Edit tour

Windows Analysis Report
https://salmon-sand-04393a710.5.azurestaticapps.net/?bezp=5565454&clickid=836e9bd971fa3a7caf5ca499c64a32c9&phone=+1-866-993-6426

Overview

General Information

Sample URL:	https://salmon-sand-04393a710.5.azurestaticapps.net/?bezp=5565454&clickid=836e9bd971fa3a7caf5ca499c64a32c9&phone=+1-866-993-6426
Analysis ID:	1427693
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2004,i,14732430476145571560,11078384947434212630,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://salmon-sand-04393a710.5.azurestaticapps.net/?bezp=5565454&clickid=836e9bd971fa3a7caf5ca499c64a32c9&phone=+1-866-993-6426" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://salmon-sand-04393a710.5.azurestaticapps.net/?bezp=5565454&clickid=836e9bd971fa3a7caf5ca499c64a32c9&phone=+1-866-993-6426

SlashNext: detection malicious, Label: Scareware type: Phishing & Social Engineering

Source: unknown	HTTPS traffic detected: 23.33.136.127:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.123.200.136:443 -> 192.168.2.4:49754 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?bezp=5565454&clickid=836e9bd971fa3a7caf5ca499c64a32c9&phone=+1-866-993-6426 HTTP/1.1Host: salmon-sand-04393a710.5.azurestaticapps.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: salmon-sand-04393a710.5.azurestaticapps.net

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/htmlDate: Wed, 17 Apr 2024 22:43:03 GMTTransfer-Encoding: chunked

Source: chromecache_51.2.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/bootstrap/5.2.3/bootstrap.min.js
Source: chromecache_51.2.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/bootstrap/5.2.3/css/bootstrap.min.css
Source: chromecache_51.2.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jquery/jquery-3.7.1.min.js
Source: chromecache_51.2.dr	String found in binary or memory: https://appservice.azureedge.net/css/static-apps/v3/main.css
Source: chromecache_51.2.dr	String found in binary or memory: https://appservice.azureedge.net/images/static-apps/v3/favicon.svg
Source: chromecache_51.2.dr	String found in binary or memory: https://appservice.azureedge.net/images/static-apps/v3/microsoft_azure_logo.svg
Source: chromecache_51.2.dr	String found in binary or memory: https://appservice.azureedge.net/images/static-apps/v3/staticapps.svg
Source: chromecache_51.2.dr	String found in binary or memory: https://appservice.azureedge.net/scripts/static-apps/v3/loc.min.js
Source: chromecache_55.2.dr, chromecache_48.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_55.2.dr, chromecache_48.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_48.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735

Source: unknown	HTTPS traffic detected: 23.33.136.127:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.123.200.136:443 -> 192.168.2.4:49754 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@16/21@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2004,i,14732430476145571560,11078384947434212630,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://salmon-sand-04393a710.5.azurestaticapps.net/?bezp=5565454&clickid=836e9bd971fa3a7caf5ca499c64a32c9&phone=+1-866-993-6426"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2004,i,14732430476145571560,11078384947434212630,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://salmon-sand-04393a710.5.azurestaticapps.net/?bezp=5565454&clickid=836e9bd971fa3a7caf5ca499c64a32c9&phone=+1-866-993-6426	100%	SlashNext	Scareware type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
waws-prod-bn1-79ce3d91.sip.p.azurewebsites.windows.net	20.75.112.13	true	false	high
www.google.com	74.125.138.103	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
salmon-sand-04393a710.5.azurestaticapps.net	unknown	unknown	false	unknown
ajax.aspnetcdn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://salmon-sand-04393a710.5.azurestaticapps.net/?bezp=5565454&clickid=836e9bd971fa3a7caf5ca499c64a32c9&phone=+1-866-993-6426	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://ajax.aspnetcdn.com/ajax/bootstrap/5.2.3/bootstrap.min.js	chromecache_51.2.dr	false	high
https://ajax.aspnetcdn.com/ajax/bootstrap/5.2.3/css/bootstrap.min.css	chromecache_51.2.dr	false	high
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_48.2.dr	false	high
https://getbootstrap.com/)	chromecache_55.2.dr, chromecache_48.2.dr	false	high
https://ajax.aspnetcdn.com/ajax/jquery/jquery-3.7.1.min.js	chromecache_51.2.dr	false	high
https://github.com/twbs/bootstrap/blob/main/LICENSE)	chromecache_55.2.dr, chromecache_48.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
20.75.112.13	waws-prod-bn1-79ce3d91.sip.p.azurewebsites.windows.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
74.125.138.103	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1427693
Start date and time:	2024-04-18 00:42:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://salmon-sand-04393a710.5.azurestaticapps.net/?bezp=5565454&clickid=836e9bd971fa3a7caf5ca499c64a32c9&phone=+1-866-993-6426
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@16/21@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 173.194.219.94, 173.194.219.101, 173.194.219.139, 173.194.219.113, 173.194.219.100, 173.194.219.102, 173.194.219.138, 64.233.177.84, 34.104.35.123, 152.199.4.33, 72.21.81.200, 13.85.23.86, 72.21.81.240, 192.229.211.108, 20.242.39.171, 13.95.31.18, 142.250.9.94
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, mscomajax.vo.msecnd.net, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, azurestaticapps5.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, cs22.wpc.v0cdn.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, appservice.azureedge.net, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, appservice.ec.azureedge.net, clients.l.google.com, cs9.wpc.v0cdn.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://salmon-sand-04393a710.5.azurestaticapps.net/?bezp=5565454&clickid=836e9bd971fa3a7caf5ca499c64a32c9&phone=+1-866-993-6426

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	4842
Entropy (8bit):	4.526345891855864
Encrypted:	false
SSDEEP:	96:U7VrtvDN/KniSBgKcqWCq8n/Uuhm4owKkYVtSqxHBqeI:arJN/wFgVqtVeZwTqhI
MD5:	B1EE4C89DD83CECE9412A3C847C2F815
SHA1:	02DB4BC607FF302C1274CBA13CF31F8098681ACA
SHA-256:	B4B809961668BD61715C146DFCF59B3D9EA9A1C6CC8091C29FA547302CDDF3C1
SHA-512:	90D8ACBAB274906D3D25A78FFD30FF76B7A0FBA368FB76F68300305349FE0525837C28E7B3D01FC080D4BCC3A040BAD9F94BEC879E48E7D9F2A9A172832DEB3B
Malicious:	false
Reputation:	low
URL:	https://appservice.azureedge.net/images/static-apps/v3/microsoft_azure_logo.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="55 0 651.97 215.43"><defs><style>.cls-1{fill:#737373;}.cls-2{fill:#f25022;}.cls-3{fill:#7fba00;}.cls-4{fill:#00a4ef;}.cls-5{fill:#ffb900;}</style></defs><title>horiz_c-gray_rgb</title><g id="Azure_h" data-name="Azure h"><path class="cls-1" d="M447.7,86.39,464,129.59h-8.26l-3.82-10.72h-17l-3.67,10.72H423l16.27-43.2Zm-4.46,8-6.39,18.2h13l-6.36-18.2Z"/><path class="cls-1" d="M467.62,98.62h24.73v2.93l-16.23,22.26h16.32v5.78h-26v-3.46l16-21.72H467.62Z"/><path class="cls-1" d="M523.47,98.62v31h-7.35v-4.06H516a10.05,10.05,0,0,1-3.87,3.3,12.24,12.24,0,0,1-5.44,1.19c-3.6,0-6.33-1-8.21-3.06s-2.82-5.21-2.82-9.51V98.62H503v18a9.45,9.45,0,0,0,1.55,5.89,5.62,5.62,0,0,0,4.69,2,6.23,6.23,0,0,0,5-2.18,8.52,8.52,0,0,0,1.87-5.71V98.62Z"/><path class="cls-1" d="M545.42,98.11a9.28,9.28,0,0,1,1.57.12,6.59,6.59,0,0,1,1.17.3v7.38a6.37,6.37,0,0,0-1.67-.79,8,8,0,0,0-2.67-.38,5.66,5.66,0,0,0-4.53,2.26c-1.24,1.5-1.85,3.82-1.85,7v15.63h-7.29v-31h7.29v4.88h.12a8.55,8

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	87533
Entropy (8bit):	5.262536918435756
Encrypted:	false
SSDEEP:	1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr
MD5:	2C872DBE60F4BA70FB85356113D8B35E
SHA1:	EE48592D1FFF952FCF06CE0B666ED4785493AFDC
SHA-256:	FC9A93DD241F6B045CBFF0481CF4E1901BECD0E12FB45166A8F17F95823F0B1A
SHA-512:	BF6089ED4698CB8270A8B0C8AD9508FF886A7A842278E98064D5C1790CA3A36D5D69D9F047EF196882554FC104DA2C88EB5395F1EE8CF0F3F6FF8869408350FE
Malicious:	false
Reputation:	low
URL:	https://ajax.aspnetcdn.com/ajax/jquery/jquery-3.7.1.min.js
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (60125)
Category:	downloaded
Size (bytes):	60404
Entropy (8bit):	5.131593990679167
Encrypted:	false
SSDEEP:	768:pZYN+vOLQ11ObgUDZa8fW+l3sLaSLPe6CMhYVRK0H/9V2Vz/kq8GPnlcGpPX21b0:pKQjXht8xmeY8ssH2nvt
MD5:	B0794583EC020A7852F0FC04D5CEFC52
SHA1:	847DFF899B5BCF8EE434E389E2A910BA1DBAD76F
SHA-256:	9BCD4D0F29DC6556EBEEFF44EAA0965F0C7F7308EE58394708CCE2F698CCA1B0
SHA-512:	D7F46F6537020C452363F0B2A62333FA2AAAB5AA107C021398D489635ECCCA9E0CB3999DC4F4B9515EE239F759A3170687315B3A6EAC9ED4CA269A63BEE860E2
Malicious:	false
Reputation:	low
URL:	https://ajax.aspnetcdn.com/ajax/bootstrap/5.2.3/bootstrap.min.js
Preview:	/!. Bootstrap v5.2.3 (https://getbootstrap.com/). * Copyright 2011-2022 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e(require("@popperjs/core")):"function"==typeof define&&define.amd?define(["@popperjs/core"],e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).bootstrap=e(t.Popper)}(this,(function(t){"use strict";function e(t){if(t&&t.__esModule)return t;const e=Object.create(null,{[Symbol.toStringTag]:{value:"Module"}});if(t)for(const i in t)if("default"!==i){const s=Object.getOwnPropertyDescriptor(t,i);Object.defineProperty(e,i,s.get?s:{enumerable:!0,get:()=>t[i]})}return e.default=t,Object.freeze(e)}const i=e(t),s="transitionend",n=t=>{let e=t.getAttribute("data-bs-target");if(!e\|\|"#"===e){let i=t.getAttribute("href");if(!i\|\|!i.includes("#")&&!i.startsWith("."))return null;i.in

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	8104
Entropy (8bit):	4.675970903143818
Encrypted:	false
SSDEEP:	96:QZ3dSugxOrThfA4oYVmHWEUeBRUTRwD+cbfxjdIOfMDu1vFQ4wD5yTxK83AKOyA:TOPMGmHWEUe91guBOLEKMAF
MD5:	1A813EE7E1120C4D7B3E8EBD29AAF72F
SHA1:	5B3F94C56FD08BD6F582B2295D1996D484A66DD5
SHA-256:	AF633C8781D0E41FB1787E2709FF7926A0519C80A80BDD057021E00E1B48DDA2
SHA-512:	A552C43B2220DF6F2D1F1F3436AEA25BFEB7ADF89B5660D6CE752037933A2DF775CA1D4F8B3459DF77D480185579B1B6B672D178E06CFC73305F6E32BE2B23E7
Malicious:	false
Reputation:	low
Preview:	<svg id="a5fdd9e9-6050-4adc-bf91-829173d8c1c1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="336" height="240" viewBox="0 0 336 240">. <defs>. <linearGradient id="f76af362-bf6a-4a68-ab90-12622c3e65ae" x1="171.52" y1="25.712" x2="171.52" y2="221.319" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#69e2ff"/>. <stop offset="1" stop-color="#fff" stop-opacity="0"/>. </linearGradient>. <linearGradient id="bdc7abe3-e52c-457f-a3ce-c8e521b8a46b" x1="124.13" y1="191.976" x2="172.434" y2="191.976" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#69e2ff"/>. <stop offset="1" stop-color="#fff" stop-opacity="0"/>. </linearGradient>. </defs>. <rect width="336" height="240" fill="#fff"/>. <path d="M244.34,109.633l-.3,111.686L98.7,137.4,99,25.712Z" fill="#0078d4"/>. <path d="M244.34,109.633l-.3,111.686L98.7,137.4,99,25.712Z" fill="url(#f76af362-bf6a-4a68-ab90-12622c3e65ae)"/>. <path d="M244.34,109.6

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1946
Entropy (8bit):	5.0658464668720535
Encrypted:	false
SSDEEP:	48:zfnHxeob2c5Gr2W4PFzhkT104OOrbdT1dCkRM1iiHDgG3ax3u:D0Vx8dk04XgWM1iO
MD5:	909D8AC61BECBB0F646873BA6DED610E
SHA1:	30FA898D5052820BE3747E96641B9AE6B409BE75
SHA-256:	30EFD61236D5F5FE2B02866F3B822CE9224D2315814FAC05DA9B7BFC76CA2E3F
SHA-512:	1D4A57981F330B2FC3AC5001C7D432553ED668D34E5A45709608F9F9910CE99B4BF90FBBB267CB82EE3EDCEBA6CCB4F313321358AFF84D4641E66C51CEE0991E
Malicious:	false
Reputation:	low
URL:	https://appservice.azureedge.net/images/static-apps/v3/favicon.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 18 18">. <defs>. <linearGradient id="b81467a7-8040-434c-8e85-3b06adb1a444" x1="9" y1="16.236" x2="9" y2="5.599" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#32bedd"/>. <stop offset="0.775" stop-color="#32d4f5"/>. </linearGradient>. </defs>. <g id="aac29ec1-77a4-4cee-ab20-0e567be7a5e2">. <path d="M0,5.6H18a0,0,0,0,1,0,0V15.635a.6.6,0,0,1-.6.6H.6a.6.6,0,0,1-.6-.6V5.6A0,0,0,0,1,0,5.6Z" fill="url(#b81467a7-8040-434c-8e85-3b06adb1a444)"/>. <rect x="1.309" y="6.657" width="15.527" height="8.514" rx="0.6" fill="#9cebff"/>. <path d="M.6,1.764H17.4a.6.6,0,0,1,.6.6V5.6a0,0,0,0,1,0,0H0a0,0,0,0,1,0,0V2.365A.6.6,0,0,1,.6,1.764Z" fill="#198ab3"/>. <path d="M5.551,10.193H6a0,0,0,0,1,0,0v3.583a.145.145,0,0,1-.145.145H5.406a.145.145,0,0,1-.145-.145V10.483a.29.29,0,0,1,.29-.29Z" transform="translate(-6.87 7.497) rotate(-44.919)" fill="#fff" opacity="0.8"/>. <path d="M5.28,8.037

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2400
Entropy (8bit):	5.141710386004859
Encrypted:	false
SSDEEP:	48:tTrzFLwNGCUzucfFipzv+6rI0E5Ucrpvjdf:JrZy4gJm6rI07at
MD5:	8B6E5A69AAFD321F4CFF4ED84BB3BDE1
SHA1:	B6E7634A826B088DC49DBD8F61B0121327846271
SHA-256:	0A76274E99E285C9D7E18D094E71EA6FCA1B0274E30C28492A24218E53C61CB3
SHA-512:	ABEAE136E3B7C52BD00937E6257B15D0FB163A1BE77BBBA0818FDC1BF32B96C0F3F49DCFD7D8A726211B7B49C3E660CC30FC2A12A4144CA4BC83E08D57203DEE
Malicious:	false
Reputation:	low
URL:	https://salmon-sand-04393a710.5.azurestaticapps.net/?bezp=5565454&clickid=836e9bd971fa3a7caf5ca499c64a32c9&phone=+1-866-993-6426
Preview:	<!DOCTYPE html>..<html lang=en>..<head>..<meta charset=utf-8 />..<meta name=viewport content="width=device-width, initial-scale=1.0" />..<meta http-equiv=X-UA-Compatible content="IE=edge" />..<title>Azure Static Web Apps - 404: Not found</title>..<link rel="shortcut icon" href=https://appservice.azureedge.net/images/static-apps/v3/favicon.svg type=image/x-icon />..<link rel=stylesheet href=https://ajax.aspnetcdn.com/ajax/bootstrap/5.2.3/css/bootstrap.min.css crossorigin=anonymous />..<link rel=stylesheet type=text/css href="https://appservice.azureedge.net/css/static-apps/v3/main.css"/>..<script src=https://appservice.azureedge.net/scripts/static-apps/v3/loc.min.js crossorigin=anonymous></script>..<script type=text/javascript>window.onload=function(){try{loc("404notFound")}catch(a){}};</script>..</head>..<body>..<nav class="navbar navbar-light ps-5 ms-5">..<div class=navbar-brand>..<div class="container pl-4 ml-5">..<img src=https://appservice.azureedge.net/images/static-apps/v3/micros

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	23
Entropy (8bit):	3.882045108136863
Encrypted:	false
SSDEEP:	3:TMQvHEeovbn:ACHYvb
MD5:	FBBC82923FF6881236B01520BAA9F0EF
SHA1:	20DE932A247D76E8865BCC2411E38DB4D9807C4A
SHA-256:	BD6300F28F9701DDC7283D2E6629020FC7969E5064E4258A894FDD2EF6DA666F
SHA-512:	35F90567DDF751094FF1150B754D5B9B598252E77DEFFF5AA0ADA426209D9F75ECFF39C8E7D2CC933A1E2C9892B0CEEBB0A0E6278EE07BA1C5BBCDB3B6A2F13D
Malicious:	false
Reputation:	low
URL:	https://appservice.azureedge.net/scripts/static-apps/v3/loc.min.js
Preview:	function loc(p) {.. }..

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	8104
Entropy (8bit):	4.675970903143818
Encrypted:	false
SSDEEP:	96:QZ3dSugxOrThfA4oYVmHWEUeBRUTRwD+cbfxjdIOfMDu1vFQ4wD5yTxK83AKOyA:TOPMGmHWEUe91guBOLEKMAF
MD5:	1A813EE7E1120C4D7B3E8EBD29AAF72F
SHA1:	5B3F94C56FD08BD6F582B2295D1996D484A66DD5
SHA-256:	AF633C8781D0E41FB1787E2709FF7926A0519C80A80BDD057021E00E1B48DDA2
SHA-512:	A552C43B2220DF6F2D1F1F3436AEA25BFEB7ADF89B5660D6CE752037933A2DF775CA1D4F8B3459DF77D480185579B1B6B672D178E06CFC73305F6E32BE2B23E7
Malicious:	false
Reputation:	low
URL:	https://appservice.azureedge.net/images/static-apps/v3/staticapps.svg
Preview:	<svg id="a5fdd9e9-6050-4adc-bf91-829173d8c1c1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="336" height="240" viewBox="0 0 336 240">. <defs>. <linearGradient id="f76af362-bf6a-4a68-ab90-12622c3e65ae" x1="171.52" y1="25.712" x2="171.52" y2="221.319" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#69e2ff"/>. <stop offset="1" stop-color="#fff" stop-opacity="0"/>. </linearGradient>. <linearGradient id="bdc7abe3-e52c-457f-a3ce-c8e521b8a46b" x1="124.13" y1="191.976" x2="172.434" y2="191.976" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#69e2ff"/>. <stop offset="1" stop-color="#fff" stop-opacity="0"/>. </linearGradient>. </defs>. <rect width="336" height="240" fill="#fff"/>. <path d="M244.34,109.633l-.3,111.686L98.7,137.4,99,25.712Z" fill="#0078d4"/>. <path d="M244.34,109.633l-.3,111.686L98.7,137.4,99,25.712Z" fill="url(#f76af362-bf6a-4a68-ab90-12622c3e65ae)"/>. <path d="M244.34,109.6

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1134
Entropy (8bit):	4.723354379446081
Encrypted:	false
SSDEEP:	24:Lll1tEPxz4Omvzxdc2iv9rJKsS1P7sPea7sP/9u:z/Kdb
MD5:	8DC1B0215D4842AAE9BB811E9B655919
SHA1:	852DDB564BDFDF837E32D672B073734E15593283
SHA-256:	666DD97A683171808B9AAAF4A1EF11C97865DF5046172FED704F70C78E940830
SHA-512:	D4A2B6F8E806959ADD66E1AE489982297F4E8C1C7EE25A27CF137023F0B7A957BBBC5453E53621AF661490A1DC5D5C1977A6D86FB9D04BC9DD6606CA9F6C1EF0
Malicious:	false
Reputation:	low
URL:	https://appservice.azureedge.net/css/static-apps/v3/main.css
Preview:	html, body {.. height: 100%;.. color:#000000;.. background-color: #ffffff;..}...full-height {.. height: 100%;..}...content-area {.. background: green;.. color: white;..}...sub-text{.. font-family: Segoe UI;.. font-style: normal;.. font-weight: normal;.. font-size: 16px;.. line-height: 24px;..}...article-tree {.. background: blue;.. color: white;..}...container-height {.. margin: 0 auto;.. min-height: 88%;.. height: auto;..}...div-vertical-center{.. display: flex;.. justify-content: center;.. align-items: center;.. margin: 0 auto;..}..* {.. border-radius: 0 !important;..}...info-mg-top {.. margin-top:20px;..}...btn-mg-top {.. margin-top:20px;..}..@media (max-width:767px) {.. .info-mg-top {.. margin-top: 15px !important .. }.. .btn-mg-top {.. margin-top: 15px !important .. }..}..@media (min-width:768px) {.. .info-mg-top {.. margin-top: 15px !important .. }.. .btn-mg-top {.. marg

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65305)
Category:	downloaded
Size (bytes):	194901
Entropy (8bit):	5.014294143940012
Encrypted:	false
SSDEEP:	1536:ZtGg9JfWgeQK5wlP72qgOfI3N9LsqkVkpz600I4lp:ZtGg9JfWD9kVkpz600I4lp
MD5:	3F30C2C47D7D23C7A994DB0C862D45A5
SHA1:	7791DD1F3173A0D62CC39C21D2AD71FC8DAD0E72
SHA-256:	C0BCF7898FDC3B87BABCA678CD19A8E3EF570E931C80A3AFBFFCC453738C951A
SHA-512:	49B891FDEBACA612A8315557CAC4CA1BFED5B1E5A28BE63715D1EBB741292A0A53A1979E9A1A8779978B58B849BADCFFDAEB76570D6E4048F631B445F9354150
Malicious:	false
Reputation:	low
URL:	https://ajax.aspnetcdn.com/ajax/bootstrap/5.2.3/css/bootstrap.min.css
Preview:	@charset "UTF-8";/!. Bootstrap v5.2.3 (https://getbootstrap.com/). * Copyright 2011-2022 The Bootstrap Authors. * Copyright 2011-2022 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */:root{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-black:#000;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-gray-100:#f8f9fa;--bs-gray-200:#e9ecef;--bs-gray-300:#dee2e6;--bs-gray-400:#ced4da;--bs-gray-500:#adb5bd;--bs-gray-600:#6c757d;--bs-gray-700:#495057;--bs-gray-800:#343a40;--bs-gray-900:#212529;--bs-primary:#0d6efd;--bs-secondary:#6c757d;--bs-success:#198754;--bs-info:#0dcaf0;--bs-warning:#ffc107;--bs-danger:#dc3545;--bs-light:#f8f9fa;--bs-dark:#212529;--bs-primary-rgb:13,110,253;--bs-secondary-rgb:108,117,125;--bs-success-rgb:25,135,84;--bs-info-rgb:13,202,240;--bs-warning-rgb:255,193,7;--bs-

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	4842
Entropy (8bit):	4.526345891855864
Encrypted:	false
SSDEEP:	96:U7VrtvDN/KniSBgKcqWCq8n/Uuhm4owKkYVtSqxHBqeI:arJN/wFgVqtVeZwTqhI
MD5:	B1EE4C89DD83CECE9412A3C847C2F815
SHA1:	02DB4BC607FF302C1274CBA13CF31F8098681ACA
SHA-256:	B4B809961668BD61715C146DFCF59B3D9EA9A1C6CC8091C29FA547302CDDF3C1
SHA-512:	90D8ACBAB274906D3D25A78FFD30FF76B7A0FBA368FB76F68300305349FE0525837C28E7B3D01FC080D4BCC3A040BAD9F94BEC879E48E7D9F2A9A172832DEB3B
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="55 0 651.97 215.43"><defs><style>.cls-1{fill:#737373;}.cls-2{fill:#f25022;}.cls-3{fill:#7fba00;}.cls-4{fill:#00a4ef;}.cls-5{fill:#ffb900;}</style></defs><title>horiz_c-gray_rgb</title><g id="Azure_h" data-name="Azure h"><path class="cls-1" d="M447.7,86.39,464,129.59h-8.26l-3.82-10.72h-17l-3.67,10.72H423l16.27-43.2Zm-4.46,8-6.39,18.2h13l-6.36-18.2Z"/><path class="cls-1" d="M467.62,98.62h24.73v2.93l-16.23,22.26h16.32v5.78h-26v-3.46l16-21.72H467.62Z"/><path class="cls-1" d="M523.47,98.62v31h-7.35v-4.06H516a10.05,10.05,0,0,1-3.87,3.3,12.24,12.24,0,0,1-5.44,1.19c-3.6,0-6.33-1-8.21-3.06s-2.82-5.21-2.82-9.51V98.62H503v18a9.45,9.45,0,0,0,1.55,5.89,5.62,5.62,0,0,0,4.69,2,6.23,6.23,0,0,0,5-2.18,8.52,8.52,0,0,0,1.87-5.71V98.62Z"/><path class="cls-1" d="M545.42,98.11a9.28,9.28,0,0,1,1.57.12,6.59,6.59,0,0,1,1.17.3v7.38a6.37,6.37,0,0,0-1.67-.79,8,8,0,0,0-2.67-.38,5.66,5.66,0,0,0-4.53,2.26c-1.24,1.5-1.85,3.82-1.85,7v15.63h-7.29v-31h7.29v4.88h.12a8.55,8

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1946
Entropy (8bit):	5.0658464668720535
Encrypted:	false
SSDEEP:	48:zfnHxeob2c5Gr2W4PFzhkT104OOrbdT1dCkRM1iiHDgG3ax3u:D0Vx8dk04XgWM1iO
MD5:	909D8AC61BECBB0F646873BA6DED610E
SHA1:	30FA898D5052820BE3747E96641B9AE6B409BE75
SHA-256:	30EFD61236D5F5FE2B02866F3B822CE9224D2315814FAC05DA9B7BFC76CA2E3F
SHA-512:	1D4A57981F330B2FC3AC5001C7D432553ED668D34E5A45709608F9F9910CE99B4BF90FBBB267CB82EE3EDCEBA6CCB4F313321358AFF84D4641E66C51CEE0991E
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 18 18">. <defs>. <linearGradient id="b81467a7-8040-434c-8e85-3b06adb1a444" x1="9" y1="16.236" x2="9" y2="5.599" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#32bedd"/>. <stop offset="0.775" stop-color="#32d4f5"/>. </linearGradient>. </defs>. <g id="aac29ec1-77a4-4cee-ab20-0e567be7a5e2">. <path d="M0,5.6H18a0,0,0,0,1,0,0V15.635a.6.6,0,0,1-.6.6H.6a.6.6,0,0,1-.6-.6V5.6A0,0,0,0,1,0,5.6Z" fill="url(#b81467a7-8040-434c-8e85-3b06adb1a444)"/>. <rect x="1.309" y="6.657" width="15.527" height="8.514" rx="0.6" fill="#9cebff"/>. <path d="M.6,1.764H17.4a.6.6,0,0,1,.6.6V5.6a0,0,0,0,1,0,0H0a0,0,0,0,1,0,0V2.365A.6.6,0,0,1,.6,1.764Z" fill="#198ab3"/>. <path d="M5.551,10.193H6a0,0,0,0,1,0,0v3.583a.145.145,0,0,1-.145.145H5.406a.145.145,0,0,1-.145-.145V10.483a.29.29,0,0,1,.29-.29Z" transform="translate(-6.87 7.497) rotate(-44.919)" fill="#fff" opacity="0.8"/>. <path d="M5.28,8.037

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 00:42:54.810563087 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 18, 2024 00:43:03.830848932 CEST	49735	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:03.830885887 CEST	443	49735	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:03.830945969 CEST	49735	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:03.831324100 CEST	49736	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:03.831418037 CEST	443	49736	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:03.831482887 CEST	49736	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:03.831538916 CEST	49735	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:03.831556082 CEST	443	49735	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:03.831685066 CEST	49736	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:03.831717968 CEST	443	49736	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:04.212142944 CEST	443	49736	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:04.212482929 CEST	49736	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:04.212543964 CEST	443	49736	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:04.214386940 CEST	443	49736	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:04.214466095 CEST	49736	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:04.214956045 CEST	443	49735	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:04.215281963 CEST	49735	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:04.215311050 CEST	443	49735	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:04.215560913 CEST	49736	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:04.215661049 CEST	443	49736	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:04.215750933 CEST	49736	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:04.215770960 CEST	443	49736	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:04.217020988 CEST	443	49735	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:04.217088938 CEST	49735	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:04.217942953 CEST	49735	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:04.218189955 CEST	443	49735	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:04.268793106 CEST	49735	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:04.268821001 CEST	443	49735	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:04.268913984 CEST	49736	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:04.315287113 CEST	49735	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:04.422724009 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 18, 2024 00:43:04.448590994 CEST	443	49736	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:04.448643923 CEST	443	49736	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:04.448743105 CEST	49736	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:04.448813915 CEST	443	49736	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:04.448956966 CEST	443	49736	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:04.449016094 CEST	49736	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:04.449732065 CEST	49736	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:04.449768066 CEST	443	49736	20.75.112.13	192.168.2.4
Apr 18, 2024 00:43:06.170038939 CEST	49750	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:43:06.170094013 CEST	443	49750	74.125.138.103	192.168.2.4
Apr 18, 2024 00:43:06.170160055 CEST	49750	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:43:06.170908928 CEST	49750	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:43:06.170942068 CEST	443	49750	74.125.138.103	192.168.2.4
Apr 18, 2024 00:43:06.397675991 CEST	443	49750	74.125.138.103	192.168.2.4
Apr 18, 2024 00:43:06.398225069 CEST	49750	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:43:06.398257017 CEST	443	49750	74.125.138.103	192.168.2.4
Apr 18, 2024 00:43:06.399910927 CEST	443	49750	74.125.138.103	192.168.2.4
Apr 18, 2024 00:43:06.399977922 CEST	49750	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:43:06.838732004 CEST	49751	443	192.168.2.4	23.33.136.127
Apr 18, 2024 00:43:06.838819981 CEST	443	49751	23.33.136.127	192.168.2.4
Apr 18, 2024 00:43:06.839091063 CEST	49751	443	192.168.2.4	23.33.136.127
Apr 18, 2024 00:43:06.841895103 CEST	49751	443	192.168.2.4	23.33.136.127
Apr 18, 2024 00:43:06.841968060 CEST	443	49751	23.33.136.127	192.168.2.4
Apr 18, 2024 00:43:07.059577942 CEST	49750	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:43:07.060060024 CEST	443	49750	74.125.138.103	192.168.2.4
Apr 18, 2024 00:43:07.073005915 CEST	443	49751	23.33.136.127	192.168.2.4
Apr 18, 2024 00:43:07.073230028 CEST	49751	443	192.168.2.4	23.33.136.127
Apr 18, 2024 00:43:07.108987093 CEST	49750	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:43:07.109046936 CEST	443	49750	74.125.138.103	192.168.2.4
Apr 18, 2024 00:43:07.155805111 CEST	49750	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:43:07.309339046 CEST	49751	443	192.168.2.4	23.33.136.127
Apr 18, 2024 00:43:07.309391022 CEST	443	49751	23.33.136.127	192.168.2.4
Apr 18, 2024 00:43:07.310273886 CEST	443	49751	23.33.136.127	192.168.2.4
Apr 18, 2024 00:43:07.372086048 CEST	49751	443	192.168.2.4	23.33.136.127
Apr 18, 2024 00:43:07.601165056 CEST	49751	443	192.168.2.4	23.33.136.127
Apr 18, 2024 00:43:07.644191027 CEST	443	49751	23.33.136.127	192.168.2.4
Apr 18, 2024 00:43:07.706746101 CEST	443	49751	23.33.136.127	192.168.2.4
Apr 18, 2024 00:43:07.706897974 CEST	443	49751	23.33.136.127	192.168.2.4
Apr 18, 2024 00:43:07.706965923 CEST	49751	443	192.168.2.4	23.33.136.127
Apr 18, 2024 00:43:07.709034920 CEST	49751	443	192.168.2.4	23.33.136.127
Apr 18, 2024 00:43:07.709053993 CEST	443	49751	23.33.136.127	192.168.2.4
Apr 18, 2024 00:43:07.866193056 CEST	49754	443	192.168.2.4	104.123.200.136
Apr 18, 2024 00:43:07.866276979 CEST	443	49754	104.123.200.136	192.168.2.4
Apr 18, 2024 00:43:07.866349936 CEST	49754	443	192.168.2.4	104.123.200.136
Apr 18, 2024 00:43:07.866723061 CEST	49754	443	192.168.2.4	104.123.200.136
Apr 18, 2024 00:43:07.866749048 CEST	443	49754	104.123.200.136	192.168.2.4
Apr 18, 2024 00:43:08.085902929 CEST	443	49754	104.123.200.136	192.168.2.4
Apr 18, 2024 00:43:08.085974932 CEST	49754	443	192.168.2.4	104.123.200.136
Apr 18, 2024 00:43:08.087279081 CEST	49754	443	192.168.2.4	104.123.200.136
Apr 18, 2024 00:43:08.087289095 CEST	443	49754	104.123.200.136	192.168.2.4
Apr 18, 2024 00:43:08.088059902 CEST	443	49754	104.123.200.136	192.168.2.4
Apr 18, 2024 00:43:08.088995934 CEST	49754	443	192.168.2.4	104.123.200.136
Apr 18, 2024 00:43:08.132189989 CEST	443	49754	104.123.200.136	192.168.2.4
Apr 18, 2024 00:43:08.299945116 CEST	443	49754	104.123.200.136	192.168.2.4
Apr 18, 2024 00:43:08.300179958 CEST	443	49754	104.123.200.136	192.168.2.4
Apr 18, 2024 00:43:08.300247908 CEST	49754	443	192.168.2.4	104.123.200.136
Apr 18, 2024 00:43:08.302427053 CEST	49754	443	192.168.2.4	104.123.200.136
Apr 18, 2024 00:43:08.302463055 CEST	443	49754	104.123.200.136	192.168.2.4
Apr 18, 2024 00:43:08.302508116 CEST	49754	443	192.168.2.4	104.123.200.136
Apr 18, 2024 00:43:08.302521944 CEST	443	49754	104.123.200.136	192.168.2.4
Apr 18, 2024 00:43:16.388447046 CEST	443	49750	74.125.138.103	192.168.2.4
Apr 18, 2024 00:43:16.388520002 CEST	443	49750	74.125.138.103	192.168.2.4
Apr 18, 2024 00:43:16.388703108 CEST	49750	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:43:18.665770054 CEST	49750	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:43:18.665792942 CEST	443	49750	74.125.138.103	192.168.2.4
Apr 18, 2024 00:43:23.020325899 CEST	80	49723	69.164.42.0	192.168.2.4
Apr 18, 2024 00:43:23.020457983 CEST	49723	80	192.168.2.4	69.164.42.0
Apr 18, 2024 00:43:23.020493031 CEST	49723	80	192.168.2.4	69.164.42.0
Apr 18, 2024 00:43:23.125475883 CEST	80	49723	69.164.42.0	192.168.2.4
Apr 18, 2024 00:43:37.329643011 CEST	80	49724	69.164.42.0	192.168.2.4
Apr 18, 2024 00:43:37.329869032 CEST	49724	80	192.168.2.4	69.164.42.0
Apr 18, 2024 00:43:37.329869986 CEST	49724	80	192.168.2.4	69.164.42.0
Apr 18, 2024 00:43:37.434282064 CEST	80	49724	69.164.42.0	192.168.2.4
Apr 18, 2024 00:43:49.278114080 CEST	49735	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:43:49.278141022 CEST	443	49735	20.75.112.13	192.168.2.4
Apr 18, 2024 00:44:04.223558903 CEST	49735	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:44:04.223856926 CEST	443	49735	20.75.112.13	192.168.2.4
Apr 18, 2024 00:44:04.223977089 CEST	49735	443	192.168.2.4	20.75.112.13
Apr 18, 2024 00:44:06.086915016 CEST	49763	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:44:06.086966038 CEST	443	49763	74.125.138.103	192.168.2.4
Apr 18, 2024 00:44:06.087061882 CEST	49763	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:44:06.087277889 CEST	49763	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:44:06.087286949 CEST	443	49763	74.125.138.103	192.168.2.4
Apr 18, 2024 00:44:06.306736946 CEST	443	49763	74.125.138.103	192.168.2.4
Apr 18, 2024 00:44:06.307027102 CEST	49763	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:44:06.307045937 CEST	443	49763	74.125.138.103	192.168.2.4
Apr 18, 2024 00:44:06.308532953 CEST	443	49763	74.125.138.103	192.168.2.4
Apr 18, 2024 00:44:06.308878899 CEST	49763	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:44:06.309465885 CEST	443	49763	74.125.138.103	192.168.2.4
Apr 18, 2024 00:44:06.354434967 CEST	49763	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:44:16.325804949 CEST	443	49763	74.125.138.103	192.168.2.4
Apr 18, 2024 00:44:16.325923920 CEST	443	49763	74.125.138.103	192.168.2.4
Apr 18, 2024 00:44:16.325982094 CEST	49763	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:44:18.395442963 CEST	49763	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:44:18.395462036 CEST	443	49763	74.125.138.103	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 00:43:01.893291950 CEST	53	56027	1.1.1.1	192.168.2.4
Apr 18, 2024 00:43:02.008873940 CEST	53	65072	1.1.1.1	192.168.2.4
Apr 18, 2024 00:43:02.626009941 CEST	53	54596	1.1.1.1	192.168.2.4
Apr 18, 2024 00:43:03.596151114 CEST	59245	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:43:03.596296072 CEST	50573	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:43:04.464710951 CEST	56421	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:43:04.464807034 CEST	58806	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:43:05.974152088 CEST	49977	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:43:05.976247072 CEST	58578	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:43:06.079803944 CEST	53	49977	1.1.1.1	192.168.2.4
Apr 18, 2024 00:43:06.080712080 CEST	53	58578	1.1.1.1	192.168.2.4
Apr 18, 2024 00:43:19.743596077 CEST	53	64717	1.1.1.1	192.168.2.4
Apr 18, 2024 00:43:24.135102987 CEST	138	138	192.168.2.4	192.168.2.255
Apr 18, 2024 00:43:38.482675076 CEST	53	64320	1.1.1.1	192.168.2.4
Apr 18, 2024 00:44:01.103436947 CEST	53	52166	1.1.1.1	192.168.2.4
Apr 18, 2024 00:44:01.683593035 CEST	53	61666	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 18, 2024 00:43:03.596151114 CEST	192.168.2.4	1.1.1.1	0xa134	Standard query (0)	salmon-sand-04393a710.5.azurestaticapps.net	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:43:03.596296072 CEST	192.168.2.4	1.1.1.1	0xd9bc	Standard query (0)	salmon-sand-04393a710.5.azurestaticapps.net	65	IN (0x0001)	false
Apr 18, 2024 00:43:04.464710951 CEST	192.168.2.4	1.1.1.1	0x30a	Standard query (0)	ajax.aspnetcdn.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:43:04.464807034 CEST	192.168.2.4	1.1.1.1	0xeeea	Standard query (0)	ajax.aspnetcdn.com	65	IN (0x0001)	false
Apr 18, 2024 00:43:05.974152088 CEST	192.168.2.4	1.1.1.1	0x4756	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:43:05.976247072 CEST	192.168.2.4	1.1.1.1	0xfb01	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 18, 2024 00:43:03.804127932 CEST	1.1.1.1	192.168.2.4	0xd9bc	No error (0)	salmon-sand-04393a710.5.azurestaticapps.net	azurestaticapps5.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:43:03.804127932 CEST	1.1.1.1	192.168.2.4	0xd9bc	No error (0)	msha-slice-5-eus2-1.msha-slice-5-eus2-1-ase.p.azurewebsites.net	waws-prod-bn1-4358465d.sip.p.azurewebsites.windows.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:43:03.830120087 CEST	1.1.1.1	192.168.2.4	0xa134	No error (0)	salmon-sand-04393a710.5.azurestaticapps.net	azurestaticapps5.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:43:03.830120087 CEST	1.1.1.1	192.168.2.4	0xa134	No error (0)	msha-slice-5-eus2-0.msha-slice-5-eus2-0-ase.p.azurewebsites.net	waws-prod-bn1-79ce3d91.sip.p.azurewebsites.windows.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:43:03.830120087 CEST	1.1.1.1	192.168.2.4	0xa134	No error (0)	waws-prod-bn1-79ce3d91.sip.p.azurewebsites.windows.net		20.75.112.13	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:43:04.569473982 CEST	1.1.1.1	192.168.2.4	0xeeea	No error (0)	ajax.aspnetcdn.com	mscomajax.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:43:04.570242882 CEST	1.1.1.1	192.168.2.4	0x30a	No error (0)	ajax.aspnetcdn.com	mscomajax.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:43:06.079803944 CEST	1.1.1.1	192.168.2.4	0x4756	No error (0)	www.google.com		74.125.138.103	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:43:06.079803944 CEST	1.1.1.1	192.168.2.4	0x4756	No error (0)	www.google.com		74.125.138.104	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:43:06.079803944 CEST	1.1.1.1	192.168.2.4	0x4756	No error (0)	www.google.com		74.125.138.99	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:43:06.079803944 CEST	1.1.1.1	192.168.2.4	0x4756	No error (0)	www.google.com		74.125.138.105	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:43:06.079803944 CEST	1.1.1.1	192.168.2.4	0x4756	No error (0)	www.google.com		74.125.138.106	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:43:06.079803944 CEST	1.1.1.1	192.168.2.4	0x4756	No error (0)	www.google.com		74.125.138.147	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:43:06.080712080 CEST	1.1.1.1	192.168.2.4	0xfb01	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 18, 2024 00:43:18.232492924 CEST	1.1.1.1	192.168.2.4	0xd1b4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:43:18.232492924 CEST	1.1.1.1	192.168.2.4	0xd1b4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:43:31.105571985 CEST	1.1.1.1	192.168.2.4	0x71be	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:43:31.105571985 CEST	1.1.1.1	192.168.2.4	0x71be	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:43:53.571805954 CEST	1.1.1.1	192.168.2.4	0xdb08	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:43:53.571805954 CEST	1.1.1.1	192.168.2.4	0xdb08	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:44:14.447988987 CEST	1.1.1.1	192.168.2.4	0x41cd	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:44:14.447988987 CEST	1.1.1.1	192.168.2.4	0x41cd	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

salmon-sand-04393a710.5.azurestaticapps.net

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	20.75.112.13	443	3736	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:43:04 UTC	762	OUT	GET /?bezp=5565454&clickid=836e9bd971fa3a7caf5ca499c64a32c9&phone=+1-866-993-6426 HTTP/1.1 Host: salmon-sand-04393a710.5.azurestaticapps.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:43:04 UTC	135	IN	HTTP/1.1 404 Not Found Connection: close Content-Type: text/html Date: Wed, 17 Apr 2024 22:43:03 GMT Transfer-Encoding: chunked
2024-04-17 22:43:04 UTC	2407	IN	Data Raw: 39 36 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 41 7a 75 72 65 20 53 74 61 74 69 63 20 57 65 62 20 41 70 70 73 20 2d 20 34 30 34 3a 20 4e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 Data Ascii: 960<!DOCTYPE html><html lang=en><head><meta charset=utf-8 /><meta name=viewport content="width=device-width, initial-scale=1.0" /><meta http-equiv=X-UA-Compatible content="IE=edge" /><title>Azure Static Web Apps - 404: Not found</title><li
2024-04-17 22:43:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49751	23.33.136.127	443

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:43:07 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-17 22:43:07 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0790) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=30005 Date: Wed, 17 Apr 2024 22:43:07 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49754	104.123.200.136	443

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:43:08 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-17 22:43:08 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=29960 Date: Wed, 17 Apr 2024 22:43:08 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-17 22:43:08 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2892, Parent PID: 5328

General

Target ID:	0
Start time:	00:42:58
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3736, Parent PID: 2892

General

Target ID:	2
Start time:	00:43:00
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2004,i,14732430476145571560,11078384947434212630,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6416, Parent PID: 5328

General

Target ID:	3
Start time:	00:43:02
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://salmon-sand-04393a710.5.azurestaticapps.net/?bezp=5565454&clickid=836e9bd971fa3a7caf5ca499c64a32c9&phone=+1-866-993-6426"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://salmon-sand-04393a710.5.azurestaticapps.net/?bezp=5565454&clickid=836e9bd971fa3a7caf5ca499c64a32c9&phone=+1-866-993-6426

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2892, Parent PID: 5328

General

Chronological Activities

Windows Analysis Report
https://salmon-sand-04393a710.5.azurestaticapps.net/?bezp=5565454&clickid=836e9bd971fa3a7caf5ca499c64a32c9&phone=+1-866-993-6426