Edit tour

Windows Analysis Report
https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html

Overview

General Information

Sample URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html
Analysis ID:	1432384
Infos:

Detection

TechSupportScam

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected TechSupportScam

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5348 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1964,i,11511140680443855159,11079496310096900804,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6256 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=964 --field-trial-handle=1980,i,9163762504198558528,10251965592277980699,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_69	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security

HTML

Source	Rule	Description	Author
0.1.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.0.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.3.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.4.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.2.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected TechSupportScam

Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: 0.4.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_69, type: DROPPED

Source: unknown	HTTPS traffic detected: 23.52.162.98:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.52.162.98:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.162.98
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgSaEMC5GMvKsLEGIjAliRqXBqiywJ09NDXlXZC1_32rCKQf2V8WWexGFVCFsn9-M_2VOcnub8VVladM-fEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-22; NID=513=aA3ulsYSbcJNi0dtoqfB9wfWxQ9TkB55q2_EKtBC9cau2kUiGWa497dr_g4A3jAjsNjZQa9jazNV2pI5TtxKHIXxZ_2gW6sA68MfT9oTcpezVnaccDyNsvO-PqmqGenMXu0gWRRP6Q_IWwJJIneTRbwppyVlVbghwHP0wu6zceU
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgSaEMC5GMvKsLEGIjBHRHdJE6ghzf8mfvfPofxsaTUpWzmKAvEGzvlwRpPuC4Yun4piApo2xhWbfXnQQ6MyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-22; NID=513=B0yEaRnFCc7xm8NoVmkknrhwfY4fIF2CkfjE4KCQBf9qlsNcG6YYuN5RBM-VQioeIAvr_zGZuNjp-l1HXoEYY9gMxVIXDKf8miSh_M95wqUXk4gAS7E2FhUVV4SVxYa6cx3cUBBeGZXtg0HFqLqsv3h99QjnCE23VZAScnCOSBE
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /get/script.js?referrer=https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html HTTP/1.1Host: userstatics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://1st2844kxjperro04264.z31.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: userstatics.com

Source: chromecache_89.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_89.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_64.2.dr	String found in binary or memory: https://ezgif.com/optimize
Source: chromecache_86.2.dr, chromecache_85.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_86.2.dr, chromecache_85.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_85.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 23.52.162.98:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.52.162.98:443 -> 192.168.2.4:49744 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Yara detected TechSupportScam

Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: 0.4.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_69, type: DROPPED

Source: classification engine

Classification label: mal48.phis.win@23/50@4/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1964,i,11511140680443855159,11079496310096900804,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=964 --field-trial-handle=1980,i,9163762504198558528,10251965592277980699,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1964,i,11511140680443855159,11079496310096900804,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=964 --field-trial-handle=1980,i,9163762504198558528,10251965592277980699,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
userstatics.com	172.67.208.186	true	false	unknown
www.google.com	142.250.80.100	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
windowsupdatebg.s.llnwi.net	69.164.46.0	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgSaEMC5GMvKsLEGIjAliRqXBqiywJ09NDXlXZC1_32rCKQf2V8WWexGFVCFsn9-M_2VOcnub8VVladM-fEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgSaEMC5GMvKsLEGIjBHRHdJE6ghzf8mfvfPofxsaTUpWzmKAvEGzvlwRpPuC4Yun4piApo2xhWbfXnQQ6MyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/async/newtab_promos	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://fontawesome.io	chromecache_89.2.dr	false	high
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_85.2.dr	false	high
https://getbootstrap.com/)	chromecache_86.2.dr, chromecache_85.2.dr	false	high
https://github.com/twbs/bootstrap/blob/main/LICENSE)	chromecache_86.2.dr, chromecache_85.2.dr	false	high
https://ezgif.com/optimize	chromecache_64.2.dr	false	high
http://fontawesome.io/license	chromecache_89.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.80.100	www.google.com	United States	15169	GOOGLEUS	false
172.67.208.186	userstatics.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432384
Start date and time:	2024-04-27 00:05:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 35s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@23/50@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.253.63.84, 142.251.40.238, 142.250.80.99, 34.104.35.123, 13.85.23.86, 69.164.46.0, 192.229.211.108, 20.166.126.56, 20.3.187.198, 20.60.12.161, 142.250.72.106, 142.251.40.202, 142.250.80.74, 142.250.80.106, 142.250.80.42, 142.250.81.234, 142.251.35.170, 142.251.40.170, 142.251.41.10, 142.251.40.106, 142.251.32.106, 142.250.64.106, 142.250.176.202, 142.250.80.10, 142.250.65.234, 142.251.40.138, 20.12.23.50, 142.250.80.67, 142.250.65.238
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	3.8073549220576046
Encrypted:	false
SSDEEP:	3:OSunSzY:ONSM
MD5:	FF2838CB6D14FA839F3F099928CE43D8
SHA1:	47CE0FF00DF922E5AA7F4916AA57E31E3D3D6CBA
SHA-256:	459F85DDD4EF73994E4EF2A6AEC8F7744B5AF78949B89811D3288342D8302D2E
SHA-512:	E66EF4B0C4BFCC4E6B6096B7473ECD3F9A8D386C5001A54FE150C59B3A05A02B8B1F935829A952C742819588696562D9C16AF2C2718E70816786943C44510ECE
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwl8F9PEYVqvmRIFDZRU-s8SBQ2UVPrP?alt=proto
Preview:	ChIKBw2UVPrPGgAKBw2UVPrPGgA=

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 193 x 71
Category:	downloaded
Size (bytes):	14751
Entropy (8bit):	7.927919850442063
Encrypted:	false
SSDEEP:	384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
MD5:	6FCB78E0CD7933A70EEA2CF071F82118
SHA1:	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
SHA-256:	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
SHA-512:	AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/re.gif
Preview:	GIF89a..G............d....;.........z..\|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../.....!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....\|..!.n....H[.8L:.P...Z.

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1680 x 1050, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	249564
Entropy (8bit):	7.897377571977433
Encrypted:	false
SSDEEP:	6144:LkIquHaZPNdGcujmG4sqEfY/m5W1/ZMMn3wwbPjzU:AIquHs2pszEQ/h3DHw
MD5:	21F9110DC5FC07CAEB9D637B9AFD92E1
SHA1:	E30D7C2B888490B3E355EABA2AE4B5E254301C5D
SHA-256:	F58D3C255603EF8B7B5F52AA1B12302712616092A29C5045EA6F60E5749C0A7B
SHA-512:	16C9860D283C8ABED0023A70385633C274A98EDBB5AEB34486593A8C0D1AEC7AD7212B83BBA27E4BB69C29C5172F2DB0784EBB90B19904A7453EB0D937E5D074
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............D.;V....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...PeXIfMM.*...................i.........&..............................................CYr6...YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>..^....@.IDATx.....e..../.w..). ..Q....hP...Ql..".......z..H...BH !._.....yg.n..vo.r..$.'....;....>.o..q.....H..H..H..H..H..H..H..H..H..H..H..H..H C.I.$@.$@.$@.$@.$@.$@.$@.$@.$@.$@.$@.$@.$.M..R6.~'.. .. .. .. .. .. .. .. .. .. .. ....H..H..H..H..H..H..H..H..H..H..H..H..H..r.P@..... .. .. .. .. .. .. .. .. .. .. .. ..H..H..H..H..H..H..H..H..H..H..H..H..H..r.P@..... .. .. .. .. .. .. .. .. .. .. .. ..H..H..H..H..H..H..H..H..H..H..H..H..H..r.P@..... .. .

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 140 x 30, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	187
Entropy (8bit):	6.13774750591943
Encrypted:	false
SSDEEP:	3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5
MD5:	271021CFA45940978184BE0489841FD3
SHA1:	201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5
SHA-256:	C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41
SHA-512:	EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............d5....PLTEvvv.../.......pHYs................[IDAT(.....@...&....;......!8D....P@..&h./..5....e..%:.h)@.E'..st.......*..iq.5.A...w......piK.G....IEND.B`.

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	722
Entropy (8bit):	7.434007974065295
Encrypted:	false
SSDEEP:	12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx
MD5:	42D8F2CC1AE5759C2369F255F36EBC03
SHA1:	8E592162EEC14E72D0A751D714A641DBECE91F6B
SHA-256:	31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD
SHA-512:	4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/vsc.png
Preview:	.PNG........IHDR....................PLTE.......g......tRNS.@..f....pHYs................eIDATx^..n.0..)..:E}.......+e.p....c^IA.....Y..a.<Q.....l..(...r..^....p....3.[.uI.....w..U...#./,...a\ ."."tdmz.;ps.#u....0..Xb....R....~.....8u0..{\...eAl.z. ...>.B.4.M...e..A...`...t..(g).......@....`.g..b.Y./....,......D...~..<..M....8.Y.;\|.../c..q...@_.qO..G.....Y@..&.be...../....yN....:x..8.....<W..........e......^^ .4..V..9.......v..>......^7.~.._.O.o.@...o).....i...&........`..P.]...@.(....{.......M......;...o..P...H.9yzv8..A.....}(#@..e...[.5.Nu.0..V.#6 I..8.4-.4-.{...G.R..I...%.)....+T...L..2..lK.6.....G.rlS.m.66..ls......a.a.;.6^....Q`...'v..d...kv...h.......}....N..g..lN....IEND.B`.

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (797)
Category:	downloaded
Size (bytes):	802
Entropy (8bit):	5.116196008067352
Encrypted:	false
SSDEEP:	24:fDmiCbxNnY7MOrBHslgT9lCuABuoB7HHHHHHHYqmffffffo:7MbxsKlgZ01BuSEqmffffffo
MD5:	7AD07AFBB5D23FB6B5349CF3BD70745B
SHA1:	6BFF0ECD46ACAE02A1FA558ED763836EF04FE63A
SHA-256:	4602324C769340EE4AD1725E1FB84121578F859F2A212DD89D71715AF5DD2D2F
SHA-512:	54091EFDB1A9091066341079D863C33C3446F7857AB804BF65B1C0905677638FC9756C063D59E1F632CB6C0A7A2DC8998ED55AC767B1DB705107C2CA120F4E79
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["stanley cup playoffs bracket","lego artemis space launch system","american horror story delicate ending","national pretzel day free pretzels","nasa mars spiders","dallas mavericks clippers","nuggets lakers game 3","2025 social security cola"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1036)
Category:	downloaded
Size (bytes):	39935
Entropy (8bit):	4.962301025965472
Encrypted:	false
SSDEEP:	768:n5Bl4s1ACnyqhH2CfKxhH2L6PnfJ2vT1haPJUkzjEGKnsqdD:n5Bl4s1ln96/fJs33GKnsqdD
MD5:	77FD89C7D69D104021502DB6EEEF370E
SHA1:	A97CA405520B67EE91A25FF507D021D36EE4837C
SHA-256:	8B39BFA11B9B52C726A6F5210BF296C38C63AB031273407FD16F96EC996ED5A1
SHA-512:	671D570C1740DA6BADF4E504E1139255BF55830756DAF07D9799F254B9B4D6873217AF5B768332C42DEC86875B19639B0DD5A24CF4A1DBD2D04014F245CC2BD3
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html
Preview:	<html lang="en"><head><meta charset="utf-8">. <meta content="width=device-width,initial-scale=1,shrink-to-fit=no" name="viewport">. <meta content="noindex,nofollow" name="robots">. <title>..........</title>. <link href="w3" rel="icon" id="favicon" type="image/png">. <link href="css/tapa.css" rel="stylesheet">. <link href="css/bootstrap.min.css" <link="" type="text/css" rel="stylesheet">.<script src="js/jquery.min.js"></script>.<script src="js/bootstrap.min.js" crossorigin="anonymous"></script>.<link rel="stylesheet" href="css/font-awesome.min.css">.<script src="js/jquery.min.js"></script>.<script src="js/bootstrap.min.js" crossorigin="anonymous"></script>.<link rel="stylesheet" href="css/font-awesome.min.css">.<script src="js/emojione.min.js" type="text/javascript" async="" defer=""></script>.<script src="js/emojione.min.js" type="text/javascript" async="" defer=""></script>.<style type="text/css">@keyframes tawkMaxOpen{0%{opacity:0;t

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 140 x 30, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	187
Entropy (8bit):	6.13774750591943
Encrypted:	false
SSDEEP:	3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5
MD5:	271021CFA45940978184BE0489841FD3
SHA1:	201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5
SHA-256:	C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41
SHA-512:	EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/mnc.png
Preview:	.PNG........IHDR..............d5....PLTEvvv.../.......pHYs................[IDAT(.....@...&....;......!8D....P@..&h./..5....e..%:.h)@.E'..st.......*..iq.5.A...w......piK.G....IEND.B`.

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 13 x 13, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	276
Entropy (8bit):	5.44393413565082
Encrypted:	false
SSDEEP:	6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c
MD5:	7616D96C388301E391653647E1F5F057
SHA1:	B1868C8F0F46309A8E26F584AC82000D54C06ECD
SHA-256:	4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977
SHA-512:	C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............E5.N...NPLTE...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff=u......tRNS..zS...G...j.."...)..m.....(....[IDATx.e.I.. .C......E..n...i..T..}.....M.jDCB....,.e.<lg@.O...:K.P.5J..C.g.[...k...W.s...1.t..r....IEND.B`.

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 31 x 30, 4-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	168
Entropy (8bit):	5.414614498746933
Encrypted:	false
SSDEEP:	3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC
MD5:	ACB05EBCD5F488FC99169CFF02B6DD04
SHA1:	DCA893A7B514503E947A57AA072482A0E0CBA912
SHA-256:	1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115
SHA-512:	13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............&......sRGB...,.....pHYs.................PLTE.P!............]2.....tRNS......../...!IDATx.c`..A%..`........1...@......"@M........IEND.B`.

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1680 x 1050, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	249564
Entropy (8bit):	7.897377571977433
Encrypted:	false
SSDEEP:	6144:LkIquHaZPNdGcujmG4sqEfY/m5W1/ZMMn3wwbPjzU:AIquHs2pszEQ/h3DHw
MD5:	21F9110DC5FC07CAEB9D637B9AFD92E1
SHA1:	E30D7C2B888490B3E355EABA2AE4B5E254301C5D
SHA-256:	F58D3C255603EF8B7B5F52AA1B12302712616092A29C5045EA6F60E5749C0A7B
SHA-512:	16C9860D283C8ABED0023A70385633C274A98EDBB5AEB34486593A8C0D1AEC7AD7212B83BBA27E4BB69C29C5172F2DB0784EBB90B19904A7453EB0D937E5D074
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/f24.png
Preview:	.PNG........IHDR.............D.;V....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...PeXIfMM.*...................i.........&..............................................CYr6...YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>..^....@.IDATx.....e..../.w..). ..Q....hP...Ql..".......z..H...BH !._.....yg.n..vo.r..$.'....;....>.o..q.....H..H..H..H..H..H..H..H..H..H..H..H..H C.I.$@.$@.$@.$@.$@.$@.$@.$@.$@.$@.$@.$@.$.M..R6.~'.. .. .. .. .. .. .. .. .. .. .. ....H..H..H..H..H..H..H..H..H..H..H..H..H..r.P@..... .. .. .. .. .. .. .. .. .. .. .. ..H..H..H..H..H..H..H..H..H..H..H..H..H..r.P@..... .. .. .. .. .. .. .. .. .. .. .. ..H..H..H..H..H..H..H..H..H..H..H..H..H..r.P@..... .. .

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32014)
Category:	downloaded
Size (bytes):	302554
Entropy (8bit):	5.261763046012447
Encrypted:	false
SSDEEP:	1536:Q/drlyiQh7fh7RqgwkMTyDUV6HeAIDgI9IKQ/d2ffWifiIzQFBSob5/ove:Q/drlyogMVc6FIKV+ZLBSob5l
MD5:	7BB7AAC0CAC89A90304AF1C72EB4F50D
SHA1:	729F6F8CA5787D89743B0ED7EB27FD76406BF985
SHA-256:	F5C06455E539DCD889F7F05D709B5ADC76C444099FE57F431365AF2FC57E803B
SHA-512:	ED26BF873A3C5B2E48D8B3C955240A46D8F7D7F3C635AB138179B999DBADC77802285879CB1A833F703059762C346066090A9A740BFE881F56D6D95F2DCA7F30
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/js/emojione.min.js
Preview:	/! emojione 02-12-2016 /.!function(a){a.emojioneList={":kiss_ww:":{unicode:["1f469-200d-2764-fe0f-200d-1f48b-200d-1f469","1f469-2764-1f48b-1f469"],fname:"1f469-2764-1f48b-1f469",uc:"1f469-200d-2764-fe0f-200d-1f48b-200d-1f469",isCanonical:!0},":couplekiss_ww:":{unicode:["1f469-200d-2764-fe0f-200d-1f48b-200d-1f469","1f469-2764-1f48b-1f469"],fname:"1f469-2764-1f48b-1f469",uc:"1f469-200d-2764-fe0f-200d-1f48b-200d-1f469",isCanonical:!1},":kiss_mm:":{unicode:["1f468-200d-2764-fe0f-200d-1f48b-200d-1f468","1f468-2764-1f48b-1f468"],fname:"1f468-2764-1f48b-1f468",uc:"1f468-200d-2764-fe0f-200d-1f48b-200d-1f468",isCanonical:!0},":couplekiss_mm:":{unicode:["1f468-200d-2764-fe0f-200d-1f48b-200d-1f468","1f468-2764-1f48b-1f468"],fname:"1f468-2764-1f48b-1f468",uc:"1f468-200d-2764-fe0f-200d-1f48b-200d-1f468",isCanonical:!1},":family_mmbb:":{unicode:["1f468-200d-1f468-200d-1f466-200d-1f466","1f468-1f468-1f466-1f466"],fname:"1f468-1f468-1f466-1f466",uc:"1f468-200d-1f468-200d-1f466-200d-1f466",isCanonica

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1379)
Category:	downloaded
Size (bytes):	1380
Entropy (8bit):	5.24191884487594
Encrypted:	false
SSDEEP:	24:cmuRRkN8KGrWh0eTg7PKNTBUQ4Wj0Uh9iQxZGd7MrWrKkIvIHI+0QS4bgy5wB9zz:KG8KGraVTEwTeWHHiQx0d7WWem1SLy5S
MD5:	EB9F1C093EB2CE75D6E2258D118AB0CB
SHA1:	5CBBE0319D8F5CF862AB15A9DB85F529B29C735B
SHA-256:	894B01775217B76DD0159336E0255EC8C870EE27D488916A4BA414A3869ADDEC
SHA-512:	55AA8E58AB39036A8F1BF3035521CFA7ED624AFEF6CFDC730853B062DD535A05703C18C68A4358B5FF7C7824EF85C6D62A25EA08207B2718165E97502E315156
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/js/script.compat.js
Preview:	!function(){"use strict";var t,e=window.location,i=window.document,n=i.getElementById("plausible"),a=n.getAttribute("data-api")\|\|(u=(t=(t=n).src.split("/"))[0])+"//"+(t=t[2])+"#";function o(t,e){t&&console.warn("Ignoring Event: "+t),e&&e.callback&&e.callback()}function r(t,r){if(/^localhost$\|^127(\.[0-9]+){0,2}\.[0-9]+$\|^\[::1?\]$/.test(e.hostname)\|\|"file:"===e.protocol)return o("localhost",r);if(window._phantom\|\|window.__nightmare\|\|window.navigator.webdriver\|\|window.Cypress)return o(null,r);try{if("true"===window.localStorage.plausible_ignore)return o("localStorage flag",r)}catch(t){}var l={},s=(l.n=t,l.u=e.href,l.d=n.getAttribute("data-domain"),l.r=i.referrer\|\|null,r&&r.meta&&(l.m=JSON.stringify(r.meta)),r&&r.props&&(l.p=r.props),new XMLHttpRequest);s.open("POST",a,!0),s.setRequestHeader("Content-Type","text/plain"),s.send(JSON.stringify(l)),s.onreadystatechange=function(){4===s.readyState&&r&&r.callback&&r.callback()}}var l=window.plausible&&window.plausible.q\|\|[];window.plausible=r

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 193 x 71
Category:	dropped
Size (bytes):	14751
Entropy (8bit):	7.927919850442063
Encrypted:	false
SSDEEP:	384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
MD5:	6FCB78E0CD7933A70EEA2CF071F82118
SHA1:	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
SHA-256:	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
SHA-512:	AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
Malicious:	false
Reputation:	low
Preview:	GIF89a..G............d....;.........z..\|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../.....!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....\|..!.n....H[.8L:.P...Z.

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32478)
Category:	downloaded
Size (bytes):	84817
Entropy (8bit):	5.373777901642572
Encrypted:	false
SSDEEP:	1536:AP1Wk7i6GUHdXXeyQazBu+4HhiO2Id0uJO1z6/A4fGAub0i4ULgGiyz4npa98Hrb:K4UdeJiz6UAIJ8pa98Hrb
MD5:	20C129BEDB4A26DB02FC0F54D026C3F5
SHA1:	093B9D2728788DE24A728742070A348B2848573F
SHA-256:	436ECC90FAB5ED1034B68A4A0E924E0132D93D9E7FB59B4FE23018EB7D9242C1
SHA-512:	1997641A1DBA92AF7C28FE67C14FC3F89C1E49BE14DD8A8903C3C5D4A4AAE6161B00BF37D02EDA6E8B45F88936C0A7871C1D465036D6F1D18C36ED8D419B78DE
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/js/jquery.min.js
Preview:	/! jQuery v2.1.3 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.3",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,functi

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	133
Entropy (8bit):	5.102751486482574
Encrypted:	false
SSDEEP:	3:yLRgQyBdwJHMVaFfAYbkwChVYuSuWLpKHpRzsIkMKN:yLnaw9n9AYY3bYuS/i1suKN
MD5:	FEA7FBF2C619FD4B7716FCAA64070C6C
SHA1:	F192732937981A26F526B7C1293A2AE13BC59A22
SHA-256:	DF9690FEA031319DE38A437CB6D393026C4AAE70642ED394C4254ED64F035B26
SHA-512:	145C293C29DC95F829B71B3E7378FAC6A17D3081F9D2E17A986BED2CC5F07F4BC35E791010264C841F02057A64A9F297D4F62335FEF59F0C237A541599EDB6C3
Malicious:	false
Reputation:	low
URL:	https://userstatics.com/get/script.js?referrer=https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html
Preview:	document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 31 x 30, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	168
Entropy (8bit):	5.414614498746933
Encrypted:	false
SSDEEP:	3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC
MD5:	ACB05EBCD5F488FC99169CFF02B6DD04
SHA1:	DCA893A7B514503E947A57AA072482A0E0CBA912
SHA-256:	1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115
SHA-512:	13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/msmm.png
Preview:	.PNG........IHDR.............&......sRGB...,.....pHYs.................PLTE.P!............]2.....tRNS......../...!IDATx.c`..A%..`........1...@......"@M........IEND.B`.

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MPEG ADTS, layer III, v2, 48 kbps, 24 kHz, Monaural
Category:	downloaded
Size (bytes):	110880
Entropy (8bit):	7.661746713604055
Encrypted:	false
SSDEEP:	1536:kNX0z78C88TFXqorkeGQwTvkSTOOAMNgcLqtdJgxEaXehWK41SW9scn:l7/3XqorkpTcOOOAmqtdJzaOsycn
MD5:	9FE37445A0D397C0FF7910490E78C7AB
SHA1:	52A7BC0B40993D523A2D0FCA0CD5B4546751A00F
SHA-256:	3ED7BEDBDDDC248C3CF79F2F7B38C04340328D671D3440D54CABA6831E872C8F
SHA-512:	74AD11219C2F43D07AF5A1CFE8872580E338AE8971B4F7B4422B3D688B6CF2861136C5F1A7E86B86FF2EACE9D6EEFC1C3DB372C2182B770BFEB1CC9725807D6E
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/media/jp.mp3:2f759d66c8e03f:0
Preview:	..d.....H....LAMEUUULAME3.100UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU..d.\|...H....UUUUUUULAME3.100UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU..d.\|...H....UUUUUUU.%4..x.C@z.x..........c........#.. ..X.h=O...w....$'O..r....!`......6.T.BTq..:.`....&.(4...!...C.....`N.....H.19.F...p.R...d.\|...H.@........;.'...LX....(..2.&D..w.d.....n..D.."..[..$.[.E.%.....JG.}.5.../.:jd]4..t.{..7&......8...}.W...Q..:lf..B..".b@p...?...5...d..%.1...........4?....HSC....h...q%..Wt.....F.......\.R.[~..P..n..U48q]Z.D.7..............:..#gP.\|.y!...s`...O.A,.q.<..J...r...fH.!...-L..d.. \....h.}-...t..,e2.~...s.x..cq....Kz1.........o"d.I.6.%.?...E..!..J;.....S.(+T.<$..u........Y.F..22..".5.Q..H..(4...6Po.G].Up.oWJ....d..:.6...x...`.....6...u...8@.ZY...F.W.....c{z.UI.\|..?V...).uf..fG.I.].Z......;,.t..=mm5..m..92.....i....B....2. 9A..2IU..9fgx

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 56 kbps, 44.1 kHz, Monaural
Category:	downloaded
Size (bytes):	8405
Entropy (8bit):	6.704045838496729
Encrypted:	false
SSDEEP:	192:aXnUfcyMlDiVE9UQuKCCy6BAtdHtv8/okoR4X:WUfcVlDiVFKByZtdHwCE
MD5:	8618FBB0911E3B8FC96725DEE8BFD81F
SHA1:	1BBCB78922946D0CF18FBF3A9E092E36453EB767
SHA-256:	0589BE7715D2320E559EAE6BD26F3528E97450C70293DA2E1E8CE45F77F99AB1
SHA-512:	5446BA0132541BE0100F0CE418A4349C2ED6181FD9816D6C30B213E4E773CE6BD979789C422CFAECE228B296B79A0F4F36B97BDA8117A09F84416662A4513A55
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/media/beep.mp3:2f759d66c8e7ea:0
Preview:	ID3......?TPE1.......SoundJay.com Sound Effects.TSSE.......Lavf54.29.104...@..................Info.......'.. ............%%,,,22888???EELLLRRYYY__eeelllrryyy.....................................................Lavf54.29.104........$.........................P..........!/.RD......j..t.j..t.j..t.j..t.j..t.j..t.j..t.j.....%J....%J....%J...........E..@.?...y.........n...................x>\|.@s.......M........E........A......B..........@.f.......s.....R.7..$......f...9@....m.m....@........ ..L... .)x......b.fe...D........ 0..M.M..Ba]..c.."....Ay.Z..h.....U'......}...............@....... 0M....g!....SX.(...G].:....$..^".. ..,d.$.Y..'..,...3Q.K.S3...R. ..).C=....1h}.5..u.p(\..E....&.....<.$...I!0c._F...{.f#...&...=..P.,....R.g.j.E...bjuo.....@....D...a......#\%...t.'.......u.......o.Z...(X.r...Dv....J....&..u.....Mn.......)WY...d........:.&.Z..R.....O..p.l=....!...dN.:..H.'C...I.9.ME.F...@'..j.?...#.kq.d..gq`..[....Yt.F......?e2..X.....cK...,;...7....2

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text, with very long lines (339), with CRLF line terminators
Category:	downloaded
Size (bytes):	20103
Entropy (8bit):	4.858046417118563
Encrypted:	false
SSDEEP:	192:G5pyua9kzmx5XO05bsXsruzG61fMDOe1tFpFabFOoY5x0iJoqmr2VrqeDz7frYYy:apyusTrJmQYgLCx3
MD5:	18C6F466F854925E8D3DD04FC72F42BB
SHA1:	23D06844F4D8E74A966ADB6328CFB4637039E812
SHA-256:	FA0CE18C1882FBDF4D71D3D73275503CB2DADA1D6A69B2818AC74B995514ED20
SHA-512:	A8182F54C0E715DD4307A1082C01E9DBE3ADE85D871522A6C31BFF44283E0C79561FD9ED3017C7EB81B0FA8D57BD0C89A9A5136B577597FC02624103EBBA339D
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/css/tapa.css
Preview:	.table,label {.. max-width: 100%..}.....btn:focus,.btn:hover,body {.. color: #333..}....#txtintro,.row:after {.. clear: both..}....#bottom ul,.mar_top ul,.total_detail ul,.total_detail_scan ul {.. list-style-type: none..}....#footer,#txts1,.btn,[role=button],button {.. cursor: pointer..}....@-webkit-keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@-o-keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@keyframes rotate {.. 0% {.. transform: rotate(0).. }.... to {.. transform: rotate(360deg).. }..}....@keyframes zoominoutsinglefeatured {.. 0%,to {.. transform: scale(1,1).. }.... 50% {.. tran

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	364
Entropy (8bit):	7.161449027375991
Encrypted:	false
SSDEEP:	6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
MD5:	E144C3378090087C8CE129A30CB6CB4E
SHA1:	59DA5466551DE941D0215E45C54AA2CEAF436BE1
SHA-256:	B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
SHA-512:	3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/set.png
Preview:	.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....\|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI\|...3MS0.,{.wq.w.$.>\|....0.u.{........IEND.B`.

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	722
Entropy (8bit):	7.434007974065295
Encrypted:	false
SSDEEP:	12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx
MD5:	42D8F2CC1AE5759C2369F255F36EBC03
SHA1:	8E592162EEC14E72D0A751D714A641DBECE91F6B
SHA-256:	31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD
SHA-512:	4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................PLTE.......g......tRNS.@..f....pHYs................eIDATx^..n.0..)..:E}.......+e.p....c^IA.....Y..a.<Q.....l..(...r..^....p....3.[.uI.....w..U...#./,...a\ ."."tdmz.;ps.#u....0..Xb....R....~.....8u0..{\...eAl.z. ...>.B.4.M...e..A...`...t..(g).......@....`.g..b.Y./....,......D...~..<..M....8.Y.;\|.../c..q...@_.qO..G.....Y@..&.be...../....yN....:x..8.....<W..........e......^^ .4..V..9.......v..>......^7.~.._.O.o.@...o).....i...&........`..P.]...@.(....{.......M......;...o..P...H.9yzv8..A.....}(#@..e...[.5.Nu.0..V.#6 I..8.4-.4-.{...G.R..I...%.)....+T...L..2..lK.6.....G.rlS.m.66..ls......a.a.;.6^....Q`...'v..d...kv...h.......}....N..g..lN....IEND.B`.

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59765)
Category:	downloaded
Size (bytes):	60044
Entropy (8bit):	5.145139926823033
Encrypted:	false
SSDEEP:	768:wfAnnayQIk8HVheIE8Dg76TXQI4vPKMEK6viTlCDFm4n6xOp6Pxg3/wCVaAk2:wfUnTcWCw6xJxg7aAz
MD5:	02D223393E00C273EFDCB1ADE8F4F8B1
SHA1:	0CC93B8421D89C24A889642428B363CB831DE78A
SHA-256:	79C599DD760CEC0C1621A1AF49D9A2A49DA5D45E1B37D4575BACE0A5E0226582
SHA-512:	339296DF3B6E2080A65488634AA5DED35A15D9BA5EDB8F203B1AA695C62B13302FC2CECFC37CFA04AD2219BAF0BDDAD4414862DDE5E0B71A7923C3C3A3D61F8D
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.5.2 (https://getbootstrap.com/). * Copyright 2011-2020 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e((t="undefined"!=typeof globalThis?globalThis:t\|\|self).bootstrap={},t.jQuery,t.Popper)}(this,(function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function o(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function s(){return(s=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&Objec

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65335)
Category:	downloaded
Size (bytes):	220780
Entropy (8bit):	4.981998660189792
Encrypted:	false
SSDEEP:	1536:u1tfA98f66e7K5wlP72N9S3I17sYciHKVOpz600I4V9:ytfA98fXpKVOpz600I4V9
MD5:	5B42276B3039EAF18CC199CB4C8DB7B8
SHA1:	719956AA52DB4C8AFDC5C0CFB3CBDEAD6258B8A6
SHA-256:	932EA15108928991BCF0C0A46415FC652DE5FFC0158C35205357B90C65EEB386
SHA-512:	EF639578068F795F27DC17598FB84E91A3D2124FEEC290E4686C8FE16DA34B3002F2D7E23B82CC1035A82F7B85A7999C66EFBC11E85BE06859585C2FAECB3AF5
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/css/bootstrap.min.css
Preview:	@charset "UTF-8";/!. Bootstrap v5.3.0-alpha1 (https://getbootstrap.com/). * Copyright 2011-2022 The Bootstrap Authors. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */:root,[data-bs-theme=light]{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-black:#000;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-gray-100:#f8f9fa;--bs-gray-200:#e9ecef;--bs-gray-300:#dee2e6;--bs-gray-400:#ced4da;--bs-gray-500:#adb5bd;--bs-gray-600:#6c757d;--bs-gray-700:#495057;--bs-gray-800:#343a40;--bs-gray-900:#212529;--bs-primary:#0d6efd;--bs-secondary:#6c757d;--bs-success:#198754;--bs-info:#0dcaf0;--bs-warning:#ffc107;--bs-danger:#dc3545;--bs-light:#f8f9fa;--bs-dark:#212529;--bs-primary-rgb:13,110,253;--bs-secondary-rgb:108,117,125;--bs-success-rgb:25,135,84;--bs-info-rgb:13,202,240;--bs-warning-rgb:255,193,7;--bs-danger-r

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 13 x 13, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	276
Entropy (8bit):	5.44393413565082
Encrypted:	false
SSDEEP:	6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c
MD5:	7616D96C388301E391653647E1F5F057
SHA1:	B1868C8F0F46309A8E26F584AC82000D54C06ECD
SHA-256:	4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977
SHA-512:	C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/bel.png
Preview:	.PNG........IHDR.............E5.N...NPLTE...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff=u......tRNS..zS...G...j.."...)..m.....(....[IDATx.e.I.. .C......E..n...i..T..}.....M.jDCB....,.e.<lg@.O...:K.P.5J..C.g.[...k...W.s...1.t..r....IEND.B`.

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 1260, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	35689
Entropy (8bit):	7.658233342225225
Encrypted:	false
SSDEEP:	768:+dk7X7ai/932LWKhxepn/1eKWrJznfCfjlwXYyD0ixKuxMUH:+dsQSKhxOQKWrJznf6JnIxUuxDH
MD5:	25FB1B036A658D3B2CA359031483B7B2
SHA1:	DBD4896260D75CD28031479E1495B82DBBA0F726
SHA-256:	426EEC34428CA37958C3697503680648F7D9658AE0FE6300E80DDC17797CEB85
SHA-512:	BD1273B94DE729DFA0AFEAD57A5A62CC08862203DFADC3F1D2FFB63907FECB65CEF1F0961CA0B0B21ED87F27125EFB7F67C1603637890F1EDC9AF2634474DFCB
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/dm.png
Preview:	.PNG........IHDR..............m{C....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............IDATx...y..W]'..y.zM.b.Q.....a.#..e`.T.E3n.2H...CW.F).C.;...DE.\F.."..3,....*.$@.. {wW/U.....Y.rk..>..~." MU..]...=.I.............................................................................................................................`U.......>1I.~.H.&.....$.,.`.L.Y...........i.I...&.....6k.zc[...zcjnJSoJ[o..s9...xoj..K.....I.}....h....$.H..%..6.jj.J.rU..+._..e^...JS`....9.<!..>8iNI.)Mm.\KyPj....IN^.........=kv...Z...K.N..\QJ.o.+.ry.......:....0...`....)k.d.nk.lJi.\SNIrJ..Ro..55%..gV..u...,.W[...S..5.~2Z......LN_}.r..\..^.#k..y...'......X...>1u.DJ..i.).............Vm0.&.S2{..U.n.O..k..o.[m..#....I.....M.'..M.....L.J.......p...4.'R.7%....yXjNL.&.T.T,@=!.#k..,...u>...dzoI....M.'..KLl..hS`..w.....<"....%yx..$m.$UI..'$yTM.U.-...dr..I.xM.D.\|".\|"..\|U^.0..X.0.^t..3WOk.Vk9-%.%...0..;).].'.h..LN.-.\|.4.x..H..../....G.......~G...0..V....Gf

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (27265)
Category:	downloaded
Size (bytes):	27428
Entropy (8bit):	4.747313933055305
Encrypted:	false
SSDEEP:	384:ci5yWeTUKW+KlkJ5de2UYmydfwYUas8l8yQ/8c:3lr+Klk3YlKfwYUf8l8yQ/T
MD5:	FD1609EB97E739683ACF23120FD6F6C9
SHA1:	19B2E83FE8DF09B85E74835C398AEFEE816BDFCB
SHA-256:	CE26D1B76DAE2F3B5D0CCC8D0ECD88D2EDB411101B8A4C5EDC4D9AA7008C9B04
SHA-512:	2183FDCC8AEF88B15048E735EB2D588868AE4CAAD624B4C369F276402188CABA9C962065699798AA27BC4C18AE97E16BF8FCF219D762B73726AFB1A924BABCD2
Malicious:	false
Reputation:	low
URL:	https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/css/font-awesome.min.css
Preview:	/!. Font Awesome 4.5.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot');src:url('../fonts/fontawesome-webfont_1.eot#iefix&v=4.5.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2') format('woff2'),url('../fonts/fontawesome-webfont.woff') format('woff'),url('../fonts/fontawesome-webfont.ttf') format('truetype'),url('../images/fontawesome-webfont.svg#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571429em;text-align:center}.fa-ul{pa

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 1260, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	35689
Entropy (8bit):	7.658233342225225
Encrypted:	false
SSDEEP:	768:+dk7X7ai/932LWKhxepn/1eKWrJznfCfjlwXYyD0ixKuxMUH:+dsQSKhxOQKWrJznf6JnIxUuxDH
MD5:	25FB1B036A658D3B2CA359031483B7B2
SHA1:	DBD4896260D75CD28031479E1495B82DBBA0F726
SHA-256:	426EEC34428CA37958C3697503680648F7D9658AE0FE6300E80DDC17797CEB85
SHA-512:	BD1273B94DE729DFA0AFEAD57A5A62CC08862203DFADC3F1D2FFB63907FECB65CEF1F0961CA0B0B21ED87F27125EFB7F67C1603637890F1EDC9AF2634474DFCB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............m{C....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............IDATx...y..W]'..y.zM.b.Q.....a.#..e`.T.E3n.2H...CW.F).C.;...DE.\F.."..3,....*.$@.. {wW/U.....Y.rk..>..~." MU..]...=.I.............................................................................................................................`U.......>1I.~.H.&.....$.,.`.L.Y...........i.I...&.....6k.zc[...zcjnJSoJ[o..s9...xoj..K.....I.}....h....$.H..%..6.jj.J.rU..+._..e^...JS`....9.<!..>8iNI.)Mm.\KyPj....IN^.........=kv...Z...K.N..\QJ.o.+.ry.......:....0...`....)k.d.nk.lJi.\SNIrJ..Ro..55%..gV..u...,.W[...S..5.~2Z......LN_}.r..\..^.#k..y...'......X...>1u.DJ..i.).............Vm0.&.S2{..U.n.O..k..o.[m..#....I.....M.'..M.....L.J.......p...4.'R.7%....yXjNL.&.T.T,@=!.#k..,...u>...dzoI....M.'..KLl..hS`..w.....<"....%yx..$m.$UI..'$yTM.U.-...dr..I.xM.D.\|".\|"..\|U^.0..X.0.^t..3WOk.Vk9-%.%...0..;).].'.h..LN.-.\|.4.x..H..../....G.......~G...0..V....Gf

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	364
Entropy (8bit):	7.161449027375991
Encrypted:	false
SSDEEP:	6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
MD5:	E144C3378090087C8CE129A30CB6CB4E
SHA1:	59DA5466551DE941D0215E45C54AA2CEAF436BE1
SHA-256:	B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
SHA-512:	3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....\|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI\|...3MS0.,{.wq.w.$.>\|....0.u.{........IEND.B`.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 27, 2024 00:05:53.350132942 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 27, 2024 00:05:54.428219080 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 27, 2024 00:06:02.649133921 CEST	49733	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.649180889 CEST	443	49733	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.649240017 CEST	49733	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.649468899 CEST	49733	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.649499893 CEST	443	49733	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.683020115 CEST	49734	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.683048964 CEST	443	49734	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.683118105 CEST	49734	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.683768034 CEST	49735	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.683815002 CEST	443	49735	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.683880091 CEST	49735	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.684077024 CEST	49734	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.684103012 CEST	443	49734	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.684308052 CEST	49735	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.684339046 CEST	443	49735	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.915117979 CEST	443	49733	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.915304899 CEST	49733	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.915363073 CEST	443	49733	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.916363001 CEST	443	49733	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.916425943 CEST	49733	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.917429924 CEST	49733	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.917501926 CEST	443	49733	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.917692900 CEST	49733	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.917711973 CEST	443	49733	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.943155050 CEST	443	49735	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.943542957 CEST	49735	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.943555117 CEST	443	49735	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.944529057 CEST	443	49735	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.944605112 CEST	49735	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.944974899 CEST	443	49734	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.945585012 CEST	49735	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.945645094 CEST	443	49735	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.945882082 CEST	49735	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.945889950 CEST	443	49735	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.946167946 CEST	49734	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.946181059 CEST	443	49734	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.947602987 CEST	443	49734	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.947695017 CEST	49734	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.948096991 CEST	49734	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.948141098 CEST	49734	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:02.948185921 CEST	443	49734	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:02.990432978 CEST	49735	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.052884102 CEST	49733	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.052898884 CEST	49734	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.052910089 CEST	443	49734	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.162262917 CEST	49734	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.213742018 CEST	443	49733	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.213865042 CEST	443	49733	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.213932037 CEST	49733	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.213996887 CEST	443	49733	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.214946032 CEST	443	49733	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.215002060 CEST	49733	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.215075970 CEST	49733	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.215105057 CEST	443	49733	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.592577934 CEST	443	49734	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.592665911 CEST	49734	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.592747927 CEST	443	49734	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.592919111 CEST	443	49734	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.593137980 CEST	49734	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.593569040 CEST	49734	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.593596935 CEST	443	49734	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.593606949 CEST	49734	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.593683958 CEST	49734	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.596081018 CEST	49738	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.596115112 CEST	443	49738	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.596195936 CEST	49738	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.596434116 CEST	49738	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.596450090 CEST	443	49738	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.678584099 CEST	443	49735	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.678674936 CEST	443	49735	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.678674936 CEST	49735	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.678729057 CEST	49735	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.679399014 CEST	49735	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.679435015 CEST	443	49735	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.681108952 CEST	49739	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.681200981 CEST	443	49739	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.681284904 CEST	49739	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.681561947 CEST	49739	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.681577921 CEST	443	49739	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.862390995 CEST	443	49738	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.862709045 CEST	49738	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.862728119 CEST	443	49738	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.863006115 CEST	443	49738	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.863385916 CEST	49738	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.863439083 CEST	443	49738	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.863651037 CEST	49738	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.908121109 CEST	443	49738	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.941653967 CEST	443	49739	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.942123890 CEST	49739	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.942166090 CEST	443	49739	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.942954063 CEST	443	49739	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.943561077 CEST	49739	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.943628073 CEST	443	49739	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:03.943842888 CEST	49739	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:03.984139919 CEST	443	49739	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:04.098608971 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 27, 2024 00:06:04.126053095 CEST	443	49738	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:04.126094103 CEST	443	49738	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:04.126192093 CEST	443	49738	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:04.126204967 CEST	49738	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:04.126219988 CEST	443	49738	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:04.126267910 CEST	443	49738	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:04.126279116 CEST	49738	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:04.126326084 CEST	49738	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:04.203687906 CEST	443	49739	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:04.203727007 CEST	443	49739	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:04.203790903 CEST	443	49739	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:04.203799963 CEST	49739	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:04.203816891 CEST	443	49739	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:04.203898907 CEST	443	49739	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:04.203941107 CEST	49739	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:05.917365074 CEST	49738	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:05.917385101 CEST	443	49738	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:05.926527023 CEST	49739	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:05.926548004 CEST	443	49739	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:06.281853914 CEST	49741	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:06.281934023 CEST	443	49741	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:06.282007933 CEST	49741	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:06.282365084 CEST	49741	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:06.282398939 CEST	443	49741	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:06.541213989 CEST	443	49741	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:06.541599035 CEST	49741	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:06.541661978 CEST	443	49741	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:06.541992903 CEST	443	49741	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:06.542316914 CEST	49741	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:06.542390108 CEST	443	49741	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:06.661442041 CEST	49741	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:09.723707914 CEST	49743	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:09.723809958 CEST	443	49743	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:09.723890066 CEST	49743	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:09.728427887 CEST	49743	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:09.728466034 CEST	443	49743	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:10.046798944 CEST	443	49743	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:10.046881914 CEST	49743	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:10.052170992 CEST	49743	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:10.052217007 CEST	443	49743	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:10.052411079 CEST	443	49743	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:10.098627090 CEST	49743	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:10.550729036 CEST	49743	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:10.596116066 CEST	443	49743	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:10.706927061 CEST	443	49743	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:10.706988096 CEST	443	49743	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:10.709394932 CEST	49743	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:10.821367025 CEST	49743	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:10.821367025 CEST	49743	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:10.821402073 CEST	443	49743	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:10.821496964 CEST	443	49743	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:10.852838993 CEST	49744	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:10.852880955 CEST	443	49744	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:10.853081942 CEST	49744	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:10.853605032 CEST	49744	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:10.853634119 CEST	443	49744	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:11.167037010 CEST	443	49744	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:11.167134047 CEST	49744	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:11.168430090 CEST	49744	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:11.168446064 CEST	443	49744	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:11.168661118 CEST	443	49744	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:11.169629097 CEST	49744	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:11.212130070 CEST	443	49744	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:11.479202032 CEST	443	49744	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:11.479266882 CEST	443	49744	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:11.479334116 CEST	49744	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:12.634525061 CEST	49744	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:12.634573936 CEST	443	49744	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:12.634605885 CEST	49744	443	192.168.2.4	23.52.162.98
Apr 27, 2024 00:06:12.634624958 CEST	443	49744	23.52.162.98	192.168.2.4
Apr 27, 2024 00:06:16.556665897 CEST	443	49741	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:16.556714058 CEST	443	49741	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:16.556960106 CEST	49741	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:17.006470919 CEST	49741	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:06:17.006519079 CEST	443	49741	142.250.80.100	192.168.2.4
Apr 27, 2024 00:06:38.230036974 CEST	49769	443	192.168.2.4	172.67.208.186
Apr 27, 2024 00:06:38.230081081 CEST	443	49769	172.67.208.186	192.168.2.4
Apr 27, 2024 00:06:38.230149031 CEST	49769	443	192.168.2.4	172.67.208.186
Apr 27, 2024 00:06:38.230801105 CEST	49769	443	192.168.2.4	172.67.208.186
Apr 27, 2024 00:06:38.230827093 CEST	443	49769	172.67.208.186	192.168.2.4
Apr 27, 2024 00:06:38.429059029 CEST	443	49769	172.67.208.186	192.168.2.4
Apr 27, 2024 00:06:38.447140932 CEST	49769	443	192.168.2.4	172.67.208.186
Apr 27, 2024 00:06:38.447170973 CEST	443	49769	172.67.208.186	192.168.2.4
Apr 27, 2024 00:06:38.451097012 CEST	443	49769	172.67.208.186	192.168.2.4
Apr 27, 2024 00:06:38.451184034 CEST	49769	443	192.168.2.4	172.67.208.186
Apr 27, 2024 00:06:38.453207016 CEST	49769	443	192.168.2.4	172.67.208.186
Apr 27, 2024 00:06:38.453392029 CEST	443	49769	172.67.208.186	192.168.2.4
Apr 27, 2024 00:06:38.453689098 CEST	49769	443	192.168.2.4	172.67.208.186
Apr 27, 2024 00:06:38.453704119 CEST	443	49769	172.67.208.186	192.168.2.4
Apr 27, 2024 00:06:38.504779100 CEST	49769	443	192.168.2.4	172.67.208.186
Apr 27, 2024 00:06:38.820461988 CEST	443	49769	172.67.208.186	192.168.2.4
Apr 27, 2024 00:06:38.820708990 CEST	443	49769	172.67.208.186	192.168.2.4
Apr 27, 2024 00:06:38.820777893 CEST	49769	443	192.168.2.4	172.67.208.186
Apr 27, 2024 00:06:38.822309971 CEST	49769	443	192.168.2.4	172.67.208.186
Apr 27, 2024 00:06:38.822338104 CEST	443	49769	172.67.208.186	192.168.2.4
Apr 27, 2024 00:07:06.493402004 CEST	49805	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:07:06.493437052 CEST	443	49805	142.250.80.100	192.168.2.4
Apr 27, 2024 00:07:06.493496895 CEST	49805	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:07:06.493943930 CEST	49805	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:07:06.493959904 CEST	443	49805	142.250.80.100	192.168.2.4
Apr 27, 2024 00:07:06.764316082 CEST	443	49805	142.250.80.100	192.168.2.4
Apr 27, 2024 00:07:06.814112902 CEST	49805	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:07:06.892581940 CEST	49805	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:07:06.892595053 CEST	443	49805	142.250.80.100	192.168.2.4
Apr 27, 2024 00:07:06.893173933 CEST	443	49805	142.250.80.100	192.168.2.4
Apr 27, 2024 00:07:06.893460035 CEST	49805	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:07:06.893543005 CEST	443	49805	142.250.80.100	192.168.2.4
Apr 27, 2024 00:07:06.944294930 CEST	49805	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:07:12.425193071 CEST	49724	80	192.168.2.4	199.232.214.172
Apr 27, 2024 00:07:12.512130976 CEST	80	49724	199.232.214.172	192.168.2.4
Apr 27, 2024 00:07:12.512150049 CEST	80	49724	199.232.214.172	192.168.2.4
Apr 27, 2024 00:07:12.512217999 CEST	49724	80	192.168.2.4	199.232.214.172
Apr 27, 2024 00:07:16.776549101 CEST	443	49805	142.250.80.100	192.168.2.4
Apr 27, 2024 00:07:16.776714087 CEST	443	49805	142.250.80.100	192.168.2.4
Apr 27, 2024 00:07:16.776809931 CEST	49805	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:07:17.051136971 CEST	49805	443	192.168.2.4	142.250.80.100
Apr 27, 2024 00:07:17.051158905 CEST	443	49805	142.250.80.100	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 27, 2024 00:06:02.069892883 CEST	53	53461	1.1.1.1	192.168.2.4
Apr 27, 2024 00:06:02.070187092 CEST	53	58649	1.1.1.1	192.168.2.4
Apr 27, 2024 00:06:02.559509039 CEST	60862	53	192.168.2.4	1.1.1.1
Apr 27, 2024 00:06:02.559895039 CEST	58843	53	192.168.2.4	1.1.1.1
Apr 27, 2024 00:06:02.648377895 CEST	53	58843	1.1.1.1	192.168.2.4
Apr 27, 2024 00:06:02.648719072 CEST	53	60862	1.1.1.1	192.168.2.4
Apr 27, 2024 00:06:02.887984991 CEST	53	55100	1.1.1.1	192.168.2.4
Apr 27, 2024 00:06:20.032556057 CEST	53	50793	1.1.1.1	192.168.2.4
Apr 27, 2024 00:06:23.981733084 CEST	138	138	192.168.2.4	192.168.2.255
Apr 27, 2024 00:06:38.137485981 CEST	54849	53	192.168.2.4	1.1.1.1
Apr 27, 2024 00:06:38.137953997 CEST	52308	53	192.168.2.4	1.1.1.1
Apr 27, 2024 00:06:38.228784084 CEST	53	54849	1.1.1.1	192.168.2.4
Apr 27, 2024 00:06:38.229374886 CEST	53	52308	1.1.1.1	192.168.2.4
Apr 27, 2024 00:06:38.699729919 CEST	53	62744	1.1.1.1	192.168.2.4
Apr 27, 2024 00:06:40.480295897 CEST	53	55527	1.1.1.1	192.168.2.4
Apr 27, 2024 00:07:02.466926098 CEST	53	59777	1.1.1.1	192.168.2.4
Apr 27, 2024 00:07:06.982006073 CEST	53	51010	1.1.1.1	192.168.2.4
Apr 27, 2024 00:07:35.732465982 CEST	53	58368	1.1.1.1	192.168.2.4
Apr 27, 2024 00:07:37.118370056 CEST	53	56903	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 27, 2024 00:06:02.559509039 CEST	192.168.2.4	1.1.1.1	0x56c8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:06:02.559895039 CEST	192.168.2.4	1.1.1.1	0x20a0	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 27, 2024 00:06:38.137485981 CEST	192.168.2.4	1.1.1.1	0xe781	Standard query (0)	userstatics.com	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:06:38.137953997 CEST	192.168.2.4	1.1.1.1	0xb35c	Standard query (0)	userstatics.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 27, 2024 00:06:02.648377895 CEST	1.1.1.1	192.168.2.4	0x20a0	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 27, 2024 00:06:02.648719072 CEST	1.1.1.1	192.168.2.4	0x56c8	No error (0)	www.google.com		142.250.80.100	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:06:16.294321060 CEST	1.1.1.1	192.168.2.4	0xfffd	No error (0)	windowsupdatebg.s.llnwi.net		69.164.46.0	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:06:16.294321060 CEST	1.1.1.1	192.168.2.4	0xfffd	No error (0)	windowsupdatebg.s.llnwi.net		69.164.46.128	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:06:16.576998949 CEST	1.1.1.1	192.168.2.4	0x5118	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 27, 2024 00:06:16.576998949 CEST	1.1.1.1	192.168.2.4	0x5118	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:06:29.471023083 CEST	1.1.1.1	192.168.2.4	0x56ee	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 27, 2024 00:06:29.471023083 CEST	1.1.1.1	192.168.2.4	0x56ee	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:06:38.228784084 CEST	1.1.1.1	192.168.2.4	0xe781	No error (0)	userstatics.com		172.67.208.186	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:06:38.228784084 CEST	1.1.1.1	192.168.2.4	0xe781	No error (0)	userstatics.com		104.21.53.38	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:06:38.229374886 CEST	1.1.1.1	192.168.2.4	0xb35c	No error (0)	userstatics.com			65	IN (0x0001)	false
Apr 27, 2024 00:06:59.038130999 CEST	1.1.1.1	192.168.2.4	0x99e8	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 27, 2024 00:06:59.038130999 CEST	1.1.1.1	192.168.2.4	0x99e8	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

fs.microsoft.com

https:

userstatics.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	142.250.80.100	443	2992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 22:06:02 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 22:06:03 UTC	1703	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 22:06:03 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-gA3EV3ZhMvo3cAUJPaTccA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-26 22:06:03 UTC	809	IN	Data Raw: 33 32 32 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 74 61 6e 6c 65 79 20 63 75 70 20 70 6c 61 79 6f 66 66 73 20 62 72 61 63 6b 65 74 22 2c 22 6c 65 67 6f 20 61 72 74 65 6d 69 73 20 73 70 61 63 65 20 6c 61 75 6e 63 68 20 73 79 73 74 65 6d 22 2c 22 61 6d 65 72 69 63 61 6e 20 68 6f 72 72 6f 72 20 73 74 6f 72 79 20 64 65 6c 69 63 61 74 65 20 65 6e 64 69 6e 67 22 2c 22 6e 61 74 69 6f 6e 61 6c 20 70 72 65 74 7a 65 6c 20 64 61 79 20 66 72 65 65 20 70 72 65 74 7a 65 6c 73 22 2c 22 6e 61 73 61 20 6d 61 72 73 20 73 70 69 64 65 72 73 22 2c 22 64 61 6c 6c 61 73 20 6d 61 76 65 72 69 63 6b 73 20 63 6c 69 70 70 65 72 73 22 2c 22 6e 75 67 67 65 74 73 20 6c 61 6b 65 72 73 20 67 61 6d 65 20 33 22 2c 22 32 30 32 35 20 73 6f 63 69 61 6c 20 73 65 63 75 72 69 74 79 20 63 6f 6c Data Ascii: 322)]}'["",["stanley cup playoffs bracket","lego artemis space launch system","american horror story delicate ending","national pretzel day free pretzels","nasa mars spiders","dallas mavericks clippers","nuggets lakers game 3","2025 social security col
2024-04-26 22:06:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	142.250.80.100	443	2992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 22:06:02 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 22:06:03 UTC	1843	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgSaEMC5GMvKsLEGIjBHRHdJE6ghzf8mfvfPofxsaTUpWzmKAvEGzvlwRpPuC4Yun4piApo2xhWbfXnQQ6MyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIy8qwsQYQt7ucpAISBJoQwLk Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 26 Apr 2024 22:06:03 GMT Server: gws Content-Length: 458 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-26-22; expires=Sun, 26-May-2024 22:06:03 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=B0yEaRnFCc7xm8NoVmkknrhwfY4fIF2CkfjE4KCQBf9qlsNcG6YYuN5RBM-VQioeIAvr_zGZuNjp-l1HXoEYY9gMxVIXDKf8miSh_M95wqUXk4gAS7E2FhUVV4SVxYa6cx3cUBBeGZXtg0HFqLqsv3h99QjnCE23VZAScnCOSBE; expires=Sat, 26-Oct-2024 22:06:03 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 22:06:03 UTC	458	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49734	142.250.80.100	443	2992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 22:06:02 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 22:06:03 UTC	1761	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgSaEMC5GMvKsLEGIjAliRqXBqiywJ09NDXlXZC1_32rCKQf2V8WWexGFVCFsn9-M_2VOcnub8VVladM-fEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIy8qwsQYQlbyD_AESBJoQwLk Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 26 Apr 2024 22:06:03 GMT Server: gws Content-Length: 417 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-26-22; expires=Sun, 26-May-2024 22:06:03 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=aA3ulsYSbcJNi0dtoqfB9wfWxQ9TkB55q2_EKtBC9cau2kUiGWa497dr_g4A3jAjsNjZQa9jazNV2pI5TtxKHIXxZ_2gW6sA68MfT9oTcpezVnaccDyNsvO-PqmqGenMXu0gWRRP6Q_IWwJJIneTRbwppyVlVbghwHP0wu6zceU; expires=Sat, 26-Oct-2024 22:06:03 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 22:06:03 UTC	417	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49738	142.250.80.100	443	2992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 22:06:03 UTC	738	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgSaEMC5GMvKsLEGIjAliRqXBqiywJ09NDXlXZC1_32rCKQf2V8WWexGFVCFsn9-M_2VOcnub8VVladM-fEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-26-22; NID=513=aA3ulsYSbcJNi0dtoqfB9wfWxQ9TkB55q2_EKtBC9cau2kUiGWa497dr_g4A3jAjsNjZQa9jazNV2pI5TtxKHIXxZ_2gW6sA68MfT9oTcpezVnaccDyNsvO-PqmqGenMXu0gWRRP6Q_IWwJJIneTRbwppyVlVbghwHP0wu6zceU
2024-04-26 22:06:04 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 26 Apr 2024 22:06:04 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3113 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 22:06:04 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
2024-04-26 22:06:04 UTC	1255	IN	Data Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 61 39 63 69 44 67 73 65 37 35 64 37 57 46 4b 61 65 69 6e 5a 62 32 47 34 45 56 44 64 62 6a 49 2d 34 Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="a9ciDgse75d7WFKaeinZb2G4EVDdbjI-4
2024-04-26 22:06:04 UTC	959	IN	Data Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49739	142.250.80.100	443	2992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 22:06:03 UTC	920	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgSaEMC5GMvKsLEGIjBHRHdJE6ghzf8mfvfPofxsaTUpWzmKAvEGzvlwRpPuC4Yun4piApo2xhWbfXnQQ6MyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-26-22; NID=513=B0yEaRnFCc7xm8NoVmkknrhwfY4fIF2CkfjE4KCQBf9qlsNcG6YYuN5RBM-VQioeIAvr_zGZuNjp-l1HXoEYY9gMxVIXDKf8miSh_M95wqUXk4gAS7E2FhUVV4SVxYa6cx3cUBBeGZXtg0HFqLqsv3h99QjnCE23VZAScnCOSBE
2024-04-26 22:06:04 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 26 Apr 2024 22:06:04 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3185 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 22:06:04 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&asy
2024-04-26 22:06:04 UTC	1255	IN	Data Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 43 62 37 72 59 34 31 6e 49 Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="Cb7rY41nI
2024-04-26 22:06:04 UTC	1031	IN	Data Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49743	23.52.162.98	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 22:06:10 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 22:06:10 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0712) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=32258 Date: Fri, 26 Apr 2024 22:06:10 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49744	23.52.162.98	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 22:06:11 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 22:06:11 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=32257 Date: Fri, 26 Apr 2024 22:06:11 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 22:06:11 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49769	172.67.208.186	443	2992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 22:06:38 UTC	654	OUT	GET /get/script.js?referrer=https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html HTTP/1.1 Host: userstatics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://1st2844kxjperro04264.z31.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 22:06:38 UTC	823	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 22:06:38 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.2.1 Access-Control-Allow-Origin: https://1st2844kxjperro04264.z31.web.core.windows.net Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Credentials: true CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iyBb3I7ExlGzNBP41bQvq3gmS5CnL8bafBlOBmwBcKQNhRZUgtsIthUF0ANiJyN2NlrNOe1EcTfrxpS4usFCG749ha3e%2FZoKMSzltBN5SOzeJGHCBKLMfxIdLpr6yDsf%2Fqw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87a9e1933e060c80-EWR alt-svc: h3=":443"; ma=86400
2024-04-26 22:06:38 UTC	139	IN	Data Raw: 38 35 0d 0a 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 73 63 72 69 70 74 22 29 2e 66 6f 72 45 61 63 68 28 65 3d 3e 7b 6e 65 77 20 52 65 67 45 78 70 28 61 74 6f 62 28 22 64 58 4e 6c 63 6e 4e 30 59 58 52 70 59 33 4d 75 59 32 39 74 22 29 29 2e 74 65 73 74 28 65 2e 73 72 63 29 26 26 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 65 29 7d 29 3b 0d 0a Data Ascii: 85document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});
2024-04-26 22:06:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5348, Parent PID: 3664

General

Target ID:	0
Start time:	00:05:55
Start date:	27/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2992, Parent PID: 5348

General

Target ID:	2
Start time:	00:05:59
Start date:	27/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1964,i,11511140680443855159,11079496310096900804,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6256, Parent PID: 396

General

Target ID:	3
Start time:	00:06:00
Start date:	27/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6524, Parent PID: 6256

General

Target ID:	4
Start time:	00:06:01
Start date:	27/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=964 --field-trial-handle=1980,i,9163762504198558528,10251965592277980699,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6420, Parent PID: 3664

General

Target ID:	8
Start time:	00:06:27
Start date:	27/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Windows Analysis Report
https://1st2844kxjperro04264.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html