 6e 65 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 31 32 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 63 68 65 76 72 6f 6e 2d 75 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 31 33 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 63 68 65 76 72 6f 6e 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 31 34 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 72 65 74 77 65 65 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 31 35 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 73 68 6f 70 70 69 6e 67 2d 63 61 72 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74
                                                                                                                  Data Ascii: "}.glyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{cont
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 34 31 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 70 61 70 65 72 63 6c 69 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 34 32 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 68 65 61 72 74 2d 65 6d 70 74 79 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 34 33 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 6c 69 6e 6b 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 34 34 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 70 68 6f 6e 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 34 35 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 70 75 73 68 70 69 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 34 36 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 75 73 64 3a 62 65 66
                                                                                                                  Data Ascii: rd:before{content:"\e141"}.glyphicon-paperclip:before{content:"\e142"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-pushpin:before{content:"\e146"}.glyphicon-usd:bef
                                                                                                                  2025-04-27 14:59:15 UTC1369INData Raw: 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 37 33 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 66 6c 6f 70 70 79 2d 72 65 6d 6f 76 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 37 34 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 66 6c 6f 70 70 79 2d 73 61 76 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 37 35 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 66 6c 6f 70 70 79 2d 6f 70 65 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 37 36 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 63 72 65 64 69 74 2d 63 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 37 37 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 74 72 61 6e 73 66 65 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 37 38 22 7d 2e 67 6c 79 70 68 69
                                                                                                                  Data Ascii: re{content:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphi


                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  050100s020406080100

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  050100s0.001020MB

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:0
                                                                                                                  Start time:10:59:13
                                                                                                                  Start date:27/04/2025
                                                                                                                  Path:C:\Windows\SysWOW64\mshta.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:mshta.exe "C:\Users\user\Desktop\output.hta"
                                                                                                                  Imagebase:0x540000
                                                                                                                  File size:13'312 bytes
                                                                                                                  MD5 hash:06B02D5C097C7DB1F109749C45F3F505
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:false
                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                  Show Windows behavior

                                                                                                                  Section Activities

                                                                                                                  Show Windows behavior

                                                                                                                  Registry Activities

                                                                                                                  Show Windows behavior

                                                                                                                  COM Activities

                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                  Show Windows behavior

                                                                                                                  Thread Activities

                                                                                                                  Show Windows behavior

                                                                                                                  Memory Activities

                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                  Show Windows behavior

                                                                                                                  Windows UI Activities

                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                  Disassembly

                                                                                                                  No disassembly