Edit tour

Windows Analysis Report
https://pusha1qsn.z13.web.core.windows.net/

Overview

General Information

Sample URL:	https://pusha1qsn.z13.web.core.windows.net/
Analysis ID:	1429004
Infos:

Detection

TechSupportScam

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected TechSupportScam

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,13070710393856215573,8462554755440443289,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pusha1qsn.z13.web.core.windows.net/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_76	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security

HTML

Source	Rule	Description	Author
0.1.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.0.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.2.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.3.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://pusha1qsn.z13.web.core.windows.net/

SlashNext: detection malicious, Label: Scareware type: Phishing & Social Engineering

Phishing

Yara detected TechSupportScam

Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_76, type: DROPPED

Source: unknown	HTTPS traffic detected: 23.216.69.213:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.216.69.213:443 -> 192.168.2.4:49772 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.69.213
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.204.82
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.204.58
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.204.58
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.204.82
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?lang=en HTTP/1.1Host: ipwho.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://pusha1qsn.z13.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://pusha1qsn.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get/script.js?referrer=https://pusha1qsn.z13.web.core.windows.net/ HTTP/1.1Host: userstatics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pusha1qsn.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?lang=en HTTP/1.1Host: ipwho.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_71.2.dr	String found in binary or memory: Math.round(p);v["gtm.videoCurrentTime"]=Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},Ij:function(){e=zb()},pd:function(){d()}}};var dc=ia(["data-gtm-yt-inspected-"]),xC=["www.youtube.com","www.youtube-nocookie.com"],yC,zC=!1; equals www.youtube.com (Youtube)
Source: chromecache_71.2.dr	String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var h=jA(a,c,e);M(121);if("https://www.facebook.com/tr/"===h["gtm.elementUrl"])return M(122),!0;if(d&&f){for(var m=Jb(b,g.length),n=0;n<g.length;++n)g[n](h,m);return m.done}for(var p=0;p<g.length;++p)g[p](h,function(){});return!0},mA=function(){var a=[],b=function(c){return pb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_71.2.dr	String found in binary or memory: e\|\|f\|\|g.length\|\|h.length))return;var n={Tg:d,Rg:e,Sg:f,Dh:g,Eh:h,xe:m,zb:b},p=D.YT,q=function(){FC(n)};if(p)return p.ready&&p.ready(q),b;var r=D.onYouTubeIframeAPIReady;D.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(IC(w,"iframe_api")\|\|IC(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!zC&&GC(x[A],n.xe))return Ic("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_71.2.dr	String found in binary or memory: var KB=function(a,b,c,d,e){var f=Kz("fsl",c?"nv.mwt":"mwt",0),g;g=c?Kz("fsl","nv.ids",[]):Kz("fsl","ids",[]);if(!g.length)return!0;var h=Gz(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);M(121);if("https://www.facebook.com/tr/"===m)return M(122),!0;h["gtm.elementUrl"]=m;h["gtm.formCanceled"]=c;null!=a.getAttribute("name")&&(h["gtm.interactedFormName"]=a.getAttribute("name"));e&&(h["gtm.formSubmitElement"]=e,h["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!vy(h,wy(b, equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: www.google.com

Source: chromecache_55.2.dr	String found in binary or memory: http://jquery.com/
Source: chromecache_55.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_55.2.dr	String found in binary or memory: http://sizzlejs.com/
Source: chromecache_71.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_71.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_71.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_82.2.dr	String found in binary or memory: https://ezgif.com/optimize
Source: chromecache_76.2.dr	String found in binary or memory: https://ipwho.is/?lang=en
Source: chromecache_71.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_71.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_71.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_71.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_71.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_71.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_71.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_71.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_76.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-8SZJPQT3Z4
Source: chromecache_71.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_71.2.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443

Source: unknown	HTTPS traffic detected: 23.216.69.213:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.216.69.213:443 -> 192.168.2.4:49772 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Yara detected TechSupportScam

Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_76, type: DROPPED

Source: classification engine

Classification label: mal56.phis.win@16/60@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,13070710393856215573,8462554755440443289,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pusha1qsn.z13.web.core.windows.net/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,13070710393856215573,8462554755440443289,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://pusha1qsn.z13.web.core.windows.net/	100%	SlashNext	Scareware type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://ipwho.is/?lang=en	0%	URL Reputation	safe
https://www.merchant-center-analytics.goog	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
ipwho.is	15.204.213.5	true	false	unknown
userstatics.com	104.21.53.38	true	false	unknown
www.google.com	74.125.138.103	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ipwho.is/?lang=en	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com	chromecache_71.2.dr	false		high
https://www.youtube.com/iframe_api	chromecache_71.2.dr	false		high
https://stats.g.doubleclick.net/g/collect	chromecache_71.2.dr	false		high
http://jquery.org/license	chromecache_55.2.dr	false		high
https://td.doubleclick.net	chromecache_71.2.dr	false		high
http://sizzlejs.com/	chromecache_55.2.dr	false		high
https://www.merchant-center-analytics.goog	chromecache_71.2.dr	false	URL Reputation: safe	unknown
https://stats.g.doubleclick.net/g/collect?v=2&	chromecache_71.2.dr	false		high
https://adservice.google.com/pagead/regclk	chromecache_71.2.dr	false		high
https://cct.google/taggy/agent.js	chromecache_71.2.dr	false	URL Reputation: safe	unknown
https://ezgif.com/optimize	chromecache_82.2.dr	false		high
http://jquery.com/	chromecache_55.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.125.138.103	www.google.com	United States	15169	GOOGLEUS	false
15.204.213.5	ipwho.is	United States	71	HP-INTERNET-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.53.38	userstatics.com	United States	13335	CLOUDFLARENETUS	false
108.181.98.179	unknown	Canada	852	ASN852CA	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1429004
Start date and time:	2024-04-20 01:31:31 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://pusha1qsn.z13.web.core.windows.net/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@16/60@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.215.94, 172.217.215.101, 172.217.215.113, 172.217.215.100, 172.217.215.102, 172.217.215.138, 172.217.215.139, 64.233.185.84, 34.104.35.123, 20.60.2.65, 64.233.177.97, 64.233.185.138, 64.233.185.113, 64.233.185.102, 64.233.185.139, 64.233.185.100, 64.233.185.101, 20.12.23.50, 199.232.214.172, 192.229.211.108, 20.3.187.198, 20.166.126.56, 142.250.105.94
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://pusha1qsn.z13.web.core.windows.net/

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	722
Entropy (8bit):	7.434007974065295
Encrypted:	false
SSDEEP:	12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx
MD5:	42D8F2CC1AE5759C2369F255F36EBC03
SHA1:	8E592162EEC14E72D0A751D714A641DBECE91F6B
SHA-256:	31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD
SHA-512:	4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................PLTE.......g......tRNS.@..f....pHYs................eIDATx^..n.0..)..:E}.......+e.p....c^IA.....Y..a.<Q.....l..(...r..^....p....3.[.uI.....w..U...#./,...a\ ."."tdmz.;ps.#u....0..Xb....R....~.....8u0..{\...eAl.z. ...>.B.4.M...e..A...`...t..(g).......@....`.g..b.Y./....,......D...~..<..M....8.Y.;\|.../c..q...@_.qO..G.....Y@..&.be...../....yN....:x..8.....<W..........e......^^ .4..V..9.......v..>......^7.~.._.O.o.@...o).....i...&........`..P.]...@.(....{.......M......;...o..P...H.9yzv8..A.....}(#@..e...[.5.Nu.0..V.#6 I..8.4-.4-.{...G.R..I...%.)....+T...L..2..lK.6.....G.rlS.m.66..ls......a.a.;.6^....Q`...'v..d...kv...h.......}....N..g..lN....IEND.B`.

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (321), with no line terminators
Category:	downloaded
Size (bytes):	321
Entropy (8bit):	5.116310198056064
Encrypted:	false
SSDEEP:	6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOBxFRg4/bR2p02YS/oE:hax0rKRHkhzRH/Un2i2GprK5YWOBjxDW
MD5:	9CA8B3CF349B0E03022CE074E1DF912F
SHA1:	82A4EA7CB5C1E44B2E8D7AF0D28FC8101DB24434
SHA-256:	2C9A915BF32F9572404B6EB1BB408C7260FCD29A0A3B83A21623DF22EE35FAED
SHA-512:	DA156BF793DB31ECE25E9C6E6782E739F2D8C0F49A14A1D03A5E65197C4862FCF301FB283FA565979D4E87F6507237F8EB1F8FA75FDC20D1D8D724F61C781CF3
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/w3.png
Preview:	<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 6b16c555-a01e-0009-28b1-922cfd000000</li><li>TimeStamp : 2024-04-19T23:32:29.7977982Z</li></ul></p></body></html>

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (820)
Category:	downloaded
Size (bytes):	79064
Entropy (8bit):	5.3886285065472075
Encrypted:	false
SSDEEP:	1536:oqD4uWibfmaWWfiw7uOm9LofuENlx9TV6p+T3VopklvQDPj10XQjdA4+9T:opzYf/c9E5vQD6X2dA4+9T
MD5:	2130B7ED48A1006F774734218D916DEE
SHA1:	86D0AAF4ECB3EAD31C3C2739853C089D8D1DC619
SHA-256:	D8AF41D20B1AF69B8C2A8E0776D181A8224F17D314FC2479C8A389A9E79D0542
SHA-512:	6F86E053FD15052FB86228F94B06EDF586BBA0EA68C11D2F8B688A37C2379683DC7D83A6B77D81381703B5E12B28967DFD21A243AA41DBB313682D7ADBA22C93
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/js/jquery-1.4.4.min.js
Preview:	/!. jQuery JavaScript Library v1.4.4. * http://jquery.com/. . Copyright 2010, John Resig. * Dual licensed under the MIT or GPL Version 2 licenses.. * http://jquery.org/license. . Includes Sizzle.js. * http://sizzlejs.com/. * Copyright 2010, The Dojo Foundation. * Released under the MIT, BSD, and GPL Licenses.. . Date: Thu Nov 11 19:04:53 2010 -0500. */.(function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof h==="function")h=.h.events;if(!(a.liveFired===this\|\|!h\|\|!h.live\|\|a.button&&a.type==="click")){if(a.namespace)A=RegExp("(^\|\\.)"+a.namespace.s

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	133
Entropy (8bit):	5.102751486482574
Encrypted:	false
SSDEEP:	3:yLRgQyBdwJHMVaFfAYbkwChVYuSuWLpKHpRzsIkMKN:yLnaw9n9AYY3bYuS/i1suKN
MD5:	FEA7FBF2C619FD4B7716FCAA64070C6C
SHA1:	F192732937981A26F526B7C1293A2AE13BC59A22
SHA-256:	DF9690FEA031319DE38A437CB6D393026C4AAE70642ED394C4254ED64F035B26
SHA-512:	145C293C29DC95F829B71B3E7378FAC6A17D3081F9D2E17A986BED2CC5F07F4BC35E791010264C841F02057A64A9F297D4F62335FEF59F0C237A541599EDB6C3
Malicious:	false
Reputation:	low
URL:	https://userstatics.com/get/script.js?referrer=https://pusha1qsn.z13.web.core.windows.net/
Preview:	document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 31 x 30, 4-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	168
Entropy (8bit):	5.414614498746933
Encrypted:	false
SSDEEP:	3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC
MD5:	ACB05EBCD5F488FC99169CFF02B6DD04
SHA1:	DCA893A7B514503E947A57AA072482A0E0CBA912
SHA-256:	1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115
SHA-512:	13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............&......sRGB...,.....pHYs.................PLTE.P!............]2.....tRNS......../...!IDATx.c`..A%..`........1...@......"@M........IEND.B`.

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1056 x 908, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	99389
Entropy (8bit):	7.948180012126474
Encrypted:	false
SSDEEP:	3072:6cx6AZ6LGPH8lJrpSgVxdHNs04mTQrJvlB6qkrKpP:gAXklJdSgVDHB4oQFtBLkrAP
MD5:	6B11AD15DA74888BEA9095007A9F7DD6
SHA1:	E0BC4A256C552041A88FDAF1A33E8F6494FCFD78
SHA-256:	93AB9DDC223156F5F4BA7FF8FC14A885E9B5946FC10917571022D7C2D9A08886
SHA-512:	709C9A16C5712E141293293FD10E8182B32B89C21F3220BD1BDC8F3C364A6593FAE401FFA52B540041B1528312D47D8495DA81CD8B705AE8CEF92103DBCEBAA3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ............~....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 193 x 71
Category:	dropped
Size (bytes):	14751
Entropy (8bit):	7.927919850442063
Encrypted:	false
SSDEEP:	384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
MD5:	6FCB78E0CD7933A70EEA2CF071F82118
SHA1:	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
SHA-256:	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
SHA-512:	AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
Malicious:	false
Reputation:	low
Preview:	GIF89a..G............d....;.........z..\|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../.....!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....\|..!.n....H[.8L:.P...Z.

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 13 x 13, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	276
Entropy (8bit):	5.44393413565082
Encrypted:	false
SSDEEP:	6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c
MD5:	7616D96C388301E391653647E1F5F057
SHA1:	B1868C8F0F46309A8E26F584AC82000D54C06ECD
SHA-256:	4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977
SHA-512:	C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............E5.N...NPLTE...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff=u......tRNS..zS...G...j.."...)..m.....(....[IDATx.e.I.. .C......E..n...i..T..}.....M.jDCB....,.e.<lg@.O...:K.P.5J..C.g.[...k...W.s...1.t..r....IEND.B`.

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 140 x 30, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	187
Entropy (8bit):	6.13774750591943
Encrypted:	false
SSDEEP:	3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5
MD5:	271021CFA45940978184BE0489841FD3
SHA1:	201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5
SHA-256:	C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41
SHA-512:	EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/images/mnc.png
Preview:	.PNG........IHDR..............d5....PLTEvvv.../.......pHYs................[IDAT(.....@...&....;......!8D....P@..&h./..5....e..%:.h)@.E'..st.......*..iq.5.A...w......piK.G....IEND.B`.

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 13 x 13, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	276
Entropy (8bit):	5.44393413565082
Encrypted:	false
SSDEEP:	6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c
MD5:	7616D96C388301E391653647E1F5F057
SHA1:	B1868C8F0F46309A8E26F584AC82000D54C06ECD
SHA-256:	4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977
SHA-512:	C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/images/bel.png
Preview:	.PNG........IHDR.............E5.N...NPLTE...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff=u......tRNS..zS...G...j.."...)..m.....(....[IDATx.e.I.. .C......E..n...i..T..}.....M.jDCB....,.e.<lg@.O...:K.P.5J..C.g.[...k...W.s...1.t..r....IEND.B`.

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (321), with no line terminators
Category:	downloaded
Size (bytes):	321
Entropy (8bit):	5.089147420762301
Encrypted:	false
SSDEEP:	6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOW2JsUDR2p02s/E:hax0rKRHkhzRH/Un2i2GprK5YWOZ6CM
MD5:	B9A670C065A3815286ECCB0AD9582332
SHA1:	19C50F6BBA10FF63E538B846C8D94C89E325648E
SHA-256:	C4C7686E10364E4C69F98C874164F005FADD407D3A7AC3AA4C669290F8193BAF
SHA-512:	E3CCCBF1B13A46984F74D78D1852B825FD9AA6D825D86868F599648242C085A8D451F4EE389232235AFF9A2C2C1F5E3FBFCF72569C2F598AB0E88E12502B8F62
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/w1.png
Preview:	<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : d279df59-d01e-0085-3eb1-9244f3000000</li><li>TimeStamp : 2024-04-19T23:32:30.7988892Z</li></ul></p></body></html>

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	364
Entropy (8bit):	7.161449027375991
Encrypted:	false
SSDEEP:	6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
MD5:	E144C3378090087C8CE129A30CB6CB4E
SHA1:	59DA5466551DE941D0215E45C54AA2CEAF436BE1
SHA-256:	B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
SHA-512:	3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....\|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI\|...3MS0.,{.wq.w.$.>\|....0.u.{........IEND.B`.

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 166 x 92, 4-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1270
Entropy (8bit):	6.670080953747829
Encrypted:	false
SSDEEP:	24:Y70L1hSWwjx82lY2T3wQV/duYWXN6yJ3VmhW9/G4LF3+F5daOZt2gwF:YoBNn2cQNyXHJ3L9TFuFaW2go
MD5:	05CDF1A2C2FC8F07BEA0A8F4F9356637
SHA1:	B7BBD626D1D6C832509E820CAE1D971B34F625E6
SHA-256:	AFE332157F4EFE355F3181284E99F4331C4D19703ED1678B5316D2933F95E98E
SHA-512:	D8F168BBEE250FAC06382AA8FA52B6AD72AF44C760E474BC0F3E6DA94BA1677F90B543EC582A345BD8DEC45BD1705A81DEE797E718D028E47FCFF9044D4200E6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......\........;....gAMA......a.....sRGB........#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:F17B94CFCABF11EBBAB7FB721269615E" xmpMM:DocumentID="xmp.did:F17B94D0CABF11EBBAB7FB721269615E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F17B94CDCABF11EBBAB7FB721269615E" stRef:documentID="xmp.did:F17B94CECABF11EBBAB7FB721269615E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..F.....tEXtSoftware.Adobe ImageReadyq.e<....PLTELiq..............nz....}&[}....tRNS.z.r.N.....IDATX.....@.E..o1.B........b..

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 140 x 30, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	187
Entropy (8bit):	6.13774750591943
Encrypted:	false
SSDEEP:	3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5
MD5:	271021CFA45940978184BE0489841FD3
SHA1:	201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5
SHA-256:	C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41
SHA-512:	EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............d5....PLTEvvv.../.......pHYs................[IDAT(.....@...&....;......!8D....P@..&h./..5....e..%:.h)@.E'..st.......*..iq.5.A...w......piK.G....IEND.B`.

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	364
Entropy (8bit):	7.161449027375991
Encrypted:	false
SSDEEP:	6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
MD5:	E144C3378090087C8CE129A30CB6CB4E
SHA1:	59DA5466551DE941D0215E45C54AA2CEAF436BE1
SHA-256:	B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
SHA-512:	3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/images/set.png
Preview:	.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....\|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI\|...3MS0.,{.wq.w.$.>\|....0.u.{........IEND.B`.

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	462770
Entropy (8bit):	7.96289736720607
Encrypted:	false
SSDEEP:	12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
MD5:	AB996ED3B126F2B5F0C1F214B96AFE7A
SHA1:	77223F12976D20E06058FE40040E261BD5688F39
SHA-256:	4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
SHA-512:	821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...\|..P...O....l?.T...<........[A.L....xG.O&..\|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.\|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	462770
Entropy (8bit):	7.96289736720607
Encrypted:	false
SSDEEP:	12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
MD5:	AB996ED3B126F2B5F0C1F214B96AFE7A
SHA1:	77223F12976D20E06058FE40040E261BD5688F39
SHA-256:	4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
SHA-512:	821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/images/bg.png
Preview:	.PNG........IHDR..............Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...\|..P...O....l?.T...<........[A.L....xG.O&..\|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.\|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 31 x 30, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	168
Entropy (8bit):	5.414614498746933
Encrypted:	false
SSDEEP:	3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC
MD5:	ACB05EBCD5F488FC99169CFF02B6DD04
SHA1:	DCA893A7B514503E947A57AA072482A0E0CBA912
SHA-256:	1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115
SHA-512:	13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/images/msmm.png
Preview:	.PNG........IHDR.............&......sRGB...,.....pHYs.................PLTE.P!............]2.....tRNS......../...!IDATx.c`..A%..`........1...@......"@M........IEND.B`.

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5955)
Category:	downloaded
Size (bytes):	300920
Entropy (8bit):	5.564588656473371
Encrypted:	false
SSDEEP:	3072:kK44ggAZVNSNcMzszFeIRk8+9CBPIrTWRsYESfhmpt2nBsLqeyYXDeltzvsX9ohc:p4MAFMgzFe0Y0fhmpt+aqeyYXDelJsXJ
MD5:	115B28042929D3C36E61880E49C5B505
SHA1:	6C162A95973E87A0F091B5ED7E0B767ED83996CA
SHA-256:	C4FFC28FDF5D9CBB112FA6F828F1EB8C79EDDC4709222781492F18A70CFDADF8
SHA-512:	614BFB2148EE3CEC54A561C146DA8EDD6D9DE22F3779790E7B165977AC4E59782404B9F1C80235C14EAE77CBCFACE4680C667045484BAEDF8DDB6CB9C9D8AD80
Malicious:	false
Reputation:	low
URL:	https://www.googletagmanager.com/gtag/js?id=G-8SZJPQT3Z4
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":14,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_email

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text, with very long lines (324), with CRLF line terminators
Category:	downloaded
Size (bytes):	18178
Entropy (8bit):	4.868191588228292
Encrypted:	false
SSDEEP:	192:m5pyua9kzmx5XO0CfsXLruzG61fMDl1tFpFab5rjloqSrXVrqODz7frYYkYYPlcr:6pyusXrJm4lICr
MD5:	7EB9DB6D3E4C84E0E29BEE4CC963F3A0
SHA1:	BEBA530C07ECB65C1C80BC73429BBB01B812EB0B
SHA-256:	B93DABEBD37A3D0F9067554802BA410632C88E12DB36C17CB586719E4A3ABA71
SHA-512:	E931634C19125A4D1EC41283DBB9A4AFCF287A2B80B924760D69FDB1E42F3740336FF4F0F8F4E66A65FF2CCBCDACBAFB7F61023C305653CDDD70A2BAD84B1B11
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/css/tapa.css
Preview:	.table,label {.. max-width: 100%..}.....btn:focus,.btn:hover,body {.. color: #333..}....#txtintro,.row:after {.. clear: both..}....#bottom ul,.mar_top ul,.total_detail ul,.total_detail_scan ul {.. list-style-type: none..}....#footer,#qwrqwewrqwdqw,.btn,[role=button],button {.. cursor: pointer..}....@-webkit-keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@-o-keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@keyframes rotate {.. 0% {.. transform: rotate(0).. }.... to {.. transform: rotate(360deg).. }..}....@keyframes zoominoutsinglefeatured {.. 0%,to {.. transform: scale(1,1).. }.... 50% {..

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	722
Entropy (8bit):	7.434007974065295
Encrypted:	false
SSDEEP:	12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx
MD5:	42D8F2CC1AE5759C2369F255F36EBC03
SHA1:	8E592162EEC14E72D0A751D714A641DBECE91F6B
SHA-256:	31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD
SHA-512:	4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/images/vsc.png
Preview:	.PNG........IHDR....................PLTE.......g......tRNS.@..f....pHYs................eIDATx^..n.0..)..:E}.......+e.p....c^IA.....Y..a.<Q.....l..(...r..^....p....3.[.uI.....w..U...#./,...a\ ."."tdmz.;ps.#u....0..Xb....R....~.....8u0..{\...eAl.z. ...>.B.4.M...e..A...`...t..(g).......@....`.g..b.Y./....,......D...~..<..M....8.Y.;\|.../c..q...@_.qO..G.....Y@..&.be...../....yN....:x..8.....<W..........e......^^ .4..V..9.......v..>......^7.~.._.O.o.@...o).....i...&........`..P.]...@.(....{.......M......;...o..P...H.9yzv8..A.....}(#@..e...[.5.Nu.0..V.#6 I..8.4-.4-.{...G.R..I...%.)....+T...L..2..lK.6.....G.rlS.m.66..ls......a.a.;.6^....Q`...'v..d...kv...h.......}....N..g..lN....IEND.B`.

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 520 x 520, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2681
Entropy (8bit):	7.104642717027869
Encrypted:	false
SSDEEP:	48:YCCiUUMR6p8vP/DjQ2aMGRXRXRXRXRXRXRXRXRXyBQ1FIyDCiiiiiiinrzMxAJl:LVUBvQfMGZZZZZZZZZLFISrQx2l
MD5:	B01A30D354BFCF51EDF33E0B0EA07402
SHA1:	C421359518D1AE258237BF501C563B7F059F8B9B
SHA-256:	B67A7C07A045D7CB0F2E216A557AEC0D99405E17C36D1A6B1FF3E2733AA35348
SHA-512:	D5424C1A03F03B72A5EE1F6F1962F07BDF9EFCEAA71299965F1EA28CD2E52AD899C1D8AE327754D5B39B355904EF7C9F26E724EA29C30B76074F87443416B3DA
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/images/cs.png
Preview:	.PNG........IHDR.............<".Q...]PLTE.....................................................................................................tRNS..e.zQ..H^3.o....(.......7...en....IDATx.....@.D.V@...f...?.4A3..u.......c..i..*.M.c.uM...:~...........G..V....C...G.!.N.o....+J$8.\.....6..^...N.t(#..Uvp../.m ....b...q.H.jtp..b.Hpj.At.....r.]>.....}..".l.t..c.>"..i.qY..%$.4..........8X4i.B.Cs..)!.(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`...H0..$X..$....$.}......@.......A..^.............Z.......V..M.......L....L....L..&.L........L.....u...........`...L87..g.<0...&......f=0.i.L.m...~....o3...i.....}`...Lx.......L........................................................................................0..@..........M..L..L..L..L..L..L..L..L..L..L..L..L...1......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<.....

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 100 x 100, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	332
Entropy (8bit):	6.871743379185684
Encrypted:	false
SSDEEP:	6:6v/lhP8SsClmDlhK7/6TmMUnl/iIntVNqCsCja6K97kCuQKQZ99z/p7WMFbip:6v/7NLlWhE/6TmLnl/vtiC068A3/IVxs
MD5:	9D8A90A63D20F05D27E5D6ABB35E0CD0
SHA1:	5873B4007E9D55B4D891A4C427B3735ED23DBFE8
SHA-256:	7DF9F467D23EE1887EDB2123CCA10A1A9C4624CDCF7199C64E78A8430031F9F5
SHA-512:	DE64196F0A8E375DB6E4EFFF5F53AD2E77B9336D045C937C81CE1F1DED039844AB0E9F66B1599301CAF795532C9F03F0A6FD45A0117233C4BF2862419C280CC6
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/images/dm.png
Preview:	.PNG........IHDR...d...d.....J,......PLTE.......g......tRNS.@..f....pHYs.................IDATx^..1n. ..`#...@.r.N.U.I.9.G..22 Sp..A^U.c..O.0...e}h[..}....9.L...Q.@'..%I.a.F.X.P`....cu.oD...}.K.wP....e}.....'~..2..."...N..M.5.Ep...E>I5.".hg..6.e...)...H...l.!7.bXX.p.'..I../RI."_...K.QJiB..3x.~....z.;..#....5W.....IEND.B`.

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	19089
Entropy (8bit):	4.55414654040356
Encrypted:	false
SSDEEP:	192:fNLW3lDcMPo6w6j1P4Ur4U+hsBuULdzmGmSABCzuR5RDxwU:FklDccz1PNrNUCuGdzmGGB3
MD5:	C31A2718138E25A0501A611F011264D4
SHA1:	665A5A9A1335A53A72803F66DF99789D2AAC4452
SHA-256:	26E3C885F24B06EBA43D88F2427490C5C9D5C9FD6C3D8F754B9639E1E9BDDE81
SHA-512:	D44F1B683A3346501342CDE2E7CCAD2005275050B69A3EFDD7DBF748190296306FC00650B9D52420C022F29225D644F1E826D308871162D49EB8925E01A35827
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/
Preview:	<html lang="en"><head>. <meta charset="utf-8">. <meta content="width=device-width,initial-scale=1,shrink-to-fit=no" name="viewport">. <meta content="noindex,nofollow" name="robots">. <title>System Error Code Er0erydfd1</title>. <link href="images/msmm.png" rel="icon" id="favicon" type="image/png">. <link href="css/tapa.css" rel="stylesheet">.. <script type="text/javascript" src="js/jquery-1.4.4.min.js"></script>. <script type="text/javascript">//<![CDATA[. $(function(){. $('body').bind('contextmenu', function(e){. return false;. });. });// . </script>. Global site tag (gtag.js) - Google Analytics -->.<script async="" src="https://www.googletagmanager.com/gtag/js?id=G-8SZJPQT3Z4"></script>.<script>. window.dataLayer = window.dataLayer \|\| [];. function gtag(){dataLayer.push(arguments);}. gtag('js', new Date());.. gtag('config', 'G-8SZJPQT3Z4');.</script>... <script>. var t = new XMLHttpRequest;. t.onreadystatechange = fu

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 100 x 100, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	332
Entropy (8bit):	6.871743379185684
Encrypted:	false
SSDEEP:	6:6v/lhP8SsClmDlhK7/6TmMUnl/iIntVNqCsCja6K97kCuQKQZ99z/p7WMFbip:6v/7NLlWhE/6TmLnl/vtiC068A3/IVxs
MD5:	9D8A90A63D20F05D27E5D6ABB35E0CD0
SHA1:	5873B4007E9D55B4D891A4C427B3735ED23DBFE8
SHA-256:	7DF9F467D23EE1887EDB2123CCA10A1A9C4624CDCF7199C64E78A8430031F9F5
SHA-512:	DE64196F0A8E375DB6E4EFFF5F53AD2E77B9336D045C937C81CE1F1DED039844AB0E9F66B1599301CAF795532C9F03F0A6FD45A0117233C4BF2862419C280CC6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...d...d.....J,......PLTE.......g......tRNS.@..f....pHYs.................IDATx^..1n. ..`#...@.r.N.U.I.9.G..22 Sp..A^U.c..O.0...e}h[..}....9.L...Q.@'..%I.a.F.X.P`....cu.oD...}.K.wP....e}.....'~..2..."...N..M.5.Ep...E>I5.".hg..6.e...)...H...l.!7.bXX.p.'..I../RI."_...K.QJiB..3x.~....z.;..#....5W.....IEND.B`.

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
Category:	downloaded
Size (bytes):	376425
Entropy (8bit):	6.328939718669852
Encrypted:	false
SSDEEP:	6144:tw78qtWLT4gFpI7gfogcXWKdM1I519inwhdoZtFYSxDi7TSPg27C:SLtc3FEgggcmkM1IBoZ4miI7C
MD5:	32D775D8AC22F1CD0CC29097DF12CCFA
SHA1:	D6B5DBEF7BC81E1D86DB4254FE68BCB2AA5E21C4
SHA-256:	BD132E75009AC7BDCBA4BF7C54F71FD9386A4FFBBFD4AD156721D5082194602B
SHA-512:	08558205EA34634C274A8947E650CB2EC3BCF17BCB9239C6AC586D72BD07C4192049AF71A9186212B668D2F2273847C6FF5B739DB2D87EBA3E8A74B9A10A218C
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/media/Fm7-alert.wav:2f7511c8a9e26a:0
Preview:	RIFF....WAVEfmt ........"V..D.......LIST....INFOIART&...IVONA Reader - Microsoft Zira Desktop.ICMT....License: Unknown..IGNR....Speech..INAM....Important Security..IPRD....Warning.IPRT....1.ISFT....Lavf58.76.100.data...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 166 x 92, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1270
Entropy (8bit):	6.670080953747829
Encrypted:	false
SSDEEP:	24:Y70L1hSWwjx82lY2T3wQV/duYWXN6yJ3VmhW9/G4LF3+F5daOZt2gwF:YoBNn2cQNyXHJ3L9TFuFaW2go
MD5:	05CDF1A2C2FC8F07BEA0A8F4F9356637
SHA1:	B7BBD626D1D6C832509E820CAE1D971B34F625E6
SHA-256:	AFE332157F4EFE355F3181284E99F4331C4D19703ED1678B5316D2933F95E98E
SHA-512:	D8F168BBEE250FAC06382AA8FA52B6AD72AF44C760E474BC0F3E6DA94BA1677F90B543EC582A345BD8DEC45BD1705A81DEE797E718D028E47FCFF9044D4200E6
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/images/pcm.png
Preview:	.PNG........IHDR.......\........;....gAMA......a.....sRGB........#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:F17B94CFCABF11EBBAB7FB721269615E" xmpMM:DocumentID="xmp.did:F17B94D0CABF11EBBAB7FB721269615E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F17B94CDCABF11EBBAB7FB721269615E" stRef:documentID="xmp.did:F17B94CECABF11EBBAB7FB721269615E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..F.....tEXtSoftware.Adobe ImageReadyq.e<....PLTELiq..............nz....}&[}....tRNS.z.r.N.....IDATX.....@.E..o1.B........b..

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 520 x 520, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	7.104642717027869
Encrypted:	false
SSDEEP:	48:YCCiUUMR6p8vP/DjQ2aMGRXRXRXRXRXRXRXRXRXyBQ1FIyDCiiiiiiinrzMxAJl:LVUBvQfMGZZZZZZZZZLFISrQx2l
MD5:	B01A30D354BFCF51EDF33E0B0EA07402
SHA1:	C421359518D1AE258237BF501C563B7F059F8B9B
SHA-256:	B67A7C07A045D7CB0F2E216A557AEC0D99405E17C36D1A6B1FF3E2733AA35348
SHA-512:	D5424C1A03F03B72A5EE1F6F1962F07BDF9EFCEAA71299965F1EA28CD2E52AD899C1D8AE327754D5B39B355904EF7C9F26E724EA29C30B76074F87443416B3DA
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............<".Q...]PLTE.....................................................................................................tRNS..e.zQ..H^3.o....(.......7...en....IDATx.....@.D.V@...f...?.4A3..u.......c..i..*.M.c.uM...:~...........G..V....C...G.!.N.o....+J$8.\.....6..^...N.t(#..Uvp../.m ....b...q.H.jtp..b.Hpj.At.....r.]>.....}..".l.t..c.>"..i.qY..%$.4..........8X4i.B.Cs..)!.(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`...H0..$X..$....$.}......@.......A..^.............Z.......V..M.......L....L....L..&.L........L.....u...........`...L87..g.<0...&......f=0.i.L.m...~....o3...i.....}`...Lx.......L........................................................................................0..@..........M..L..L..L..L..L..L..L..L..L..L..L..L...1......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<.....

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1056 x 908, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	99389
Entropy (8bit):	7.948180012126474
Encrypted:	false
SSDEEP:	3072:6cx6AZ6LGPH8lJrpSgVxdHNs04mTQrJvlB6qkrKpP:gAXklJdSgVDHB4oQFtBLkrAP
MD5:	6B11AD15DA74888BEA9095007A9F7DD6
SHA1:	E0BC4A256C552041A88FDAF1A33E8F6494FCFD78
SHA-256:	93AB9DDC223156F5F4BA7FF8FC14A885E9B5946FC10917571022D7C2D9A08886
SHA-512:	709C9A16C5712E141293293FD10E8182B32B89C21F3220BD1BDC8F3C364A6593FAE401FFA52B540041B1528312D47D8495DA81CD8B705AE8CEF92103DBCEBAA3
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/images/bx1.png
Preview:	.PNG........IHDR... ............~....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 193 x 71
Category:	downloaded
Size (bytes):	14751
Entropy (8bit):	7.927919850442063
Encrypted:	false
SSDEEP:	384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
MD5:	6FCB78E0CD7933A70EEA2CF071F82118
SHA1:	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
SHA-256:	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
SHA-512:	AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/images/re.gif
Preview:	GIF89a..G............d....;.........z..\|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../.....!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....\|..!.n....H[.8L:.P...Z.

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	720
Entropy (8bit):	5.09315359199375
Encrypted:	false
SSDEEP:	12:YS4YhZImV+xaNmd6wpHb2WJHXmjCM2L+sHi3y2ARQDosJDNCFaq/Pe5sj+VkotFY:YL0RNMhHbVJ3mjP2SC21RCFrnjaVtFY
MD5:	92852FAE3146CDA0AD4C87C71CDC9306
SHA1:	C958292B66C5507B9D0E4FD35F834E8993A6AF81
SHA-256:	E8B738F92FF7D078686C99651D0FC158BCA6D02B80DF2A7A38B8837121D560B0
SHA-512:	BACE740EFEA1D2537373095BEDFB9093B0BEFFED80C54AD736FFE8E022E71CD837169E777339C9BEA1FA0AE016C1495BDEB703EB29AE01CE048169916D200A11
Malicious:	false
Reputation:	low
URL:	https://ipwho.is/?lang=en
Preview:	{"ip":"81.181.57.52","success":true,"type":"IPv4","continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"Georgia","region_code":"GA","city":"Atlanta","latitude":33.7489954,"longitude":-84.3879824,"is_eu":false,"postal":"30303","calling_code":"1","capital":"Washington D.C.","borders":"CA,MX","flag":{"img":"https:\/\/cdn.ipwhois.io\/flags\/us.svg","emoji":"\ud83c\uddfa\ud83c\uddf8","emoji_unicode":"U+1F1FA U+1F1F8"},"connection":{"asn":212238,"org":"Binbox Global Services SRL","isp":"Datacamp Limited","domain":"cogentco.com"},"timezone":{"id":"America\/New_York","abbr":"EDT","is_dst":true,"offset":-14400,"utc":"-04:00","current_time":"2024-04-19T19:32:27-04:00"}}

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	5816
Entropy (8bit):	4.707067894665527
Encrypted:	false
SSDEEP:	96:rSCU5PMZwzlNZiD07WJiOiq+mh5hoFzT6M:OCmPMZKT0gSJiOiYjuFzT6M
MD5:	41D726BA8105809814789FD8B9D6015A
SHA1:	A560687A3E1622DAA162E711CCCDACFC070E2278
SHA-256:	86C48A03A2DD5D8848990B64B04FC70A9C7B7CC551AA5FA251B2B57292E37113
SHA-512:	D3A858DEC6B8168FB2D0E5945A841DB55FC90C316FABFC07B754C84765980482FC9DD2EDCB579D42CF929352F38AF148FE26A437F3CF4494D6385EB9652145F4
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/js/jscode.js
Preview:	$(function() {.. var a = 0,.. b = setInterval(function() {.. a += 10;.. $("#dynamic").css("width", a + "%").attr("aria-valuenow", a).text(a + "% Complete");.. 100 <= a && clearInterval(b).. }, 100).. });.... (function(a) {.. a.fn.countTo = function(b) {.. b = b \|\| {};.. return a(this).each(function() {.. function d(a) {.. a = c.formatter.call(k, a, c);.. h.html(a).. }.. var c = a.extend({}, a.fn.countTo.defaults, {.. from: a(this).data("from"),.. to: a(this).data("to"),.. speed: a(this).data("speed"),.. refreshInterval: a(this).data("refresh-interval"),.. decimals: a(this).data("decimals").. }, b),.. l = Math.ceil(c.speed / c.refreshInterval),.. n = (c.to - c.from) / l,.. k = this,.. h = a(this),.. m = 0,.. f = c.from,.. g = h.data("countTo") \|\| {};.. h.data("countTo"

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.68315659106313
Encrypted:	false
SSDEEP:	24:7XNLWAtaN83Jfmtr2erK2fvrQbqUbFdJisxYx6qwOBJA:7XNW2aKPSK2fvrdYbJisCMqwO0
MD5:	7F5FD876BA01581FCA2F80B2609C22C6
SHA1:	C259979E47DA1D4DD41565C4D398BB868E9B41A2
SHA-256:	07B0FD8DB10407370132D7D5080B7B871E4999A998770026D6DA0434A341B2DA
SHA-512:	E51D975C8E458CAA9A383DA2D5E02349277EA276484FCA1D856D0FFC8D9DC76BA1EE95E3EB956F96AF6899B32F58B3E03623986CB7992C8DC88C138EE44814DD
Malicious:	false
Reputation:	low
Preview:	{. "About Us": "https:\/\/ipwhois.io",. "ip": "81.181.57.52",. "success": true,. "type": "IPv4",. "continent": "North America",. "continent_code": "NA",. "country": "United States",. "country_code": "US",. "region": "Georgia",. "region_code": "GA",. "city": "Atlanta",. "latitude": 33.7489954,. "longitude": -84.3879824,. "is_eu": false,. "postal": "30303",. "calling_code": "1",. "capital": "Washington D.C.",. "borders": "CA,MX",. "flag": {. "img": "https:\/\/cdn.ipwhois.io\/flags\/us.svg",. "emoji": "\ud83c\uddfa\ud83c\uddf8",. "emoji_unicode": "U+1F1FA U+1F1F8". },. "connection": {. "asn": 212238,. "org": "Binbox Global Services SRL",. "isp": "Datacamp Limited",. "domain": "cogentco.com". },. "timezone": {. "id": "America\/New_York",. "abbr": "EDT",. "is_dst": true,. "offset": -14400,. "utc": "-04:00",. "current_time": "2024-04-

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	503
Entropy (8bit):	4.806069034061486
Encrypted:	false
SSDEEP:	6:dnPaKIGCRUJACRqSYP8B8PFCZrdEGCXaAVylvTGBi1fWBCE+ZQiGTGBC/ry1TGBD:dS7SsP3CTEGCbslvTWrBCV/lBC/TBC/Q
MD5:	CD6C33FBC221D0271C910AF910E6EBED
SHA1:	9B52F24D6F10B885BB19DB1C4B531469F96D2914
SHA-256:	318698AE5E67C32550D6B40AC09848D598F6317F51A8F09638BA925F6E7CC479
SHA-512:	13D12EE60E01EC4DDE5C1BED73A607A891D5CC857A6E161034E71159BD2A352A0F4AD8EF6038CCB2B5D7F23B8899BF9BCB97AA39EAFCC6AE985CDC835E061412
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/js/jupiter.js
Preview:	function addEvent(obj, evt, fn) {.. if (obj.addEventListener) {.. obj.addEventListener(evt, fn, false);.. } else if (obj.attachEvent) {.. obj.attachEvent("on" + evt, fn);.. }..}....addEvent(document, 'mouseout', function(evt) {.. if (evt.toElement == null && evt.relatedTarget == null) {.. $('.lightbox').slideDown();.. };..});....$('a.close').click(function() {.. $('.lightbox').slideUp();..});..$('body').click(function() {.. $('.lightbox').slideUp();..});..

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (321), with no line terminators
Category:	downloaded
Size (bytes):	321
Entropy (8bit):	5.093611407095674
Encrypted:	false
SSDEEP:	6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOa5pEbRFzR2p02X5E:hax0rKRHkhzRH/Un2i2GprK5YWOa3ePt
MD5:	258C66EAACDA443A53ADC27BFF02697A
SHA1:	2CEE857BA8BF00E5249F2633AA80F3C3E4B81997
SHA-256:	1E5B185BF3139F0F3B05A53DE20504EA661452409647C74672FD7BF2D8254D61
SHA-512:	2DBDA2A2105087FA70F05B533BFCF0B54CEF1C231F581E8207826423A6B28228FD89B22C47FF6DCEA85053F5B767BC3190C06E5BB00800A810B0BC47A5827E76
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/webs.wav
Preview:	<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : fb6e6282-b01e-00ac-0fb1-927a87000000</li><li>TimeStamp : 2024-04-19T23:32:28.8248447Z</li></ul></p></body></html>

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2083), with no line terminators
Category:	downloaded
Size (bytes):	2083
Entropy (8bit):	5.0463133028709635
Encrypted:	false
SSDEEP:	48:W/iGbnd2lcCB2/GxUH3M1+Rh9FNGDzjUYx7u9rDTlRSg40:Y9d2ldWR017MDE0
MD5:	33B3E05F86FE68782A71C3EB89C637DF
SHA1:	B4271F567F27351847B2CA127DCB8D88A03300A3
SHA-256:	B1A5978232E5BAD9D779EC449BBBB365E393A818D44DAE1A38C97BAD79ADA48F
SHA-512:	E60CD591C34640B39CB95BA14F90CD0563A4B25E4F26212F5FC79203A09463CF2DD5C787230385270BD0A725379568F518C814D326ABDCDB347F8A955CAC78AA
Malicious:	false
Reputation:	low
URL:	https://pusha1qsn.z13.web.core.windows.net/js/nvidia.js
Preview:	function toggleFullScreen(e){var n=document.body;e instanceof HTMLElement&&(n=e);var t=document.webkitIsFullScreen\|\|document.mozFullScreen\|\|!1;n.requestFullScreen=n.requestFullScreen\|\|n.webkitRequestFullScreen\|\|n.mozRequestFullScreen\|\|function(){return!1},document.cancelFullScreen=document.cancelFullScreen\|\|document.webkitCancelFullScreen\|\|document.mozCancelFullScreen\|\|function(){return!1},t?document.cancelFullScreen():n.requestFullScreen()}function addEvent(e,n,t){e.addEventListener?e.addEventListener(n,t,!1):e.attachEvent&&e.attachEvent("on"+n,t)}$(document).ready(function(){var e=document.createElement("audio");e.setAttribute("src","ai2.mp3"),e.addEventListener("ended",function(){this.play()},!1),$(".map").click(function(){e.play()}),$(".black").click(function(){e.play()}),$("#footer").click(function(){e.play()}),$("#qwrqwewrqwdqw").click(function(){e.play()})}),$(document).ready(function(){$("body").mouseover(function(){$("#footer").fadeIn("").css({bottom:-20,position:"fixed"}).ani

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 20, 2024 01:32:14.286372900 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 20, 2024 01:32:15.630208015 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 20, 2024 01:32:25.235191107 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 20, 2024 01:32:25.782886982 CEST	49742	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:32:25.782972097 CEST	443	49742	74.125.138.103	192.168.2.4
Apr 20, 2024 01:32:25.783039093 CEST	49742	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:32:25.783335924 CEST	49742	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:32:25.783375025 CEST	443	49742	74.125.138.103	192.168.2.4
Apr 20, 2024 01:32:26.011327982 CEST	443	49742	74.125.138.103	192.168.2.4
Apr 20, 2024 01:32:26.012054920 CEST	49742	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:32:26.012141943 CEST	443	49742	74.125.138.103	192.168.2.4
Apr 20, 2024 01:32:26.013700962 CEST	443	49742	74.125.138.103	192.168.2.4
Apr 20, 2024 01:32:26.013895988 CEST	49742	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:32:26.016999960 CEST	49742	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:32:26.017132044 CEST	443	49742	74.125.138.103	192.168.2.4
Apr 20, 2024 01:32:26.058953047 CEST	49742	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:32:26.059014082 CEST	443	49742	74.125.138.103	192.168.2.4
Apr 20, 2024 01:32:26.100045919 CEST	49742	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:32:26.427403927 CEST	49750	443	192.168.2.4	15.204.213.5
Apr 20, 2024 01:32:26.427488089 CEST	443	49750	15.204.213.5	192.168.2.4
Apr 20, 2024 01:32:26.427561045 CEST	49750	443	192.168.2.4	15.204.213.5
Apr 20, 2024 01:32:26.428133011 CEST	49750	443	192.168.2.4	15.204.213.5
Apr 20, 2024 01:32:26.428165913 CEST	443	49750	15.204.213.5	192.168.2.4
Apr 20, 2024 01:32:26.806045055 CEST	443	49750	15.204.213.5	192.168.2.4
Apr 20, 2024 01:32:26.852333069 CEST	49750	443	192.168.2.4	15.204.213.5
Apr 20, 2024 01:32:26.913655996 CEST	49750	443	192.168.2.4	15.204.213.5
Apr 20, 2024 01:32:26.913688898 CEST	443	49750	15.204.213.5	192.168.2.4
Apr 20, 2024 01:32:26.917558908 CEST	443	49750	15.204.213.5	192.168.2.4
Apr 20, 2024 01:32:26.917645931 CEST	49750	443	192.168.2.4	15.204.213.5
Apr 20, 2024 01:32:26.984011889 CEST	49750	443	192.168.2.4	15.204.213.5
Apr 20, 2024 01:32:26.984268904 CEST	443	49750	15.204.213.5	192.168.2.4
Apr 20, 2024 01:32:26.984544992 CEST	49750	443	192.168.2.4	15.204.213.5
Apr 20, 2024 01:32:26.984580994 CEST	443	49750	15.204.213.5	192.168.2.4
Apr 20, 2024 01:32:27.038741112 CEST	49750	443	192.168.2.4	15.204.213.5
Apr 20, 2024 01:32:27.108566046 CEST	443	49750	15.204.213.5	192.168.2.4
Apr 20, 2024 01:32:27.108757973 CEST	443	49750	15.204.213.5	192.168.2.4
Apr 20, 2024 01:32:27.108819008 CEST	49750	443	192.168.2.4	15.204.213.5
Apr 20, 2024 01:32:27.331214905 CEST	49750	443	192.168.2.4	15.204.213.5
Apr 20, 2024 01:32:27.331255913 CEST	443	49750	15.204.213.5	192.168.2.4
Apr 20, 2024 01:32:27.550299883 CEST	49761	443	192.168.2.4	104.21.53.38
Apr 20, 2024 01:32:27.550384045 CEST	443	49761	104.21.53.38	192.168.2.4
Apr 20, 2024 01:32:27.550450087 CEST	49761	443	192.168.2.4	104.21.53.38
Apr 20, 2024 01:32:27.550839901 CEST	49761	443	192.168.2.4	104.21.53.38
Apr 20, 2024 01:32:27.550872087 CEST	443	49761	104.21.53.38	192.168.2.4
Apr 20, 2024 01:32:27.779259920 CEST	443	49761	104.21.53.38	192.168.2.4
Apr 20, 2024 01:32:27.779555082 CEST	49761	443	192.168.2.4	104.21.53.38
Apr 20, 2024 01:32:27.779584885 CEST	443	49761	104.21.53.38	192.168.2.4
Apr 20, 2024 01:32:27.780628920 CEST	443	49761	104.21.53.38	192.168.2.4
Apr 20, 2024 01:32:27.780704021 CEST	49761	443	192.168.2.4	104.21.53.38
Apr 20, 2024 01:32:27.874914885 CEST	49762	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:27.874974966 CEST	443	49762	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:27.875164032 CEST	49762	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:27.876990080 CEST	49762	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:27.877027988 CEST	443	49762	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:28.098768950 CEST	443	49762	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:28.098875046 CEST	49762	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:28.102946997 CEST	49762	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:28.102962017 CEST	443	49762	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:28.103255033 CEST	443	49762	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:28.144695044 CEST	49762	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:28.163594961 CEST	49761	443	192.168.2.4	104.21.53.38
Apr 20, 2024 01:32:28.163769960 CEST	443	49761	104.21.53.38	192.168.2.4
Apr 20, 2024 01:32:28.163964033 CEST	49761	443	192.168.2.4	104.21.53.38
Apr 20, 2024 01:32:28.164000988 CEST	443	49761	104.21.53.38	192.168.2.4
Apr 20, 2024 01:32:28.206016064 CEST	49761	443	192.168.2.4	104.21.53.38
Apr 20, 2024 01:32:28.500144958 CEST	443	49761	104.21.53.38	192.168.2.4
Apr 20, 2024 01:32:28.500416040 CEST	443	49761	104.21.53.38	192.168.2.4
Apr 20, 2024 01:32:28.500508070 CEST	49761	443	192.168.2.4	104.21.53.38
Apr 20, 2024 01:32:28.783349037 CEST	49761	443	192.168.2.4	104.21.53.38
Apr 20, 2024 01:32:28.783401012 CEST	443	49761	104.21.53.38	192.168.2.4
Apr 20, 2024 01:32:28.860558033 CEST	49762	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:28.904160976 CEST	443	49762	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:28.966690063 CEST	443	49762	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:28.966936111 CEST	443	49762	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:28.967000961 CEST	49762	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:28.982538939 CEST	49762	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:28.982598066 CEST	443	49762	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:28.982644081 CEST	49762	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:28.982661963 CEST	443	49762	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:29.284337044 CEST	49772	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:29.284365892 CEST	443	49772	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:29.284446001 CEST	49772	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:29.290463924 CEST	49772	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:29.290488958 CEST	443	49772	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:29.369713068 CEST	49774	443	192.168.2.4	108.181.98.179
Apr 20, 2024 01:32:29.369764090 CEST	443	49774	108.181.98.179	192.168.2.4
Apr 20, 2024 01:32:29.369908094 CEST	49774	443	192.168.2.4	108.181.98.179
Apr 20, 2024 01:32:29.370168924 CEST	49774	443	192.168.2.4	108.181.98.179
Apr 20, 2024 01:32:29.370182991 CEST	443	49774	108.181.98.179	192.168.2.4
Apr 20, 2024 01:32:29.503582001 CEST	443	49772	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:29.503659964 CEST	49772	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:29.519426107 CEST	49772	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:29.519452095 CEST	443	49772	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:29.519810915 CEST	443	49772	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:29.533799887 CEST	49772	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:29.580115080 CEST	443	49772	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:29.710753918 CEST	443	49772	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:29.710942984 CEST	443	49772	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:29.710997105 CEST	49772	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:29.711697102 CEST	49772	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:29.711697102 CEST	49772	443	192.168.2.4	23.216.69.213
Apr 20, 2024 01:32:29.711733103 CEST	443	49772	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:29.711755991 CEST	443	49772	23.216.69.213	192.168.2.4
Apr 20, 2024 01:32:29.744951010 CEST	443	49774	108.181.98.179	192.168.2.4
Apr 20, 2024 01:32:29.745311022 CEST	49774	443	192.168.2.4	108.181.98.179
Apr 20, 2024 01:32:29.745318890 CEST	443	49774	108.181.98.179	192.168.2.4
Apr 20, 2024 01:32:29.746753931 CEST	443	49774	108.181.98.179	192.168.2.4
Apr 20, 2024 01:32:29.746809006 CEST	49774	443	192.168.2.4	108.181.98.179
Apr 20, 2024 01:32:29.747345924 CEST	49774	443	192.168.2.4	108.181.98.179
Apr 20, 2024 01:32:29.747417927 CEST	443	49774	108.181.98.179	192.168.2.4
Apr 20, 2024 01:32:29.747684956 CEST	49774	443	192.168.2.4	108.181.98.179
Apr 20, 2024 01:32:29.747689962 CEST	443	49774	108.181.98.179	192.168.2.4
Apr 20, 2024 01:32:29.789782047 CEST	49774	443	192.168.2.4	108.181.98.179
Apr 20, 2024 01:32:29.872426987 CEST	443	49774	108.181.98.179	192.168.2.4
Apr 20, 2024 01:32:29.872525930 CEST	443	49774	108.181.98.179	192.168.2.4
Apr 20, 2024 01:32:29.872570038 CEST	49774	443	192.168.2.4	108.181.98.179
Apr 20, 2024 01:32:29.872971058 CEST	49774	443	192.168.2.4	108.181.98.179
Apr 20, 2024 01:32:29.872980118 CEST	443	49774	108.181.98.179	192.168.2.4
Apr 20, 2024 01:32:36.041081905 CEST	443	49742	74.125.138.103	192.168.2.4
Apr 20, 2024 01:32:36.041244030 CEST	443	49742	74.125.138.103	192.168.2.4
Apr 20, 2024 01:32:36.041479111 CEST	49742	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:32:37.222098112 CEST	49742	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:32:37.222160101 CEST	443	49742	74.125.138.103	192.168.2.4
Apr 20, 2024 01:33:25.731847048 CEST	49791	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:33:25.731941938 CEST	443	49791	74.125.138.103	192.168.2.4
Apr 20, 2024 01:33:25.732027054 CEST	49791	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:33:25.732240915 CEST	49791	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:33:25.732271910 CEST	443	49791	74.125.138.103	192.168.2.4
Apr 20, 2024 01:33:25.953598976 CEST	443	49791	74.125.138.103	192.168.2.4
Apr 20, 2024 01:33:26.001442909 CEST	49791	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:33:26.091986895 CEST	49791	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:33:26.092011929 CEST	443	49791	74.125.138.103	192.168.2.4
Apr 20, 2024 01:33:26.092710018 CEST	443	49791	74.125.138.103	192.168.2.4
Apr 20, 2024 01:33:26.093575954 CEST	49791	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:33:26.093658924 CEST	443	49791	74.125.138.103	192.168.2.4
Apr 20, 2024 01:33:26.133738041 CEST	49791	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:33:33.229513884 CEST	49723	80	192.168.2.4	23.47.204.82
Apr 20, 2024 01:33:33.229597092 CEST	49724	80	192.168.2.4	23.47.204.58
Apr 20, 2024 01:33:33.333820105 CEST	80	49724	23.47.204.58	192.168.2.4
Apr 20, 2024 01:33:33.333882093 CEST	80	49723	23.47.204.82	192.168.2.4
Apr 20, 2024 01:33:33.333894968 CEST	49724	80	192.168.2.4	23.47.204.58
Apr 20, 2024 01:33:33.333937883 CEST	49723	80	192.168.2.4	23.47.204.82
Apr 20, 2024 01:33:35.966315985 CEST	443	49791	74.125.138.103	192.168.2.4
Apr 20, 2024 01:33:35.966479063 CEST	443	49791	74.125.138.103	192.168.2.4
Apr 20, 2024 01:33:35.966547966 CEST	49791	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:33:37.107414961 CEST	49791	443	192.168.2.4	74.125.138.103
Apr 20, 2024 01:33:37.107491016 CEST	443	49791	74.125.138.103	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 20, 2024 01:32:23.023719072 CEST	53	57216	1.1.1.1	192.168.2.4
Apr 20, 2024 01:32:23.032459021 CEST	53	50390	1.1.1.1	192.168.2.4
Apr 20, 2024 01:32:23.634324074 CEST	53	60243	1.1.1.1	192.168.2.4
Apr 20, 2024 01:32:25.677269936 CEST	65241	53	192.168.2.4	1.1.1.1
Apr 20, 2024 01:32:25.677452087 CEST	58426	53	192.168.2.4	1.1.1.1
Apr 20, 2024 01:32:25.781876087 CEST	53	65241	1.1.1.1	192.168.2.4
Apr 20, 2024 01:32:25.781919003 CEST	53	58426	1.1.1.1	192.168.2.4
Apr 20, 2024 01:32:26.301881075 CEST	57987	53	192.168.2.4	1.1.1.1
Apr 20, 2024 01:32:26.302071095 CEST	65342	53	192.168.2.4	1.1.1.1
Apr 20, 2024 01:32:26.407630920 CEST	53	57987	1.1.1.1	192.168.2.4
Apr 20, 2024 01:32:26.409435987 CEST	53	56627	1.1.1.1	192.168.2.4
Apr 20, 2024 01:32:26.426033020 CEST	53	65342	1.1.1.1	192.168.2.4
Apr 20, 2024 01:32:27.437762022 CEST	61964	53	192.168.2.4	1.1.1.1
Apr 20, 2024 01:32:27.438347101 CEST	58452	53	192.168.2.4	1.1.1.1
Apr 20, 2024 01:32:27.545355082 CEST	53	58452	1.1.1.1	192.168.2.4
Apr 20, 2024 01:32:27.545820951 CEST	53	61964	1.1.1.1	192.168.2.4
Apr 20, 2024 01:32:28.370846987 CEST	53	54495	1.1.1.1	192.168.2.4
Apr 20, 2024 01:32:29.241650105 CEST	50127	53	192.168.2.4	1.1.1.1
Apr 20, 2024 01:32:29.242111921 CEST	57335	53	192.168.2.4	1.1.1.1
Apr 20, 2024 01:32:29.348155975 CEST	53	57335	1.1.1.1	192.168.2.4
Apr 20, 2024 01:32:29.366575003 CEST	53	50127	1.1.1.1	192.168.2.4
Apr 20, 2024 01:32:40.822684050 CEST	53	51013	1.1.1.1	192.168.2.4
Apr 20, 2024 01:32:44.810600042 CEST	138	138	192.168.2.4	192.168.2.255
Apr 20, 2024 01:33:00.201251030 CEST	53	51380	1.1.1.1	192.168.2.4
Apr 20, 2024 01:33:21.989813089 CEST	53	57836	1.1.1.1	192.168.2.4
Apr 20, 2024 01:33:24.884330034 CEST	53	60886	1.1.1.1	192.168.2.4
Apr 20, 2024 01:33:50.610490084 CEST	53	49629	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 20, 2024 01:32:25.677269936 CEST	192.168.2.4	1.1.1.1	0x8363	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:25.677452087 CEST	192.168.2.4	1.1.1.1	0x73c4	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 20, 2024 01:32:26.301881075 CEST	192.168.2.4	1.1.1.1	0x98f1	Standard query (0)	ipwho.is	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:26.302071095 CEST	192.168.2.4	1.1.1.1	0xb08f	Standard query (0)	ipwho.is	65	IN (0x0001)	false
Apr 20, 2024 01:32:27.437762022 CEST	192.168.2.4	1.1.1.1	0x5b12	Standard query (0)	userstatics.com	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:27.438347101 CEST	192.168.2.4	1.1.1.1	0x4873	Standard query (0)	userstatics.com	65	IN (0x0001)	false
Apr 20, 2024 01:32:29.241650105 CEST	192.168.2.4	1.1.1.1	0xce45	Standard query (0)	ipwho.is	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:29.242111921 CEST	192.168.2.4	1.1.1.1	0x3efe	Standard query (0)	ipwho.is	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 20, 2024 01:32:25.781876087 CEST	1.1.1.1	192.168.2.4	0x8363	No error (0)	www.google.com		74.125.138.103	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:25.781876087 CEST	1.1.1.1	192.168.2.4	0x8363	No error (0)	www.google.com		74.125.138.106	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:25.781876087 CEST	1.1.1.1	192.168.2.4	0x8363	No error (0)	www.google.com		74.125.138.147	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:25.781876087 CEST	1.1.1.1	192.168.2.4	0x8363	No error (0)	www.google.com		74.125.138.104	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:25.781876087 CEST	1.1.1.1	192.168.2.4	0x8363	No error (0)	www.google.com		74.125.138.105	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:25.781876087 CEST	1.1.1.1	192.168.2.4	0x8363	No error (0)	www.google.com		74.125.138.99	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:25.781919003 CEST	1.1.1.1	192.168.2.4	0x73c4	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 20, 2024 01:32:26.407630920 CEST	1.1.1.1	192.168.2.4	0x98f1	No error (0)	ipwho.is		15.204.213.5	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:27.545355082 CEST	1.1.1.1	192.168.2.4	0x4873	No error (0)	userstatics.com			65	IN (0x0001)	false
Apr 20, 2024 01:32:27.545820951 CEST	1.1.1.1	192.168.2.4	0x5b12	No error (0)	userstatics.com		104.21.53.38	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:27.545820951 CEST	1.1.1.1	192.168.2.4	0x5b12	No error (0)	userstatics.com		172.67.208.186	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:29.366575003 CEST	1.1.1.1	192.168.2.4	0xce45	No error (0)	ipwho.is		108.181.98.179	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:39.202336073 CEST	1.1.1.1	192.168.2.4	0x8ec7	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:39.202336073 CEST	1.1.1.1	192.168.2.4	0x8ec7	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:39.646893024 CEST	1.1.1.1	192.168.2.4	0x93d2	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 20, 2024 01:32:39.646893024 CEST	1.1.1.1	192.168.2.4	0x93d2	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:32:53.115529060 CEST	1.1.1.1	192.168.2.4	0xc283	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 20, 2024 01:32:53.115529060 CEST	1.1.1.1	192.168.2.4	0xc283	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:33:16.974343061 CEST	1.1.1.1	192.168.2.4	0xf281	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 20, 2024 01:33:16.974343061 CEST	1.1.1.1	192.168.2.4	0xf281	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 20, 2024 01:33:34.866158009 CEST	1.1.1.1	192.168.2.4	0x91b1	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 20, 2024 01:33:34.866158009 CEST	1.1.1.1	192.168.2.4	0x91b1	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

https:

ipwho.is

userstatics.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49750	15.204.213.5	443	3704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 23:32:26 UTC	582	OUT	GET /?lang=en HTTP/1.1 Host: ipwho.is Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://pusha1qsn.z13.web.core.windows.net Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://pusha1qsn.z13.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 23:32:27 UTC	255	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 23:32:27 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Server: ipwhois Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * X-Robots-Tag: noindex
2024-04-19 23:32:27 UTC	732	IN	Data Raw: 32 64 30 0d 0a 7b 22 69 70 22 3a 22 38 31 2e 31 38 31 2e 35 37 2e 35 32 22 2c 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 74 79 70 65 22 3a 22 49 50 76 34 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 47 65 6f 72 67 69 61 22 2c 22 72 65 67 69 6f 6e 5f 63 6f 64 65 22 3a 22 47 41 22 2c 22 63 69 74 79 22 3a 22 41 74 6c 61 6e 74 61 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 33 33 2e 37 34 38 39 39 35 34 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 38 34 2e 33 38 37 39 38 32 34 2c 22 69 73 Data Ascii: 2d0{"ip":"81.181.57.52","success":true,"type":"IPv4","continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"Georgia","region_code":"GA","city":"Atlanta","latitude":33.7489954,"longitude":-84.3879824,"is

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49761	104.21.53.38	443	3704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 23:32:28 UTC	599	OUT	GET /get/script.js?referrer=https://pusha1qsn.z13.web.core.windows.net/ HTTP/1.1 Host: userstatics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://pusha1qsn.z13.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 23:32:28 UTC	822	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 23:32:28 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.2.1 Access-Control-Allow-Origin: https://pusha1qsn.z13.web.core.windows.net Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Credentials: true CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h%2BJZzk%2FV3pxosB%2FirAcG2LpPFqMaNk%2Fdxx%2BUqEZinSDmeBelFqG8IhdkVRXxTfENJbPUZNSg1LkUFMeFqFY%2F4LzEXBm4BmOJXmSmfsNo%2BDnnaeMOHy4Vqh046R0i6hbowxQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8770b1ac5f6412e3-ATL alt-svc: h3=":443"; ma=86400
2024-04-19 23:32:28 UTC	139	IN	Data Raw: 38 35 0d 0a 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 73 63 72 69 70 74 22 29 2e 66 6f 72 45 61 63 68 28 65 3d 3e 7b 6e 65 77 20 52 65 67 45 78 70 28 61 74 6f 62 28 22 64 58 4e 6c 63 6e 4e 30 59 58 52 70 59 33 4d 75 59 32 39 74 22 29 29 2e 74 65 73 74 28 65 2e 73 72 63 29 26 26 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 65 29 7d 29 3b 0d 0a Data Ascii: 85document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});
2024-04-19 23:32:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49762	23.216.69.213	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 23:32:28 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 23:32:28 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=113433 Date: Fri, 19 Apr 2024 23:32:28 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49772	23.216.69.213	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 23:32:29 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 23:32:29 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0oq75YgAAAAAYL/6cwgY8QpNw2UWojohPQ0hHRURHRTE2MTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=113472 Date: Fri, 19 Apr 2024 23:32:29 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-19 23:32:29 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49774	108.181.98.179	443	3704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 23:32:29 UTC	340	OUT	GET /?lang=en HTTP/1.1 Host: ipwho.is Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 23:32:29 UTC	223	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 23:32:29 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Server: ipwhois Access-Control-Allow-Headers: * X-Robots-Tag: noindex
2024-04-19 23:32:29 UTC	1038	IN	Data Raw: 34 30 32 0d 0a 7b 0a 20 20 20 20 22 41 62 6f 75 74 20 55 73 22 3a 20 22 68 74 74 70 73 3a 5c 2f 5c 2f 69 70 77 68 6f 69 73 2e 69 6f 22 2c 0a 20 20 20 20 22 69 70 22 3a 20 22 38 31 2e 31 38 31 2e 35 37 2e 35 32 22 2c 0a 20 20 20 20 22 73 75 63 63 65 73 73 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 74 79 70 65 22 3a 20 22 49 50 76 34 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 20 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 20 22 4e 41 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 47 65 6f 72 67 69 Data Ascii: 402{ "About Us": "https:\/\/ipwhois.io", "ip": "81.181.57.52", "success": true, "type": "IPv4", "continent": "North America", "continent_code": "NA", "country": "United States", "country_code": "US", "region": "Georgi

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5924, Parent PID: 2936

General

Target ID:	0
Start time:	01:32:18
Start date:	20/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3704, Parent PID: 5924

General

Target ID:	2
Start time:	01:32:19
Start date:	20/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,13070710393856215573,8462554755440443289,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6492, Parent PID: 2936

General

Target ID:	3
Start time:	01:32:23
Start date:	20/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pusha1qsn.z13.web.core.windows.net/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://pusha1qsn.z13.web.core.windows.net/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Windows Analysis Report
https://pusha1qsn.z13.web.core.windows.net/