Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://belis.online

Overview

General Information

Sample URL:http://belis.online
Analysis ID:1417511

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

HTML page contains hidden URLs or javascript code
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://belis.online/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1960,i,13513610279328154140,15974765438364974475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://ww25.belis.online/?subid1=20240330-0021-48f1-8a45-0a281915c9ecHTTP Parser: Base64 decoded: {"uuid":"b97eb574-ba14-4dc3-9846-2512f9bfb37d","page_time":1711718510,"page_url":"http://ww25.belis.online/?subid1=20240330-0021-48f1-8a45-0a281915c9ec","page_method":"GET","page_request":{"subid1":"20240330-0021-48f1-8a45-0a281915c9ec"},"page_headers":{}...
Source: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D3113057640%26pcsa%3Dfalse%26channel%3Dpid-bodis-gcontrol202%252Cpid-bodis-gcontrol97%252Cpid-bodis-gcontrol313%252Cpid-bodis-gcontrol152%252Cpid-bodis-gcontrol453%26client%3Ddp-bodis30_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fww25.belis.online%253Fcaf%2526subid1%253D20240330-0021-48f1-8a45-0a281915c9ec%26max_radlink_len%3D50%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2497786236455022%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%252C17301447%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D4641711718511217%26num%3D0%26output%3Dafd_ads%26domain_name%3Dww25.belis.online%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1711718511219%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D816%26frm%3D0%26uio%3D-%26cont%3Drs%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D618877072%26rurl%3Dhttp%253A%252F%252Fww25.belis.onlin...HTTP Parser: No favicon
Source: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D3113057640%26pcsa%3Dfalse%26channel%3Dpid-bodis-gcontrol202%252Cpid-bodis-gcontrol97%252Cpid-bodis-gcontrol313%252Cpid-bodis-gcontrol152%252Cpid-bodis-gcontrol453%26client%3Ddp-bodis30_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fww25.belis.online%253Fcaf%2526subid1%253D20240330-0021-48f1-8a45-0a281915c9ec%26max_radlink_len%3D50%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2497786236455022%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%252C17301447%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D4641711718511217%26num%3D0%26output%3Dafd_ads%26domain_name%3Dww25.belis.online%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1711718511219%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D816%26frm%3D0%26uio%3D-%26cont%3Drs%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D618877072%26rurl%3Dhttp%253A%252F%252Fww25.belis.onlin...HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=Ryvh8LZ8N7cDmnxQmOwGYCatQ0rdF5rQIUtQngjDgVCEcCKFtE2Wr3Dn0jRYsNlTuMowDW57W_EqZ381pCRU_YIf4jrdqioF1cFjF6zau1K4cqu8FIoy0RFUc5kc0mDK2hBhg3YcM4Jkq6OZzrF2MzJXZ5qZ2-fKOwi7mXWIEAojoavrmTZWo1H_cleGcJvvbLse2CWMwO-0UoVtjhx9rkvMFczCmdaE2V0OgkwZzYtOkkTbr1OfEiKcJHqGeK-wf1hc-PIlKo9vJ5a_Nn0KgQzLMV4OZSo&cb=x1t9bvgsumyHTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bHTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bHTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=1Agc0O1RLIbLZpKIzcbRqeCBpopI-_xwU_E6pQ8ZUPikGdoCBZkQOfw68hQPnrw7jnPa8YooZXKUaBjRBrWz0hr3DjLwczmy6m5u7xsgs0mqkH7-llcLJghtB09wsZAanTp4V52Upsj2ITqvb-KU5MdbhhSbNgj0uvhRReaN7agYJBLeET32giUBoA6NMZhlEHhOVe9wMb-LtatGuP3fnCGJaZiEJnAyvnS7I9f2_srqZTfFrrUwvdenFbfZr_5umuSjgSgLSv5ebkd_o3Hq7eFLBW4JQhk&cb=qie9q4k65br0HTTP Parser: No favicon
Source: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D3113057640%26pcsa%3Dfalse%26channel%3Dpid-bodis-gcontrol202%252Cpid-bodis-gcontrol97%252Cpid-bodis-gcontrol313%252Cpid-bodis-gcontrol152%252Cpid-bodis-gcontrol453%26client%3Ddp-bodis30_3ph%26r%3Dm%26sct%3DID%253D6b5e75c2645bbd76%253AT%253D1711718512%253ART%253D1711718512%253AS%253DALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw%26sc_status%3D6%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fww25.belis.online%253Fcaf%2526subid1%253D20240330-0022-05c2-a5db-2edf15066893%26max_radlink_len%3D50%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2497786236455022%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%252C17301447%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D1741711718525757%26num%3D0%26output%3Dafd_ads%26domain_name%3Dww25.belis.online%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D2%26u_tz%3D60%26dt%3D1711718525757%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26p...HTTP Parser: No favicon
Source: http://ww25.belis.online/bfgrqDrIh.jsHTTP Parser: No favicon
Source: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dsucuri%2Bsite%2Bscan%26rlz%3D1C1ONGR_enUS1103US1103%26oq%3Dsucuri%2Bsite%2Bscan%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCDIyNDRqMGo3qAIAsAIA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmpTArGN2Bm7AGIjDjc4iT4htEVjJihEacudlYs0beAfJLSSS2iZF4y7rnmzv79jrPTM0_pLkSvQVrOzQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.56.12.114:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.56.12.114:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.12.114
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKserver: openrestydate: Fri, 29 Mar 2024 13:21:50 GMTcontent-type: text/html; charset=UTF-8content-encoding: gzipcontent-length: 2637cache-control: no-cachex-version: 2.117.0expires: Thu, 01 Jan 1970 00:00:01 GMTcache-control: no-store, must-revalidatecache-control: post-check=0, pre-check=0pragma: no-cacheset-cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; expires=Fri, 29 Mar 2024 13:36:50 GMT; Max-Age=900; path=/; httponlyData Raw: 1f 8b 08 00 00 00 00 00 04 03 bd 58 4b 9b a2 4a 12 fd 41 bd 18 40 ad 2e 16 b3 50 94 d7 27 58 20 cf dc 09 58 bc 12 74 da 07 8f 5f 7f 4f a6 55 6a d5 74 cf 9d d9 cc a2 3e 4b 92 cc 8c 38 71 22 e2 84 7e af 66 81 d5 d9 aa dd d9 42 37 6e 96 ab 21 09 f6 83 d9 10 55 1e 49 64 4a 24 32 ca 4d 69 1e 53 45 e8 2d 45 18 ac e5 ea 6c 79 f1 d9 1a fd 0b 09 ad 61 dd d0 4b a6 05 43 d2 a8 27 a3 ec 4a d2 b8 ef a9 14 0c 59 13 0c 91 e4 16 58 13 76 a1 48 8d ea d0 db e3 8a fd 4d 6d 6f d5 ad 15 b3 8b c3 8c 7a 93 05 d6 e5 4b 3a 18 2f b8 b7 cb 42 d3 24 8a f1 62 34 6e b7 0e cd 2b d1 e8 68 8d 8b 77 6b b2 38 f0 f3 35 f9 1c 87 f4 e2 37 41 bb 8b 6c 21 6d d4 4b c6 df 57 c7 75 e8 0e bb d0 39 5b 95 33 b3 c7 74 6a 57 c6 68 57 8e 68 7b f3 c1 2a 8d 93 d1 2e 68 da da 57 66 eb 2e 3a 52 b2 52 6b 76 2f c1 f7 54 f2 b1 6e d2 74 12 9c 32 dd 76 98 6d 4e a3 8e 24 80 6f fc fc 42 c8 f4 f9 4b a4 c8 e9 7a 92 4d ac ca bf c4 4d 80 73 ac 4b 22 cd 4e bb 70 46 99 7d 49 a8 4e 03 86 87 df d3 a4 c9 84 1d f6 e2 fe 93 d1 d8 87 38 9c 01 b3 8e e1 d9 31 3b e3 46 ae b1 ff 4c 24 d8 d4 ba 43 22 75 c0 d7 38 a5 1a ad 3f 7d 5f 87 59 85 f3 e1 a7 7c da 78 e9 1f d7 ac 71 35 ae f5 c5 91 28 62 99 48 ee 31 1d c4 36 96 e4 4b a6 9b d7 64 b9 12 ad b2 ff d3 9d 82 ed 59 25 e2 f1 2b 03 16 06 c7 c9 a5 69 23 8e 88 59 c9 7c 8a 43 57 20 c0 9a 7d 4f 24 d2 b0 67 e9 c4 9d 25 5a 70 8b 55 65 f5 96 07 16 79 a9 64 2f e7 ec ac 9b 0d a2 4b 93 68 71 8a 23 97 3a 61 7f 4a 26 d9 18 36 56 b9 81 af 59 18 c8 fc 3d 4d ae 76 13 3c a3 e7 9f 46 eb ce 52 cd 67 f8 0c 24 ec 19 77 6a 70 a9 48 81 1d b7 83 f9 a3 a9 c7 04 dc 62 b6 a4 2d b7 5b dc f9 72 97 69 f4 cc 62 6a 54 c7 26 0e fb 91 6c 11 8b 36 00 c6 fc dd f1 7d db 3f 9f 5f 10 9d ef e5 d8 32 3e 7d f0 bc 20 e0 39 bb 2b 0b e9 5b aa bb c7 24 a4 2f 64 fb c4 91 66 26 26 21 78 52 1a 2f d6 44 cc e0 c3 98 e9 f4 44 22 f8 80 67 88 d3 35 53 16 3f 23 6d 9a 1b 8a 70 06 df 26 3b e0 b7 5b 1e 72 7b 9c 77 a9 9e 63 6d 26 e3 2f 4d 1a f0 5b af 4f 86 56 08 49 d8 e5 7b b1 bf 18 ca 3c 37 34 02 3e 38 67 f0 f2 bc 0b fb d9 a6 5c 8c e0 ce b8 8e 6c c4 85 36 6b 65 de 3a 91 79 8c c3 ae dd dc f7 14 74 17 66 87 0c f7 58 de bc 33 bd 73 9a 94 38 4b 59 20 7e f6 2f 32 31 af 59 38 03 af c0 35 4d 1e 36 e5 bc Data Ascii: XKJA@.P'X Xt_OUjt>K8q"~fB7n!UIdJ$2MiSE-ElyaKC'JYXvHMmozK:/B$b4n+hwk857Al!mKWu9[3tjWhWh{*.hWf.:RRkv/Tnt2vmN$oBKzMMsK"NpF}IN81;FL$C
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKserver: openrestydate: Fri, 29 Mar 2024 13:22:06 GMTcontent-type: text/html; charset=UTF-8content-encoding: gzipcontent-length: 2637cache-control: no-cachex-version: 2.117.0expires: Thu, 01 Jan 1970 00:00:01 GMTcache-control: no-store, must-revalidatecache-control: post-check=0, pre-check=0pragma: no-cacheset-cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; expires=Fri, 29 Mar 2024 13:37:06 GMT; Max-Age=900; path=/; httponlyData Raw: 1f 8b 08 00 00 00 00 00 04 03 bd 58 4b 9b a2 4a 12 fd 41 bd 18 40 ad 2e 16 b3 50 94 d7 27 58 20 cf dc 09 58 bc 12 74 da 07 8f 5f 7f 4f a6 55 6a d5 74 cf 9d d9 cc a2 3e 4b 92 cc 8c 38 71 22 e2 84 7e af 66 81 d5 d9 aa dd d9 42 37 6e 96 ab 21 09 f6 83 d9 10 55 1e 49 64 4a 24 32 ca 4d 69 1e 53 45 e8 2d 45 18 ac e5 ea 6c 79 f1 d9 1e ad 0b 09 ad 61 dd d0 4b a6 05 43 d2 a8 27 a3 ec 4a d2 b8 ef a9 14 0c 59 13 0c 91 e4 16 58 13 76 a1 48 8d ea d0 db e3 8a fd 4d 6d cf 90 d6 8a d9 c5 61 46 bd c9 02 eb f2 25 1d 8c 17 dc db 65 a1 69 12 c5 78 31 1a b7 5b 87 e6 95 68 74 b4 c6 c5 bb 35 59 1c f8 f9 9a 7c 8e 43 7a f1 9b a0 dd 45 b6 90 36 ea 25 e3 ef ab e3 3a 74 87 5d e8 9c ad ca 99 d9 63 3a b5 2b 63 b4 2b 47 b4 bd f9 60 95 c6 c9 68 17 34 6d ed 2b b3 75 17 1d 29 59 a9 35 bb 97 e0 7b 2a f9 58 37 69 3a 09 4e 99 6e 3b cc 36 a7 51 47 12 c0 37 7e 7e 21 64 fa fc 25 52 e4 74 3d c9 26 56 e5 5f e2 26 c0 39 d6 25 91 66 a7 5d 38 a3 cc be 24 54 a7 01 c3 c3 ef 69 d2 64 c2 0e 7b 71 ff c9 68 ec 43 1c ce 80 59 c7 f0 ec 98 9d 71 23 d7 d8 7f 26 12 6c 6a dd 21 91 3a e0 6b 9c 52 8d d6 9f be af c3 ac c2 f9 f0 53 3e 6d bc f4 8f 6b d6 b8 1a d7 fa e2 48 14 b1 4c 24 f7 98 0e 62 1b 4b f2 25 d3 cd 6b b2 5c 89 56 d9 ff e9 4e c1 f6 ac 12 f1 f8 95 01 0b 83 e3 e4 d2 b4 11 47 c4 ac 64 3e c5 a1 2b 10 60 cd be 27 12 69 d8 b3 74 e2 ce 12 2d b8 c5 aa b2 7a cb 03 8b bc 54 b2 97 73 76 d6 cd 06 d1 a5 49 b4 38 c5 91 4b 9d b0 3f 25 93 6c 0c 1b ab dc c0 d7 2c 0c 64 fe 9e 26 57 bb 09 9e d1 f3 4f a3 75 67 a9 e6 33 7c 06 12 f6 8c 3b 35 b8 54 a4 c0 8e db c1 fc d1 d4 63 02 6e 31 5b d2 96 db 2d ee 7c b9 cb 34 7a 66 31 35 aa 63 13 87 fd 48 b6 88 45 1b 00 63 fe ee f8 be ed 9f cf 2f 88 ce f7 72 6c 19 9f 3e 78 5e 10 f0 9c dd 95 85 f4 2d d5 dd 63 12 d2 17 b2 7d e2 48 33 13 93 10 3c 29 8d 17 6b 22 66 f0 61 cc 74 7a 22 11 7c c0 33 c4 e9 9a 29 8b 9f 91 36 cd 0d 45 38 83 6f 93 1d f0 db 2d 0f b9 3d ce bb 54 cf b1 36 93 f1 97 26 0d f8 ad d7 27 43 2b 84 24 ec f2 bd d8 5f 0c 65 9e 1b 1a 01 1f 9c 33 78 79 de 85 fd 6c 53 2e 46 70 67 5c 47 36 e2 42 9b b5 32 6f 9d c8 3c c6 61 d7 6e ee 7b 0a ba 0b b3 43 86 7b 2c 6f de 99 de 39 4d 4a 9c a5 2c 10 3f fb 17 99 98 d7 2c 9c 81 57 e0 9a 26 0f 9b 72 5e Data Ascii: XKJA@.P'X Xt_OUjt>K8q"~fB7n!UIdJ$2MiSE-ElyaKC'JYXvHMmaF%eix1[ht5Y|CzE6%:t]c:+c+G`h4m+u)Y5{*X7i:Nn;6QG7~~!d%Rt=&V_&9%f]8$Tid{qhCYq#&lj!
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?subid1=20240330-0021-48f1-8a45-0a281915c9ec HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bIjYFmKcC.js HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://ww25.belis.online/?subid1=20240330-0021-48f1-8a45-0a281915c9ecAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d
Source: global trafficHTTP traffic detected: GET /_fd?subid1=20240330-0021-48f1-8a45-0a281915c9ec HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d
Source: global trafficHTTP traffic detected: GET /?subid1=20240330-0022-05c2-a5db-2edf15066893 HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global trafficHTTP traffic detected: GET /?subid1=20240330-0022-05c2-a5db-2edf15066893 HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global trafficHTTP traffic detected: GET /bKzqzpOlR.js HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://ww25.belis.online/?subid1=20240330-0022-05c2-a5db-2edf15066893Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global trafficHTTP traffic detected: GET /_fd?subid1=20240330-0022-05c2-a5db-2edf15066893 HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global trafficHTTP traffic detected: GET /?subid1=20240330-0022-05c2-a5db-2edf15066893 HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://ww25.belis.online/?subid1=20240330-0022-05c2-a5db-2edf15066893Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global trafficHTTP traffic detected: GET /bfgrqDrIh.js HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global trafficHTTP traffic detected: GET /bfgrqDrIh.js HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://ww25.belis.online/bfgrqDrIh.jsAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: unknownDNS traffic detected: queries for: belis.online
Source: unknownHTTP traffic detected: POST /_fd?subid1=20240330-0021-48f1-8a45-0a281915c9ec HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveContent-Length: 0Accept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonOrigin: http://ww25.belis.onlineReferer: http://ww25.belis.online/?subid1=20240330-0021-48f1-8a45-0a281915c9ecAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.56.12.114:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.56.12.114:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: classification engineClassification label: clean1.win@24/20@19/213
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://belis.online/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1960,i,13513610279328154140,15974765438364974475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1960,i,13513610279328154140,15974765438364974475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://belis.online0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://ww25.belis.online/bIjYFmKcC.js0%Avira URL Cloudsafe
http://ww25.belis.online/_fd?subid1=20240330-0021-48f1-8a45-0a281915c9ec0%Avira URL Cloudsafe
http://belis.online/0%Avira URL Cloudsafe
about:blank0%Avira URL Cloudsafe
http://ww25.belis.online/_fd?subid1=20240330-0022-05c2-a5db-2edf150668930%Avira URL Cloudsafe
http://ww25.belis.online/bKzqzpOlR.js0%Avira URL Cloudsafe
http://ww25.belis.online/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
77026.bodis.com
199.59.243.225
truefalse
    		high
    www3.l.google.com
    		172.253.122.101
    		truefalse
      		high
      belis.online
      		103.224.212.210
      		truefalse
        		unknown
        www.google.com
        		172.253.63.103
        		truefalse
          		high
          ww25.belis.online
          		unknown
          		unknownfalse
            		unknown
            www.adsensecustomsearchads.com
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=Ryvh8LZ8N7cDmnxQmOwGYCatQ0rdF5rQIUtQngjDgVCEcCKFtE2Wr3Dn0jRYsNlTuMowDW57W_EqZ381pCRU_YIf4jrdqioF1cFjF6zau1K4cqu8FIoy0RFUc5kc0mDK2hBhg3YcM4Jkq6OZzrF2MzJXZ5qZ2-fKOwi7mXWIEAojoavrmTZWo1H_cleGcJvvbLse2CWMwO-0UoVtjhx9rkvMFczCmdaE2V0OgkwZzYtOkkTbr1OfEiKcJHqGeK-wf1hc-PIlKo9vJ5a_Nn0KgQzLMV4OZSo&cb=x1t9bvgsumyfalse
                		high
                http://ww25.belis.online/favicon.icofalse
                • Avira URL Cloud: safe
                		unknown
                http://ww25.belis.online/?subid1=20240330-0021-48f1-8a45-0a281915c9ecfalse
                  		unknown
                  https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bfalse
                    		high
                    http://ww25.belis.online/bfgrqDrIh.jsfalse
                      		unknown
                      http://belis.online/false
                      • Avira URL Cloud: safe
                      		unknown
                      http://ww25.belis.online/bIjYFmKcC.jsfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=1Agc0O1RLIbLZpKIzcbRqeCBpopI-_xwU_E6pQ8ZUPikGdoCBZkQOfw68hQPnrw7jnPa8YooZXKUaBjRBrWz0hr3DjLwczmy6m5u7xsgs0mqkH7-llcLJghtB09wsZAanTp4V52Upsj2ITqvb-KU5MdbhhSbNgj0uvhRReaN7agYJBLeET32giUBoA6NMZhlEHhOVe9wMb-LtatGuP3fnCGJaZiEJnAyvnS7I9f2_srqZTfFrrUwvdenFbfZr_5umuSjgSgLSv5ebkd_o3Hq7eFLBW4JQhk&cb=qie9q4k65br0false
                        		high
                        http://ww25.belis.online/_fd?subid1=20240330-0022-05c2-a5db-2edf15066893false
                        • Avira URL Cloud: safe
                        		unknown
                        http://ww25.belis.online/bKzqzpOlR.jsfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://ww25.belis.online/_fd?subid1=20240330-0021-48f1-8a45-0a281915c9ecfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://ww25.belis.online/?subid1=20240330-0022-05c2-a5db-2edf15066893false
                          		unknown
                          https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dsucuri%2Bsite%2Bscan%26rlz%3D1C1ONGR_enUS1103US1103%26oq%3Dsucuri%2Bsite%2Bscan%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCDIyNDRqMGo3qAIAsAIA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmpTArGN2Bm7AGIjDjc4iT4htEVjJihEacudlYs0beAfJLSSS2iZF4y7rnmzv79jrPTM0_pLkSvQVrOzQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                            		high
                            about:blankfalse
                            • Avira URL Cloud: safe
                            		low

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            172.253.122.104
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            1.1.1.1
                            		unknownAustralia
                            		13335CLOUDFLARENETUSfalse
                            103.224.212.210
                            		belis.onlineAustralia
                            		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                            142.251.111.95
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            172.253.62.94
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            172.253.62.84
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.251.163.113
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            199.59.243.225
                            		77026.bodis.comUnited States
                            		395082BODIS-NJUSfalse
                            142.251.16.138
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            172.253.63.103
                            		www.google.comUnited States
                            		15169GOOGLEUSfalse
                            172.253.122.101
                            		www3.l.google.comUnited States
                            		15169GOOGLEUSfalse
                            142.251.167.94
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.251.167.95
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            239.255.255.250
                            		unknownReserved
                            		unknownunknownfalse
                            172.253.115.103
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.251.179.100
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            172.253.115.156
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.250.31.94
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.251.16.95
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.251.16.94
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.251.163.94
                            		unknownUnited States
                            		15169GOOGLEUSfalse

                            Private

                            IP
                            192.168.2.16

                            General Information

                            Joe Sandbox version:40.0.0 Tourmaline
                            Analysis ID:1417511
                            Start date and time:2024-03-29 14:21:19 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                            Sample URL:http://belis.online
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:14
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • EGA enabled
                            Analysis Mode:stream
                            Analysis stop reason:Timeout
                            Detection:CLEAN
                            Classification:clean1.win@24/20@19/213

                            Warnings

                            • Exclude process from analysis (whitelisted): svchost.exe
                            • Excluded IPs from analysis (whitelisted): 172.253.62.94, 142.251.16.138, 142.251.16.100, 142.251.16.113, 142.251.16.102, 142.251.16.101, 142.251.16.139, 172.253.62.84, 34.104.35.123, 172.253.115.156, 172.253.115.155
                            • Excluded domains from analysis (whitelisted): partner46.googleadservices.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, partner.googleadservices.com, clientservices.googleapis.com, clients.l.google.com
                            • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • Not all processes where analyzed, report is missing behavior information

                            Created / dropped Files

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 12:21:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2673
                            Entropy (8bit):3.987393115926591
                            Encrypted:false
                            SSDEEP:
                            MD5:FBB6C3099370BED6F5CB7CADFFC373F2
                            SHA1:7A056E337BE284A5FDBBEB2B6EF4BC60C9729A9C
                            SHA-256:764DEFC61B7DA3F35C8B0A84C8AA50C523AEC29C6827E04FBE1561FBC924F67B
                            SHA-512:D734F5E9A73D3F4466CB2B3FA79437F86C9382ECD1798B8BBBB2F8B10FE7A9AABDF56F87AA0F45BE7DE7A21F2D4E1DED417845419D01B16A7F77660AFBAB0F7B
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,....w......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I}X.j....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}X.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}X.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}X.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}X.j...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 12:21:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2675
                            Entropy (8bit):4.006718596735417
                            Encrypted:false
                            SSDEEP:
                            MD5:28C3A3D177DE58B78FB580B6F17D9D1B
                            SHA1:F2597F176A52F8BD91992E63D119E367EFF21122
                            SHA-256:7E67FE56098949C9E639D5358B37B7DBDAFF052544EFC569A1069F4A3EB93449
                            SHA-512:3EB3127A139220B3DEEA35EFFED93782032EC84DAA22408D3F0BA48DACE85BDDBC37E346F42E06FA90D2936A8C375277E3BB0B862899AA7ED9827D88E3F2E9F1
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I}X.j....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}X.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}X.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}X.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}X.j...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2689
                            Entropy (8bit):4.011480359129873
                            Encrypted:false
                            SSDEEP:
                            MD5:CF9B269F5FCB3FC5AA42A4B2B4D87424
                            SHA1:7BBAF30861C9C6653DD7C2C0E782D92A35D90A83
                            SHA-256:BBDA323B5E3338C9B8CDD090FBE7C138747C9CC1BFDB5FE8D95D6425048FB531
                            SHA-512:B22CA325E07A8B8BAD67D3D0EAC3FE9DFB034EA95974EB671B7C2D9B5441663F8EB692A0DCD94E96ECEA5E34887C2BD99FABE2C6B80CD548BA33BA7F6D4304B0
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I}X.j....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}X.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}X.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}X.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 12:21:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2677
                            Entropy (8bit):3.998693925692532
                            Encrypted:false
                            SSDEEP:
                            MD5:5C648DDE3BBFB652009CD459C6252AB2
                            SHA1:BFF6C3851019DB2E52CC94539C3B44211187EB59
                            SHA-256:37E22A5019DE138AE90036941543BD842227F9F521660C823099B51EC90BF76D
                            SHA-512:32165CC1124E12573FDC7AEFDD34F781C9AB7813B63CEB3F9B1B5EFC8019D4D333CAC736F4C2369A97582A1526EB171DB67F5A9AE7C86A34B25087CA64502912
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,....A.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I}X.j....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}X.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}X.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}X.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}X.j...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 12:21:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2677
                            Entropy (8bit):3.988473492277166
                            Encrypted:false
                            SSDEEP:
                            MD5:5A9A551AA7D593E609EF143BCBA120A6
                            SHA1:157187150BC391E053F3F48847CEECA8C458AA90
                            SHA-256:8887A9BF12E85C06656F434A5E99B826F86C7D6E3700562A9436767D36D884C5
                            SHA-512:CD90E1E3BA385BB93FD4DC412302FC78E94474C8CF6BA9B7B57F258C916014530E9E2DAD1891C68F1CFB158DF305287D5D84E68492561785FB4B4E2DCE74A677
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,....SK.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I}X.j....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}X.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}X.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}X.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}X.j...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 12:21:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2679
                            Entropy (8bit):4.003012251045797
                            Encrypted:false
                            SSDEEP:
                            MD5:5FD7DD9AACC9468D9FFB85977E4EAEC3
                            SHA1:FE29EF4E564009699FD1A9A1C112098A190E8FA5
                            SHA-256:D671F394A4BE4782E9C1920BEE8804B5D2F3CE7BD1161666BD46EE1B3172B1E2
                            SHA-512:37711D6BB0B51A577CF99A45D34E968FC4531D8E694E19E11979FED37C7C87AD458660F5FCD4201449490E66BA32BA8764B3DA197A9BC3B779A62501DA16FA09
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I}X.j....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}X.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}X.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}X.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}X.j...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            Chrome Cache Entry: 80

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Unicode text, UTF-8 text, with very long lines (800)
                            Category:downloaded
                            Size (bytes):806
                            Entropy (8bit):5.18071421872459
                            Encrypted:false
                            SSDEEP:
                            MD5:C13E3A34FD138BE3B98C6DB5DF804023
                            SHA1:1141F29ED812BC0B1F3C2208350A884CBF5A4358
                            SHA-256:DA14BD6147AED5EF702A9F7D97EDFA81ACE02C41022270BB47E85AA1A7115FB0
                            SHA-512:FF825B96D7BAC1AE9A08398EF5FAB2576C7554103D58CB1EEEDCA7939805CABFFCFA9D5AC277CCA780A38646D6679962B1AEF78ACCD54678ECCAF7E29846BDBB
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                            Preview:)]}'.["",["wordle answer march 29","kentucky basketball transfer portal","mortgage rates today","diablo iv ptr patch notes","spacex rocket launch falcon 9","ba.timore bridge collapse","home depot srs distribution","child tax credit payments 2024 schedule"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                            Chrome Cache Entry: 81

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                            Category:downloaded
                            Size (bytes):2228
                            Entropy (8bit):7.82817506159911
                            Encrypted:false
                            SSDEEP:
                            MD5:EF9941290C50CD3866E2BA6B793F010D
                            SHA1:4736508C795667DCEA21F8D864233031223B7832
                            SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                            SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.gstatic.com/recaptcha/api2/logo_48.png
                            Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                            Chrome Cache Entry: 82

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (596)
                            Category:downloaded
                            Size (bytes):511331
                            Entropy (8bit):5.71888713211764
                            Encrypted:false
                            SSDEEP:
                            MD5:48C590D47C8B1868CECAB334E9A34CBE
                            SHA1:5F1A9F94294EC337F657AC2EBEC1C74E097CE5B3
                            SHA-256:F3756825DF5194A174B7A55EBD3B484C276766EEF21343D34B053B98ED386801
                            SHA-512:24B9E42BCEBEFCB81D2DC8760256A63E84846C2A49CEE2A6B3904EB5DBA4551DBEA599E0892C7FA6674E32D6E047CA31B396ADD5467F6D3FADFE8F9B3A72A6F2
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js
                            Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT.*/.var nA=function(){return[function(M,a,q,C,W,O){return 4>(M>>((W=[2,1,9],M&101)==M&&(qT||D[40](22,"Edge"),CA||(qT(),CA=a),Pj.add(q,C)),W)[0]&8)&&5<=(M>>W[1]&7)&&(D[8](W[0],function(Y){S[24](28,0,"end",Y,a)},wT),t[6](W[2],!1,wT)||Z[33](5)),O},function(M,a,q,C,W,O,Y,P){return 2==(M+1&(M-6<<1<(((P=[22,57,33],10)>(M<<2&12)&&10<=(M>>1&11)&&(C=new be,Y=I[24](37,C,a,q)),M&42)==M&&(Y=Hj('<textarea id="'+J[41](3,a)+'" name="'+J[41](P[2],q)+'" class="g-recaptcha-response"></textarea>')),M)&&(M-2^P[0])>=M&&(D[25](61,.a,DG)||D[25](P[1],a,Sf)?C=c[P[2]](36,a):(a instanceof Ur?q=c[P[2]](32,Z[3](31,a)):(a instanceof IN?W=c[P[2]](12,t[44](70,a).toString

                            Chrome Cache Entry: 84

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (378), with no line terminators
                            Category:downloaded
                            Size (bytes):378
                            Entropy (8bit):5.3762876720163595
                            Encrypted:false
                            SSDEEP:
                            MD5:D086DB8681F3D3BC3A266E09726DC22B
                            SHA1:D3F02AC1FE98FA317526A42764C258995A2EF83C
                            SHA-256:DA0EF7B54F944568589EBDF5C1DA15FD0FE1AC0FCCB228BE193903B1EB79248C
                            SHA-512:BE9E184C05CD03353A6BCA9E97A8E5C086121D82267991B92FA26CE6A4579D31054881286F167181E3FA229C8B34A8E47CB0ED762F3986D779500F13438F27F9
                            Malicious:false
                            Reputation:unknown
                            URL:https://partner.googleadservices.com/gampad/cookie.js?domain=ww25.belis.online&client=dp-bodis30_3ph&product=SAS&callback=__sasCookie
                            Preview:__sasCookie({"_cookies_":[{"_value_":"ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw","_expires_":1745414512,"_path_":"/","_domain_":"belis.online","_version_":1},{"_value_":"UID=00000dacc4ce0331:T=1711718512:RT=1711718512:S=ALNI_MaDWfm2SXh3F_w7_3VTHp284y8F_g","_expires_":1745414512,"_path_":"/","_domain_":"belis.online","_version_":2}]});

                            Chrome Cache Entry: 85

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (2283)
                            Category:downloaded
                            Size (bytes):145085
                            Entropy (8bit):5.544496863388465
                            Encrypted:false
                            SSDEEP:
                            MD5:DB8C53E7E618B3343FB5AA501D7A7753
                            SHA1:6455B92800A52095EBAF9A71F58DE766271B7859
                            SHA-256:49BEA805DCF586741AB7205A35CDD5FEDCDB0AB7707D899102B0CA87193798BC
                            SHA-512:47AC3A7D288769BC64C927F44DA19B3258594310FF79D557E4489CAE66E9AFD218A0D9F973A4638A8ADB3E889EF379008A25C2A2B8051FF86AFB374B105F3D91
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.google.com/adsense/domains/caf.js
                            Preview:if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"www.google.com",hash:"17003337333203353888",packages:"domains",module:"ads",version:"1",m:{cei:"17301383,17301431,17301433,17301436,17301447",ah:true,uatm:500,ecfc2:true,llrm:1000,lldl:"bS5zZWFycy5jb20=",abf:{"_disableAdRequestForNewConsentStrategy":true,"_enableNewConsentStrategy":true,"_fixCtcLinksOnIos":true,"_googEnableQup":true,"_switchGwsRequestToUseAdsenseDomain":true,"_useServerProvidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYXRlLmdvb2csdWsuY29tLHVzLmNvbSx3ZWIuYXBw",cdl:false,cdh:""}};var m;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?

                            Chrome Cache Entry: 87

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (1222), with no line terminators
                            Category:downloaded
                            Size (bytes):1222
                            Entropy (8bit):5.816702834732249
                            Encrypted:false
                            SSDEEP:
                            MD5:13F205D907EAAD06744379FF66C6ECDB
                            SHA1:096C28C619C99714192E2161A60315A404BC0618
                            SHA-256:15347086A4C3F7A12D7AE800FA711B988A1C1C1572262D53B9295D1E1A089E8A
                            SHA-512:C973122796A254D9F83CCFEA4250EF05E92BE20C1E7212169A43B2937C5E8FF506907F4D687F08B38F8BF8B71E3EDDE131B998767DCFF52E19DE57FF7317E227
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.google.com/recaptcha/api.js
                            Preview:/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']||[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;var m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='Az520Inasey3TAyqLyojQa8MnmCALSEU29yQFW8dePZ7xQTvSt73pHazLFTK5f7SyLUJSo2uKLesEtEa9aUYcgMAAACPeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=';d.head.prepend(m);po.src='https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js';po.crossOrigin='anonymous';po.integrity='sha384-wEVSdqKc5hf9vkWC9kAmVRAEa11o8QNGecO6p5G2

                            Chrome Cache Entry: 88

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (56398), with no line terminators
                            Category:downloaded
                            Size (bytes):56398
                            Entropy (8bit):5.907604034780877
                            Encrypted:false
                            SSDEEP:
                            MD5:EB4BC511F79F7A1573B45F5775B3A99B
                            SHA1:D910FB51AD7316AA54F055079374574698E74B35
                            SHA-256:7859A62E04B0ACB06516EB12454DE6673883ECFAEAED6C254659BCA7CD59C050
                            SHA-512:EC9BDF1C91B6262B183FD23F640EAC22016D1F42DB631380676ED34B962E01BADDA91F9CBDFA189B42FE3182A992F1B95A7353AF41E41B2D6E1DAB17E87637A0
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/styles__ltr.css
                            Preview:.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.recaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom}.recaptcha-checkbox-border{-webkit-border-radius:2px;-moz-border-radius:2px;border-radius:2px;background-color:#fff;border:2px solid #c1c1c1;font-size:1px;height:24px;position:absolute;width:24px;z-index:1}.recaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAABUAAADSAC4K4y8AAA4oElEQVR42u2dCZRV1ZX3q5iE4IQIiKQQCKBt0JLEIUZwCCk7pBNFiRMajZrIl9aOLZ8sY4CWdkDbT2McooaAEmNixFhpaYE2dCiLScWiQHCgoGQoGQuhGArKKl7V+c5/n33fO/V4w733nVuheXuv9V/rrnvP2Xud3zvTPee+ewsKxMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExP4OdtlT6ztAbRWvvLy8A3QkwxzH6tBGMMexI

                            Chrome Cache Entry: 89

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
                            Category:downloaded
                            Size (bytes):15344
                            Entropy (8bit):7.984625225844861
                            Encrypted:false
                            SSDEEP:
                            MD5:5D4AEB4E5F5EF754E307D7FFAEF688BD
                            SHA1:06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
                            SHA-256:3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
                            SHA-512:7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
                            Malicious:false
                            Reputation:unknown
                            URL:https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
                            Preview:wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h|.l....A....b6........(......@e.]...*:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#*e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.*UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...*$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf*.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed.*.'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

                            Chrome Cache Entry: 91

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with no line terminators
                            Category:downloaded
                            Size (bytes):32
                            Entropy (8bit):4.476409765557392
                            Encrypted:false
                            SSDEEP:
                            MD5:A3144EE887752BC84252FAACD4DFFD83
                            SHA1:172430F70BAEDA54BB9F533293E0E80A2DA5835D
                            SHA-256:8B87CFF79D0F8142D02D4A5991C83A5D59A7733BCB0EBEDD0DE57E559C6EAEFB
                            SHA-512:E366210709098991B8B21140DF48E50CD650E115A30A8A5EEC016B98B077C6DA3FEE972BA219409AD72E85BF575A033E1E9AAC7931B727E4BA15644AAC5349D3
                            Malicious:false
                            Reputation:unknown
                            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmW35pG5sRm2RIFDVNaR8USEAk8dqZYMe7mkRIFDVNaR8U=?alt=proto
                            Preview:CgkKBw1TWkfFGgAKCQoHDVNaR8UaAA==

                            Chrome Cache Entry: 92

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Unicode text, UTF-8 text, with very long lines (33125)
                            Category:downloaded
                            Size (bytes):33128
                            Entropy (8bit):5.364700609640398
                            Encrypted:false
                            SSDEEP:
                            MD5:B971725E328E1D07F35024AF21596386
                            SHA1:7A9881A6A5FD4E7990FA0E2AA8A01167081B001F
                            SHA-256:8BE83D07B210AFAAEBECEC818613A8B38847EC4B423993D038CE7BD6CFED6A73
                            SHA-512:FCE2202C398A520902584C5D5F5710078A7D2B631101613DB70A61799792D6025FAA982A7E4529B8C69047E0862377D9DE8655D6AE2BB295EF2B9B47B24BC7CA
                            Malicious:false
                            Reputation:unknown
                            URL:http://ww25.belis.online/bKzqzpOlR.js
                            Preview:!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).version={})}(this,(function(exports){"use strict";function __awaiter(e,t,n,i){return new(n||(n=Promise))((function(s,a){function o(e){try{d(i.next(e))}catch(e){a(e)}}function r(e){try{d(i.throw(e))}catch(e){a(e)}}function d(e){var t;e.done?s(e.value):(t=e.value,t instanceof n?t:new n((function(e){e(t)}))).then(o,r)}d((i=i.apply(e,t||[])).next())}))}var Blocking;"function"==typeof SuppressedError&&SuppressedError,function(e){e.PENDING="pending",e.NONE="none",e.BLOCKED="blocked",e.ALLOWED="allowed"}(Blocking||(Blocking={}));class Adblock{constructor(e){this.state=Blocking.PENDING,this._mocked=!1,e?(this.state=e,this._mocked=!0):this.state=Blocking.ALLOWED}inject(){return __awaiter(this,void 0,void 0,(function*(){}))}get isBlocked(){return this.state===Blocking.BLOCKED}get isAllowed(){return this.

                            Chrome Cache Entry: 93

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with no line terminators
                            Category:downloaded
                            Size (bytes):102
                            Entropy (8bit):4.831212416381637
                            Encrypted:false
                            SSDEEP:
                            MD5:9F9C09E710BF4B791F895D28BCA13B4E
                            SHA1:E83642A8B6872CEBBACD4A3902A7C55D7E6B89BB
                            SHA-256:BFE921737A9444EA43003FCEE8F7BA1F9BFA429502ED435976605A5A87FA6A18
                            SHA-512:968CE1F65ED431F79030A0C566326A0D0B973C04E6FB56726B4B9ED9BEBCC5255D4DF232D456D836165C15F92C7685C3986FBF7786D7E2FD0B3F099C10ABF387
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf
                            Preview:importScripts('https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js');

                            Chrome Cache Entry: 94

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (17572)
                            Category:downloaded
                            Size (bytes):18165
                            Entropy (8bit):5.653435632518094
                            Encrypted:false
                            SSDEEP:
                            MD5:0C4D3AB97EFA1A507DD8F13E313ABF93
                            SHA1:69A2C481F8C5DB9FE2B3AD071EDC08018AD91E73
                            SHA-256:38CCDB27CEE0901E4C014932EA698307899F9641336B8AD01D424D083E214BFE
                            SHA-512:45145813E2BDD627B86C537A9CDBBFE29AC712D6AC3D56C17F2CE05F3C5AD8A1B48342812D713625505E7DA62F88238BEE6DFDBA76FD0F8ACE923CF400A0358C
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.google.com/js/bg/OMzbJ87gkB5MAUky6mmDB4mflkEza4rQHUJNCD4hS_4.js
                            Preview:/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */ (function(){var m=this||self,q=function(B){return B},N=function(B,u){if(B=(u=m.trustedTypes,null),!u||!u.createPolicy)return B;try{B=u.createPolicy("bg",{createHTML:q,createScript:q,createScriptURL:q})}catch(D){m.console&&m.console.error(D.message)}return B};(0,eval)(function(B,u){return(u=N())&&1===B.eval(u.createScript("1"))?function(D){return u.createScript(D)}:function(D){return""+D}}(m)(Array(7824*Math.random()|0).join("\n")+['(function(){/*',.'',.' SPDX-License-Identifier: Apache-2.0',.'*/',.'var e=function(B,u){for(u=[];B--;)u.push(255*Math.random()|0);return u},Bu=function(B,u,q,D){for(q=(D=O(u),0);0<B;B--)q=q<<8|A(u);L(D,u,q)},us=function(B,u){104<B.h.length?U([y,36],B,0):(B.h.push(B.A.slice()),B.A[227]=void 0,L(227,B,u))},DM=function(B,u,q,D,T){for(T=(B=(D=B[3]|0,B[2]|0),0);14>T;T++)q=q>>>8|q<<24,q+=u|0,D=D>>>8|D<<24,u=u<<3|u>>>29,D+=B|0,D^=T+1635,q^=B+1635,u^=q,B=B<<3|B>>>29,B^=D;return

                            Chrome Cache Entry: 95

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with no line terminators
                            Category:downloaded
                            Size (bytes):16
                            Entropy (8bit):3.75
                            Encrypted:false
                            SSDEEP:
                            MD5:AFB69DF47958EB78B4E941270772BD6A
                            SHA1:D9FE9A625E906FF25C1F165E7872B1D9C731E78E
                            SHA-256:874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
                            SHA-512:FD92B98859FFCCFD12AD57830887259F03C7396DA6569C0629B64604CD964E0DF15D695F1A770D2E7F8DF238140F0E6DA7E7D176B54E31C3BB75DDE9B9127C45
                            Malicious:false
                            Reputation:unknown
                            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAk8dqZYMe7mkRIFDVNaR8U=?alt=proto
                            Preview:CgkKBw1TWkfFGgA=

                            Chrome Cache Entry: 97

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (2763)
                            Category:downloaded
                            Size (bytes):2768
                            Entropy (8bit):5.841148814129527
                            Encrypted:false
                            SSDEEP:
                            MD5:3F3CC49E4F98066A6EBCA8756E6F55A5
                            SHA1:D825929C4A9AAF38AD329C07E9A62F13E8BE3609
                            SHA-256:092896A7698B1481D83A0C8091EA3D3BC2A73A85BFA24CFB5869118EE3D58FC7
                            SHA-512:1F62176201EBEBC754D2B5EC97BF0567A3E72D880FD3304DD2E3EB2F1AA2719F71F32195EF626CA5A421EA9CABC6B00E663849821EED1EB26C2A39942B81A6B9
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                            Preview:)]}'.["",["country singer linda martell","olamide zaccheaus commanders","when is the bitcoin halving 2024","diablo iv ptr patch notes","solar eclipse glasses","nyt strands hints","arik armstead 49ers","amc stocks"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8wdzY5czdzEixBcmlrIEFybXN0ZWFkIOKAlCBGb290YmFsbCBkZWZlbnNpdmUgbGluZW1hbjKnCmRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBQzhBUUFNQklnQUNFUUVERVFIL3hBQWFBQUFEQUFNQkFBQUFBQUFBQUFBQUFBQUFCUWNFQmdnQy84UUFLaEFBQWdFRUFBWUNBZ0lEQVFBQUFBQUFBUUlEQUFRRkVRW

                            Static File Info

                            No static file info