Edit tour

Windows Analysis Report
https://delightful-glacier-0a63b1710.5.azurestaticapps.net/?bezp=5565454&clickid=97a06722cf29085a7ee6b1e853b28f1e&phone=+1-866-993-6426

Overview

General Information

Sample URL:	https://delightful-glacier-0a63b1710.5.azurestaticapps.net/?bezp=5565454&clickid=97a06722cf29085a7ee6b1e853b28f1e&phone=+1-866-993-6426
Analysis ID:	1427692
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5956 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2224,i,8484140261916216697,7846924340831957304,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6516 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://delightful-glacier-0a63b1710.5.azurestaticapps.net/?bezp=5565454&clickid=97a06722cf29085a7ee6b1e853b28f1e&phone=+1-866-993-6426" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://delightful-glacier-0a63b1710.5.azurestaticapps.net/?bezp=5565454&clickid=97a06722cf29085a7ee6b1e853b28f1e&phone=+1-866-993-6426

SlashNext: detection malicious, Label: Scareware type: Phishing & Social Engineering

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49755 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.50.19
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.50.19
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.245.97
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.245.97
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?bezp=5565454&clickid=97a06722cf29085a7ee6b1e853b28f1e&phone=+1-866-993-6426 HTTP/1.1Host: delightful-glacier-0a63b1710.5.azurestaticapps.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: delightful-glacier-0a63b1710.5.azurestaticapps.net

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/htmlDate: Wed, 17 Apr 2024 22:38:03 GMTTransfer-Encoding: chunked

Source: chromecache_54.2.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/bootstrap/5.2.3/bootstrap.min.js
Source: chromecache_54.2.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/bootstrap/5.2.3/css/bootstrap.min.css
Source: chromecache_54.2.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jquery/jquery-3.7.1.min.js
Source: chromecache_54.2.dr	String found in binary or memory: https://appservice.azureedge.net/css/static-apps/v3/main.css
Source: chromecache_54.2.dr	String found in binary or memory: https://appservice.azureedge.net/images/static-apps/v3/favicon.svg
Source: chromecache_54.2.dr	String found in binary or memory: https://appservice.azureedge.net/images/static-apps/v3/microsoft_azure_logo.svg
Source: chromecache_54.2.dr	String found in binary or memory: https://appservice.azureedge.net/images/static-apps/v3/staticapps.svg
Source: chromecache_54.2.dr	String found in binary or memory: https://appservice.azureedge.net/scripts/static-apps/v3/loc.min.js
Source: chromecache_52.2.dr, chromecache_46.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_52.2.dr, chromecache_46.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_46.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49755 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@16/21@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2224,i,8484140261916216697,7846924340831957304,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://delightful-glacier-0a63b1710.5.azurestaticapps.net/?bezp=5565454&clickid=97a06722cf29085a7ee6b1e853b28f1e&phone=+1-866-993-6426"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2224,i,8484140261916216697,7846924340831957304,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://delightful-glacier-0a63b1710.5.azurestaticapps.net/?bezp=5565454&clickid=97a06722cf29085a7ee6b1e853b28f1e&phone=+1-866-993-6426	100%	SlashNext	Scareware type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
waws-prod-bn1-4358465d.sip.p.azurewebsites.windows.net	20.22.16.164	true	false	high
www.google.com	74.125.138.99	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
delightful-glacier-0a63b1710.5.azurestaticapps.net	unknown	unknown	false	unknown
ajax.aspnetcdn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://delightful-glacier-0a63b1710.5.azurestaticapps.net/?bezp=5565454&clickid=97a06722cf29085a7ee6b1e853b28f1e&phone=+1-866-993-6426	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://ajax.aspnetcdn.com/ajax/bootstrap/5.2.3/bootstrap.min.js	chromecache_54.2.dr	false	high
https://ajax.aspnetcdn.com/ajax/bootstrap/5.2.3/css/bootstrap.min.css	chromecache_54.2.dr	false	high
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_46.2.dr	false	high
https://getbootstrap.com/)	chromecache_52.2.dr, chromecache_46.2.dr	false	high
https://ajax.aspnetcdn.com/ajax/jquery/jquery-3.7.1.min.js	chromecache_54.2.dr	false	high
https://github.com/twbs/bootstrap/blob/main/LICENSE)	chromecache_52.2.dr, chromecache_46.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.125.138.99	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
20.22.16.164	waws-prod-bn1-4358465d.sip.p.azurewebsites.windows.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1427692
Start date and time:	2024-04-18 00:37:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://delightful-glacier-0a63b1710.5.azurestaticapps.net/?bezp=5565454&clickid=97a06722cf29085a7ee6b1e853b28f1e&phone=+1-866-993-6426
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@16/21@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.136.94, 64.233.185.84, 172.217.215.138, 172.217.215.113, 172.217.215.102, 172.217.215.139, 172.217.215.101, 172.217.215.100, 34.104.35.123, 152.199.4.33, 72.21.81.200, 40.127.169.103, 72.21.81.240, 20.166.126.56, 192.229.211.108, 13.85.23.206, 173.194.219.94
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, mscomajax.vo.msecnd.net, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, azurestaticapps5.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, cs22.wpc.v0cdn.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, appservice.azureedge.net, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, appservice.ec.azureedge.net, clients.l.google.com, cs9.wpc.v0cdn.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://delightful-glacier-0a63b1710.5.azurestaticapps.net/?bezp=5565454&clickid=97a06722cf29085a7ee6b1e853b28f1e&phone=+1-866-993-6426

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	4842
Entropy (8bit):	4.526345891855864
Encrypted:	false
SSDEEP:	96:U7VrtvDN/KniSBgKcqWCq8n/Uuhm4owKkYVtSqxHBqeI:arJN/wFgVqtVeZwTqhI
MD5:	B1EE4C89DD83CECE9412A3C847C2F815
SHA1:	02DB4BC607FF302C1274CBA13CF31F8098681ACA
SHA-256:	B4B809961668BD61715C146DFCF59B3D9EA9A1C6CC8091C29FA547302CDDF3C1
SHA-512:	90D8ACBAB274906D3D25A78FFD30FF76B7A0FBA368FB76F68300305349FE0525837C28E7B3D01FC080D4BCC3A040BAD9F94BEC879E48E7D9F2A9A172832DEB3B
Malicious:	false
Reputation:	low
URL:	https://appservice.azureedge.net/images/static-apps/v3/microsoft_azure_logo.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="55 0 651.97 215.43"><defs><style>.cls-1{fill:#737373;}.cls-2{fill:#f25022;}.cls-3{fill:#7fba00;}.cls-4{fill:#00a4ef;}.cls-5{fill:#ffb900;}</style></defs><title>horiz_c-gray_rgb</title><g id="Azure_h" data-name="Azure h"><path class="cls-1" d="M447.7,86.39,464,129.59h-8.26l-3.82-10.72h-17l-3.67,10.72H423l16.27-43.2Zm-4.46,8-6.39,18.2h13l-6.36-18.2Z"/><path class="cls-1" d="M467.62,98.62h24.73v2.93l-16.23,22.26h16.32v5.78h-26v-3.46l16-21.72H467.62Z"/><path class="cls-1" d="M523.47,98.62v31h-7.35v-4.06H516a10.05,10.05,0,0,1-3.87,3.3,12.24,12.24,0,0,1-5.44,1.19c-3.6,0-6.33-1-8.21-3.06s-2.82-5.21-2.82-9.51V98.62H503v18a9.45,9.45,0,0,0,1.55,5.89,5.62,5.62,0,0,0,4.69,2,6.23,6.23,0,0,0,5-2.18,8.52,8.52,0,0,0,1.87-5.71V98.62Z"/><path class="cls-1" d="M545.42,98.11a9.28,9.28,0,0,1,1.57.12,6.59,6.59,0,0,1,1.17.3v7.38a6.37,6.37,0,0,0-1.67-.79,8,8,0,0,0-2.67-.38,5.66,5.66,0,0,0-4.53,2.26c-1.24,1.5-1.85,3.82-1.85,7v15.63h-7.29v-31h7.29v4.88h.12a8.55,8

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	87533
Entropy (8bit):	5.262536918435756
Encrypted:	false
SSDEEP:	1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr
MD5:	2C872DBE60F4BA70FB85356113D8B35E
SHA1:	EE48592D1FFF952FCF06CE0B666ED4785493AFDC
SHA-256:	FC9A93DD241F6B045CBFF0481CF4E1901BECD0E12FB45166A8F17F95823F0B1A
SHA-512:	BF6089ED4698CB8270A8B0C8AD9508FF886A7A842278E98064D5C1790CA3A36D5D69D9F047EF196882554FC104DA2C88EB5395F1EE8CF0F3F6FF8869408350FE
Malicious:	false
Reputation:	low
URL:	https://ajax.aspnetcdn.com/ajax/jquery/jquery-3.7.1.min.js
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (60125)
Category:	downloaded
Size (bytes):	60404
Entropy (8bit):	5.131593990679167
Encrypted:	false
SSDEEP:	768:pZYN+vOLQ11ObgUDZa8fW+l3sLaSLPe6CMhYVRK0H/9V2Vz/kq8GPnlcGpPX21b0:pKQjXht8xmeY8ssH2nvt
MD5:	B0794583EC020A7852F0FC04D5CEFC52
SHA1:	847DFF899B5BCF8EE434E389E2A910BA1DBAD76F
SHA-256:	9BCD4D0F29DC6556EBEEFF44EAA0965F0C7F7308EE58394708CCE2F698CCA1B0
SHA-512:	D7F46F6537020C452363F0B2A62333FA2AAAB5AA107C021398D489635ECCCA9E0CB3999DC4F4B9515EE239F759A3170687315B3A6EAC9ED4CA269A63BEE860E2
Malicious:	false
Reputation:	low
URL:	https://ajax.aspnetcdn.com/ajax/bootstrap/5.2.3/bootstrap.min.js
Preview:	/!. Bootstrap v5.2.3 (https://getbootstrap.com/). * Copyright 2011-2022 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e(require("@popperjs/core")):"function"==typeof define&&define.amd?define(["@popperjs/core"],e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).bootstrap=e(t.Popper)}(this,(function(t){"use strict";function e(t){if(t&&t.__esModule)return t;const e=Object.create(null,{[Symbol.toStringTag]:{value:"Module"}});if(t)for(const i in t)if("default"!==i){const s=Object.getOwnPropertyDescriptor(t,i);Object.defineProperty(e,i,s.get?s:{enumerable:!0,get:()=>t[i]})}return e.default=t,Object.freeze(e)}const i=e(t),s="transitionend",n=t=>{let e=t.getAttribute("data-bs-target");if(!e\|\|"#"===e){let i=t.getAttribute("href");if(!i\|\|!i.includes("#")&&!i.startsWith("."))return null;i.in

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	8104
Entropy (8bit):	4.675970903143818
Encrypted:	false
SSDEEP:	96:QZ3dSugxOrThfA4oYVmHWEUeBRUTRwD+cbfxjdIOfMDu1vFQ4wD5yTxK83AKOyA:TOPMGmHWEUe91guBOLEKMAF
MD5:	1A813EE7E1120C4D7B3E8EBD29AAF72F
SHA1:	5B3F94C56FD08BD6F582B2295D1996D484A66DD5
SHA-256:	AF633C8781D0E41FB1787E2709FF7926A0519C80A80BDD057021E00E1B48DDA2
SHA-512:	A552C43B2220DF6F2D1F1F3436AEA25BFEB7ADF89B5660D6CE752037933A2DF775CA1D4F8B3459DF77D480185579B1B6B672D178E06CFC73305F6E32BE2B23E7
Malicious:	false
Reputation:	low
Preview:	<svg id="a5fdd9e9-6050-4adc-bf91-829173d8c1c1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="336" height="240" viewBox="0 0 336 240">. <defs>. <linearGradient id="f76af362-bf6a-4a68-ab90-12622c3e65ae" x1="171.52" y1="25.712" x2="171.52" y2="221.319" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#69e2ff"/>. <stop offset="1" stop-color="#fff" stop-opacity="0"/>. </linearGradient>. <linearGradient id="bdc7abe3-e52c-457f-a3ce-c8e521b8a46b" x1="124.13" y1="191.976" x2="172.434" y2="191.976" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#69e2ff"/>. <stop offset="1" stop-color="#fff" stop-opacity="0"/>. </linearGradient>. </defs>. <rect width="336" height="240" fill="#fff"/>. <path d="M244.34,109.633l-.3,111.686L98.7,137.4,99,25.712Z" fill="#0078d4"/>. <path d="M244.34,109.633l-.3,111.686L98.7,137.4,99,25.712Z" fill="url(#f76af362-bf6a-4a68-ab90-12622c3e65ae)"/>. <path d="M244.34,109.6

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1946
Entropy (8bit):	5.0658464668720535
Encrypted:	false
SSDEEP:	48:zfnHxeob2c5Gr2W4PFzhkT104OOrbdT1dCkRM1iiHDgG3ax3u:D0Vx8dk04XgWM1iO
MD5:	909D8AC61BECBB0F646873BA6DED610E
SHA1:	30FA898D5052820BE3747E96641B9AE6B409BE75
SHA-256:	30EFD61236D5F5FE2B02866F3B822CE9224D2315814FAC05DA9B7BFC76CA2E3F
SHA-512:	1D4A57981F330B2FC3AC5001C7D432553ED668D34E5A45709608F9F9910CE99B4BF90FBBB267CB82EE3EDCEBA6CCB4F313321358AFF84D4641E66C51CEE0991E
Malicious:	false
Reputation:	low
URL:	https://appservice.azureedge.net/images/static-apps/v3/favicon.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 18 18">. <defs>. <linearGradient id="b81467a7-8040-434c-8e85-3b06adb1a444" x1="9" y1="16.236" x2="9" y2="5.599" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#32bedd"/>. <stop offset="0.775" stop-color="#32d4f5"/>. </linearGradient>. </defs>. <g id="aac29ec1-77a4-4cee-ab20-0e567be7a5e2">. <path d="M0,5.6H18a0,0,0,0,1,0,0V15.635a.6.6,0,0,1-.6.6H.6a.6.6,0,0,1-.6-.6V5.6A0,0,0,0,1,0,5.6Z" fill="url(#b81467a7-8040-434c-8e85-3b06adb1a444)"/>. <rect x="1.309" y="6.657" width="15.527" height="8.514" rx="0.6" fill="#9cebff"/>. <path d="M.6,1.764H17.4a.6.6,0,0,1,.6.6V5.6a0,0,0,0,1,0,0H0a0,0,0,0,1,0,0V2.365A.6.6,0,0,1,.6,1.764Z" fill="#198ab3"/>. <path d="M5.551,10.193H6a0,0,0,0,1,0,0v3.583a.145.145,0,0,1-.145.145H5.406a.145.145,0,0,1-.145-.145V10.483a.29.29,0,0,1,.29-.29Z" transform="translate(-6.87 7.497) rotate(-44.919)" fill="#fff" opacity="0.8"/>. <path d="M5.28,8.037

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	23
Entropy (8bit):	3.882045108136863
Encrypted:	false
SSDEEP:	3:TMQvHEeovbn:ACHYvb
MD5:	FBBC82923FF6881236B01520BAA9F0EF
SHA1:	20DE932A247D76E8865BCC2411E38DB4D9807C4A
SHA-256:	BD6300F28F9701DDC7283D2E6629020FC7969E5064E4258A894FDD2EF6DA666F
SHA-512:	35F90567DDF751094FF1150B754D5B9B598252E77DEFFF5AA0ADA426209D9F75ECFF39C8E7D2CC933A1E2C9892B0CEEBB0A0E6278EE07BA1C5BBCDB3B6A2F13D
Malicious:	false
Reputation:	low
URL:	https://appservice.azureedge.net/scripts/static-apps/v3/loc.min.js
Preview:	function loc(p) {.. }..

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	8104
Entropy (8bit):	4.675970903143818
Encrypted:	false
SSDEEP:	96:QZ3dSugxOrThfA4oYVmHWEUeBRUTRwD+cbfxjdIOfMDu1vFQ4wD5yTxK83AKOyA:TOPMGmHWEUe91guBOLEKMAF
MD5:	1A813EE7E1120C4D7B3E8EBD29AAF72F
SHA1:	5B3F94C56FD08BD6F582B2295D1996D484A66DD5
SHA-256:	AF633C8781D0E41FB1787E2709FF7926A0519C80A80BDD057021E00E1B48DDA2
SHA-512:	A552C43B2220DF6F2D1F1F3436AEA25BFEB7ADF89B5660D6CE752037933A2DF775CA1D4F8B3459DF77D480185579B1B6B672D178E06CFC73305F6E32BE2B23E7
Malicious:	false
Reputation:	low
URL:	https://appservice.azureedge.net/images/static-apps/v3/staticapps.svg
Preview:	<svg id="a5fdd9e9-6050-4adc-bf91-829173d8c1c1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="336" height="240" viewBox="0 0 336 240">. <defs>. <linearGradient id="f76af362-bf6a-4a68-ab90-12622c3e65ae" x1="171.52" y1="25.712" x2="171.52" y2="221.319" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#69e2ff"/>. <stop offset="1" stop-color="#fff" stop-opacity="0"/>. </linearGradient>. <linearGradient id="bdc7abe3-e52c-457f-a3ce-c8e521b8a46b" x1="124.13" y1="191.976" x2="172.434" y2="191.976" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#69e2ff"/>. <stop offset="1" stop-color="#fff" stop-opacity="0"/>. </linearGradient>. </defs>. <rect width="336" height="240" fill="#fff"/>. <path d="M244.34,109.633l-.3,111.686L98.7,137.4,99,25.712Z" fill="#0078d4"/>. <path d="M244.34,109.633l-.3,111.686L98.7,137.4,99,25.712Z" fill="url(#f76af362-bf6a-4a68-ab90-12622c3e65ae)"/>. <path d="M244.34,109.6

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1134
Entropy (8bit):	4.723354379446081
Encrypted:	false
SSDEEP:	24:Lll1tEPxz4Omvzxdc2iv9rJKsS1P7sPea7sP/9u:z/Kdb
MD5:	8DC1B0215D4842AAE9BB811E9B655919
SHA1:	852DDB564BDFDF837E32D672B073734E15593283
SHA-256:	666DD97A683171808B9AAAF4A1EF11C97865DF5046172FED704F70C78E940830
SHA-512:	D4A2B6F8E806959ADD66E1AE489982297F4E8C1C7EE25A27CF137023F0B7A957BBBC5453E53621AF661490A1DC5D5C1977A6D86FB9D04BC9DD6606CA9F6C1EF0
Malicious:	false
Reputation:	low
URL:	https://appservice.azureedge.net/css/static-apps/v3/main.css
Preview:	html, body {.. height: 100%;.. color:#000000;.. background-color: #ffffff;..}...full-height {.. height: 100%;..}...content-area {.. background: green;.. color: white;..}...sub-text{.. font-family: Segoe UI;.. font-style: normal;.. font-weight: normal;.. font-size: 16px;.. line-height: 24px;..}...article-tree {.. background: blue;.. color: white;..}...container-height {.. margin: 0 auto;.. min-height: 88%;.. height: auto;..}...div-vertical-center{.. display: flex;.. justify-content: center;.. align-items: center;.. margin: 0 auto;..}..* {.. border-radius: 0 !important;..}...info-mg-top {.. margin-top:20px;..}...btn-mg-top {.. margin-top:20px;..}..@media (max-width:767px) {.. .info-mg-top {.. margin-top: 15px !important .. }.. .btn-mg-top {.. margin-top: 15px !important .. }..}..@media (min-width:768px) {.. .info-mg-top {.. margin-top: 15px !important .. }.. .btn-mg-top {.. marg

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65305)
Category:	downloaded
Size (bytes):	194901
Entropy (8bit):	5.014294143940012
Encrypted:	false
SSDEEP:	1536:ZtGg9JfWgeQK5wlP72qgOfI3N9LsqkVkpz600I4lp:ZtGg9JfWD9kVkpz600I4lp
MD5:	3F30C2C47D7D23C7A994DB0C862D45A5
SHA1:	7791DD1F3173A0D62CC39C21D2AD71FC8DAD0E72
SHA-256:	C0BCF7898FDC3B87BABCA678CD19A8E3EF570E931C80A3AFBFFCC453738C951A
SHA-512:	49B891FDEBACA612A8315557CAC4CA1BFED5B1E5A28BE63715D1EBB741292A0A53A1979E9A1A8779978B58B849BADCFFDAEB76570D6E4048F631B445F9354150
Malicious:	false
Reputation:	low
URL:	https://ajax.aspnetcdn.com/ajax/bootstrap/5.2.3/css/bootstrap.min.css
Preview:	@charset "UTF-8";/!. Bootstrap v5.2.3 (https://getbootstrap.com/). * Copyright 2011-2022 The Bootstrap Authors. * Copyright 2011-2022 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */:root{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-black:#000;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-gray-100:#f8f9fa;--bs-gray-200:#e9ecef;--bs-gray-300:#dee2e6;--bs-gray-400:#ced4da;--bs-gray-500:#adb5bd;--bs-gray-600:#6c757d;--bs-gray-700:#495057;--bs-gray-800:#343a40;--bs-gray-900:#212529;--bs-primary:#0d6efd;--bs-secondary:#6c757d;--bs-success:#198754;--bs-info:#0dcaf0;--bs-warning:#ffc107;--bs-danger:#dc3545;--bs-light:#f8f9fa;--bs-dark:#212529;--bs-primary-rgb:13,110,253;--bs-secondary-rgb:108,117,125;--bs-success-rgb:25,135,84;--bs-info-rgb:13,202,240;--bs-warning-rgb:255,193,7;--bs-

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	4842
Entropy (8bit):	4.526345891855864
Encrypted:	false
SSDEEP:	96:U7VrtvDN/KniSBgKcqWCq8n/Uuhm4owKkYVtSqxHBqeI:arJN/wFgVqtVeZwTqhI
MD5:	B1EE4C89DD83CECE9412A3C847C2F815
SHA1:	02DB4BC607FF302C1274CBA13CF31F8098681ACA
SHA-256:	B4B809961668BD61715C146DFCF59B3D9EA9A1C6CC8091C29FA547302CDDF3C1
SHA-512:	90D8ACBAB274906D3D25A78FFD30FF76B7A0FBA368FB76F68300305349FE0525837C28E7B3D01FC080D4BCC3A040BAD9F94BEC879E48E7D9F2A9A172832DEB3B
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="55 0 651.97 215.43"><defs><style>.cls-1{fill:#737373;}.cls-2{fill:#f25022;}.cls-3{fill:#7fba00;}.cls-4{fill:#00a4ef;}.cls-5{fill:#ffb900;}</style></defs><title>horiz_c-gray_rgb</title><g id="Azure_h" data-name="Azure h"><path class="cls-1" d="M447.7,86.39,464,129.59h-8.26l-3.82-10.72h-17l-3.67,10.72H423l16.27-43.2Zm-4.46,8-6.39,18.2h13l-6.36-18.2Z"/><path class="cls-1" d="M467.62,98.62h24.73v2.93l-16.23,22.26h16.32v5.78h-26v-3.46l16-21.72H467.62Z"/><path class="cls-1" d="M523.47,98.62v31h-7.35v-4.06H516a10.05,10.05,0,0,1-3.87,3.3,12.24,12.24,0,0,1-5.44,1.19c-3.6,0-6.33-1-8.21-3.06s-2.82-5.21-2.82-9.51V98.62H503v18a9.45,9.45,0,0,0,1.55,5.89,5.62,5.62,0,0,0,4.69,2,6.23,6.23,0,0,0,5-2.18,8.52,8.52,0,0,0,1.87-5.71V98.62Z"/><path class="cls-1" d="M545.42,98.11a9.28,9.28,0,0,1,1.57.12,6.59,6.59,0,0,1,1.17.3v7.38a6.37,6.37,0,0,0-1.67-.79,8,8,0,0,0-2.67-.38,5.66,5.66,0,0,0-4.53,2.26c-1.24,1.5-1.85,3.82-1.85,7v15.63h-7.29v-31h7.29v4.88h.12a8.55,8

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2400
Entropy (8bit):	5.141710386004859
Encrypted:	false
SSDEEP:	48:tTrzFLwNGCUzucfFipzv+6rI0E5Ucrpvjdf:JrZy4gJm6rI07at
MD5:	8B6E5A69AAFD321F4CFF4ED84BB3BDE1
SHA1:	B6E7634A826B088DC49DBD8F61B0121327846271
SHA-256:	0A76274E99E285C9D7E18D094E71EA6FCA1B0274E30C28492A24218E53C61CB3
SHA-512:	ABEAE136E3B7C52BD00937E6257B15D0FB163A1BE77BBBA0818FDC1BF32B96C0F3F49DCFD7D8A726211B7B49C3E660CC30FC2A12A4144CA4BC83E08D57203DEE
Malicious:	false
Reputation:	low
URL:	https://delightful-glacier-0a63b1710.5.azurestaticapps.net/?bezp=5565454&clickid=97a06722cf29085a7ee6b1e853b28f1e&phone=+1-866-993-6426
Preview:	<!DOCTYPE html>..<html lang=en>..<head>..<meta charset=utf-8 />..<meta name=viewport content="width=device-width, initial-scale=1.0" />..<meta http-equiv=X-UA-Compatible content="IE=edge" />..<title>Azure Static Web Apps - 404: Not found</title>..<link rel="shortcut icon" href=https://appservice.azureedge.net/images/static-apps/v3/favicon.svg type=image/x-icon />..<link rel=stylesheet href=https://ajax.aspnetcdn.com/ajax/bootstrap/5.2.3/css/bootstrap.min.css crossorigin=anonymous />..<link rel=stylesheet type=text/css href="https://appservice.azureedge.net/css/static-apps/v3/main.css"/>..<script src=https://appservice.azureedge.net/scripts/static-apps/v3/loc.min.js crossorigin=anonymous></script>..<script type=text/javascript>window.onload=function(){try{loc("404notFound")}catch(a){}};</script>..</head>..<body>..<nav class="navbar navbar-light ps-5 ms-5">..<div class=navbar-brand>..<div class="container pl-4 ml-5">..<img src=https://appservice.azureedge.net/images/static-apps/v3/micros

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1946
Entropy (8bit):	5.0658464668720535
Encrypted:	false
SSDEEP:	48:zfnHxeob2c5Gr2W4PFzhkT104OOrbdT1dCkRM1iiHDgG3ax3u:D0Vx8dk04XgWM1iO
MD5:	909D8AC61BECBB0F646873BA6DED610E
SHA1:	30FA898D5052820BE3747E96641B9AE6B409BE75
SHA-256:	30EFD61236D5F5FE2B02866F3B822CE9224D2315814FAC05DA9B7BFC76CA2E3F
SHA-512:	1D4A57981F330B2FC3AC5001C7D432553ED668D34E5A45709608F9F9910CE99B4BF90FBBB267CB82EE3EDCEBA6CCB4F313321358AFF84D4641E66C51CEE0991E
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 18 18">. <defs>. <linearGradient id="b81467a7-8040-434c-8e85-3b06adb1a444" x1="9" y1="16.236" x2="9" y2="5.599" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#32bedd"/>. <stop offset="0.775" stop-color="#32d4f5"/>. </linearGradient>. </defs>. <g id="aac29ec1-77a4-4cee-ab20-0e567be7a5e2">. <path d="M0,5.6H18a0,0,0,0,1,0,0V15.635a.6.6,0,0,1-.6.6H.6a.6.6,0,0,1-.6-.6V5.6A0,0,0,0,1,0,5.6Z" fill="url(#b81467a7-8040-434c-8e85-3b06adb1a444)"/>. <rect x="1.309" y="6.657" width="15.527" height="8.514" rx="0.6" fill="#9cebff"/>. <path d="M.6,1.764H17.4a.6.6,0,0,1,.6.6V5.6a0,0,0,0,1,0,0H0a0,0,0,0,1,0,0V2.365A.6.6,0,0,1,.6,1.764Z" fill="#198ab3"/>. <path d="M5.551,10.193H6a0,0,0,0,1,0,0v3.583a.145.145,0,0,1-.145.145H5.406a.145.145,0,0,1-.145-.145V10.483a.29.29,0,0,1,.29-.29Z" transform="translate(-6.87 7.497) rotate(-44.919)" fill="#fff" opacity="0.8"/>. <path d="M5.28,8.037

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 00:37:54.427025080 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 18, 2024 00:38:04.037117958 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 18, 2024 00:38:04.103275061 CEST	49735	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.103315115 CEST	443	49735	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.103478909 CEST	49735	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.103776932 CEST	49736	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.103852987 CEST	443	49736	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.103863001 CEST	49735	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.103884935 CEST	443	49735	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.103976011 CEST	49736	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.104223013 CEST	49736	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.104255915 CEST	443	49736	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.485275030 CEST	443	49736	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.485671997 CEST	49736	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.485707045 CEST	443	49736	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.487339973 CEST	443	49736	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.487530947 CEST	49736	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.488785028 CEST	49736	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.488851070 CEST	49736	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.488862038 CEST	443	49736	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.488882065 CEST	443	49736	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.489120007 CEST	443	49735	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.489698887 CEST	49735	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.489727020 CEST	443	49735	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.491372108 CEST	443	49735	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.491440058 CEST	49735	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.492170095 CEST	49735	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.492275953 CEST	443	49735	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.536402941 CEST	49736	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.536418915 CEST	443	49736	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.587491035 CEST	49736	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.618637085 CEST	49735	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.618664980 CEST	443	49735	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.710539103 CEST	49735	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.720351934 CEST	443	49736	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.720407963 CEST	443	49736	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.720480919 CEST	49736	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.720513105 CEST	443	49736	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.720557928 CEST	443	49736	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.722126007 CEST	49736	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:04.722145081 CEST	443	49736	20.22.16.164	192.168.2.4
Apr 18, 2024 00:38:04.722174883 CEST	49736	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:05.360970974 CEST	49744	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:38:05.361026049 CEST	443	49744	74.125.138.99	192.168.2.4
Apr 18, 2024 00:38:05.361150026 CEST	49744	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:38:05.361351013 CEST	49744	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:38:05.361375093 CEST	443	49744	74.125.138.99	192.168.2.4
Apr 18, 2024 00:38:05.581669092 CEST	443	49744	74.125.138.99	192.168.2.4
Apr 18, 2024 00:38:05.583772898 CEST	49744	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:38:05.583808899 CEST	443	49744	74.125.138.99	192.168.2.4
Apr 18, 2024 00:38:05.585484028 CEST	443	49744	74.125.138.99	192.168.2.4
Apr 18, 2024 00:38:05.585587025 CEST	49744	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:38:05.586479902 CEST	49744	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:38:05.586574078 CEST	443	49744	74.125.138.99	192.168.2.4
Apr 18, 2024 00:38:05.628621101 CEST	49744	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:38:05.628658056 CEST	443	49744	74.125.138.99	192.168.2.4
Apr 18, 2024 00:38:05.679076910 CEST	49744	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:38:07.498471975 CEST	49754	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:07.498524904 CEST	443	49754	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:07.498622894 CEST	49754	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:07.504477024 CEST	49754	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:07.504494905 CEST	443	49754	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:07.733417034 CEST	443	49754	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:07.733493090 CEST	49754	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:07.740073919 CEST	49754	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:07.740087032 CEST	443	49754	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:07.740514994 CEST	443	49754	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:07.785305977 CEST	49754	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:07.923206091 CEST	49754	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:07.964168072 CEST	443	49754	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:08.028553963 CEST	443	49754	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:08.028703928 CEST	443	49754	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:08.028778076 CEST	49754	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:08.046957970 CEST	49754	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:08.046978951 CEST	443	49754	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:08.046994925 CEST	49754	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:08.047003031 CEST	443	49754	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:08.157836914 CEST	49755	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:08.157922983 CEST	443	49755	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:08.158205032 CEST	49755	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:08.159435987 CEST	49755	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:08.159517050 CEST	443	49755	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:08.378977060 CEST	443	49755	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:08.379118919 CEST	49755	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:08.402663946 CEST	49755	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:08.402743101 CEST	443	49755	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:08.403486967 CEST	443	49755	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:08.443408966 CEST	49755	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:08.484121084 CEST	443	49755	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:08.583584070 CEST	443	49755	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:08.583708048 CEST	443	49755	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:08.583791971 CEST	49755	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:08.587286949 CEST	49755	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:08.587286949 CEST	49755	443	192.168.2.4	23.63.206.91
Apr 18, 2024 00:38:08.587351084 CEST	443	49755	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:08.587385893 CEST	443	49755	23.63.206.91	192.168.2.4
Apr 18, 2024 00:38:15.662054062 CEST	443	49744	74.125.138.99	192.168.2.4
Apr 18, 2024 00:38:15.662184954 CEST	443	49744	74.125.138.99	192.168.2.4
Apr 18, 2024 00:38:15.662389994 CEST	49744	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:38:16.991837025 CEST	49744	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:38:16.991869926 CEST	443	49744	74.125.138.99	192.168.2.4
Apr 18, 2024 00:38:36.407515049 CEST	80	49724	217.20.50.19	192.168.2.4
Apr 18, 2024 00:38:36.407629967 CEST	49724	80	192.168.2.4	217.20.50.19
Apr 18, 2024 00:38:36.407681942 CEST	49724	80	192.168.2.4	217.20.50.19
Apr 18, 2024 00:38:36.529119015 CEST	80	49724	217.20.50.19	192.168.2.4
Apr 18, 2024 00:38:49.629302979 CEST	49735	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:38:49.629334927 CEST	443	49735	20.22.16.164	192.168.2.4
Apr 18, 2024 00:39:05.058614016 CEST	49735	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:39:05.058916092 CEST	443	49735	20.22.16.164	192.168.2.4
Apr 18, 2024 00:39:05.058989048 CEST	49735	443	192.168.2.4	20.22.16.164
Apr 18, 2024 00:39:05.306133032 CEST	49763	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:39:05.306216955 CEST	443	49763	74.125.138.99	192.168.2.4
Apr 18, 2024 00:39:05.306298018 CEST	49763	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:39:05.306718111 CEST	49763	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:39:05.306754112 CEST	443	49763	74.125.138.99	192.168.2.4
Apr 18, 2024 00:39:05.527013063 CEST	443	49763	74.125.138.99	192.168.2.4
Apr 18, 2024 00:39:05.541074991 CEST	49763	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:39:05.541096926 CEST	443	49763	74.125.138.99	192.168.2.4
Apr 18, 2024 00:39:05.542556047 CEST	443	49763	74.125.138.99	192.168.2.4
Apr 18, 2024 00:39:05.543356895 CEST	49763	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:39:05.543793917 CEST	443	49763	74.125.138.99	192.168.2.4
Apr 18, 2024 00:39:05.597981930 CEST	49763	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:39:10.723706961 CEST	49723	80	192.168.2.4	96.7.245.97
Apr 18, 2024 00:39:10.829042912 CEST	80	49723	96.7.245.97	192.168.2.4
Apr 18, 2024 00:39:10.829227924 CEST	49723	80	192.168.2.4	96.7.245.97
Apr 18, 2024 00:39:15.530102968 CEST	443	49763	74.125.138.99	192.168.2.4
Apr 18, 2024 00:39:15.530260086 CEST	443	49763	74.125.138.99	192.168.2.4
Apr 18, 2024 00:39:15.530386925 CEST	49763	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:39:16.975349903 CEST	49763	443	192.168.2.4	74.125.138.99
Apr 18, 2024 00:39:16.975379944 CEST	443	49763	74.125.138.99	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 00:38:02.737626076 CEST	53	64103	1.1.1.1	192.168.2.4
Apr 18, 2024 00:38:02.815614939 CEST	53	61773	1.1.1.1	192.168.2.4
Apr 18, 2024 00:38:03.404211044 CEST	53	54008	1.1.1.1	192.168.2.4
Apr 18, 2024 00:38:03.789066076 CEST	61239	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:38:03.789417028 CEST	61553	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:38:04.743089914 CEST	60989	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:38:04.743174076 CEST	62329	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:38:05.254829884 CEST	51789	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:38:05.254908085 CEST	56219	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:38:05.359992027 CEST	53	51789	1.1.1.1	192.168.2.4
Apr 18, 2024 00:38:05.360053062 CEST	53	56219	1.1.1.1	192.168.2.4
Apr 18, 2024 00:38:20.377866030 CEST	53	63211	1.1.1.1	192.168.2.4
Apr 18, 2024 00:38:22.276725054 CEST	138	138	192.168.2.4	192.168.2.255
Apr 18, 2024 00:38:39.236311913 CEST	53	50550	1.1.1.1	192.168.2.4
Apr 18, 2024 00:39:02.255112886 CEST	53	55878	1.1.1.1	192.168.2.4
Apr 18, 2024 00:39:02.328819036 CEST	53	54580	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 18, 2024 00:38:03.789066076 CEST	192.168.2.4	1.1.1.1	0xdf0f	Standard query (0)	delightful-glacier-0a63b1710.5.azurestaticapps.net	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:38:03.789417028 CEST	192.168.2.4	1.1.1.1	0x791b	Standard query (0)	delightful-glacier-0a63b1710.5.azurestaticapps.net	65	IN (0x0001)	false
Apr 18, 2024 00:38:04.743089914 CEST	192.168.2.4	1.1.1.1	0xf81a	Standard query (0)	ajax.aspnetcdn.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:38:04.743174076 CEST	192.168.2.4	1.1.1.1	0x7531	Standard query (0)	ajax.aspnetcdn.com	65	IN (0x0001)	false
Apr 18, 2024 00:38:05.254829884 CEST	192.168.2.4	1.1.1.1	0xd9a7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:38:05.254908085 CEST	192.168.2.4	1.1.1.1	0x2a03	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 18, 2024 00:38:04.025944948 CEST	1.1.1.1	192.168.2.4	0x791b	No error (0)	delightful-glacier-0a63b1710.5.azurestaticapps.net	azurestaticapps5.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:38:04.025944948 CEST	1.1.1.1	192.168.2.4	0x791b	No error (0)	msha-slice-5-eus2-0.msha-slice-5-eus2-0-ase.p.azurewebsites.net	waws-prod-bn1-79ce3d91.sip.p.azurewebsites.windows.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:38:04.102559090 CEST	1.1.1.1	192.168.2.4	0xdf0f	No error (0)	delightful-glacier-0a63b1710.5.azurestaticapps.net	azurestaticapps5.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:38:04.102559090 CEST	1.1.1.1	192.168.2.4	0xdf0f	No error (0)	msha-slice-5-eus2-1.msha-slice-5-eus2-1-ase.p.azurewebsites.net	waws-prod-bn1-4358465d.sip.p.azurewebsites.windows.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:38:04.102559090 CEST	1.1.1.1	192.168.2.4	0xdf0f	No error (0)	waws-prod-bn1-4358465d.sip.p.azurewebsites.windows.net		20.22.16.164	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:38:04.847723007 CEST	1.1.1.1	192.168.2.4	0xf81a	No error (0)	ajax.aspnetcdn.com	mscomajax.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:38:04.847757101 CEST	1.1.1.1	192.168.2.4	0x7531	No error (0)	ajax.aspnetcdn.com	mscomajax.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:38:05.359992027 CEST	1.1.1.1	192.168.2.4	0xd9a7	No error (0)	www.google.com		74.125.138.99	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:38:05.359992027 CEST	1.1.1.1	192.168.2.4	0xd9a7	No error (0)	www.google.com		74.125.138.105	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:38:05.359992027 CEST	1.1.1.1	192.168.2.4	0xd9a7	No error (0)	www.google.com		74.125.138.147	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:38:05.359992027 CEST	1.1.1.1	192.168.2.4	0xd9a7	No error (0)	www.google.com		74.125.138.103	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:38:05.359992027 CEST	1.1.1.1	192.168.2.4	0xd9a7	No error (0)	www.google.com		74.125.138.106	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:38:05.359992027 CEST	1.1.1.1	192.168.2.4	0xd9a7	No error (0)	www.google.com		74.125.138.104	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:38:05.360053062 CEST	1.1.1.1	192.168.2.4	0x2a03	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 18, 2024 00:38:19.267988920 CEST	1.1.1.1	192.168.2.4	0x8364	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:38:19.267988920 CEST	1.1.1.1	192.168.2.4	0x8364	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:38:35.455668926 CEST	1.1.1.1	192.168.2.4	0xfb5e	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:38:35.455668926 CEST	1.1.1.1	192.168.2.4	0xfb5e	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:38:54.328480005 CEST	1.1.1.1	192.168.2.4	0x2cd8	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:38:54.328480005 CEST	1.1.1.1	192.168.2.4	0x2cd8	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:39:15.036609888 CEST	1.1.1.1	192.168.2.4	0x85e4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:39:15.036609888 CEST	1.1.1.1	192.168.2.4	0x85e4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

delightful-glacier-0a63b1710.5.azurestaticapps.net

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	20.22.16.164	443	4228	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:38:04 UTC	769	OUT	GET /?bezp=5565454&clickid=97a06722cf29085a7ee6b1e853b28f1e&phone=+1-866-993-6426 HTTP/1.1 Host: delightful-glacier-0a63b1710.5.azurestaticapps.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:38:04 UTC	135	IN	HTTP/1.1 404 Not Found Connection: close Content-Type: text/html Date: Wed, 17 Apr 2024 22:38:03 GMT Transfer-Encoding: chunked
2024-04-17 22:38:04 UTC	2407	IN	Data Raw: 39 36 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 41 7a 75 72 65 20 53 74 61 74 69 63 20 57 65 62 20 41 70 70 73 20 2d 20 34 30 34 3a 20 4e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 Data Ascii: 960<!DOCTYPE html><html lang=en><head><meta charset=utf-8 /><meta name=viewport content="width=device-width, initial-scale=1.0" /><meta http-equiv=X-UA-Compatible content="IE=edge" /><title>Azure Static Web Apps - 404: Not found</title><li
2024-04-17 22:38:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49754	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:38:07 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-17 22:38:08 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=30331 Date: Wed, 17 Apr 2024 22:38:07 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49755	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:38:08 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-17 22:38:08 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=30340 Date: Wed, 17 Apr 2024 22:38:08 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-17 22:38:08 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5956, Parent PID: 5312

General

Target ID:	0
Start time:	00:37:57
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4228, Parent PID: 5956

General

Target ID:	2
Start time:	00:38:01
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2224,i,8484140261916216697,7846924340831957304,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6516, Parent PID: 5312

General

Target ID:	3
Start time:	00:38:03
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://delightful-glacier-0a63b1710.5.azurestaticapps.net/?bezp=5565454&clickid=97a06722cf29085a7ee6b1e853b28f1e&phone=+1-866-993-6426"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://delightful-glacier-0a63b1710.5.azurestaticapps.net/?bezp=5565454&clickid=97a06722cf29085a7ee6b1e853b28f1e&phone=+1-866-993-6426

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5956, Parent PID: 5312

General

Chronological Activities

Windows Analysis Report
https://delightful-glacier-0a63b1710.5.azurestaticapps.net/?bezp=5565454&clickid=97a06722cf29085a7ee6b1e853b28f1e&phone=+1-866-993-6426