Edit tour

Windows Analysis Report
https://8734873478934795494.z9.web.core.windows.net/

Overview

General Information

Sample URL:	https://8734873478934795494.z9.web.core.windows.net/
Analysis ID:	1675923
Infos:

Detection

Tycoon2FA

Score:	88
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Yara detected AntiDebug via timestamp check

Yara detected Tycoon 2FA PaaS

AI detected suspicious Javascript

HTML page contains suspicious base64 encoded javascript

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6792 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1992,i,1766977642034281986,6040091547616364707,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2020 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 3308 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1992,i,1766977642034281986,6040091547616364707,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5096 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7376 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://8734873478934795494.z9.web.core.windows.net/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

Threatname: Tycoon2FA

{
  "otherweburl": "",
  "websitenames": "[\"godaddy\",\"okta\"]",
  "bes": "[\"Apple.com\",\"Netflix.com\"]",
  "pes": "[\"https:\\/\\/t.me\\/\",\"https:\\/\\/t.com\\/\",\"t.me\\/\",\"https:\\/\\/t.me.com\\/\",\"t.me.com\\/\",\"t.me@\",\"https:\\/\\/t.me@\",\"https:\\/\\/t.me\",\"https:\\/\\/t.com\",\"t.me\",\"https:\\/\\/t.me.com\",\"t.me.com\",\"t.me\\/@\",\"https:\\/\\/t.me\\/@\",\"https:\\/\\/t.me@\\/\",\"t.me@\\/\",\"https:\\/\\/www.telegram.me\\/\",\"https:\\/\\/www.telegram.me\"]",
  "capnum": "1",
  "appnum": "1",
  "pvn": "0",
  "view": "",
  "pagelinkval": "NANzw",
  "emailcheck": "window.location.search.substring(1)"
}

Yara Signatures

HTML

Source	Rule	Description	Author
0.1.d.script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
0.5..script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.5..script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
0.7.d.script.csv	JoeSecurity_Tycoon2FA	Yara detected Tycoon 2FA PaaS	Joe Security
0.0.pages.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.1.pages.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.0.pages.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
0.1.pages.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
Click to see the 3 entries

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://8734873478934795494.z9.web.core.windows.net/

Avira URL Cloud: detection malicious, Label: phishing

Found malware configuration

Source: 0.7.d.script.csv

Malware Configuration Extractor: Tycoon2FA {"otherweburl": "", "websitenames": "[\"godaddy\",\"okta\"]", "bes": "[\"Apple.com\",\"Netflix.com\"]", "pes": "[\"https:\\/\\/t.me\\/\",\"https:\\/\\/t.com\\/\",\"t.me\\/\",\"https:\\/\\/t.me.com\\/\",\"t.me.com\\/\",\"t.me@\",\"https:\\/\\/t.me@\",\"https:\\/\\/t.me\",\"https:\\/\\/t.com\",\"t.me\",\"https:\\/\\/t.me.com\",\"t.me.com\",\"t.me\\/@\",\"https:\\/\\/t.me\\/@\",\"https:\\/\\/t.me@\\/\",\"t.me@\\/\",\"https:\\/\\/www.telegram.me\\/\",\"https:\\/\\/www.telegram.me\"]", "capnum": "1", "appnum": "1", "pvn": "0", "view": "", "pagelinkval": "NANzw", "emailcheck": "window.location.search.substring(1)"}

Phishing

Yara detected Tycoon 2FA PaaS

Source: Yara match	File source: 0.7.d.script.csv, type: HTML
Source: Yara match	File source: 0.5..script.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.5..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://8734873478934795494.z9.web.core.windows.ne... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and aggressive DOM manipulation. It checks for the presence of web automation tools, redirects to a blank page, and intercepts various keyboard and clipboard events to prevent common debugging and security analysis actions. Additionally, it includes an interval-based debugger trap that could be used to detect and evade analysis. These behaviors strongly indicate malicious intent, warranting a high-risk score.
Source: 0.6..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://8734873478934795494.z9.web.core.windows.ne... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `eval()` to execute a decoded string, the potential for sending sensitive user data to external servers, and the presence of heavily obfuscated code all contribute to a high-risk assessment. While the script may have some legitimate functionality, the overall risk profile is concerning and requires further investigation.
Source: 0.2..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://8734873478934795494.z9.web.core.windows.ne... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and suspicious redirection. The use of `atob` to decode a heavily obfuscated string, which is then executed using `eval`, indicates the potential for malicious code injection. Additionally, the script attempts to detect and bypass security measures like WebDriver and Phantom.js, suggesting an intent to evade detection. The redirection to a third-party domain (bestbuy.com) further raises concerns about the script's purpose. Overall, the combination of these behaviors strongly suggests this is a high-risk, potentially malicious script.

HTML page contains suspicious base64 encoded javascript

Source: https://8734873478934795494.z9.web.core.windows.net/	HTTP Parser: Base64 decoded: document.write
Source: https://8734873478934795494.z9.web.core.windows.net/	HTTP Parser: Base64 decoded: document.write

Source: https://8734873478934795494.z9.web.core.windows.net/

HTTP Parser: Number of links: 0

Source: https://8734873478934795494.z9.web.core.windows.net/

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://8734873478934795494.z9.web.core.windows.net/

HTTP Parser: Title: Proceed For Secure Account Access does not match URL

Source: https://8734873478934795494.z9.web.core.windows.net/

HTTP Parser: var otherweburl = "";var websitenames = ["godaddy","okta"];var bes = ["apple.com","netflix.com"];var pes = ["https:\/\/t.me\/","https:\/\/t.com\/","t.me\/","https:\/\/t.me.com\/","t.me.com\/","t.me@","https:\/\/t.me@","https:\/\/t.me","https:\/\/t.com","t.me","https:\/\/t.me.com","t.me.com","t.me\/@","https:\/\/t.me\/@","https:\/\/t.me@\/","t.me@\/","https:\/\/www.telegram.me\/","https:\/\/www.telegram.me"];var capnum = 1;var appnum = 1;var pvn = 0;var view = "";var pagelinkval = "nanzw";var emailcheck = window.location.search.substring(1);function isbase64(str) { try { return btoa(atob(str)) === str; } catch (e) { return false; }}if (isbase64(emailcheck)) { emailcheck = atob(emailcheck);}var webname = "rtrim(/web8/, '/')";var twa = 0;var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "https://www.irs.gov/pub/irs-pdf/f1040.pdf";var useragent = navigator.useragent;var browsername;var userip;var ...

Source: https://8734873478934795494.z9.web.core.windows.net/

HTTP Parser: <input type="password" .../> found

Source: https://8734873478934795494.z9.web.core.windows.net/	HTTP Parser: No favicon
Source: https://8734873478934795494.z9.web.core.windows.net/	HTTP Parser: No favicon

Source: https://8734873478934795494.z9.web.core.windows.net/	HTTP Parser: No <meta name="author".. found
Source: https://8734873478934795494.z9.web.core.windows.net/	HTTP Parser: No <meta name="author".. found

Source: https://8734873478934795494.z9.web.core.windows.net/	HTTP Parser: No <meta name="copyright".. found
Source: https://8734873478934795494.z9.web.core.windows.net/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.5:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.114.4:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.254:443 -> 192.168.2.5:49731 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://8734873478934795494.z9.web.core.windows.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://8734873478934795494.z9.web.core.windows.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://8734873478934795494.z9.web.core.windows.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250428%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250428T043316Z&X-Amz-Expires=300&X-Amz-Signature=8fe791c6996e8d5e875950a19d9b3faaa40e1be3463695fd29b4215c33745969&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://8734873478934795494.z9.web.core.windows.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com

Source: chromecache_51.3.dr	String found in binary or memory: http://github.com/fent/randexp.js/raw/master/LICENSE
Source: chromecache_49.3.dr, chromecache_58.3.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
Source: chromecache_51.3.dr	String found in binary or memory: https://github.com/fent)

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49675
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.5:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.114.4:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.254:443 -> 192.168.2.5:49731 version: TLS 1.2

Source: classification engine

Classification label: mal88.phis.evad.win@23/36@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1992,i,1766977642034281986,6040091547616364707,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2020 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1992,i,1766977642034281986,6040091547616364707,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5096 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://8734873478934795494.z9.web.core.windows.net/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1992,i,1766977642034281986,6040091547616364707,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2020 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1992,i,1766977642034281986,6040091547616364707,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5096 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match	File source: 0.1.d.script.csv, type: HTML
Source: Yara match	File source: 0.5..script.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Scripting	Boot or Logon Initialization Scripts	1 Deobfuscate/Decode Files or Information	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://8734873478934795494.z9.web.core.windows.net/	100%	Avira URL Cloud	phishing

Name	IP	Active	Malicious	Reputation
code.jquery.com	151.101.2.137	true	false	high
cdnjs.cloudflare.com	104.17.25.14	true	false	high
github.com	140.82.114.4	true	false	high
www.google.com	192.178.49.196	true	false	high
s-part-0043.t-0009.t-msedge.net	13.107.246.71	true	false	high
objects.githubusercontent.com	185.199.111.133	true	false	high

Contacted URLs

Name	Malicious	Reputation
http://c.pki.goog/r/r4.crl	false	high
https://code.jquery.com/jquery-3.6.0.min.js	false	high
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/fent)	chromecache_51.3.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
140.82.114.4	github.com	United States	36459	GITHUBUS	false
192.178.49.196	www.google.com	United States	15169	GOOGLEUS	false
185.199.111.133	objects.githubusercontent.com	Netherlands	54113	FASTLYUS	false
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1675923
Start date and time:	2025-04-28 06:33:29 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://8734873478934795494.z9.web.core.windows.net/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal88.phis.evad.win@23/36@10/6

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.68.227, 192.178.49.174, 142.250.101.84, 199.232.210.172, 192.178.49.206, 20.60.242.14, 192.178.49.202, 142.250.68.234, 192.178.49.170, 142.250.69.10, 184.29.183.29, 13.107.246.71, 4.245.163.56
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://8734873478934795494.z9.web.core.windows.net/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	downloaded
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 28, 2025 06:34:12.116214991 CEST	49672	443	192.168.2.5	204.79.197.203
Apr 28, 2025 06:34:13.319380045 CEST	49672	443	192.168.2.5	204.79.197.203
Apr 28, 2025 06:34:15.725769997 CEST	49672	443	192.168.2.5	204.79.197.203
Apr 28, 2025 06:34:19.865881920 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 28, 2025 06:34:20.163116932 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 28, 2025 06:34:20.600637913 CEST	49672	443	192.168.2.5	204.79.197.203
Apr 28, 2025 06:34:20.772507906 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 28, 2025 06:34:21.973726988 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 28, 2025 06:34:23.882996082 CEST	49699	80	192.168.2.5	192.178.49.195
Apr 28, 2025 06:34:24.031002045 CEST	80	49699	192.178.49.195	192.168.2.5
Apr 28, 2025 06:34:24.031066895 CEST	49699	80	192.168.2.5	192.178.49.195
Apr 28, 2025 06:34:24.031250000 CEST	49699	80	192.168.2.5	192.178.49.195
Apr 28, 2025 06:34:24.179270029 CEST	80	49699	192.178.49.195	192.168.2.5
Apr 28, 2025 06:34:24.179697037 CEST	80	49699	192.178.49.195	192.168.2.5
Apr 28, 2025 06:34:24.319503069 CEST	49699	80	192.168.2.5	192.178.49.195
Apr 28, 2025 06:34:24.413784027 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 28, 2025 06:34:26.275463104 CEST	49702	443	192.168.2.5	192.178.49.196
Apr 28, 2025 06:34:26.275525093 CEST	443	49702	192.178.49.196	192.168.2.5
Apr 28, 2025 06:34:26.275598049 CEST	49702	443	192.168.2.5	192.178.49.196
Apr 28, 2025 06:34:26.275758982 CEST	49702	443	192.168.2.5	192.178.49.196
Apr 28, 2025 06:34:26.275777102 CEST	443	49702	192.178.49.196	192.168.2.5
Apr 28, 2025 06:34:26.594610929 CEST	443	49702	192.178.49.196	192.168.2.5
Apr 28, 2025 06:34:26.594698906 CEST	49702	443	192.168.2.5	192.178.49.196
Apr 28, 2025 06:34:26.596139908 CEST	49702	443	192.168.2.5	192.178.49.196
Apr 28, 2025 06:34:26.596155882 CEST	443	49702	192.178.49.196	192.168.2.5
Apr 28, 2025 06:34:26.596379995 CEST	443	49702	192.178.49.196	192.168.2.5
Apr 28, 2025 06:34:26.647595882 CEST	49702	443	192.168.2.5	192.178.49.196
Apr 28, 2025 06:34:28.523638010 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:28.523682117 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:28.523762941 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:28.523936987 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:28.523948908 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:28.813072920 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:28.813155890 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:28.814723015 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:28.814739943 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:28.814989090 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:28.815335989 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:28.856282949 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.139676094 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.139735937 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.139764071 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.139801025 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.139827967 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.139839888 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.139870882 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.139890909 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.139904976 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.139919043 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.139925003 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.139993906 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.140379906 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.140528917 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.140546083 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.140593052 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.140599966 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.140677929 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.141222000 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.141298056 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.141307116 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.141346931 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.141352892 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.141395092 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.142050028 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.142119884 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.142149925 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.142193079 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.142200947 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.142252922 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.142760992 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.142823935 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.142853975 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.142863035 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.142868996 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.142972946 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.143596888 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.143693924 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.143723965 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.143814087 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.143826008 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.143874884 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.144396067 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.144454956 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.144485950 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.144529104 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.144534111 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.144588947 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.145134926 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.145231009 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.145256996 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.145303011 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.145308971 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.145353079 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.146073103 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.146194935 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.146251917 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.150485992 CEST	49705	443	192.168.2.5	104.17.25.14
Apr 28, 2025 06:34:29.150502920 CEST	443	49705	104.17.25.14	192.168.2.5
Apr 28, 2025 06:34:29.217464924 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 28, 2025 06:34:29.643901110 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:29.643954992 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:29.644064903 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:29.644584894 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:29.644598961 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:29.653851986 CEST	49707	443	192.168.2.5	140.82.114.4
Apr 28, 2025 06:34:29.653899908 CEST	443	49707	140.82.114.4	192.168.2.5
Apr 28, 2025 06:34:29.653974056 CEST	49707	443	192.168.2.5	140.82.114.4
Apr 28, 2025 06:34:29.654228926 CEST	49707	443	192.168.2.5	140.82.114.4
Apr 28, 2025 06:34:29.654241085 CEST	443	49707	140.82.114.4	192.168.2.5
Apr 28, 2025 06:34:29.952377081 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:29.952469110 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:29.953836918 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:29.953856945 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:29.954091072 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:29.954564095 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:29.996289968 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.047085047 CEST	443	49707	140.82.114.4	192.168.2.5
Apr 28, 2025 06:34:30.047189951 CEST	49707	443	192.168.2.5	140.82.114.4
Apr 28, 2025 06:34:30.048549891 CEST	49707	443	192.168.2.5	140.82.114.4
Apr 28, 2025 06:34:30.048563957 CEST	443	49707	140.82.114.4	192.168.2.5
Apr 28, 2025 06:34:30.048825026 CEST	443	49707	140.82.114.4	192.168.2.5
Apr 28, 2025 06:34:30.049124956 CEST	49707	443	192.168.2.5	140.82.114.4
Apr 28, 2025 06:34:30.092291117 CEST	443	49707	140.82.114.4	192.168.2.5
Apr 28, 2025 06:34:30.213779926 CEST	49672	443	192.168.2.5	204.79.197.203
Apr 28, 2025 06:34:30.246501923 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.246571064 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.246613026 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.246629000 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.246654034 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.246690035 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.246701002 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.246706963 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.246757984 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.246789932 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.246794939 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.246916056 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.251420975 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.256769896 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.256817102 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.256835938 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.256843090 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.257090092 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.261240959 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.266235113 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.266267061 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.266334057 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.266360044 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.266418934 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.271234989 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.276215076 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.276248932 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.276263952 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.276271105 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.276324987 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.281174898 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.286164045 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.286195040 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.286251068 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.286257982 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.287117004 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.291213989 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.296191931 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.296225071 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.296247959 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.296261072 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.296343088 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.301233053 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.354079008 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.395826101 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.397002935 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.397222042 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.397238016 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.401576042 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.402225971 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.402232885 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.406059980 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.406117916 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.406126022 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.409842014 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.409893990 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.409899950 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.413599014 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.413659096 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.413665056 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.417505026 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.417599916 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.417606115 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.420865059 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.420922041 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.420927048 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.424438000 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.424583912 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.424591064 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.425976992 CEST	443	49707	140.82.114.4	192.168.2.5
Apr 28, 2025 06:34:30.426219940 CEST	443	49707	140.82.114.4	192.168.2.5
Apr 28, 2025 06:34:30.426265955 CEST	443	49707	140.82.114.4	192.168.2.5
Apr 28, 2025 06:34:30.426306963 CEST	49707	443	192.168.2.5	140.82.114.4
Apr 28, 2025 06:34:30.426345110 CEST	49707	443	192.168.2.5	140.82.114.4
Apr 28, 2025 06:34:30.426805973 CEST	49707	443	192.168.2.5	140.82.114.4
Apr 28, 2025 06:34:30.426825047 CEST	443	49707	140.82.114.4	192.168.2.5
Apr 28, 2025 06:34:30.444061041 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.444070101 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.444112062 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.444130898 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.444140911 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.444175959 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.444201946 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.454735041 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.454767942 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.454802036 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.454811096 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.454823017 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.454864025 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.455295086 CEST	49706	443	192.168.2.5	151.101.2.137
Apr 28, 2025 06:34:30.455307961 CEST	443	49706	151.101.2.137	192.168.2.5
Apr 28, 2025 06:34:30.578022003 CEST	49708	443	192.168.2.5	185.199.111.133
Apr 28, 2025 06:34:30.578073025 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:30.578191996 CEST	49708	443	192.168.2.5	185.199.111.133
Apr 28, 2025 06:34:30.578440905 CEST	49708	443	192.168.2.5	185.199.111.133
Apr 28, 2025 06:34:30.578453064 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:30.883878946 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:30.883974075 CEST	49708	443	192.168.2.5	185.199.111.133
Apr 28, 2025 06:34:30.889286041 CEST	49708	443	192.168.2.5	185.199.111.133
Apr 28, 2025 06:34:30.889322042 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:30.889588118 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:30.890337944 CEST	49708	443	192.168.2.5	185.199.111.133
Apr 28, 2025 06:34:30.936269999 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:31.452054977 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:31.452128887 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:31.452156067 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:31.452208996 CEST	49708	443	192.168.2.5	185.199.111.133
Apr 28, 2025 06:34:31.452240944 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:31.452297926 CEST	49708	443	192.168.2.5	185.199.111.133
Apr 28, 2025 06:34:31.456891060 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:31.461791039 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:31.461826086 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:31.461834908 CEST	49708	443	192.168.2.5	185.199.111.133
Apr 28, 2025 06:34:31.461846113 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:31.461931944 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:31.461967945 CEST	49708	443	192.168.2.5	185.199.111.133
Apr 28, 2025 06:34:31.461980104 CEST	49708	443	192.168.2.5	185.199.111.133
Apr 28, 2025 06:34:31.462810993 CEST	49708	443	192.168.2.5	185.199.111.133
Apr 28, 2025 06:34:31.462825060 CEST	443	49708	185.199.111.133	192.168.2.5
Apr 28, 2025 06:34:36.600060940 CEST	443	49702	192.178.49.196	192.168.2.5
Apr 28, 2025 06:34:36.600112915 CEST	443	49702	192.178.49.196	192.168.2.5
Apr 28, 2025 06:34:36.600172997 CEST	49702	443	192.168.2.5	192.178.49.196
Apr 28, 2025 06:34:36.842869997 CEST	49702	443	192.168.2.5	192.178.49.196
Apr 28, 2025 06:34:36.842900038 CEST	443	49702	192.178.49.196	192.168.2.5
Apr 28, 2025 06:34:37.587785006 CEST	49675	443	192.168.2.5	2.23.227.208
Apr 28, 2025 06:34:37.587824106 CEST	443	49675	2.23.227.208	192.168.2.5
Apr 28, 2025 06:34:37.588171005 CEST	49675	443	192.168.2.5	2.23.227.208
Apr 28, 2025 06:34:37.588182926 CEST	443	49675	2.23.227.208	192.168.2.5
Apr 28, 2025 06:34:37.941122055 CEST	49731	443	192.168.2.5	150.171.28.254
Apr 28, 2025 06:34:37.941170931 CEST	443	49731	150.171.28.254	192.168.2.5
Apr 28, 2025 06:34:37.942217112 CEST	49731	443	192.168.2.5	150.171.28.254
Apr 28, 2025 06:34:37.946129084 CEST	49731	443	192.168.2.5	150.171.28.254
Apr 28, 2025 06:34:37.946144104 CEST	443	49731	150.171.28.254	192.168.2.5
Apr 28, 2025 06:34:38.391141891 CEST	443	49731	150.171.28.254	192.168.2.5
Apr 28, 2025 06:34:38.391244888 CEST	49731	443	192.168.2.5	150.171.28.254
Apr 28, 2025 06:34:38.819708109 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 28, 2025 06:35:24.393366098 CEST	49699	80	192.168.2.5	192.178.49.195
Apr 28, 2025 06:35:24.541410923 CEST	80	49699	192.178.49.195	192.168.2.5
Apr 28, 2025 06:35:24.541464090 CEST	49699	80	192.168.2.5	192.178.49.195
Apr 28, 2025 06:35:26.196293116 CEST	49737	443	192.168.2.5	192.178.49.196
Apr 28, 2025 06:35:26.196352959 CEST	443	49737	192.178.49.196	192.168.2.5
Apr 28, 2025 06:35:26.196470976 CEST	49737	443	192.168.2.5	192.178.49.196
Apr 28, 2025 06:35:26.196671963 CEST	49737	443	192.168.2.5	192.178.49.196
Apr 28, 2025 06:35:26.196685076 CEST	443	49737	192.178.49.196	192.168.2.5
Apr 28, 2025 06:35:26.511470079 CEST	443	49737	192.178.49.196	192.168.2.5
Apr 28, 2025 06:35:26.512556076 CEST	49737	443	192.168.2.5	192.178.49.196
Apr 28, 2025 06:35:26.512578011 CEST	443	49737	192.178.49.196	192.168.2.5
Apr 28, 2025 06:35:36.531168938 CEST	443	49737	192.178.49.196	192.168.2.5
Apr 28, 2025 06:35:36.531223059 CEST	443	49737	192.178.49.196	192.168.2.5
Apr 28, 2025 06:35:36.531352043 CEST	49737	443	192.168.2.5	192.178.49.196
Apr 28, 2025 06:35:36.670939922 CEST	49737	443	192.168.2.5	192.178.49.196
Apr 28, 2025 06:35:36.670972109 CEST	443	49737	192.178.49.196	192.168.2.5

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 28, 2025 06:34:22.052324057 CEST	53	61409	1.1.1.1	192.168.2.5
Apr 28, 2025 06:34:22.077948093 CEST	53	58616	1.1.1.1	192.168.2.5
Apr 28, 2025 06:34:23.228666067 CEST	53	52250	1.1.1.1	192.168.2.5
Apr 28, 2025 06:34:24.441167116 CEST	53	52817	1.1.1.1	192.168.2.5
Apr 28, 2025 06:34:26.133292913 CEST	53776	53	192.168.2.5	1.1.1.1
Apr 28, 2025 06:34:26.133490086 CEST	60748	53	192.168.2.5	1.1.1.1
Apr 28, 2025 06:34:26.273940086 CEST	53	53776	1.1.1.1	192.168.2.5
Apr 28, 2025 06:34:26.273967981 CEST	53	60748	1.1.1.1	192.168.2.5
Apr 28, 2025 06:34:28.381608963 CEST	50743	53	192.168.2.5	1.1.1.1
Apr 28, 2025 06:34:28.381860971 CEST	62833	53	192.168.2.5	1.1.1.1
Apr 28, 2025 06:34:28.521945953 CEST	53	50743	1.1.1.1	192.168.2.5
Apr 28, 2025 06:34:28.522347927 CEST	53	62833	1.1.1.1	192.168.2.5
Apr 28, 2025 06:34:29.501548052 CEST	65109	53	192.168.2.5	1.1.1.1
Apr 28, 2025 06:34:29.501733065 CEST	56029	53	192.168.2.5	1.1.1.1
Apr 28, 2025 06:34:29.506448030 CEST	52095	53	192.168.2.5	1.1.1.1
Apr 28, 2025 06:34:29.506639957 CEST	54230	53	192.168.2.5	1.1.1.1
Apr 28, 2025 06:34:29.642227888 CEST	53	56029	1.1.1.1	192.168.2.5
Apr 28, 2025 06:34:29.643116951 CEST	53	65109	1.1.1.1	192.168.2.5
Apr 28, 2025 06:34:29.650463104 CEST	53	54230	1.1.1.1	192.168.2.5
Apr 28, 2025 06:34:29.650547981 CEST	53	52095	1.1.1.1	192.168.2.5
Apr 28, 2025 06:34:30.432194948 CEST	53422	53	192.168.2.5	1.1.1.1
Apr 28, 2025 06:34:30.432420015 CEST	56870	53	192.168.2.5	1.1.1.1
Apr 28, 2025 06:34:30.574112892 CEST	53	53422	1.1.1.1	192.168.2.5
Apr 28, 2025 06:34:30.577529907 CEST	53	56870	1.1.1.1	192.168.2.5
Apr 28, 2025 06:34:31.719012022 CEST	53	58163	1.1.1.1	192.168.2.5
Apr 28, 2025 06:34:41.587167025 CEST	53	64182	1.1.1.1	192.168.2.5
Apr 28, 2025 06:35:00.519393921 CEST	53	63118	1.1.1.1	192.168.2.5
Apr 28, 2025 06:35:21.840959072 CEST	53	52581	1.1.1.1	192.168.2.5
Apr 28, 2025 06:35:22.841226101 CEST	138	138	192.168.2.5	192.168.2.255
Apr 28, 2025 06:35:23.273479939 CEST	53	61392	1.1.1.1	192.168.2.5
Apr 28, 2025 06:35:23.654398918 CEST	53	51673	1.1.1.1	192.168.2.5
Apr 28, 2025 06:35:24.350091934 CEST	53	64904	1.1.1.1	192.168.2.5

Timestamp	Bytes transferred	Direction	Data
Apr 28, 2025 06:34:24.031250000 CEST	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Apr 28, 2025 06:34:24.179697037 CEST	1243	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="cacerts" Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]} Content-Length: 530 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 28 Apr 2025 04:10:42 GMT Expires: Mon, 28 Apr 2025 05:00:42 GMT Cache-Control: public, max-age=3000 Age: 1422 Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT Content-Type: application/pkix-crl Vary: Accept-Encoding Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED] Data Ascii: 000H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O

Timestamp	Bytes transferred	Direction	Data
2025-04-28 04:34:28 UTC	630	OUT	GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://8734873478934795494.z9.web.core.windows.net/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-28 04:34:29 UTC	970	IN	HTTP/1.1 200 OK Date: Mon, 28 Apr 2025 04:34:29 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Server: cloudflare Strict-Transport-Security: max-age=15780000 Cf-Ray: 9373d8f3af86a0c3-PHX Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 Etag: W/"61182885-40eb" Last-Modified: Sat, 14 Aug 2021 20:33:09 GMT Cf-Cdnjs-Via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff Cf-Cache-Status: HIT Age: 667502 Expires: Sat, 18 Apr 2026 04:34:29 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1zUYW3wFhzvqwUbZ%2Fyu%2BLlw0bFU3p4HoMxk%2BLg%2B%2FS5DAi9xQIuNOEF0zENUZmxGdgV2E2mTs9CKI%2BTH9RKLqW0sX8qUGYXiXrNaapV1ev3K7xpXwwkzO%2F4z0H%2BKZmqX%2BjwtIk6bl"}],"group":"cf-nel","max_age":604800} Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400
2025-04-28 04:34:29 UTC	399	IN	Data Raw: 35 66 66 61 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 5d 2c 65 29 3a 74 2e 43 72 79 70 74 6f 4a 53 3d 65 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 2c 6f 2c 73 2c 61 2c 68 2c 74 2c 65 2c 6c 2c 72 2c 69 2c 63 2c 66 2c 64 2c 75 2c 70 2c 53 2c 78 2c 62 2c 41 2c 48 2c 7a 2c 5f 2c 76 2c 67 2c 79 2c 42 2c 77 2c 6b 2c 6d 2c 43 2c 44 2c 45 2c 52 2c 4d 2c 46 2c 50 2c 57 2c 4f 2c 49 2c 55 3d 55 7c 7c 66 75 6e 63 74 69 6f 6e 28 68 29 7b Data Ascii: 5ffa!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U\|\|function(h){
2025-04-28 04:34:29 UTC	1369	IN	Data Raw: 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2e 63 72 79 70 74 6f 3f 67 6c 6f 62 61 6c 54 68 69 73 2e 63 72 79 70 74 6f 3a 69 29 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 3f 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 3a 69 29 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 3f 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 3a 69 29 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 72 65 71 75 69 72 65 29 74 72 79 7b 69 3d 72 65 71 75 69 72 65 28 22 63 72 79 70 74 6f 22 29 7d 63 61 74 63 68 28 74 29 7b 7d 76 61 72 20 72 Data Ascii: ned"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r
2025-04-28 04:34:29 UTC	1369	IN	Data Raw: 20 74 3d 6f 2e 63 6c 6f 6e 65 2e 63 61 6c 6c 28 74 68 69 73 29 3b 72 65 74 75 72 6e 20 74 2e 77 6f 72 64 73 3d 74 68 69 73 2e 77 6f 72 64 73 2e 73 6c 69 63 65 28 30 29 2c 74 7d 2c 72 61 6e 64 6f 6d 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 5b 5d 2c 72 3d 30 3b 72 3c 74 3b 72 2b 3d 34 29 65 2e 70 75 73 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 69 29 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 69 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 29 74 72 79 7b 72 65 74 75 72 6e 20 69 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 28 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 31 29 29 5b 30 5d 7d 63 61 74 63 68 28 74 29 7b 7d 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 69 2e Data Ascii: t=o.clone.call(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(function(){if(i){if("function"==typeof i.getRandomValues)try{return i.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof i.
2025-04-28 04:34:29 UTC	1369	IN	Data Raw: 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 28 74 3d 66 2e 70 61 72 73 65 28 74 29 29 2c 74 68 69 73 2e 5f 64 61 74 61 2e 63 6f 6e 63 61 74 28 74 29 2c 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 2b 3d 74 2e 73 69 67 42 79 74 65 73 7d 2c 5f 70 72 6f 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 72 3d 74 68 69 73 2e 5f 64 61 74 61 2c 69 3d 72 2e 77 6f 72 64 73 2c 6e 3d 72 2e 73 69 67 42 79 74 65 73 2c 6f 3d 74 68 69 73 2e 62 6c 6f 63 6b 53 69 7a 65 2c 73 3d 6e 2f 28 34 2a 6f 29 2c 63 3d 28 73 3d 74 3f 68 2e 63 65 69 6c 28 73 29 3a 68 2e 6d 61 78 28 28 30 7c 73 29 2d 74 68 69 73 2e 5f 6d 69 6e 42 75 66 66 65 72 53 69 7a 65 2c 30 29 29 2a 6f 2c 6e 3d 68 2e 6d 69 6e 28 34 2a 63 2c 6e 29 3b 69 66 28 63 29 7b 66 6f 72 28 Data Ascii: string"==typeof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4o),c=(s=t?h.ceil(s):h.max((0\|s)-this._minBufferSize,0))o,n=h.min(4*c,n);if(c){for(
2025-04-28 04:34:29 UTC	1369	IN	Data Raw: 6f 6e 20 4e 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 74 68 69 73 2e 5f 58 2c 65 3d 74 68 69 73 2e 5f 43 2c 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 45 5b 72 5d 3d 65 5b 72 5d 3b 65 5b 30 5d 3d 65 5b 30 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 74 68 69 73 2e 5f 62 7c 30 2c 65 5b 31 5d 3d 65 5b 31 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 30 5d 3e 3e 3e 30 3c 45 5b 30 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 32 5d 3d 65 5b 32 5d 2b 38 38 36 32 36 33 30 39 32 2b 28 65 5b 31 5d 3e 3e 3e 30 3c 45 5b 31 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 33 5d 3d 65 5b 33 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 28 65 5b 32 5d 3e 3e 3e 30 3c 45 5b 32 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 34 5d 3d 65 5b 34 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 33 5d 3e Data Ascii: on N(){for(var t=this._X,e=this._C,r=0;r<8;r++)E[r]=e[r];e[0]=e[0]+1295307597+this._b\|0,e[1]=e[1]+3545052371+(e[0]>>>0<E[0]>>>0?1:0)\|0,e[2]=e[2]+886263092+(e[1]>>>0<E[1]>>>0?1:0)\|0,e[3]=e[3]+1295307597+(e[2]>>>0<E[2]>>>0?1:0)\|0,e[4]=e[4]+3545052371+(e[3]>
2025-04-28 04:34:29 UTC	1369	IN	Data Raw: 37 5d 3e 3e 3e 30 3f 31 3a 30 3b 66 6f 72 28 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 74 5b 72 5d 2b 65 5b 72 5d 2c 6e 3d 36 35 35 33 35 26 69 2c 6f 3d 69 3e 3e 3e 31 36 3b 49 5b 72 5d 3d 28 28 6e 2a 6e 3e 3e 3e 31 37 29 2b 6e 2a 6f 3e 3e 3e 31 35 29 2b 6f 2a 6f 5e 28 28 34 32 39 34 39 30 31 37 36 30 26 69 29 2a 69 7c 30 29 2b 28 28 36 35 35 33 35 26 69 29 2a 69 7c 30 29 7d 74 5b 30 5d 3d 49 5b 30 5d 2b 28 49 5b 37 5d 3c 3c 31 36 7c 49 5b 37 5d 3e 3e 3e 31 36 29 2b 28 49 5b 36 5d 3c 3c 31 36 7c 49 5b 36 5d 3e 3e 3e 31 36 29 7c 30 2c 74 5b 31 5d 3d 49 5b 31 5d 2b 28 49 5b 30 5d 3c 3c 38 7c 49 5b 30 5d 3e 3e 3e 32 34 29 2b 49 5b 37 5d 7c 30 2c 74 5b 32 5d 3d 49 5b 32 5d 2b 28 49 5b 31 5d 3c 3c 31 36 7c 49 5b 31 5d 3e 3e 3e 31 36 29 2b 28 49 Data Ascii: 7]>>>0?1:0;for(r=0;r<8;r++){var i=t[r]+e[r],n=65535&i,o=i>>>16;I[r]=((nn>>>17)+no>>>15)+oo^((4294901760&i)i\|0)+((65535&i)*i\|0)}t[0]=I[0]+(I[7]<<16\|I[7]>>>16)+(I[6]<<16\|I[6]>>>16)\|0,t[1]=I[1]+(I[0]<<8\|I[0]>>>24)+I[7]\|0,t[2]=I[2]+(I[1]<<16\|I[1]>>>16)+(I
2025-04-28 04:34:29 UTC	1369	IN	Data Raw: 72 61 79 28 74 2e 62 75 66 66 65 72 2c 74 2e 62 79 74 65 4f 66 66 73 65 74 2c 74 2e 62 79 74 65 4c 65 6e 67 74 68 29 3a 74 29 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 29 7b 66 6f 72 28 76 61 72 20 65 3d 74 2e 62 79 74 65 4c 65 6e 67 74 68 2c 72 3d 5b 5d 2c 69 3d 30 3b 69 3c 65 3b 69 2b 2b 29 72 5b 69 3e 3e 3e 32 5d 7c 3d 74 5b 69 5d 3c 3c 32 34 2d 69 25 34 2a 38 3b 73 2e 63 61 6c 6c 28 74 68 69 73 2c 72 2c 65 29 7d 65 6c 73 65 20 73 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 29 2e 70 72 6f 74 6f 74 79 70 65 3d 50 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 55 2c 6e 3d 74 2e 6c 69 62 2e 57 6f 72 64 41 72 72 61 79 2c 74 3d 74 2e 65 6e 63 3b 74 2e 55 74 66 31 36 3d 74 2e 55 74 66 31 36 42 45 3d 7b Data Ascii: ray(t.buffer,t.byteOffset,t.byteLength):t)instanceof Uint8Array){for(var e=t.byteLength,r=[],i=0;i<e;i++)r[i>>>2]\|=t[i]<<24-i%4*8;s.call(this,r,e)}else s.apply(this,arguments)}).prototype=P),function(){var t=U,n=t.lib.WordArray,t=t.enc;t.Utf16=t.Utf16BE={
2025-04-28 04:34:29 UTC	1369	IN	Data Raw: 6e 3b 76 61 72 20 6f 3d 72 2e 63 68 61 72 41 74 28 36 34 29 3b 72 65 74 75 72 6e 21 6f 7c 7c 2d 31 21 3d 3d 28 6f 3d 74 2e 69 6e 64 65 78 4f 66 28 6f 29 29 26 26 28 65 3d 6f 29 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 66 6f 72 28 76 61 72 20 69 3d 5b 5d 2c 6e 3d 30 2c 6f 3d 30 3b 6f 3c 65 3b 6f 2b 2b 29 7b 76 61 72 20 73 2c 63 3b 6f 25 34 26 26 28 73 3d 72 5b 74 2e 63 68 61 72 43 6f 64 65 41 74 28 6f 2d 31 29 5d 3c 3c 6f 25 34 2a 32 2c 63 3d 72 5b 74 2e 63 68 61 72 43 6f 64 65 41 74 28 6f 29 5d 3e 3e 3e 36 2d 6f 25 34 2a 32 2c 63 3d 73 7c 63 2c 69 5b 6e 3e 3e 3e 32 5d 7c 3d 63 3c 3c 32 34 2d 6e 25 34 2a 38 2c 6e 2b 2b 29 7d 72 65 74 75 72 6e 20 61 2e 63 72 65 61 74 65 28 69 2c 6e 29 7d 28 74 2c 65 2c 69 29 7d 2c 5f 6d 61 70 3a 22 41 42 43 44 45 Data Ascii: n;var o=r.charAt(64);return!o\|\|-1!==(o=t.indexOf(o))&&(e=o),function(t,e,r){for(var i=[],n=0,o=0;o<e;o++){var s,c;o%4&&(s=r[t.charCodeAt(o-1)]<<o%42,c=r[t.charCodeAt(o)]>>>6-o%42,c=s\|c,i[n>>>2]\|=c<<24-n%4*8,n++)}return a.create(i,n)}(t,e,i)},_map:"ABCDE
2025-04-28 04:34:29 UTC	1369	IN	Data Raw: 37 32 39 36 2a 61 2e 61 62 73 28 61 2e 73 69 6e 28 74 2b 31 29 29 7c 30 7d 28 29 3b 65 3d 65 2e 4d 44 35 3d 69 2e 65 78 74 65 6e 64 28 7b 5f 64 6f 52 65 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 68 61 73 68 3d 6e 65 77 20 72 2e 69 6e 69 74 28 5b 31 37 33 32 35 38 34 31 39 33 2c 34 30 32 33 32 33 33 34 31 37 2c 32 35 36 32 33 38 33 31 30 32 2c 32 37 31 37 33 33 38 37 38 5d 29 7d 2c 5f 64 6f 50 72 6f 63 65 73 73 42 6c 6f 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 72 3d 30 3b 72 3c 31 36 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 65 2b 72 2c 6e 3d 74 5b 69 5d 3b 74 5b 69 5d 3d 31 36 37 31 31 39 33 35 26 28 6e 3c 3c 38 7c 6e 3e 3e 3e 32 34 29 7c 34 32 37 38 32 35 35 33 36 30 26 28 6e 3c 3c 32 34 7c 6e 3e 3e 3e 38 Data Ascii: 7296*a.abs(a.sin(t+1))\|0}();e=e.MD5=i.extend({_doReset:function(){this._hash=new r.init([1732584193,4023233417,2562383102,271733878])},_doProcessBlock:function(t,e){for(var r=0;r<16;r++){var i=e+r,n=t[i];t[i]=16711935&(n<<8\|n>>>24)\|4278255360&(n<<24\|n>>>8
2025-04-28 04:34:29 UTC	1369	IN	Data Raw: 2c 79 2c 32 33 2c 41 5b 33 39 5d 29 2c 6d 3d 43 28 6d 2c 62 2c 78 2c 53 2c 42 2c 34 2c 41 5b 34 30 5d 29 2c 53 3d 43 28 53 2c 6d 2c 62 2c 78 2c 73 2c 31 31 2c 41 5b 34 31 5d 29 2c 78 3d 43 28 78 2c 53 2c 6d 2c 62 2c 68 2c 31 36 2c 41 5b 34 32 5d 29 2c 62 3d 43 28 62 2c 78 2c 53 2c 6d 2c 64 2c 32 33 2c 41 5b 34 33 5d 29 2c 6d 3d 43 28 6d 2c 62 2c 78 2c 53 2c 5f 2c 34 2c 41 5b 34 34 5d 29 2c 53 3d 43 28 53 2c 6d 2c 62 2c 78 2c 67 2c 31 31 2c 41 5b 34 35 5d 29 2c 78 3d 43 28 78 2c 53 2c 6d 2c 62 2c 6b 2c 31 36 2c 41 5b 34 36 5d 29 2c 6d 3d 44 28 6d 2c 62 3d 43 28 62 2c 78 2c 53 2c 6d 2c 61 2c 32 33 2c 41 5b 34 37 5d 29 2c 78 2c 53 2c 73 2c 36 2c 41 5b 34 38 5d 29 2c 53 3d 44 28 53 2c 6d 2c 62 2c 78 2c 75 2c 31 30 2c 41 5b 34 39 5d 29 2c 78 3d 44 28 78 2c 53 Data Ascii: ,y,23,A[39]),m=C(m,b,x,S,B,4,A[40]),S=C(S,m,b,x,s,11,A[41]),x=C(x,S,m,b,h,16,A[42]),b=C(b,x,S,m,d,23,A[43]),m=C(m,b,x,S,_,4,A[44]),S=C(S,m,b,x,g,11,A[45]),x=C(x,S,m,b,k,16,A[46]),m=D(m,b=C(b,x,S,m,a,23,A[47]),x,S,s,6,A[48]),S=D(S,m,b,x,u,10,A[49]),x=D(x,S

Timestamp	Bytes transferred	Direction	Data
2025-04-28 04:34:29 UTC	690	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://8734873478934795494.z9.web.core.windows.net/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-28 04:34:30 UTC	611	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 2215481 Date: Mon, 28 Apr 2025 04:34:30 GMT X-Served-By: cache-lga21931-LGA, cache-lax-kwhp1940067-LAX X-Cache: HIT, HIT X-Cache-Hits: 77, 0 X-Timer: S1745814870.172427,VS0,VE1 Vary: Accept-Encoding
2025-04-28 04:34:30 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-04-28 04:34:30 UTC	1378	IN	Data Raw: 7d 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 3f 73 2e 63 61 6c 6c 28 74 68 69 73 29 3a 65 3c 30 3f 74 68 69 73 5b 65 2b 74 68 69 73 2e 6c 65 6e 67 74 68 5d 3a 74 68 69 73 5b 65 5d 7d 2c 70 75 73 68 53 74 61 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 53 2e 6d 65 72 67 65 28 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 2c 65 29 3b 72 65 74 75 72 6e 20 74 2e 70 72 65 76 4f 62 6a 65 63 74 3d 74 68 69 73 2c 74 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 53 2e 65 61 63 68 28 74 68 69 73 2c 65 29 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 53 2e 6d 61 70 28 74 68 69 73 2c 66 Data Ascii: },get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,f
2025-04-28 04:34:30 UTC	1378	IN	Data Raw: 6f 6e 28 65 29 7b 76 61 72 20 74 2c 6e 3b 72 65 74 75 72 6e 21 28 21 65 7c 7c 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 21 3d 3d 6f 2e 63 61 6c 6c 28 65 29 29 26 26 28 21 28 74 3d 72 28 65 29 29 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 28 6e 3d 76 2e 63 61 6c 6c 28 74 2c 22 63 6f 6e 73 74 72 75 63 74 6f 72 22 29 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 26 26 61 2e 63 61 6c 6c 28 6e 29 3d 3d 3d 6c 29 7d 2c 69 73 45 6d 70 74 79 4f 62 6a 65 63 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 66 6f 72 28 74 20 69 6e 20 65 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 2c 67 6c 6f 62 61 6c 45 76 61 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 62 28 65 2c 7b 6e 6f 6e 63 65 3a 74 26 26 74 2e 6e 6f Data Ascii: on(e){var t,n;return!(!e\|\|"[object Object]"!==o.call(e))&&(!(t=r(e))\|\|"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.no
2025-04-28 04:34:30 UTC	1378	IN	Data Raw: 5d 2c 71 3d 74 2e 70 6f 70 2c 4c 3d 74 2e 70 75 73 68 2c 48 3d 74 2e 70 75 73 68 2c 4f 3d 74 2e 73 6c 69 63 65 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 2c 72 3d 65 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 69 66 28 65 5b 6e 5d 3d 3d 3d 74 29 72 65 74 75 72 6e 20 6e 3b 72 65 74 75 72 6e 2d 31 7d 2c 52 3d 22 63 68 65 63 6b 65 64 7c 73 65 6c 65 63 74 65 64 7c 61 73 79 6e 63 7c 61 75 74 6f 66 6f 63 75 73 7c 61 75 74 6f 70 6c 61 79 7c 63 6f 6e 74 72 6f 6c 73 7c 64 65 66 65 72 7c 64 69 73 61 62 6c 65 64 7c 68 69 64 64 65 6e 7c 69 73 6d 61 70 7c 6c 6f 6f 70 7c 6d 75 6c 74 69 70 6c 65 7c 6f 70 65 6e 7c 72 65 61 64 6f 6e 6c 79 7c 72 65 71 75 69 72 65 64 7c 73 63 6f 70 65 64 22 2c 4d 3d 22 5b 5c 5c 78 32 30 5c 5c 74 Data Ascii: ],q=t.pop,L=t.push,H=t.push,O=t.slice,P=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},R="checked\|selected\|async\|autofocus\|autoplay\|controls\|defer\|disabled\|hidden\|ismap\|loop\|multiple\|open\|readonly\|required\|scoped",M="[\\x20\\t
2025-04-28 04:34:30 UTC	1378	IN	Data Raw: 2c 65 65 3d 2f 5b 2b 7e 5d 2f 2c 74 65 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 5b 5c 5c 64 61 2d 66 41 2d 46 5d 7b 31 2c 36 7d 22 2b 4d 2b 22 3f 7c 5c 5c 5c 5c 28 5b 5e 5c 5c 72 5c 5c 6e 5c 5c 66 5d 29 22 2c 22 67 22 29 2c 6e 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 30 78 22 2b 65 2e 73 6c 69 63 65 28 31 29 2d 36 35 35 33 36 3b 72 65 74 75 72 6e 20 74 7c 7c 28 6e 3c 30 3f 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 2b 36 35 35 33 36 29 3a 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 3e 3e 31 30 7c 35 35 32 39 36 2c 31 30 32 33 26 6e 7c 35 36 33 32 30 29 29 7d 2c 72 65 3d 2f 28 5b 5c 30 2d 5c 78 31 66 5c 78 37 66 5d 7c 5e 2d 3f 5c 64 29 7c 5e 2d 24 7c 5b 5e 5c 30 2d 5c 78 31 66 5c Data Ascii: ,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?\|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t\|\|(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10\|55296,1023&n\|56320))},re=/([\0-\x1f\x7f]\|^-?\d)\|^-$\|[^\0-\x1f\
2025-04-28 04:34:30 UTC	1378	IN	Data Raw: 29 29 7b 28 66 3d 65 65 2e 74 65 73 74 28 74 29 26 26 79 65 28 65 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 65 29 3d 3d 3d 65 26 26 64 2e 73 63 6f 70 65 7c 7c 28 28 73 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 73 3d 73 2e 72 65 70 6c 61 63 65 28 72 65 2c 69 65 29 3a 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 73 3d 53 29 29 2c 6f 3d 28 6c 3d 68 28 74 29 29 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 6f 2d 2d 29 6c 5b 6f 5d 3d 28 73 3f 22 23 22 2b 73 3a 22 3a 73 63 6f 70 65 22 29 2b 22 20 22 2b 78 65 28 6c 5b 6f 5d 29 3b 63 3d 6c 2e 6a 6f 69 6e 28 22 2c 22 29 7d 74 72 79 7b 72 65 74 75 72 6e 20 48 2e 61 70 70 6c 79 28 6e 2c 66 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 63 29 29 2c 6e 7d 63 61 74 63 68 28 Data Ascii: )){(f=ee.test(t)&&ye(e.parentNode)\|\|e)===e&&d.scope\|\|((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(
2025-04-28 04:34:30 UTC	1378	IN	Data Raw: 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 61 28 5b 5d 2c 65 2e 6c 65 6e 67 74 68 2c 6f 29 2c 69 3d 72 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 69 2d 2d 29 65 5b 6e 3d 72 5b 69 5d 5d 26 26 28 65 5b 6e 5d 3d 21 28 74 5b 6e 5d 3d 65 5b 6e 5d 29 29 7d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 79 65 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 26 26 65 7d 66 6f 72 28 65 20 69 6e 20 64 3d 73 65 2e 73 75 70 70 6f 72 74 3d 7b 7d 2c 69 3d 73 65 2e 69 73 58 4d 4c 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 26 26 65 2e 6e 61 6d 65 73 70 61 63 65 55 52 49 2c 6e 3d 65 26 26 28 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c Data Ascii: ion(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument\|
2025-04-28 04:34:30 UTC	1378	IN	Data Raw: 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 2e 72 65 70 6c 61 63 65 28 74 65 2c 6e 65 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 74 26 26 74 2e 76 61 6c 75 65 3d 3d 3d 6e 7d 7d 2c 62 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 45 29 7b 76 61 72 20 6e 2c 72 2c 69 2c 6f 3d 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 65 29 3b 69 66 28 6f 29 7b 69 66 28 28 Data Ascii: tion(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((
2025-04-28 04:34:30 UTC	1378	IN	Data Raw: 5b 22 2b 4d 2b 22 2a 6e 61 6d 65 22 2b 4d 2b 22 2a 3d 22 2b 4d 2b 22 2a 28 3f 3a 27 27 7c 5c 22 5c 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 3a 63 68 65 63 6b 65 64 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 3a 63 68 65 63 6b 65 64 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 61 23 22 2b 53 2b 22 2b 2a 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 2e 23 2e 2b 5b 2b 7e 5d 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5c 5c 5c 66 22 29 2c 76 2e 70 75 73 68 28 22 5b 5c 5c 72 5c 5c 6e 5c 5c 66 5d 22 29 7d 29 2c 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 3c 61 20 68 72 65 66 3d 27 27 20 64 69 73 61 62 6c 65 64 3d 27 Data Ascii: ["+M+"name"+M+"="+M+"(?:''\|\"\")"),e.querySelectorAll(":checked").length\|\|v.push(":checked"),e.querySelectorAll("a#"+S+"+").length\|\|v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="<a href='' disabled='
2025-04-28 04:34:30 UTC	1378	IN	Data Raw: 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 2d 21 74 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 3b 72 65 74 75 72 6e 20 6e 7c 7c 28 31 26 28 6e 3d 28 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 65 29 3d 3d 28 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 74 29 3f 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 74 29 3a 31 29 7c 7c 21 64 2e 73 6f 72 74 44 65 74 61 63 68 65 64 26 26 74 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 65 29 3d 3d 3d 6e 3f 65 3d 3d 43 7c 7c 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3d 3d 70 26 26 79 28 70 2c 65 29 3f 2d 31 3a 74 3d 3d 43 7c 7c 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3d 3d 70 Data Ascii: e.compareDocumentPosition-!t.compareDocumentPosition;return n\|\|(1&(n=(e.ownerDocument\|\|e)==(t.ownerDocument\|\|t)?e.compareDocumentPosition(t):1)\|\|!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C\|\|e.ownerDocument==p&&y(p,e)?-1:t==C\|\|t.ownerDocument==p

Timestamp	Bytes transferred	Direction	Data
2025-04-28 04:34:30 UTC	721	OUT	GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1 Host: github.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://8734873478934795494.z9.web.core.windows.net/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-28 04:34:30 UTC	957	IN	HTTP/1.1 302 Found Date: Mon, 28 Apr 2025 04:33:16 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame,Accept-Encoding, Accept, X-Requested-With Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250428%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250428T043316Z&X-Amz-Expires=300&X-Amz-Signature=8fe791c6996e8d5e875950a19d9b3faaa40e1be3463695fd29b4215c33745969&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2025-04-28 04:34:30 UTC	3511	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.githu

Timestamp	Bytes transferred	Direction	Data
2025-04-28 04:34:30 UTC	1156	OUT	GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250428%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250428T043316Z&X-Amz-Expires=300&X-Amz-Signature=8fe791c6996e8d5e875950a19d9b3faaa40e1be3463695fd29b4215c33745969&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1 Host: objects.githubusercontent.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://8734873478934795494.z9.web.core.windows.net/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-28 04:34:31 UTC	848	IN	HTTP/1.1 200 OK Connection: close Content-Length: 10245 Content-Type: application/octet-stream Last-Modified: Tue, 07 Dec 2021 16:38:45 GMT ETag: "0x8D9B9A009499A1E" Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000 x-ms-version: 2023-11-03 x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg== x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob Content-Disposition: attachment; filename=randexp.min.js x-ms-server-encrypted: true Via: 1.1 varnish, 1.1 varnish Fastly-Restarts: 1 Accept-Ranges: bytes Age: 2654 Date: Mon, 28 Apr 2025 04:34:31 GMT X-Served-By: cache-iad-kiad7000045-IAD, cache-lax-kwhp1940021-LAX X-Cache: HIT, HIT X-Cache-Hits: 5134, 0 X-Timer: S1745814871.100860,VS0,VE1
2025-04-28 04:34:31 UTC	1378	IN	Data Raw: 2f 2f 0a 2f 2f 20 72 61 6e 64 65 78 70 20 76 30 2e 34 2e 33 0a 2f 2f 20 43 72 65 61 74 65 20 72 61 6e 64 6f 6d 20 73 74 72 69 6e 67 73 20 74 68 61 74 20 6d 61 74 63 68 20 61 20 67 69 76 65 6e 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 2e 0a 2f 2f 0a 2f 2f 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 32 30 31 36 20 62 79 20 52 6f 6c 79 20 46 65 6e 74 61 6e 65 73 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 66 65 6e 74 29 0a 2f 2f 20 4d 49 54 20 4c 69 63 65 6e 73 65 0a 2f 2f 20 68 74 74 70 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 66 65 6e 74 2f 72 61 6e 64 65 78 70 2e 6a 73 2f 72 61 77 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 20 0a 2f 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 22 52 61 6e 64 45 78 70 22 Data Ascii: //// randexp v0.4.3// Create random strings that match a given regular expression.//// Copyright (C) 2016 by Roly Fentanes (https://github.com/fent)// MIT License// http://github.com/fent/randexp.js/raw/master/LICENSE //!function(){var e="RandExp"
2025-04-28 04:34:31 UTC	1378	IN	Data Raw: 29 2c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 2e 72 61 6e 64 49 6e 74 26 26 28 65 2e 72 61 6e 64 49 6e 74 3d 74 2e 72 61 6e 64 49 6e 74 29 7d 66 75 6e 63 74 69 6f 6e 20 75 28 65 2c 74 29 7b 76 61 72 20 6e 2c 69 2c 70 2c 68 2c 63 3b 73 77 69 74 63 68 28 65 2e 74 79 70 65 29 7b 63 61 73 65 20 6c 2e 52 4f 4f 54 3a 63 61 73 65 20 6c 2e 47 52 4f 55 50 3a 69 66 28 65 2e 66 6f 6c 6c 6f 77 65 64 42 79 7c 7c 65 2e 6e 6f 74 46 6f 6c 6c 6f 77 65 64 42 79 29 72 65 74 75 72 6e 22 22 3b 66 6f 72 28 65 2e 72 65 6d 65 6d 62 65 72 26 26 76 6f 69 64 20 30 3d 3d 3d 65 2e 67 72 6f 75 70 4e 75 6d 62 65 72 26 26 28 65 2e 67 72 6f 75 70 4e 75 6d 62 65 72 3d 74 2e 70 75 73 68 28 6e 75 6c 6c 29 2d 31 29 2c 6e 3d 65 2e 6f 70 74 69 6f 6e 73 3f 61 2e 63 61 6c 6c Data Ascii: ),"function"==typeof t.randInt&&(e.randInt=t.randInt)}function u(e,t){var n,i,p,h,c;switch(e.type){case l.ROOT:case l.GROUP:if(e.followedBy\|\|e.notFollowedBy)return"";for(e.remember&&void 0===e.groupNumber&&(e.groupNumber=t.push(null)-1),n=e.options?a.call
2025-04-28 04:34:31 UTC	1378	IN	Data Raw: 65 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 63 2e 72 61 6e 64 65 78 70 28 74 68 69 73 29 7d 7d 2c 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 66 61 75 6c 74 52 61 6e 67 65 3d 6e 65 77 20 68 28 33 32 2c 31 32 36 29 2c 63 2e 70 72 6f 74 6f 74 79 70 65 2e 72 61 6e 64 49 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 65 2b 4d 61 74 68 2e 66 6c 6f 6f 72 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 28 31 2b 74 2d 65 29 29 7d 7d 2c 7b 22 64 69 73 63 6f 6e 74 69 6e 75 6f 75 73 2d 72 61 6e 67 65 22 3a 32 2c 72 65 74 3a 33 7d 5d 2c 32 3a 5b 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 65 2c 74 29 7b 74 68 69 73 2e 6c 6f 77 3d 65 2c 74 68 69 73 2e 68 69 67 68 3d 74 2c 74 68 69 73 2e 6c 65 Data Ascii: en=function(){return c.randexp(this)}},c.prototype.defaultRange=new h(32,126),c.prototype.randInt=function(e,t){return e+Math.floor(Math.random()*(1+t-e))}},{"discontinuous-range":2,ret:3}],2:[function(e,t,n){function r(e,t){this.low=e,this.high=t,this.le
2025-04-28 04:34:31 UTC	1378	IN	Data Raw: 2e 6c 65 6e 67 74 68 3b 29 74 2e 70 75 73 68 28 73 2e 72 61 6e 67 65 73 5b 6e 5d 2e 63 6c 6f 6e 65 28 29 29 2c 6e 2b 2b 3b 73 2e 72 61 6e 67 65 73 3d 74 2c 61 28 73 29 7d 76 61 72 20 73 3d 74 68 69 73 3b 72 65 74 75 72 6e 20 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 6f 3f 65 2e 72 61 6e 67 65 73 2e 66 6f 72 45 61 63 68 28 6e 29 3a 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 72 3f 6e 28 65 29 3a 28 76 6f 69 64 20 30 3d 3d 3d 74 26 26 28 74 3d 65 29 2c 6e 28 6e 65 77 20 72 28 65 2c 74 29 29 29 2c 74 68 69 73 7d 2c 6f 2e 70 72 6f 74 6f 74 79 70 65 2e 73 75 62 74 72 61 63 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 73 2e 72 61 6e 67 65 73 2e 6c 65 6e 67 74 68 26 26 Data Ascii: .length;)t.push(s.ranges[n].clone()),n++;s.ranges=t,a(s)}var s=this;return e instanceof o?e.ranges.forEach(n):e instanceof r?n(e):(void 0===t&&(t=e),n(new r(e,t))),this},o.prototype.subtract=function(e,t){function n(e){for(var t=[],n=0;n<s.ranges.length&&
2025-04-28 04:34:31 UTC	1378	IN	Data Raw: 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 44 22 3a 68 2e 70 75 73 68 28 61 2e 6e 6f 74 49 6e 74 73 28 29 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 73 22 3a 68 2e 70 75 73 68 28 61 2e 77 68 69 74 65 73 70 61 63 65 28 29 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 53 22 3a 68 2e 70 75 73 68 28 61 2e 6e 6f 74 57 68 69 74 65 73 70 61 63 65 28 29 29 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 2f 5c 64 2f 2e 74 65 73 74 28 6e 29 3f 68 2e 70 75 73 68 28 7b 74 79 70 65 3a 6f 2e 52 45 46 45 52 45 4e 43 45 2c 76 61 6c 75 65 3a 70 61 72 73 65 49 6e 74 28 6e 2c 31 30 29 7d 29 3a 68 2e 70 75 73 68 28 7b 74 79 70 65 3a 6f 2e 43 48 41 52 2c 76 61 6c 75 65 3a 6e 2e 63 68 61 72 43 6f 64 65 41 74 28 30 29 7d 29 7d 62 72 65 61 6b 3b 63 61 73 65 22 5e 22 3a 68 2e 70 75 73 68 28 73 2e Data Ascii: );break;case"D":h.push(a.notInts());break;case"s":h.push(a.whitespace());break;case"S":h.push(a.notWhitespace());break;default:/\d/.test(n)?h.push({type:o.REFERENCE,value:parseInt(n,10)}):h.push({type:o.CHAR,value:n.charCodeAt(0)})}break;case"^":h.push(s.
2025-04-28 04:34:31 UTC	1378	IN	Data Raw: 68 26 26 63 28 69 29 2c 68 2e 70 75 73 68 28 7b 74 79 70 65 3a 6f 2e 52 45 50 45 54 49 54 49 4f 4e 2c 6d 69 6e 3a 30 2c 6d 61 78 3a 31 2f 30 2c 76 61 6c 75 65 3a 68 2e 70 6f 70 28 29 7d 29 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 68 2e 70 75 73 68 28 7b 74 79 70 65 3a 6f 2e 43 48 41 52 2c 76 61 6c 75 65 3a 6e 2e 63 68 61 72 43 6f 64 65 41 74 28 30 29 7d 29 7d 72 65 74 75 72 6e 20 30 21 3d 3d 6c 2e 6c 65 6e 67 74 68 26 26 72 2e 65 72 72 6f 72 28 65 2c 22 55 6e 74 65 72 6d 69 6e 61 74 65 64 20 67 72 6f 75 70 22 29 2c 75 7d 2c 74 2e 65 78 70 6f 72 74 73 2e 74 79 70 65 73 3d 6f 7d 2c 7b 22 2e 2f 70 6f 73 69 74 69 6f 6e 73 22 3a 34 2c 22 2e 2f 73 65 74 73 22 3a 35 2c 22 2e 2f 74 79 70 65 73 22 3a 36 2c 22 2e 2f 75 74 69 6c 22 3a 37 7d 5d 2c 34 3a 5b 66 75 Data Ascii: h&&c(i),h.push({type:o.REPETITION,min:0,max:1/0,value:h.pop()});break;default:h.push({type:o.CHAR,value:n.charCodeAt(0)})}return 0!==l.length&&r.error(e,"Unterminated group"),u},t.exports.types=o},{"./positions":4,"./sets":5,"./types":6,"./util":7}],4:[fu
2025-04-28 04:34:31 UTC	1378	IN	Data Raw: 72 2e 43 48 41 52 2c 76 61 6c 75 65 3a 36 35 32 37 39 7d 5d 7d 2c 69 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 5b 7b 74 79 70 65 3a 72 2e 43 48 41 52 2c 76 61 6c 75 65 3a 31 30 7d 2c 7b 74 79 70 65 3a 72 2e 43 48 41 52 2c 76 61 6c 75 65 3a 31 33 7d 2c 7b 74 79 70 65 3a 72 2e 43 48 41 52 2c 76 61 6c 75 65 3a 38 32 33 32 7d 2c 7b 74 79 70 65 3a 72 2e 43 48 41 52 2c 76 61 6c 75 65 3a 38 32 33 33 7d 5d 7d 3b 6e 2e 77 6f 72 64 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 74 79 70 65 3a 72 2e 53 45 54 2c 73 65 74 3a 61 28 29 2c 6e 6f 74 3a 21 31 7d 7d 2c 6e 2e 6e 6f 74 57 6f 72 64 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 74 79 70 65 3a 72 2e 53 45 54 2c 73 65 74 3a 61 28 29 2c 6e 6f 74 3a 21 30 7d 7d 2c 6e 2e 69 6e Data Ascii: r.CHAR,value:65279}]},i=function(){return[{type:r.CHAR,value:10},{type:r.CHAR,value:13},{type:r.CHAR,value:8232},{type:r.CHAR,value:8233}]};n.words=function(){return{type:r.SET,set:a(),not:!1}},n.notWords=function(){return{type:r.SET,set:a(),not:!0}},n.in
2025-04-28 04:34:31 UTC	599	IN	Data Raw: 68 69 74 65 73 70 61 63 65 28 29 29 3b 65 6c 73 65 20 69 66 28 61 5b 34 5d 29 69 2e 70 75 73 68 28 6f 2e 6e 6f 74 57 6f 72 64 73 28 29 29 3b 65 6c 73 65 20 69 66 28 61 5b 35 5d 29 69 2e 70 75 73 68 28 6f 2e 6e 6f 74 49 6e 74 73 28 29 29 3b 65 6c 73 65 20 69 66 28 61 5b 36 5d 29 69 2e 70 75 73 68 28 6f 2e 6e 6f 74 57 68 69 74 65 73 70 61 63 65 28 29 29 3b 65 6c 73 65 20 69 66 28 61 5b 37 5d 29 69 2e 70 75 73 68 28 7b 74 79 70 65 3a 72 2e 52 41 4e 47 45 2c 66 72 6f 6d 3a 28 61 5b 38 5d 7c 7c 61 5b 39 5d 29 2e 63 68 61 72 43 6f 64 65 41 74 28 30 29 2c 74 6f 3a 61 5b 31 30 5d 2e 63 68 61 72 43 6f 64 65 41 74 28 30 29 7d 29 3b 65 6c 73 65 7b 69 66 28 21 28 73 3d 61 5b 31 32 5d 29 29 72 65 74 75 72 6e 5b 69 2c 75 2e 6c 61 73 74 49 6e 64 65 78 5d 3b 69 2e 70 75 Data Ascii: hitespace());else if(a[4])i.push(o.notWords());else if(a[5])i.push(o.notInts());else if(a[6])i.push(o.notWhitespace());else if(a[7])i.push({type:r.RANGE,from:(a[8]\|\|a[9]).charCodeAt(0),to:a[10].charCodeAt(0)});else{if(!(s=a[12]))return[i,u.lastIndex];i.pu

Target ID:	0
Start time:	00:34:16
Start date:	28/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff763260000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	00:34:20
Start date:	28/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1992,i,1766977642034281986,6040091547616364707,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2020 /prefetch:3
Imagebase:	0x7ff763260000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	8
Start time:	00:34:23
Start date:	28/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1992,i,1766977642034281986,6040091547616364707,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5096 /prefetch:8
Imagebase:	0x7ff763260000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	11
Start time:	00:34:26
Start date:	28/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://8734873478934795494.z9.web.core.windows.net/"
Imagebase:	0x7ff763260000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://8734873478934795494.z9.web.core.windows.net/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Tycoon2FA

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Static File Info

Network Behavior

Network Port Distribution

Windows Analysis Report
https://8734873478934795494.z9.web.core.windows.net/