Windows Analysis Report
https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/

Overview

General Information

Sample URL:	https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/
Analysis ID:	1427877
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Stores files to the Windows start menu directory

Classification

Signatures

Source: https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/	HTTP Parser: No <meta name="author".. found
Source: https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/	HTTP Parser: No <meta name="author".. found
Source: https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/	HTTP Parser: No <meta name="author".. found

Source: https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/	HTTP Parser: No <meta name="copyright".. found
Source: https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/	HTTP Parser: No <meta name="copyright".. found
Source: https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49734 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	HTTP traffic detected: GET /gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/ HTTP/1.1Host: dickssportinggoods.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /notice?domain=blackhawk-cashstar.com&c=teconsent&js=nj&noticeType=bb&text=true&gtm=1 HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/style/recipient_experience/DICKS.283fc50d899ddcf9172dd0ee61b019c0.css HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /recipient-experience/static/js/concat/client.js HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /media/images/DICKS/DICKS.png HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://s3static.cashstar.com/media/style/recipient_experience/DICKS.283fc50d899ddcf9172dd0ee61b019c0.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /log?domain=blackhawk-cashstar.com&country=us&state=&behavior=implied&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW&c=a37c HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /asset/notice.js/v/v1.7-3185 HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://dickssportinggoods.cashstar.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recipient-experience/static/js/iovationBB.js HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /media/webfont/DICKS.json HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://dickssportinggoods.cashstar.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /snare.js HTTP/1.1Host: mpsnare.iesnare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log?domain=blackhawk-cashstar.com&country=us&state=&behavior=implied&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW&c=a37c HTTP/1.1Host: consent.trustarc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/fonts/DICKS/fonts.c844bce31e7d2a9f3ead4cffcd8f4e93.css HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /bannermsg?action=views&domain=blackhawk-cashstar.com&behavior=implied&country=us&language=en&rand=0.2006570593677508&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/webfont/DICKS.json HTTP/1.1Host: s3static.cashstar.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /media/images/DICKS/DICKS.png HTTP/1.1Host: s3static.cashstar.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /script/logo.js HTTP/1.1Host: mpsnare.iesnare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef=h//vmXSI/uI6tUK3tqLWZiShJ0v31fu+kO/9DZ4wku4=
Source: global traffic	HTTP traffic detected: GET /bannermsg?action=views&domain=blackhawk-cashstar.com&behavior=implied&country=us&language=en&rand=0.2006570593677508&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW HTTP/1.1Host: consent.trustarc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/fonts/DICKS/DSGSans-Black-73d994fc41cbf65f8414609d10b9accd.woff2 HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://dickssportinggoods.cashstar.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://s3static.cashstar.com/media/fonts/DICKS/fonts.c844bce31e7d2a9f3ead4cffcd8f4e93.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/images/DICKS/favicon.ico HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /assets/ZGVsdGEuY29tLG15Y2luZW1hZ2lmdGNhcmRzLmNvLnVrLG9sbGllcy5jb20scGFuZGFleHByZXNzLmNvbSxhcml0emlhLmNvbSxteWNpbmVtYWdpZnRjYXJkcy5jb20sa3JvZ2VyLmNvbSxwYWludG5pdGUuY29tLGNmaWNpc2R1bW15LmNvbSxob21lY2hlZi5jb20sZG9sbGFyc2hhdmVjbHViLmNvbSxsbGJlYW4uY29tLHN0YXJidWNrcy5jby5qcCxjYXNoc3Rhci5jb20sbWFpbmV2ZW50LmNvbSxxd2VyLmNvbSxub3Jkc3Ryb20uY29tLGV4eG9ubW9iaWwuY29tLHdhbG1hcnQuY29tLGR1bmtpbmRvbnV0cy5jb20sdHJ1bmtjbHViLmNvbSxnaWZ0Y2FyZG1peC5jb20sV0VOREVMTEdDLmNvbSx0ZXNjb2ZvcmJ1c2luZXNzLmNvbSxjYXNleXMuY29tLGhhcnJpc3RlZXRlci5jb20= HTTP/1.1Host: ht.blackhawknetwork.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/images/DICKS/favicon.ico HTTP/1.1Host: s3static.cashstar.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1Cx3NFWRXNwfr1r&MD=x6RZyozK HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1Cx3NFWRXNwfr1r&MD=x6RZyozK HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /log?domain=blackhawk-cashstar.com&country=us&state=&behavior=implied&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW&c=6e38 HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bannermsg?action=views&domain=blackhawk-cashstar.com&behavior=implied&country=us&language=en&rand=0.13047567448616437&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /snare.js HTTP/1.1Host: mpsnare.iesnare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef=h//vmXSI/uI6tUK3tqLWZiShJ0v31fu+kO/9DZ4wku4=
Source: global traffic	HTTP traffic detected: GET /log?domain=blackhawk-cashstar.com&country=us&state=&behavior=implied&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW&c=6e38 HTTP/1.1Host: consent.trustarc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bannermsg?action=views&domain=blackhawk-cashstar.com&behavior=implied&country=us&language=en&rand=0.13047567448616437&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW HTTP/1.1Host: consent.trustarc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/ZGVsdGEuY29tLG15Y2luZW1hZ2lmdGNhcmRzLmNvLnVrLG9sbGllcy5jb20scGFuZGFleHByZXNzLmNvbSxhcml0emlhLmNvbSxteWNpbmVtYWdpZnRjYXJkcy5jb20sa3JvZ2VyLmNvbSxwYWludG5pdGUuY29tLGNmaWNpc2R1bW15LmNvbSxob21lY2hlZi5jb20sZG9sbGFyc2hhdmVjbHViLmNvbSxsbGJlYW4uY29tLHN0YXJidWNrcy5jby5qcCxjYXNoc3Rhci5jb20sbWFpbmV2ZW50LmNvbSxxd2VyLmNvbSxub3Jkc3Ryb20uY29tLGV4eG9ubW9iaWwuY29tLHdhbG1hcnQuY29tLGR1bmtpbmRvbnV0cy5jb20sdHJ1bmtjbHViLmNvbSxnaWZ0Y2FyZG1peC5jb20sV0VOREVMTEdDLmNvbSx0ZXNjb2ZvcmJ1c2luZXNzLmNvbSxjYXNleXMuY29tLGhhcnJpc3RlZXRlci5jb20= HTTP/1.1Host: ht.blackhawknetwork.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: dickssportinggoods.cashstar.com

Source: unknown

HTTP traffic detected: POST /gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/ HTTP/1.1Host: dickssportinggoods.cashstar.comConnection: keep-aliveContent-Length: 1703Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://dickssportinggoods.cashstar.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: csrftoken=1rBlDrTaOJdqOPfof7ZoC8pkIiwCDA1C3e4Oc0mE1y7yLvF4MiyMyNyQshP6Oxh5; rexsessionid=6ue59m5mhae1a2w5tpdt8ji989zmiksc; datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G; TAsessionID=e58a22a8-87de-4dc3-94bc-522b41d24f38|NEW; notice_behavior=implied,us

Source: chromecache_84.1.dr	String found in binary or memory: http://consent-pref.trustarc.com/?type=blackhawk_cashstar_v11&layout=gdpr
Source: chromecache_84.1.dr	String found in binary or memory: http://consent.trustarc.com/noticemsg?
Source: chromecache_84.1.dr	String found in binary or memory: https://api-js-log.trustarc.com/error
Source: chromecache_84.1.dr	String found in binary or memory: https://consent.trustarc.com/
Source: chromecache_84.1.dr	String found in binary or memory: https://consent.trustarc.com/bannermsg?
Source: chromecache_84.1.dr	String found in binary or memory: https://consent.trustarc.com/get?name=bh-close-icon.svg
Source: chromecache_84.1.dr	String found in binary or memory: https://consent.trustarc.com/log
Source: chromecache_80.1.dr	String found in binary or memory: https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/
Source: chromecache_89.1.dr	String found in binary or memory: https://feross.org
Source: chromecache_80.1.dr	String found in binary or memory: https://fpstatic.cashstar.com/faceplates/DABCPYU86/MASTER-1.jpg
Source: chromecache_80.1.dr	String found in binary or memory: https://ht.blackhawknetwork.com/assets/ZGVsdGEuY29tLG15Y2luZW1hZ2lmdGNhcmRzLmNvLnVrLG9sbGllcy5jb20sc
Source: chromecache_86.1.dr	String found in binary or memory: https://ht.blackhawknetwork.com/assets/images/logo.png?l=$
Source: chromecache_80.1.dr	String found in binary or memory: https://s3static.cashstar.com/media/images/DICKS/android-chrome-192x192.png
Source: chromecache_80.1.dr	String found in binary or memory: https://s3static.cashstar.com/media/images/DICKS/apple-touch-icon-152x152.png
Source: chromecache_80.1.dr	String found in binary or memory: https://s3static.cashstar.com/media/images/DICKS/favicon.ico
Source: chromecache_80.1.dr	String found in binary or memory: https://s3static.cashstar.com/media/style/recipient_experience/DICKS.283fc50d899ddcf9172dd0ee61b019c
Source: chromecache_80.1.dr	String found in binary or memory: https://s3static.cashstar.com/recipient-experience/static/
Source: chromecache_80.1.dr	String found in binary or memory: https://s3static.cashstar.com/recipient-experience/static/js/concat/client.js

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49734 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@14/39@26/14

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1956,i,2780004439923109171,16103955136008577627,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1956,i,2780004439923109171,16103955136008577627,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.125.138.147	www.google.com	United States	15169	GOOGLEUS	false
3.161.150.4	consent.trustarc.com	United States	16509	AMAZON-02US	false
3.161.150.100	unknown	United States	16509	AMAZON-02US	false
151.101.1.24	prod.cashstar-et.map.fastly.net	United States	54113	FASTLYUS	false
151.101.0.138	cashstar.map.fastly.net	United States	54113	FASTLYUS	false
3.136.252.66	unknown	United States	16509	AMAZON-02US	false
3.161.150.25	unknown	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.21.145.8	wdpthird-pr-0d2f5ae6feef9df0.elb.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false
3.22.134.95	d-52ccktk4i3.execute-api.us-east-2.amazonaws.com	United States	16509	AMAZON-02US	false
52.42.97.191	wdpthird-pr-1c6ba7bb96976191.elb.us-west-2.amazonaws.com	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.16
192.168.2.13
192.168.2.14

Contacted Domains

Name	IP	Active
d-52ccktk4i3.execute-api.us-east-2.amazonaws.com	3.22.134.95	true
wdpthird-pr-1c6ba7bb96976191.elb.us-west-2.amazonaws.com	52.42.97.191	true
www.google.com	74.125.138.147	true
wdpthird-pr-0d2f5ae6feef9df0.elb.us-east-1.amazonaws.com	23.21.145.8	true
cashstar.map.fastly.net	151.101.0.138	true
prod.cashstar-et.map.fastly.net	151.101.1.24	true
consent.trustarc.com	3.161.150.4	true
ht.blackhawknetwork.com	unknown	unknown
s3static.cashstar.com	unknown	unknown
mpsnare.iesnare.com	unknown	unknown
dickssportinggoods.cashstar.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://consent.trustarc.com/asset/notice.js/v/v1.7-3185	false		high
https://consent.trustarc.com/log?domain=blackhawk-cashstar.com&country=us&state=&behavior=implied&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW&c=6e38	false		high
https://s3static.cashstar.com/media/images/DICKS/DICKS.png	false		high
https://mpsnare.iesnare.com/script/logo.js	false	0%, Virustotal, Browse	unknown
https://consent.trustarc.com/log?domain=blackhawk-cashstar.com&country=us&state=&behavior=implied&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW&c=a37c	false		high
https://consent.trustarc.com/bannermsg?action=views&domain=blackhawk-cashstar.com&behavior=implied&country=us&language=en&rand=0.13047567448616437&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW	false		high
https://s3static.cashstar.com/media/images/DICKS/favicon.ico	false		high
https://consent.trustarc.com/notice?domain=blackhawk-cashstar.com&c=teconsent&js=nj&noticeType=bb&text=true&gtm=1	false		high
https://mpsnare.iesnare.com/snare.js	false	0%, Virustotal, Browse	unknown
https://s3static.cashstar.com/media/fonts/DICKS/DSGSans-Black-73d994fc41cbf65f8414609d10b9accd.woff2	false		high
https://s3static.cashstar.com/media/webfont/DICKS.json	false		high
https://ht.blackhawknetwork.com/assets/ZGVsdGEuY29tLG15Y2luZW1hZ2lmdGNhcmRzLmNvLnVrLG9sbGllcy5jb20scGFuZGFleHByZXNzLmNvbSxhcml0emlhLmNvbSxteWNpbmVtYWdpZnRjYXJkcy5jb20sa3JvZ2VyLmNvbSxwYWludG5pdGUuY29tLGNmaWNpc2R1bW15LmNvbSxob21lY2hlZi5jb20sZG9sbGFyc2hhdmVjbHViLmNvbSxsbGJlYW4uY29tLHN0YXJidWNrcy5jby5qcCxjYXNoc3Rhci5jb20sbWFpbmV2ZW50LmNvbSxxd2VyLmNvbSxub3Jkc3Ryb20uY29tLGV4eG9ubW9iaWwuY29tLHdhbG1hcnQuY29tLGR1bmtpbmRvbnV0cy5jb20sdHJ1bmtjbHViLmNvbSxnaWZ0Y2FyZG1peC5jb20sV0VOREVMTEdDLmNvbSx0ZXNjb2ZvcmJ1c2luZXNzLmNvbSxjYXNleXMuY29tLGhhcnJpc3RlZXRlci5jb20=	false		high
https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/	false		high
https://s3static.cashstar.com/media/fonts/DICKS/fonts.c844bce31e7d2a9f3ead4cffcd8f4e93.css	false		high
https://consent.trustarc.com/bannermsg?action=views&domain=blackhawk-cashstar.com&behavior=implied&country=us&language=en&rand=0.2006570593677508&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 06:46:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F14C3F13FE49704AA8CEBB2E12700418	353F37DF703A10280F02DDF65462F295B4D6BDBA	C8616BA899A871AE3A69240B0EAE93C6FF9E3A74AFDDF6B62E9611388558872E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 06:46:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D373022BA1A616CCAAACDE12FF9DADCF	DBB19939121596906FC3DE60426CB836C02D65D8	47F4FD0A8F5F31A39BF1B65CFE61F5BDBF4E6D278D247D3AD25D9DE37A5BE411
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	1B9955F88DCF01BF01F511F3543447E4	941A3A10D49309E5FEC3DC1E62FD69FC7A14EAFB	52BBE98B724B41E3F2FD09A9688E64F943E5EB4EE05CBB8F9E3B064849632094
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 06:46:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0D431583403693D95B3C9DAFC865441E	E6680EF7615D7916F3C377FE5004BBEF8D7D684E	CC5CB83F4856770AECE2010415E5590A989CA8ACE1ECEAE08A96375A6F1B7EA6
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 06:46:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	054255B846251B5D265FD725223BB0D1	6CEAA6C30AA0C053ED6E988F624BEC87DFC1F252	1F230792B7C3A9EC4FA3A3824957CC726D7C84409A80EDAE784FD483EBEBEAA9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 06:46:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B3844062A60FD0F4996AAF0B6DB77534	A4897A3FA31CDC24FC582741A1258DE433775999	66E30EE1F908570A704BE34DDB0C756C21FEC66F9598AF335BF6C71271913F93
Chrome Cache Entry: 79	ASCII text, with very long lines (1810)	FD4C6774C4375AF26D9D3052B630294E	11275B2C3C04CCBA7F38ABA7E84850C97CAC3075	7904D8846E66F0C538335E696B4E06FE1D1D10F8856E275316D409EFDA45EAD9
Chrome Cache Entry: 80	HTML document, ASCII text, with very long lines (12682)	83C60B8BA9DC299E1F56F76B7268054C	80CADEE900A6A7E790E3C234AA821D0F247F472F	F4F3FA402B01F0B997341B6BAE614B0F63B7A4FBD4A7BEF1E93DCA2CDE23D28B
Chrome Cache Entry: 81	ASCII text, with very long lines (65536), with no line terminators	283FC50D899DDCF9172DD0EE61B019C0	03278E91E9DF680A1FC17A7964BBA8BB694C2304	9583F2378FB3026FDDFD3E319AA075FEC7C9FDF6E906CE8221D78916452F3271
Chrome Cache Entry: 82	MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel	6959E85C8EF11925E3F909E7BD21E06F	8AEDA8E4543998AA3E3E169FA366C3DDDF18E1E6	2CF0CC834261CA4628180723674DF450F88D811FE2431FC8344AE25A32A510F9
Chrome Cache Entry: 83	ASCII text	C844BCE31E7D2A9F3EAD4CFFCD8F4E93	6678185C92E0FA00093AF5A4DFD0AD1B312F70C6	E26D25EBA3898E69D64A78BD28BB754CF3455A0395856D71282AC4C67405C94D
Chrome Cache Entry: 84	ASCII text, with very long lines (3566)	E2265210C574F45B11E6EAEECE6C3A79	6183556DFFF6AF31D217E4E0DA30ED34005F02C1	9532B9724499DF120475833280C59BEAFD7614EED5833D8B94757233FA01B088
Chrome Cache Entry: 85	JSON data	D87BB4B83CAF10A10C1843EF3F55334A	C04E74412AF54638B9BC7D82F0958DA04579BDD8	A677DF4CD44D48EDEA3CF206CB69FDF11D8CA36A6440DC6605E4C8E5A3C69F31
Chrome Cache Entry: 86	ASCII text, with very long lines (876), with no line terminators	FC761B56CB247DB9E3A3E8B6BA470CAA	B2D47C5D8D725D7CB53FD6226F9AFC62070DC1CB	443675EC85877E5C9E622D024615502E6BC0221684F030C98000CB11E523D029
Chrome Cache Entry: 87	ASCII text, with no line terminators	0B4F8B034711B9CB4FE1E0233FBA891F	6F475A6DDDF42E66EE8462BC4613DF710CCB0428	0C2C0DD115651CF042A0A6E61EBCD26288EAF8D876A552C1F3618470161414DA
Chrome Cache Entry: 88	ASCII text, with no line terminators	A1C911138CC758A5597D8CA9DCC074F5	E2D37576F7ACAEDC4C7E6FCF5BB8FE9F0B7E451E	7302F6AF948B0D0F966F246BE140D0A792B82991C7D0D6134F27C3AE941B5F87
Chrome Cache Entry: 89	Unicode text, UTF-8 text, with very long lines (37997)	18397F8FF7E15F5CC12FF827AD1B3C8B	5BFBD54468758A43776F95400CFCA36D0B4CAF46	8B3EDB28636A694F205BEBAB79149F357121AB780970CE3A5ACDCAE22347C93C
Chrome Cache Entry: 90	ASCII text, with very long lines (38567), with no line terminators	E92BA0D2E308BF0F1AA7E4D8B03C0FBE	1240446F89EA95038FEB8230F6A88F84A319A9BD	27EB1C5470249F0EC6A59CA232EF546529744863BA892243C4B830BD7CC49C43
Chrome Cache Entry: 91	JSON data	D87BB4B83CAF10A10C1843EF3F55334A	C04E74412AF54638B9BC7D82F0958DA04579BDD8	A677DF4CD44D48EDEA3CF206CB69FDF11D8CA36A6440DC6605E4C8E5A3C69F31
Chrome Cache Entry: 92	MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel	6959E85C8EF11925E3F909E7BD21E06F	8AEDA8E4543998AA3E3E169FA366C3DDDF18E1E6	2CF0CC834261CA4628180723674DF450F88D811FE2431FC8344AE25A32A510F9
Chrome Cache Entry: 93	PNG image data, 5616 x 720, 8-bit/color RGBA, non-interlaced	970205D9DBAE569E6B69A49D1B2459DC	A2ECD763DDA3E5BE3D0C4B8DE654EB889811F290	2E08E90F82F3BA618E4EFCCC016C7A74D8A83FECA7320669D14C45133227C534
Chrome Cache Entry: 94	PNG image data, 5616 x 720, 8-bit/color RGBA, non-interlaced	970205D9DBAE569E6B69A49D1B2459DC	A2ECD763DDA3E5BE3D0C4B8DE654EB889811F290	2E08E90F82F3BA618E4EFCCC016C7A74D8A83FECA7320669D14C45133227C534
Chrome Cache Entry: 95	Web Open Font Format (Version 2), TrueType, length 14092, version 1.0	73D994FC41CBF65F8414609D10B9ACCD	366C9FEC5B58AACF030932E52ADE6449DFEA1C56	929F368D07D3DF469A0079BF33D46EED774422FFB8FE8DBA798014E2F1F88529
Chrome Cache Entry: 96	ASCII text, with no line terminators	66440D6DC015879C36B1C841867CBDC2	96881399700BDFE02C7EBB56F27D638ABFF05E46	BFA563A7951DCFF6F9FDDF6E1EB2ADF24D406A23BB87D6A485FA0CD664517FF5

Source: https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/	HTTP Parser: No <meta name="author".. found
Source: https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/	HTTP Parser: No <meta name="author".. found
Source: https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/	HTTP Parser: No <meta name="author".. found

Source: https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/	HTTP Parser: No <meta name="copyright".. found
Source: https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/	HTTP Parser: No <meta name="copyright".. found
Source: https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49734 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 23.55.253.34
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	HTTP traffic detected: GET /gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/ HTTP/1.1Host: dickssportinggoods.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /notice?domain=blackhawk-cashstar.com&c=teconsent&js=nj&noticeType=bb&text=true&gtm=1 HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/style/recipient_experience/DICKS.283fc50d899ddcf9172dd0ee61b019c0.css HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /recipient-experience/static/js/concat/client.js HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /media/images/DICKS/DICKS.png HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://s3static.cashstar.com/media/style/recipient_experience/DICKS.283fc50d899ddcf9172dd0ee61b019c0.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /log?domain=blackhawk-cashstar.com&country=us&state=&behavior=implied&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW&c=a37c HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /asset/notice.js/v/v1.7-3185 HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://dickssportinggoods.cashstar.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recipient-experience/static/js/iovationBB.js HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /media/webfont/DICKS.json HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://dickssportinggoods.cashstar.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /snare.js HTTP/1.1Host: mpsnare.iesnare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log?domain=blackhawk-cashstar.com&country=us&state=&behavior=implied&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW&c=a37c HTTP/1.1Host: consent.trustarc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/fonts/DICKS/fonts.c844bce31e7d2a9f3ead4cffcd8f4e93.css HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /bannermsg?action=views&domain=blackhawk-cashstar.com&behavior=implied&country=us&language=en&rand=0.2006570593677508&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/webfont/DICKS.json HTTP/1.1Host: s3static.cashstar.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /media/images/DICKS/DICKS.png HTTP/1.1Host: s3static.cashstar.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /script/logo.js HTTP/1.1Host: mpsnare.iesnare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef=h//vmXSI/uI6tUK3tqLWZiShJ0v31fu+kO/9DZ4wku4=
Source: global traffic	HTTP traffic detected: GET /bannermsg?action=views&domain=blackhawk-cashstar.com&behavior=implied&country=us&language=en&rand=0.2006570593677508&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW HTTP/1.1Host: consent.trustarc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/fonts/DICKS/DSGSans-Black-73d994fc41cbf65f8414609d10b9accd.woff2 HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://dickssportinggoods.cashstar.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://s3static.cashstar.com/media/fonts/DICKS/fonts.c844bce31e7d2a9f3ead4cffcd8f4e93.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/images/DICKS/favicon.ico HTTP/1.1Host: s3static.cashstar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /assets/ZGVsdGEuY29tLG15Y2luZW1hZ2lmdGNhcmRzLmNvLnVrLG9sbGllcy5jb20scGFuZGFleHByZXNzLmNvbSxhcml0emlhLmNvbSxteWNpbmVtYWdpZnRjYXJkcy5jb20sa3JvZ2VyLmNvbSxwYWludG5pdGUuY29tLGNmaWNpc2R1bW15LmNvbSxob21lY2hlZi5jb20sZG9sbGFyc2hhdmVjbHViLmNvbSxsbGJlYW4uY29tLHN0YXJidWNrcy5jby5qcCxjYXNoc3Rhci5jb20sbWFpbmV2ZW50LmNvbSxxd2VyLmNvbSxub3Jkc3Ryb20uY29tLGV4eG9ubW9iaWwuY29tLHdhbG1hcnQuY29tLGR1bmtpbmRvbnV0cy5jb20sdHJ1bmtjbHViLmNvbSxnaWZ0Y2FyZG1peC5jb20sV0VOREVMTEdDLmNvbSx0ZXNjb2ZvcmJ1c2luZXNzLmNvbSxjYXNleXMuY29tLGhhcnJpc3RlZXRlci5jb20= HTTP/1.1Host: ht.blackhawknetwork.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/images/DICKS/favicon.ico HTTP/1.1Host: s3static.cashstar.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: datadome=_mwMk9pnhLtBsQW5L4EcKqpjqRMeFaPtGs15cJfOGMrKtQX2wn_nZKIXp6f3fg29rYjncI_UX~eAwQEc0ApB03WD5sGwTKVxkoQvfoWd9XoTxCn~DvibZmpCcYzbDJ0G
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1Cx3NFWRXNwfr1r&MD=x6RZyozK HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1Cx3NFWRXNwfr1r&MD=x6RZyozK HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /log?domain=blackhawk-cashstar.com&country=us&state=&behavior=implied&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW&c=6e38 HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bannermsg?action=views&domain=blackhawk-cashstar.com&behavior=implied&country=us&language=en&rand=0.13047567448616437&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /snare.js HTTP/1.1Host: mpsnare.iesnare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef=h//vmXSI/uI6tUK3tqLWZiShJ0v31fu+kO/9DZ4wku4=
Source: global traffic	HTTP traffic detected: GET /log?domain=blackhawk-cashstar.com&country=us&state=&behavior=implied&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW&c=6e38 HTTP/1.1Host: consent.trustarc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bannermsg?action=views&domain=blackhawk-cashstar.com&behavior=implied&country=us&language=en&rand=0.13047567448616437&session=e58a22a8-87de-4dc3-94bc-522b41d24f38&userType=NEW HTTP/1.1Host: consent.trustarc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/ZGVsdGEuY29tLG15Y2luZW1hZ2lmdGNhcmRzLmNvLnVrLG9sbGllcy5jb20scGFuZGFleHByZXNzLmNvbSxhcml0emlhLmNvbSxteWNpbmVtYWdpZnRjYXJkcy5jb20sa3JvZ2VyLmNvbSxwYWludG5pdGUuY29tLGNmaWNpc2R1bW15LmNvbSxob21lY2hlZi5jb20sZG9sbGFyc2hhdmVjbHViLmNvbSxsbGJlYW4uY29tLHN0YXJidWNrcy5jby5qcCxjYXNoc3Rhci5jb20sbWFpbmV2ZW50LmNvbSxxd2VyLmNvbSxub3Jkc3Ryb20uY29tLGV4eG9ubW9iaWwuY29tLHdhbG1hcnQuY29tLGR1bmtpbmRvbnV0cy5jb20sdHJ1bmtjbHViLmNvbSxnaWZ0Y2FyZG1peC5jb20sV0VOREVMTEdDLmNvbSx0ZXNjb2ZvcmJ1c2luZXNzLmNvbSxjYXNleXMuY29tLGhhcnJpc3RlZXRlci5jb20= HTTP/1.1Host: ht.blackhawknetwork.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dickssportinggoods.cashstar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: dickssportinggoods.cashstar.com

Source: unknown

Source: chromecache_84.1.dr	String found in binary or memory: http://consent-pref.trustarc.com/?type=blackhawk_cashstar_v11&layout=gdpr
Source: chromecache_84.1.dr	String found in binary or memory: http://consent.trustarc.com/noticemsg?
Source: chromecache_84.1.dr	String found in binary or memory: https://api-js-log.trustarc.com/error
Source: chromecache_84.1.dr	String found in binary or memory: https://consent.trustarc.com/
Source: chromecache_84.1.dr	String found in binary or memory: https://consent.trustarc.com/bannermsg?
Source: chromecache_84.1.dr	String found in binary or memory: https://consent.trustarc.com/get?name=bh-close-icon.svg
Source: chromecache_84.1.dr	String found in binary or memory: https://consent.trustarc.com/log
Source: chromecache_80.1.dr	String found in binary or memory: https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/
Source: chromecache_89.1.dr	String found in binary or memory: https://feross.org
Source: chromecache_80.1.dr	String found in binary or memory: https://fpstatic.cashstar.com/faceplates/DABCPYU86/MASTER-1.jpg
Source: chromecache_80.1.dr	String found in binary or memory: https://ht.blackhawknetwork.com/assets/ZGVsdGEuY29tLG15Y2luZW1hZ2lmdGNhcmRzLmNvLnVrLG9sbGllcy5jb20sc
Source: chromecache_86.1.dr	String found in binary or memory: https://ht.blackhawknetwork.com/assets/images/logo.png?l=$
Source: chromecache_80.1.dr	String found in binary or memory: https://s3static.cashstar.com/media/images/DICKS/android-chrome-192x192.png
Source: chromecache_80.1.dr	String found in binary or memory: https://s3static.cashstar.com/media/images/DICKS/apple-touch-icon-152x152.png
Source: chromecache_80.1.dr	String found in binary or memory: https://s3static.cashstar.com/media/images/DICKS/favicon.ico
Source: chromecache_80.1.dr	String found in binary or memory: https://s3static.cashstar.com/media/style/recipient_experience/DICKS.283fc50d899ddcf9172dd0ee61b019c
Source: chromecache_80.1.dr	String found in binary or memory: https://s3static.cashstar.com/recipient-experience/static/
Source: chromecache_80.1.dr	String found in binary or memory: https://s3static.cashstar.com/recipient-experience/static/js/concat/client.js

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.253.34:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49734 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@14/39@26/14

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1956,i,2780004439923109171,16103955136008577627,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1956,i,2780004439923109171,16103955136008577627,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1427877
Product:	CloudBasic
Start time:	09:45:50
Start date:	18.04.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://dickssportinggoods.cashstar.com/gift-card/view/mUCKtSrpC6CeYefBmCmzbGAco/