Edit tour

Windows Analysis Report
https://zatp6ncab.cc.rs6.net/tn.jsp?f=001cxnICqQ2JvPHh68sPy67JcA12wTozyZ6tUXkt2fZXwkdUYMtwupLT-S4xl9B8jrFTN2ypT6neP3NkCtT6T7jkLznqRZuYP8GDL9GeN2eBUzFDN-0RDFO77xH2Hs1dfopzmnxZo5nnmpQ5j86V7OAlkc5LTVsDC46&c=fACjGJy843O2qLhy_EDw1tXsObaS44Oax9jWi5hSnXgO6cOpWOdvvQ==&ch=uDRbqb-h-hxGIaPgl5mPd8lWnKQdGcMqD3sN

Overview

General Information

Sample URL:	https://zatp6ncab.cc.rs6.net/tn.jsp?f=001cxnICqQ2JvPHh68sPy67JcA12wTozyZ6tUXkt2fZXwkdUYMtwupLT-S4xl9B8jrFTN2ypT6neP3NkCtT6T7jkLznqRZuYP8GDL9GeN2eBUzFDN-0RDFO77xH2Hs1dfopzmnxZo5nnmpQ5j86V7OAlkc5LTVsDC4
Analysis ID:	1635703
Infos:

Detection

Score:	60
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Suricata IDS alerts for network traffic

HTML page contains obfuscated javascript

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6336 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6648 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1920,i,8619118891611207387,3269598719855546557,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1948 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5192 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://zatp6ncab.cc.rs6.net/tn.jsp?f=001cxnICqQ2JvPHh68sPy67JcA12wTozyZ6tUXkt2fZXwkdUYMtwupLT-S4xl9B8jrFTN2ypT6neP3NkCtT6T7jkLznqRZuYP8GDL9GeN2eBUzFDN-0RDFO77xH2Hs1dfopzmnxZo5nnmpQ5j86V7OAlkc5LTVsDC46&c=fACjGJy843O2qLhy_EDw1tXsObaS44Oax9jWi5hSnXgO6cOpWOdvvQ==&ch=uDRbqb-h-hxGIaPgl5mPd8lWnKQdGcMqD3sNOjiafZx2mj0NMDi8Mw==" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Suricata Signatures

ET EXPLOIT_KIT Malicious TA2726 TDS Domain in DNS Lookup (groundrats .org)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-11T22:43:01.541550+0100	2058147	1	Exploit Kit Activity Detected	192.168.2.4	50547	1.1.1.1	53	UDP
2025-03-11T22:43:01.542853+0100	2058147	1	Exploit Kit Activity Detected	192.168.2.4	55135	1.1.1.1	53	UDP

ET EXPLOIT_KIT Malicious TA2726 TDS Domain in TLS SNI (groundrats .org)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-11T22:43:06.711797+0100	2058148	1	Exploit Kit Activity Detected	192.168.2.4	49778	46.173.214.32	443	TCP

ETPRO EXPLOIT_KIT SocGholish Stage 3 Fake Update Payload M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-11T22:43:25.051791+0100	2852900	1	A Network Trojan was detected	185.76.79.50	443	192.168.2.4	49807	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-11T22:42:15.085308+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49717	104.26.13.205	443	TCP

HTTP traffic detected: POST /api/v1/tunings/xaCleGvcNk HTTP/1.1Host: api.userway.orgConnection: keep-aliveContent-Length: 123sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8sec-ch-ua-mobile: ?0Accept: */*Origin: https://allstareventsmiami.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 21:43:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 21:43:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 21:43:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: close

Source: chromecache_229.4.dr	String found in binary or memory: http://about.digg.com/downloads/button/smart
Source: chromecache_229.4.dr	String found in binary or memory: http://api.pinterest.com/v1/urls/count.json?url=
Source: chromecache_214.4.dr	String found in binary or memory: http://assets.pinterest.com/js/pinit.js
Source: chromecache_210.4.dr	String found in binary or memory: http://blazemag.themeflames.com
Source: chromecache_224.4.dr, chromecache_162.4.dr, chromecache_163.4.dr, chromecache_150.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: chromecache_224.4.dr, chromecache_162.4.dr, chromecache_163.4.dr, chromecache_150.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: chromecache_229.4.dr	String found in binary or memory: http://cdn.api.twitter.com/1/urls/count.json?url=
Source: chromecache_139.4.dr, chromecache_238.4.dr, chromecache_147.4.dr	String found in binary or memory: http://codetemp.com
Source: chromecache_179.4.dr, chromecache_143.4.dr	String found in binary or memory: http://creativecommons.org/ns#
Source: chromecache_224.4.dr, chromecache_162.4.dr, chromecache_163.4.dr, chromecache_150.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: chromecache_224.4.dr, chromecache_162.4.dr, chromecache_163.4.dr, chromecache_150.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: chromecache_224.4.dr, chromecache_162.4.dr, chromecache_163.4.dr, chromecache_150.4.dr	String found in binary or memory: http://cv.iptc.org/newscodes/digitalsourcetype/compositeWithTrainedAlgorithmicMedia
Source: chromecache_229.4.dr	String found in binary or memory: http://developer.linkedin.com/plugins/share-button
Source: chromecache_229.4.dr	String found in binary or memory: http://digg.com/submit?url=
Source: chromecache_229.4.dr	String found in binary or memory: http://digg.com/tools/diggthis/submit?url=
Source: chromecache_229.4.dr	String found in binary or memory: http://feeds.delicious.com/v2/json/urlinfo/data?url=
Source: chromecache_170.4.dr	String found in binary or memory: http://jquery.malsup.com/cycle2/
Source: chromecache_170.4.dr	String found in binary or memory: http://jquery.malsup.com/cycle2/api
Source: chromecache_195.4.dr	String found in binary or memory: http://malsup.com/jquery/form/
Source: chromecache_224.4.dr, chromecache_162.4.dr, chromecache_163.4.dr, chromecache_150.4.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: chromecache_224.4.dr, chromecache_162.4.dr, chromecache_163.4.dr, chromecache_150.4.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: chromecache_229.4.dr	String found in binary or memory: http://pinterest.com/about/goodies/
Source: chromecache_229.4.dr	String found in binary or memory: http://pinterest.com/pin/create/button/?url=
Source: chromecache_224.4.dr, chromecache_162.4.dr, chromecache_163.4.dr, chromecache_150.4.dr	String found in binary or memory: http://pki-crl.symauth.com/ca_7a5c3a0c73117406add19312bc1bc23f/LatestCRL.crl07
Source: chromecache_224.4.dr, chromecache_162.4.dr, chromecache_163.4.dr, chromecache_150.4.dr	String found in binary or memory: http://pki-ocsp.symauth.com0
Source: chromecache_229.4.dr	String found in binary or memory: http://services.digg.com/2.0/story.getInfo?links=
Source: chromecache_229.4.dr	String found in binary or memory: http://stackoverflow.com/q/6536108
Source: chromecache_210.4.dr	String found in binary or memory: http://themeforest.net/licenses/regular_extended
Source: chromecache_229.4.dr	String found in binary or memory: http://twitter.com/about/resources/tweetbutton
Source: chromecache_157.4.dr, chromecache_194.4.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_182.4.dr	String found in binary or memory: http://www.codylindley.com)
Source: chromecache_229.4.dr	String found in binary or memory: http://www.delicious.com/save?v=5&noui&jump=close&url=
Source: chromecache_229.4.dr	String found in binary or memory: http://www.delicious.com/static/img/delicious.small.gif
Source: chromecache_258.4.dr	String found in binary or memory: http://www.gnu.org/licenses/
Source: chromecache_229.4.dr	String found in binary or memory: http://www.google.com/webmasters/
Source: chromecache_229.4.dr	String found in binary or memory: http://www.linkedin.com/countserv/count/share?format=jsonp&url=
Source: chromecache_182.4.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_229.4.dr	String found in binary or memory: http://www.stumbleupon.com/badge/?url=
Source: chromecache_229.4.dr	String found in binary or memory: http://www.stumbleupon.com/badges/
Source: chromecache_229.4.dr	String found in binary or memory: http://www.stumbleupon.com/services/1.01/badge.getinfo?url=
Source: chromecache_210.4.dr	String found in binary or memory: http://www.themeforest.net/user/ThemeFlames
Source: chromecache_145.4.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_187.4.dr	String found in binary or memory: https://allstareventsmiami.com/wp-content/plugins/CTF_kodda_menu_3//standard/css/pie/PIE.php);
Source: chromecache_206.4.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_214.4.dr	String found in binary or memory: https://apis.google.com/js/plusone.js
Source: chromecache_145.4.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_253.4.dr	String found in binary or memory: https://cdn.userway.org/
Source: chromecache_199.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/adventpro/v28/V8mqoQfxVT4Dvddr_yOwrzaFxV7JtdQgFqXdUAQrGp_zgX5sWCpLQyN_RZ
Source: chromecache_199.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/adventpro/v28/V8mqoQfxVT4Dvddr_yOwrzaFxV7JtdQgFqXdUAQrGp_zgX5sWCpLQyN_Rp
Source: chromecache_199.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/adventpro/v28/V8mqoQfxVT4Dvddr_yOwrzaFxV7JtdQgFqXdUAQrGp_zgX5sWCpLQyN_S5
Source: chromecache_199.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/adventpro/v28/V8mqoQfxVT4Dvddr_yOwrzaFxV7JtdQgFqXdUAQrGp_zgX5sWCpLQyN_SJ
Source: chromecache_199.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/adventpro/v28/V8mqoQfxVT4Dvddr_yOwrzaFxV7JtdQgFqXdUAQrGp_zgX5sWCpLQyN_T5
Source: chromecache_155.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/alfaslabone/v19/6NUQ8FmMKwSEKjnm5-4v-4Jh2d1he-Wv.woff2)
Source: chromecache_155.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/alfaslabone/v19/6NUQ8FmMKwSEKjnm5-4v-4Jh2dJhew.woff2)
Source: chromecache_155.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/alfaslabone/v19/6NUQ8FmMKwSEKjnm5-4v-4Jh2dxhe-Wv.woff2)
Source: chromecache_246.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/carroisgothic/v16/Z9XPDmFATg-N1PLtLOOxvIHl9amE1C8.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/indieflower/v22/m8JVjfNVeKWVnh3QMuKkFcZVZ0uH5dI.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/indieflower/v22/m8JVjfNVeKWVnh3QMuKkFcZVaUuH.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u-w4BMUTPHjxsIPx-mPCLQ7A.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u-w4BMUTPHjxsIPx-oPCI.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u8w4BMUTPHh30AUi-qJCY.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u8w4BMUTPHh30AXC-q.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u8w4BMUTPHjxsAUi-qJCY.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u8w4BMUTPHjxsAXC-q.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwaPGR_p.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwaPGR_p.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwaPGR_p.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u_w4BMUTPHjxsI3wi_FQft1dw.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u_w4BMUTPHjxsI3wi_Gwft.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u_w4BMUTPHjxsI5wq_FQft1dw.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u_w4BMUTPHjxsI5wq_Gwft.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u_w4BMUTPHjxsI9w2_FQft1dw.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u_w4BMUTPHjxsI9w2_Gwft.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjxAwXjeu.woff2)
Source: chromecache_233.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v28/ga6daw1J5X9T9RW6j9bNVls-hfgvz8JcMofYTYf-D33Esw.woff2)
Source: chromecache_233.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v28/ga6daw1J5X9T9RW6j9bNVls-hfgvz8JcMofYTYf0D33Esw.woff2)
Source: chromecache_233.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v28/ga6daw1J5X9T9RW6j9bNVls-hfgvz8JcMofYTYf1D33Esw.woff2)
Source: chromecache_233.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v28/ga6daw1J5X9T9RW6j9bNVls-hfgvz8JcMofYTYf2D33Esw.woff2)
Source: chromecache_233.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v28/ga6daw1J5X9T9RW6j9bNVls-hfgvz8JcMofYTYf3D33Esw.woff2)
Source: chromecache_233.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v28/ga6daw1J5X9T9RW6j9bNVls-hfgvz8JcMofYTYf5D33Esw.woff2)
Source: chromecache_233.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v28/ga6daw1J5X9T9RW6j9bNVls-hfgvz8JcMofYTYf6D30.woff2)
Source: chromecache_233.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v28/ga6faw1J5X9T9RW6j9bNfFIMZhhWnFTyNZIQD1-_P3Dct-FG.woff2)
Source: chromecache_233.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v28/ga6faw1J5X9T9RW6j9bNfFIMZhhWnFTyNZIQD1-_P3Hct-FG.woff2)
Source: chromecache_233.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v28/ga6faw1J5X9T9RW6j9bNfFIMZhhWnFTyNZIQD1-_P3Lct-FG.woff2)
Source: chromecache_233.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v28/ga6faw1J5X9T9RW6j9bNfFIMZhhWnFTyNZIQD1-_P3Pct-FG.woff2)
Source: chromecache_233.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v28/ga6faw1J5X9T9RW6j9bNfFIMZhhWnFTyNZIQD1-_P3_ctw.woff2)
Source: chromecache_233.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v28/ga6faw1J5X9T9RW6j9bNfFIMZhhWnFTyNZIQD1-_P3vct-FG.woff2)
Source: chromecache_233.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v28/ga6faw1J5X9T9RW6j9bNfFIMZhhWnFTyNZIQD1-_P3zct-FG.woff2)
Source: chromecache_191.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI
Source: chromecache_191.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4iaVI
Source: chromecache_191.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4jaVI
Source: chromecache_191.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4kaVI
Source: chromecache_191.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4saVI
Source: chromecache_191.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4taVI
Source: chromecache_191.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4uaVI
Source: chromecache_191.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4vaVI
Source: chromecache_191.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B5OaVI
Source: chromecache_191.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B5caVI
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqW106F15M.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWt06F15M.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtE6F15M.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtU6F15M.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtk6F15M.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWu06F15M.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuk6F15M.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWvU6F15M.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWxU6F15M.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_185.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDuHMR6WR.woff2
Source: chromecache_185.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDuXMRw.woff2)
Source: chromecache_185.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDubMR6WR.woff2
Source: chromecache_185.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDujMR6WR.woff2
Source: chromecache_185.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDunMR6WR.woff2
Source: chromecache_185.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDurMR6WR.woff2
Source: chromecache_185.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDuvMR6WR.woff2
Source: chromecache_185.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDuHMR6WR.woff2
Source: chromecache_185.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDuXMRw.woff2)
Source: chromecache_185.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDubMR6WR.woff2
Source: chromecache_185.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDujMR6WR.woff2
Source: chromecache_185.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDunMR6WR.woff2
Source: chromecache_185.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDurMR6WR.woff2
Source: chromecache_185.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDuvMR6WR.woff2
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752FD8Ghe4.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752Fj8Ghe4.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752Fz8Ghe4.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2)
Source: chromecache_256.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752HT8Ghe4.woff2)
Source: chromecache_195.4.dr	String found in binary or memory: https://github.com/malsup/form
Source: chromecache_195.4.dr	String found in binary or memory: https://github.com/malsup/form#copyright-and-license
Source: chromecache_235.4.dr, chromecache_232.4.dr, chromecache_211.4.dr, chromecache_130.4.dr	String found in binary or memory: https://layerslider.com/
Source: chromecache_235.4.dr, chromecache_232.4.dr, chromecache_211.4.dr, chromecache_130.4.dr	String found in binary or memory: https://layerslider.com/licensing/
Source: chromecache_145.4.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_145.4.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_229.4.dr	String found in binary or memory: https://plus.google.com/share?hl=
Source: chromecache_145.4.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_145.4.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_206.4.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_206.4.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_145.4.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_229.4.dr	String found in binary or memory: https://twitter.com/intent/tweet?text=
Source: chromecache_229.4.dr	String found in binary or memory: https://twitter.com/share
Source: chromecache_206.4.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_206.4.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_206.4.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_145.4.dr	String found in binary or memory: https://www.google.com
Source: chromecache_206.4.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_145.4.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_145.4.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_145.4.dr	String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_206.4.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_145.4.dr	String found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: chromecache_229.4.dr	String found in binary or memory: https://www.linkedin.com/cws/share?url=
Source: chromecache_145.4.dr	String found in binary or memory: https://www.merchant-center-analytics.goog

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.37:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.37:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.37:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.208.236.37:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 46.173.214.32:443 -> 192.168.2.4:49778 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6336_1636749315

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6336_1636749315

Jump to behavior

Source: classification engine

Classification label: mal60.phis.win@23/248@44/18

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\7f8de4d0-317b-4973-a243-427e7c1f19b1.tmp

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1920,i,8619118891611207387,3269598719855546557,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1948 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://zatp6ncab.cc.rs6.net/tn.jsp?f=001cxnICqQ2JvPHh68sPy67JcA12wTozyZ6tUXkt2fZXwkdUYMtwupLT-S4xl9B8jrFTN2ypT6neP3NkCtT6T7jkLznqRZuYP8GDL9GeN2eBUzFDN-0RDFO77xH2Hs1dfopzmnxZo5nnmpQ5j86V7OAlkc5LTVsDC46&c=fACjGJy843O2qLhy_EDw1tXsObaS44Oax9jWi5hSnXgO6cOpWOdvvQ==&ch=uDRbqb-h-hxGIaPgl5mPd8lWnKQdGcMqD3sNOjiafZx2mj0NMDi8Mw=="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1920,i,8619118891611207387,3269598719855546557,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1948 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Source: https://virtual.urban-orthodontics.com/OC7dn0MMvvZcDOetDh3xvUtauO8aFP/zWUC59lZJguxMT6nsGgL/7EwM560UDK+9Agy39EJYqv1PQLnwWUunvUU=	Avira URL Cloud: Label: malware
Source: https://virtual.urban-orthodontics.com/pGEA2N9DY7HAQzrqklIs+tcVZaiGWyK0xQ9kscoGX6vQAHSrhk0iq9BDOuuIQ3L6nkNtvNwVYq7AG2m9xgts+tk=	Avira URL Cloud: Label: malware
Source: https://virtual.urban-orthodontics.com/fAghFAcqQn0YKhsmSjsNNg98RGReMgN4HWZFfRJvfnIVZEQ2UCpTNkYqRXsEYkI2AQ==	Avira URL Cloud: Label: malware
Source: https://virtual.urban-orthodontics.com/iVvJ6/J5qoLtefPZv2jlyfovrJurYeuH6DWtguc8lpj9Or2Yq3frmP1589qlebvJs3mkiuUiq43zKb+D/Tq6gOY965Y=	Avira URL Cloud: Label: malware
Source: https://virtual.urban-orthodontics.com/GfWHlWLX5Px9172nL8art2qB4uU7z6X0d5Tr7GOQ2PNp16u3a9e9t3GQ8+Nsk/63ZA==	Avira URL Cloud: Label: malware

Source: Network traffic	Suricata IDS: 2058147 - Severity 1 - ET EXPLOIT_KIT Malicious TA2726 TDS Domain in DNS Lookup (groundrats .org) : 192.168.2.4:50547 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058147 - Severity 1 - ET EXPLOIT_KIT Malicious TA2726 TDS Domain in DNS Lookup (groundrats .org) : 192.168.2.4:55135 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058148 - Severity 1 - ET EXPLOIT_KIT Malicious TA2726 TDS Domain in TLS SNI (groundrats .org) : 192.168.2.4:49778 -> 46.173.214.32:443
Source: Network traffic	Suricata IDS: 2852900 - Severity 1 - ETPRO EXPLOIT_KIT SocGholish Stage 3 Fake Update Payload M3 : 185.76.79.50:443 -> 192.168.2.4:49807

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.71
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.71
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: AutoItHost: api.ipify.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: AutoItHost: api.ipify.org
Source: global traffic	HTTP traffic detected: GET /api/json/ip/5SPfwvEV3gwc55pvxBQOnjhEt01fgi0C/173.20.107.78 HTTP/1.1User-Agent: AutoItHost: ipqualityscore.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /tn.jsp?f=001cxnICqQ2JvPHh68sPy67JcA12wTozyZ6tUXkt2fZXwkdUYMtwupLT-S4xl9B8jrFTN2ypT6neP3NkCtT6T7jkLznqRZuYP8GDL9GeN2eBUzFDN-0RDFO77xH2Hs1dfopzmnxZo5nnmpQ5j86V7OAlkc5LTVsDC46&c=fACjGJy843O2qLhy_EDw1tXsObaS44Oax9jWi5hSnXgO6cOpWOdvvQ==&ch=uDRbqb-h-hxGIaPgl5mPd8lWnKQdGcMqD3sNOjiafZx2mj0NMDi8Mw== HTTP/1.1Host: zatp6ncab.cc.rs6.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /widget.js HTTP/1.1Host: cdn.userway.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /widgetapp/2025-03-11-08-31-12/widget_app_base_1741681872888.js HTTP/1.1Host: cdn.userway.orgConnection: keep-aliveOrigin: https://allstareventsmiami.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /include/iotracking.php HTTP/1.1Host: www.inflatableoffice.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /include/iotracking.php HTTP/1.1Host: rental.softwareConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /widgetapp/2025-03-11-08-31-12/locales/en-US.json HTTP/1.1Host: cdn.userway.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://allstareventsmiami.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SzlpnTAbCvQvG1OvfQpFvzkbU78xQAX7O1sfvzY= HTTP/1.1Host: virtual.urban-orthodontics.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /styles/2025-03-11-08-31-12/widget_base.css?v=1741681872888 HTTP/1.1Host: cdn.userway.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /widgetapp/2025-03-11-08-31-12/remediation/remediation_1741681872888.js HTTP/1.1Host: cdn.userway.orgConnection: keep-aliveOrigin: https://allstareventsmiami.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v1/tunings/xaCleGvcNk HTTP/1.1Host: api.userway.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /include/iotracking.php HTTP/1.1Host: rental.softwareConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: guid=67d0ae6c0b8a6
Source: global traffic	HTTP traffic detected: GET /widgetapp/2025-03-11-08-31-12/locales/en-US.json HTTP/1.1Host: cdn.userway.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /widgetapp/images/body_wh.svg HTTP/1.1Host: cdn.userway.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /widgetapp/images/spin_wh.svg HTTP/1.1Host: cdn.userway.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /widgetapp/images/body_wh.svg HTTP/1.1Host: cdn.userway.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /widgetapp/images/spin_wh.svg HTTP/1.1Host: cdn.userway.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /GfWHlWLX5Px9172nL8art2qB4uU7z6X0d5Tr7GOQ2PNp16u3a9e9t3GQ8+Nsk/63ZA== HTTP/1.1Host: virtual.urban-orthodontics.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/a11y-data/v0/page/https%3A%2F%2Fallstareventsmiami.com%2F/DESKTOP/WIDGET_OFF/status HTTP/1.1Host: api.userway.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://allstareventsmiami.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/a11y-data/v0/page/https%3A%2F%2Fallstareventsmiami.com%2F/DESKTOP/WIDGET_OFF/status HTTP/1.1Host: api.userway.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fAghFAcqQn0YKhsmSjsNNg98RGReMgN4HWZFfRJvfnIVZEQ2UCpTNkYqRXsEYkI2AQ== HTTP/1.1Host: virtual.urban-orthodontics.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /iVvJ6/J5qoLtefPZv2jlyfovrJurYeuH6DWtguc8lpj9Or2Yq3frmP1589qlebvJs3mkiuUiq43zKb+D/Tq6gOY965Y= HTTP/1.1Host: virtual.urban-orthodontics.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /iVvJ6/J5qoLtefPZv2jlyfovrJurYeuH6DWtguc8lpj9Or2Yq3frmP1589qlebvJs3mkiuUiq43zKb+D/Tq6gOY965Y= HTTP/1.1Host: virtual.urban-orthodontics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /OC7dn0MMvvZcDOetDh3xvUtauO8aFP/zWUC59lZJguxMT6nsGgL/7EwM560UDK+9Agy39EJYqv1PQLnwWUunvUU= HTTP/1.1Host: virtual.urban-orthodontics.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pGEA2N9DY7HAQzrqklIs+tcVZaiGWyK0xQ9kscoGX6vQAHSrhk0iq9BDOuuIQ3L6nkNtvNwVYq7AG2m9xgts+tk= HTTP/1.1Host: virtual.urban-orthodontics.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://allstareventsmiami.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /OC7dn0MMvvZcDOetDh3xvUtauO8aFP/zWUC59lZJguxMT6nsGgL/7EwM560UDK+9Agy39EJYqv1PQLnwWUunvUU= HTTP/1.1Host: virtual.urban-orthodontics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pGEA2N9DY7HAQzrqklIs+tcVZaiGWyK0xQ9kscoGX6vQAHSrhk0iq9BDOuuIQ3L6nkNtvNwVYq7AG2m9xgts+tk= HTTP/1.1Host: virtual.urban-orthodontics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: allstareventsmiami.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_229.4.dr	String found in binary or memory: window.open("http://www.facebook.com/sharer/sharer.php?u="+encodeURIComponent((opt.buttons.facebook.url !== '' ? opt.buttons.facebook.url : opt.url))+"&t="+opt.text+"", "", "toolbar=0, status=0, width=900, height=500"); equals www.facebook.com (Facebook)
Source: chromecache_229.4.dr	String found in binary or memory: window.open('https://www.linkedin.com/cws/share?url='+encodeURIComponent((opt.buttons.delicious.url !== '' ? opt.buttons.delicious.url : opt.url))+'&token=&isFramed=true', 'linkedin', 'toolbar=no,width=550,height=550'); equals www.linkedin.com (Linkedin)
Source: chromecache_229.4.dr	String found in binary or memory: linkedin: "http://www.linkedin.com/countserv/count/share?format=jsonp&url={url}&callback=?", equals www.linkedin.com (Linkedin)
Source: chromecache_145.4.dr	String found in binary or memory: return f}yG.K="internal.enableAutoEventOnTimer";var cc=wa(["data-gtm-yt-inspected-"]),AG=["www.youtube.com","www.youtube-nocookie.com"],BG,CG=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: zatp6ncab.cc.rs6.net
Source: global traffic	DNS traffic detected: DNS query: allstareventsmiami.com
Source: global traffic	DNS traffic detected: DNS query: cdn.userway.org
Source: global traffic	DNS traffic detected: DNS query: use.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: s.w.org
Source: global traffic	DNS traffic detected: DNS query: www.inflatableoffice.com
Source: global traffic	DNS traffic detected: DNS query: connect.livechatinc.com
Source: global traffic	DNS traffic detected: DNS query: groundrats.org
Source: global traffic	DNS traffic detected: DNS query: api.userway.org
Source: global traffic	DNS traffic detected: DNS query: rental.software
Source: global traffic	DNS traffic detected: DNS query: cdn.livechatinc.com
Source: global traffic	DNS traffic detected: DNS query: virtual.urban-orthodontics.com
Source: global traffic	DNS traffic detected: DNS query: api.livechatinc.com
Source: global traffic	DNS traffic detected: DNS query: secure.livechatinc.com