Play interactive tour

Edit tour

Windows Analysis Report http://www.ichiban.menu/menu-teppanyaki/

Overview

General Information

Sample URL:	http://www.ichiban.menu/menu-teppanyaki/
Analysis ID:	458981
Infos:
Most interesting Screenshot:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Found iframes

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 752 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'http://www.ichiban.menu/menu-teppanyaki/' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 4720 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,16433198126318794357,6094034236782199136,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1704 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://www.ichiban.menu/menu-teppanyaki/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-M4B3WHH
Source: http://www.ichiban.menu/menu-teppanyaki/	HTTP Parser: Iframe src: https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d1576.8028902007743!2d145.16554316794347!3d-37.77584079786201!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0xca0290e5e494d84e!2sYamagata+Teppanyaki+Japanese+Restaurant!5e0!3m2!1sen!2sau!4v1501640073264
Source: http://www.ichiban.menu/menu-teppanyaki/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-M4B3WHH
Source: http://www.ichiban.menu/menu-teppanyaki/	HTTP Parser: Iframe src: https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d1576.8028902007743!2d145.16554316794347!3d-37.77584079786201!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0xca0290e5e494d84e!2sYamagata+Teppanyaki+Japanese+Restaurant!5e0!3m2!1sen!2sau!4v1501640073264
Source: http://www.ichiban.menu/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-M4B3WHH
Source: http://www.ichiban.menu/	HTTP Parser: Iframe src: https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d1576.8028902007743!2d145.16554316794347!3d-37.77584079786201!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0xca0290e5e494d84e!2sYamagata+Teppanyaki+Japanese+Restaurant!5e0!3m2!1sen!2sau!4v1501640073264
Source: http://www.ichiban.menu/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-M4B3WHH
Source: http://www.ichiban.menu/	HTTP Parser: Iframe src: https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d1576.8028902007743!2d145.16554316794347!3d-37.77584079786201!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0xca0290e5e494d84e!2sYamagata+Teppanyaki+Japanese+Restaurant!5e0!3m2!1sen!2sau!4v1501640073264
Source: http://www.ichiban.menu/about/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-M4B3WHH
Source: http://www.ichiban.menu/about/	HTTP Parser: Iframe src: https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d1576.8028902007743!2d145.16554316794347!3d-37.77584079786201!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0xca0290e5e494d84e!2sYamagata+Teppanyaki+Japanese+Restaurant!5e0!3m2!1sen!2sau!4v1501640073264
Source: http://www.ichiban.menu/gallery/teppanyaki/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-M4B3WHH
Source: http://www.ichiban.menu/gallery/teppanyaki/	HTTP Parser: Iframe src: https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d1576.8028902007743!2d145.16554316794347!3d-37.77584079786201!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0xca0290e5e494d84e!2sYamagata+Teppanyaki+Japanese+Restaurant!5e0!3m2!1sen!2sau!4v1501640073264
Source: http://www.ichiban.menu/menu/takeaway/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-M4B3WHH
Source: http://www.ichiban.menu/menu/takeaway/	HTTP Parser: Iframe src: https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d1576.8028902007743!2d145.16554316794347!3d-37.77584079786201!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0xca0290e5e494d84e!2sYamagata+Teppanyaki+Japanese+Restaurant!5e0!3m2!1sen!2sau!4v1501640073264
Source: http://www.ichiban.menu/reservations/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-M4B3WHH
Source: http://www.ichiban.menu/reservations/	HTTP Parser: Iframe src: https://booking-widget.quandoo.com.au/iframe.html?agentId=2&merchantId=53825&origin=http%3A%2F%2Fwww.ichiban.menu&path=https%3A%2F%2Fbooking-widget.quandoo.com%2F&theme=light
Source: http://www.ichiban.menu/reservations/	HTTP Parser: Iframe src: https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d1576.8028902007743!2d145.16554316794347!3d-37.77584079786201!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0xca0290e5e494d84e!2sYamagata+Teppanyaki+Japanese+Restaurant!5e0!3m2!1sen!2sau!4v1501640073264

Source: http://www.ichiban.menu/menu-teppanyaki/	HTTP Parser: HTML title missing
Source: http://www.ichiban.menu/menu-teppanyaki/	HTTP Parser: HTML title missing
Source: http://www.ichiban.menu/	HTTP Parser: HTML title missing
Source: http://www.ichiban.menu/	HTTP Parser: HTML title missing
Source: http://www.ichiban.menu/about/	HTTP Parser: HTML title missing
Source: http://www.ichiban.menu/gallery/teppanyaki/	HTTP Parser: HTML title missing
Source: http://www.ichiban.menu/menu/takeaway/	HTTP Parser: HTML title missing
Source: http://www.ichiban.menu/reservations/	HTTP Parser: HTML title missing

Source: http://www.ichiban.menu/menu-teppanyaki/	HTTP Parser: Has password / email / username input fields
Source: http://www.ichiban.menu/menu-teppanyaki/	HTTP Parser: Has password / email / username input fields
Source: http://www.ichiban.menu/	HTTP Parser: Has password / email / username input fields
Source: http://www.ichiban.menu/	HTTP Parser: Has password / email / username input fields
Source: http://www.ichiban.menu/about/	HTTP Parser: Has password / email / username input fields
Source: http://www.ichiban.menu/gallery/teppanyaki/	HTTP Parser: Has password / email / username input fields
Source: http://www.ichiban.menu/menu/takeaway/	HTTP Parser: Has password / email / username input fields
Source: http://www.ichiban.menu/reservations/	HTTP Parser: Has password / email / username input fields

Source: http://www.ichiban.menu/menu-teppanyaki/	HTTP Parser: No <meta name="author".. found
Source: http://www.ichiban.menu/menu-teppanyaki/	HTTP Parser: No <meta name="author".. found
Source: http://www.ichiban.menu/	HTTP Parser: No <meta name="author".. found
Source: http://www.ichiban.menu/	HTTP Parser: No <meta name="author".. found
Source: http://www.ichiban.menu/about/	HTTP Parser: No <meta name="author".. found
Source: http://www.ichiban.menu/gallery/teppanyaki/	HTTP Parser: No <meta name="author".. found
Source: http://www.ichiban.menu/menu/takeaway/	HTTP Parser: No <meta name="author".. found
Source: http://www.ichiban.menu/reservations/	HTTP Parser: No <meta name="author".. found

Source: http://www.ichiban.menu/menu-teppanyaki/	HTTP Parser: No <meta name="copyright".. found
Source: http://www.ichiban.menu/menu-teppanyaki/	HTTP Parser: No <meta name="copyright".. found
Source: http://www.ichiban.menu/	HTTP Parser: No <meta name="copyright".. found
Source: http://www.ichiban.menu/	HTTP Parser: No <meta name="copyright".. found
Source: http://www.ichiban.menu/about/	HTTP Parser: No <meta name="copyright".. found
Source: http://www.ichiban.menu/gallery/teppanyaki/	HTTP Parser: No <meta name="copyright".. found
Source: http://www.ichiban.menu/menu/takeaway/	HTTP Parser: No <meta name="copyright".. found
Source: http://www.ichiban.menu/reservations/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: unknown	HTTPS traffic detected: 52.218.20.156:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.167.90.204:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.167.90.204:443 -> 192.168.2.3:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.218.20.156:443 -> 192.168.2.3:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.213.64.175:443 -> 192.168.2.3:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.184.78:443 -> 192.168.2.3:49889 version: TLS 1.2

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Aug 2021 22:15:33 GMTServer: ApacheVary: Accept-Encoding,CookieUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Tue, 03 Aug 2021 20:35:45 GMTETag: "de26-5c8ada157a219"Accept-Ranges: bytesContent-Length: 56870Cache-Control: max-age=0, publicExpires: Tue, 03 Aug 2021 22:15:33 GMTReferrer-Policy: X-Powered-By: W3 Total Cache/0.15.1Pragma: publicKeep-Alive: timeout=5, max=100Content-Type: text/html; charset=UTF-8Content-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 ec fd eb 76 db b8 b2 30 8a fe de 19 63 bf 03 57 7a f4 ea 4e 47 92 45 ea 6e cf 64 2d db b1 1d 27 71 9c 9b e3 d8 73 f6 e9 41 91 94 c4 98 12 15 92 f2 75 7b 8f fd 1a e7 df 79 96 73 de e4 3c c9 c6 95 c4 a5 40 52 ee f4 65 ee 6f b5 db 8e 04 14 80 42 a1 50 28 14 0a 85 7f fc c7 8b e3 dd 4f 67 ef f6 ac 59 36 8f 9e ff 03 ff b5 22 77 31 7d f6 38 58 3c b6 96 49 30 09 af 9f 3d 8e a7 9b 08 20 5b 6e 6e 6c c4 d3 65 6b 1e 6c 2c d2 1f 1e 23 f0 c0 f5 9f 5b ff f8 8f 66 d3 3a 88 e3 69 14 58 9f dc a9 75 e4 2e dc 69 90 58 cd 26 cb db 5b f8 86 fc 7f cc 83 cc b5 bc 99 9b a4 41 f6 ec f1 c9 a7 fd e6 f0 31 4b 5d b8 f3 e0 d9 e3 cb 30 b8 5a c6 49 f6 d8 f2 e2 45 16 2c 10 d4 55 e8 67 b3 67 7e 70 19 7a 41 93 7c 69 58 e1 22 cc 42 37 6a a6 9e 1b 05 cf ec 56 1b d5 92 66 37 a8 c5 ec 66 89 aa c9 82 eb 6c c3 4b d3 c7 d6 3c f0 43 f7 d9 63 37 8a 1e 3f df f8 e5 3f ac af ef 57 41 72 63 9d 1c 5a 4d eb d2 6e d9 ed 56 07 7d 72 da 76 a7 d9 1e 36 ed de a3 5f 78 d7 bf 7e c3 90 ab b0 e5 c5 73 94 7a b8 f0 a2 95 1f a4 9b 16 cd 68 91 9c 24 68 a1 66 1a 42 5a 12 a4 e1 ad 3b 8e b4 8c 34 88 02 2f 83 72 5c 0f 55 e4 87 f1 42 cb 58 65 31 6a 7d 19 05 99 56 68 bc ca 32 bd 84 ef 66 c1 32 f4 2e 82 44 cb 41 f4 8a a7 6a ea 3c 58 ac d4 b4 65 12 4f 51 2f d2 b1 ab 55 92 46 a1 af 57 9d 2e c3 c5 42 4f 46 7d 4d b5 b4 38 8e b2 70 89 93 11 4d 3f c5 16 1e 70 cb 45 1c 33 8f fd 70 72 63 65 b3 30 45 7f 82 79 d0 40 79 69 98 41 c3 b1 41 00 92 38 8a 82 64 e3 bf 26 93 17 c1 c4 5d 45 d9 b3 cf 41 e2 23 6e fb d1 d9 dd 4e 50 77 d1 bf a9 bb 48 9b 69 90 84 93 ff 9c 5c 71 b0 45 9c cc dd e8 3f 27 29 4f 40 7c 10 cc ff 13 0d 02 ea c5 07 d7 0f 57 e9 b3 ee f2 fa 3f c7 d3 dd 38 8a 93 97 88 ed 83 e4 99 47 fe 43 89 9f 10 73 ad 92 80 25 cf c2 e9 2c 42 bf d9 6f 69 3c c9 50 f6 e1 7c 7a bc 74 bd 30 bb 61 10 83 de 7f 8e d1 f8 06 89 58 9b 4b fe fb cf 89 c7 be 3b e4 bf ff 0c 11 db 8b 60 2c 99 61 b2 cb e6 c4 84 fc 57 a0 92 a7 47 ae 8c 01 cf 90 51 e0 a9 39 0e 3c 41 45 42 49 67 58 70 aa 05 7d fc 53 60 c1 d3 a7 91 9b a6 12 1a 3c 47 46 83 a7 fa 1d fc 83 d0 e0 09 3d f2 5f 81 06 4f 1f 92 ff f2 61 89 2f 11 81 7c 17 ff 08 a3 42 52 75 14 68 ba 32 14 24 6d 44 fe c3 23 41 be 3a 36 fe 11 06 82 a4 76 7b f8 87 37 bd ed 65 e1 65 a0 0d 03 4b d6 1b 67 19 7d a9 75 96 98 0f 02 fb ae b6 cf 92 65 04 5e 72 a6 7b 36 19 4f 46 41 20 f4 3f cf 01 68 90 e7 f5 64 3a 14 b5 79 88 d4 36 a6 45 9e d4 e9 e3 1f 81 1e 79 8e 13 0c 3b a4 fb 24 7d 2f 49 e2 e4 d9 24 98 d8 81 30 49 68 aa 8e 0a 4d 1f 49 68 d0 34 cf 6f bb 6d 4c 0f e9 6b de bc 94 ca Da
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Aug 2021 22:15:34 GMTServer: ApacheVary: Accept-EncodingLast-Modified: Mon, 02 Aug 2021 15:41:02 GMTETag: "839e-5c89565891c51"Accept-Ranges: bytesContent-Length: 33694Cache-Control: max-age=31425928, publicExpires: Tue, 02 Aug 2022 15:41:02 GMTReferrer-Policy: X-Powered-By: W3 Total Cache/0.15.1Pragma: publicKeep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: application/x-javascriptContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 02 03 dd bd 6b 77 1b c7 d1 2e fa fd fc 0a 62 a2 97 9e 11 9a 20 29 db d9 c9 40 43 1c 59 92 63 27 be 4b 8e ed 80 b0 d7 dc 00 0c 89 1b 01 50 a4 4c 20 bf fd d4 53 d5 dd d3 73 01 e5 bc ef de 6b ed 75 9c 88 98 4b 4f df bb ba aa ba ea a9 d3 a7 9d a3 ab ef 6f f3 f5 fb a3 77 e7 bd f3 67 bd 4f 8e 76 47 7e 1a 98 87 9f 2f 6f 17 59 bc 2d 96 0b 7a 7e 75 83 67 bd e5 7a 72 3a 2b d2 7c b1 c9 8f 9e 9e fe 3f 9d f1 ed 22 45 0a 3f 56 49 f0 e0 2d 93 ab 3c dd 7a 51 b4 7d bf ca 97 e3 a3 f9 32 bb 9d e5 c7 c7 07 5e f4 f2 fb d5 72 bd dd 0c aa b7 51 dc cb 96 e9 ed 3c 5f 6c 07 09 e5 dc 39 0b c2 b2 a0 e0 a1 18 fb 9d 32 49 b0 9d ae 97 77 47 8b fc ee e8 f5 7a bd 5c fb 9e ae ff 3a bf b9 2d d6 f9 e6 28 3e ba 2b 16 19 a5 b9 2b b6 53 ba 33 5f 7a 41 7f 9d 6f 6f d7 8b 23 2a 25 d8 87 fc d7 f7 a8 d5 f9 b8 58 e4 99 d7 31 d5 95 ef 07 f2 13 6e a7 c5 46 55 5b fe 2e 5e 1f a5 d1 70 a4 32 a7 f2 2a 8f d2 de 06 dd a5 c6 74 95 2e 17 69 bc 55 13 ba 5c dd 6e a6 6a 4a 17 94 61 7e ff ed 58 15 d1 c3 5e 5d 45 45 6f bb 7c b3 5d 17 8b 89 ba a6 9b 69 bc f9 f6 6e f1 dd 7a b9 ca d7 db f7 6a 86 44 f3 c8 93 c1 f2 d4 22 aa 56 42 37 06 3d b1 e8 8d 17 94 79 b1 e5 37 7b b5 8c 4e 7f 1d 5e 6e 2e 6f 3f 7f fd f9 e7 97 f7 2f ce 46 dd 5d ed fe c9 e9 44 ad 28 d9 c9 7c 73 72 aa 6e a2 d3 13 7f 78 99 c5 27 bf 8f 82 d3 49 a1 d6 ed 85 25 54 e3 1f 57 54 bf 97 f1 26 f7 83 7d 1f 25 47 8b de 6a bd dc 2e d1 7b d1 83 4c 9d 70 ae a8 03 36 db f5 6d ba 5d ae c3 85 da e4 b3 9c 2f 3d 4f cd f2 c5 64 3b 0d cf d4 76 f9 62 bd 8e df 97 c3 6d 0b ca 7b 69 3c 9b f9 e8 7b 6a cf 24 df 56 a6 84 69 fa ed 6c d6 89 e2 c1 d9 45 3c 40 ca 61 dc c5 4f 4f f2 1f 85 f2 6c 14 56 33 c3 68 bc d9 c6 e9 75 25 4b 0c 69 42 2d 99 e7 eb 49 ce 49 7b 4e 03 fc 40 c5 e5 f4 a1 e6 e6 ef be e5 39 1e f1 ec 48 90 76 9b df cb ad b9 51 c9 5e e5 71 3a 6d ad 7a 0f 6f b8 1c ca 99 c6 39 5e b5 25 e3 ec 6c 85 7d aa 5e bc f2 ab 13 32 51 a9 4d 1e 4b 43 e9 11 a6 41 40 f9 f2 7c 6c e9 df 5a c6 79 2f 5e ad 66 ef 75 7d d6 13 9e d0 1b 64 30 2e d6 9b ed a1 0c f2 1b ff 8c d2 cc e2 47 93 9c 9c 53 9a fc a6 a5 bb 9d d1 52 69 d4 8d bb 3e 86 32 09 cf 6c 5f d7 ea 99 5e 44 67 c7 c7 c9 45 3a 18 f2 e0 a6 a3 51 38 1c 21 fb 45 76 b0 95 76 b0 76 bb e6 b8 ca 7c 08 27 6a 43 b4 28 a4 05 4c 3f 6a b3 e2 6e a3 3b be d8 2b 1a ae fb 2d 95 11 f1 4a d3 d7 4e 79 68 0e ad 13 ea f7 4c d1 f2 a7 55 6f 3b 71 78 36 da ed 68 25 4f a3 73 5a f7 f6 b1 69 f6 55 d4 39 ef 8f 41 c7 92 e5 72 96 c7 8b 92 6a 4e 8e 8f fd ab 68 52 c9 6c aa 33 eb 76 03 d5 20 b3 93 dd 8e c8 c0 e6 73 53 af 49 b0 db f9 13 22 23 01 95 1e 45 05 e
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Aug 2021 22:15:34 GMTServer: ApacheVary: Accept-EncodingUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Mon, 02 Aug 2021 15:42:05 GMTETag: "1197c-5c89569469380"Accept-Ranges: bytesContent-Length: 72060Cache-Control: max-age=31425990, publicExpires: Tue, 02 Aug 2022 15:42:05 GMTReferrer-Policy: X-Powered-By: W3 Total Cache/0.15.1Pragma: publicKeep-Alive: timeout=5, max=100Content-Type: application/x-javascriptContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 02 03 e4 fd f9 7e 1b 47 92 28 8c fe ef a7 00 ab d5 44 95 90 00 41 c9 4b bb a0 12 8e 16 da e6 b4 b6 91 e4 76 f7 d0 b4 4e 6d 00 8a 04 01 18 00 45 d1 04 ce fb 7c 0f 76 df e3 c6 92 6b 2d 20 a5 ee 9e f3 cd bd fd 73 8b a8 dc 33 32 32 32 22 32 32 c2 1f 5d ce d2 75 31 9f f9 57 22 13 2b 31 15 45 70 73 75 32 3d 8d f0 9f cd e6 e4 74 80 3f 7a 8b cb d5 c4 bf 69 8f d7 17 bd d5 3a 5e ae db e1 2c bf 6a 3d 8f d7 b9 1f f4 c6 f9 fa 7d 71 01 bf 44 fe 31 9f ad 43 2a 76 b6 6a 6f 83 c1 c7 78 d9 1a 45 19 16 39 9a e6 17 90 bb 7a 7a fd 3e 1e bf 8a a1 fc 2a 38 e9 9f 8a 33 c8 4e 97 39 34 25 4b 40 ba c8 a6 d1 74 2f 6a 67 f1 3a 7e 11 5f e7 cb f6 b0 bd 3f 8d da 9d 69 d8 6e 0f ce 7a f1 ea 7a 96 46 eb e5 65 0e 1f ab 65 1a b5 27 eb f5 62 15 1e 1c 5c 5d 5d f5 c6 f3 f9 78 9a af e3 f1 45 3c 8b c7 f9 b2 97 ce 2f 0e 78 4c c3 22 83 56 8a 4e 36 1d 8c 7a 8b 78 09 dd bd 9a 67 79 af 98 ad f2 e5 fa 69 3e 9a 2f 73 ff 4c 8c 82 c1 36 f0 af 8a 59 36 07 b8 cc d3 4b 1c 97 68 af d2 65 b1 58 b7 85 35 2e d1 fe f1 fd cb ee cb af 9f 3e fc e5 a7 9f da c1 e0 2b ae d4 fb 70 b5 c8 2f e6 67 c5 bb 7c bd 2e 66 e3 55 74 e3 25 f1 2a ff 79 39 f5 42 8f 07 fb eb c1 af 07 ab de 55 6f be 1c ff 7a 50 5c c0 48 57 bf 1e a4 30 80 5f 0f a8 ea af 07 87 87 bf 1e 7c f7 e0 d3 77 0f 7e 3d f0 84 97 7f 5a 43 dd de 62 36 86 8f d5 c7 f1 e7 b7 05 95 a8 25 f8 7b c4 8d c1 2f fc 9e 5f 2e d3 dc 0b 6f bc 74 3e 4b 61 25 b0 8a 6c 9b 9a 46 a8 16 e9 a4 48 e2 59 0f 40 71 09 29 8b 6e 31 4b a7 97 19 76 74 b6 a2 04 aa d6 5d e6 d3 1c 66 da bb 28 66 08 f0 8f f9 32 fa ba f7 7d ef 2f de 76 3b d8 d3 e8 16 8b 44 a4 c1 8d fa 6e 65 98 12 dc 20 be a4 d1 bb f5 12 60 d6 1b 2d e7 17 cf 26 f1 f2 19 ac d0 60 da 4b a1 dd e5 db 3c 5d fb 7d d1 17 e7 bd ab 22 5b 4f e0 ef 24 2f c6 93 75 20 a6 bd 51 31 9d be 07 30 f9 69 2f 5e 2c a6 d7 fe 7a 52 ac 44 1c 40 f1 3e e3 62 16 9d f7 d6 73 c0 db f8 e7 b7 2f fc e0 9f 68 35 b1 5a cd 4b ad 2e f3 f5 e5 12 e6 14 45 51 be d5 53 cc fd 98 27 98 0c 8a 91 bf 37 dd 6c f6 4c e3 01 d7 d9 3b 1c ac ae 8a 75 3a f1 a7 bd 35 24 3f 05 48 4e 8b 59 1e 79 eb f9 c2 c3 c1 cc 67 eb c8 fb b6 df 6f 3d 7c b0 f8 d4 7a b2 2c e2 a9 07 53 bc 49 a1 a4 37 9a c6 63 2f 94 4d f9 49 94 f9 27 df 7c f3 f0 9b 6f c5 37 df fe e5 01 fc ab 7e 1f 7e 7f 2a 9c 9c bf 3c e8 3f 74 b2 83 60 7f df 69 e0 bb 87 0f 1f 40 de e1 83 bf c0 bf 5f 3f 78 68 7e 1f fe c5 4a 3f 34 bf 1f f6 eb cb 7f fd 9d e9 9c 5a e5 ce ad a2 6e 02 b4 5f 2a 71 58 4a 80 9e 6e 69 03 fa 0c c4 5e 12 0c 08 4c 12 bf e5 32 e9 59 62 c9 ef be ed 8b ef bf fb fe 81 f8 f6 Data
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Aug 2021 22:15:35 GMTServer: ApacheVary: Accept-Encoding,User-AgentLast-Modified: Fri, 13 Jul 2018 06:37:26 GMTETag: "2efa-570dbb686f580-gzip"Accept-Ranges: bytesCache-Control: max-age=31536000, publicExpires: Wed, 03 Aug 2022 22:15:35 GMTContent-Encoding: gzipReferrer-Policy: Pragma: publicX-Powered-By: W3 Total Cache/0.15.1Content-Length: 4382Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: application/x-javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 5a 6f 73 db b8 d1 7f df 4f 61 b3 1d 85 1c 43 14 49 49 a4 28 87 f1 c4 8e 7d 73 f3 f4 7a 9d e6 7a 7d e1 b8 cf 80 00 28 cb 91 44 85 a2 e2 a4 96 be fb b3 f8 41 a4 48 4b ce 5d ae cf 8c 66 05 02 8b c5 fe 03 76 41 6e af 77 f2 3e 5f 17 42 8d 4f 1e 97 dd e9 42 cc d6 52 ad 7a 0f ab 5e f9 a8 e6 f9 c3 d4 9d 4f 17 ee c3 ea 4f 9f 79 71 b2 eb 4a b2 f5 42 94 d3 7c 61 3b 4f d6 7a a5 4e 56 65 31 15 a5 75 5e f5 9f 70 9b b3 d4 79 2a 54 b9 2e 16 27 32 17 eb b9 5a 94 ae 28 14 2f d5 2f ea 4b f9 b7 5c 2a 3b bd e0 6e a1 96 33 2e 94 bd 62 96 e5 8c b9 b3 ad 69 a4 36 af 29 ec f1 d6 ec be 81 23 9a eb 58 96 2b f2 85 e0 a5 9d ba 29 5f 29 96 ba ab e9 7f 14 b3 7a 16 23 34 97 96 6d 4c 95 66 6a 96 17 b6 16 4d 30 c5 b2 84 bb e2 7e 3a 93 9a bb 15 9b 24 99 3b 53 8b 49 79 7f 3e e9 76 cf 1d 91 64 b7 93 3b a6 12 e1 2e 08 e1 97 af 4b c5 fa 49 92 a8 8b d4 5d ae 57 f7 b6 70 c6 fe 29 3d 6f 36 56 fe b8 50 c5 fb 5f 7f b8 9e 29 2d b9 35 25 5e 37 9b cf 6e a9 56 a5 6d e6 ff 8d cf 95 5b e6 7f cd 1f 55 71 45 ec da 8e b3 d9 48 5b 10 57 e7 3b b1 d3 3d bb aa a1 8d dc e6 ee 74 21 d5 97 9f 33 bb 74 5e 7b df 54 63 66 a7 4c ec e5 cc d8 84 dd b3 29 7b 60 1f d9 8c cd d9 82 e5 6c c9 3e b1 15 2b 13 49 a8 b7 77 0e 5b 27 65 25 f8 5a 0b 8e c9 f7 c9 a9 cf a6 c9 33 5b be db 3d de 14 7c a2 ff 6d 87 3d 24 e5 ed fa 8e 7d 4c 1e 20 e6 af 7c b6 56 6c 9e 78 e7 b3 a4 20 1b 28 61 7f 74 88 e6 34 b3 17 c9 cc c8 c1 16 a4 b6 79 a7 33 75 f9 72 a9 16 f2 4a 1b c1 e6 f6 47 77 35 9b 92 54 c4 a6 c3 4e 3d c7 61 cb 64 76 eb dd b1 4f 89 b2 97 0e 51 5d 9c 2d 77 ac b2 15 d9 45 f0 d9 2c e5 e2 a3 fd 89 64 76 9e f2 64 a1 1e 4f 7e 9c f3 89 62 b9 9b 93 49 8a bc 20 b4 5d 8b fa 56 aa 7c 5b 92 f7 a6 eb 52 d9 96 24 29 26 3c 9d 29 8b 59 19 9f ad 94 e5 90 53 08 97 57 28 2b 9b 74 e5 9c 6b 7d 4c 4e c8 a6 99 93 b9 f7 7c f5 f3 e3 e2 ef 45 be 54 45 f9 d5 9e 38 9d 8e 47 e2 4c 6a 13 59 f9 c2 a2 ce d3 5c a3 ee 57 d3 88 cf 18 98 30 ed 61 ce 79 ee 8a 19 5f ad b4 87 68 a1 aa 36 f1 cb 67 65 b2 d4 7c 17 22 59 31 b2 89 c7 da 4a cb 9d 6d be d9 3c 57 e4 92 9d fa a4 3d d2 c7 7a 36 db de 77 3a f6 fc f5 c7 9d e2 be a1 f6 9d d2 1f dc 25 2f c8 b8 7a 5b 54 9e 66 70 c9 8f 1c 67 7b e8 ad 13 da 5c a2 f6 d7 39 3d d5 47 06 b9 b1 f6 43 c9 c8 13 13 4e 22 68 cf 26 c7 6a 18 ef 9e e6 9e 93 7f 4c 9d a7 49 62 bd 9e ce 27 27 f5 d6 7e 05 6d 24 d6 2b d6 54 cc 2b eb e4 15 7b 55 9b 2f d9 59 4f 77 6a 8d 11 36 27 1c 7a 3a d1 8a a3 c6 54 3f 3a 4c b6 8d 4b ec 18 e3 66 da b8 d2 91 cf 8d 9b ed 8c 9b 3d 37 6e c3 da 27 d6 59 76 66 25 96 43 47 43 d7 27 55 4f c8 1
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Aug 2021 22:15:49 GMTServer: ApacheVary: Accept-Encoding,CookieUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Tue, 03 Aug 2021 21:25:15 GMTETag: "deee-5c8ae52687f2c"Accept-Ranges: bytesContent-Length: 57070Cache-Control: max-age=566, publicExpires: Tue, 03 Aug 2021 22:25:15 GMTReferrer-Policy: X-Powered-By: W3 Total Cache/0.15.1Pragma: publicKeep-Alive: timeout=5, max=100Content-Type: text/html; charset=UTF-8Content-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 ec bd 69 77 db b8 b2 00 f8 79 72 ce fc 07 be f4 e9 d7 9d 8e 24 93 d4 6e df e4 5d db b1 1d 27 71 9c cd 71 ec 7b 7b fa 50 14 25 31 a6 44 85 a4 bc 8e e7 b7 0f 56 12 4b 81 a4 dc e9 e5 ce bc b8 ed 96 80 02 50 28 14 0a 85 42 a1 f0 8f ff 7a 71 bc fb e9 ec dd 9e 35 cb e6 d1 f3 7f e0 bf 56 e4 2d a6 cf 1e 07 8b c7 d6 32 09 26 e1 f5 b3 c7 f1 74 13 01 64 cb cd 8d 8d 78 ba 6c cd 83 8d 45 fa c3 63 04 1e 78 e3 e7 d6 3f fe ab d9 b4 0e e2 78 1a 05 d6 27 6f 6a 1d 79 0b 6f 1a 24 56 b3 c9 f2 f6 16 63 43 fe 3f e6 41 e6 59 fe cc 4b d2 20 7b f6 f8 e4 d3 7e 73 f0 98 a5 2e bc 79 f0 ec f1 65 18 5c 2d e3 24 7b 6c f9 f1 22 0b 16 08 ea 2a 1c 67 b3 67 e3 e0 32 f4 83 26 f9 d2 b0 c2 45 98 85 5e d4 4c 7d 2f 0a 9e 39 2d 1b d5 92 66 37 a8 c5 ec 66 89 aa c9 82 eb 6c c3 4f d3 c7 d6 3c 18 87 de b3 c7 5e 14 3d 7e be f1 cb 7f 59 5f df af 82 e4 c6 3a 39 b4 9a d6 a5 d3 72 ec 56 1b 7d 72 6d a7 dd b4 07 4d a7 fb e8 17 de f5 af df 30 e4 2a 6c f9 f1 1c a5 1e 2e fc 68 35 0e d2 4d 8b 66 b4 48 4e 12 b4 50 33 0d 21 2d 09 d2 f0 d6 1b 45 5a 46 1a 44 81 9f 41 39 9e 8f 2a 1a 87 f1 42 cb 58 65 31 6a 7d 19 05 99 56 68 b4 ca 32 bd c4 d8 cb 82 65 e8 5f 04 89 96 83 e8 15 4f d5 d4 79 b0 58 a9 69 cb 24 9e a2 5e a4 23 4f ab 24 8d c2 b1 5e 75 ba 0c 17 0b 3d 19 f5 35 d5 d2 e2 38 ca c2 25 4e 46 34 fd 14 5b 78 c0 2d 0f 71 cc 3c 1e 87 93 1b 2b 9b 85 29 fa 13 cc 83 06 ca 4b c3 0c 1a 8e 0d 02 90 c4 51 14 24 1b ff 33 99 bc 08 26 de 2a ca 9e 7d 0e 92 31 e2 b6 1f dd dd ed 04 75 17 fd 3f f5 16 69 33 0d 92 70 f2 df 93 2b 0e b6 88 93 b9 17 fd f7 24 e5 09 88 0f 82 f9 7f a3 41 40 bd f8 e0 8d c3 55 fa ac b3 bc fe ef d1 74 37 8e e2 e4 25 62 fb 20 79 e6 93 7f 28 f1 13 62 ae 55 12 b0 e4 59 38 9d 45 e8 37 fb 2d 8d 27 19 ca 3e 9c 4f 8f 97 9e 1f 66 37 0c a2 df fd ef 11 1a df 20 11 6b f3 c8 bf ff 9e f8 ec bb 4b fe fd 77 88 d8 5e 04 63 c9 0c 93 5d 36 27 26 e4 5f 81 4a 9e 1e 79 32 06 3c 43 46 81 a7 e6 38 f0 04 15 09 25 9d 61 c1 a9 16 f4 f0 4f 81 05 4f 9f 46 5e 9a 4a 68 f0 1c 19 0d 9e 3a 6e e3 1f 84 06 4f e8 92 7f 05 1a 3c 7d 40 fe e5 c3 12 5f 22 02 8d 3d fc 23 8c 0a 49 d5 51 a0 e9 ca 50 90 b4 21 f9 87 47 82 7c 75 1d fc 23 0c 04 49 ed 74 f1 0f 6f 7a db cf c2 cb 40 1b 06 96 ac 37 ce 32 7a 52 eb 2c 31 1f 04 f6 5d 6d 9f 25 cb 08 bc e4 4c f7 6c 32 9a 0c 83 40 e8 7f 9e 03 d0 20 cf eb ca 74 28 6a f3 11 a9 1d 4c 8b 3c a9 dd c3 3f 02 3d f2 1c 37 18 b4 49 f7 49 fa 5e 92 c4 c9 b3 49 30 71 02 61 92 d0 54 1d 15 9a 3e 94 d0 a0 69 fe d8 f6 6c 4c 0f e9 6b de bc 94 ca 9a 3e 46 23 14 79 37 9c 94 79 Data A
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Aug 2021 22:15:50 GMTServer: ApacheVary: Accept-EncodingUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Mon, 02 Aug 2021 15:41:02 GMTETag: "1245a-5c895658a54d2"Accept-Ranges: bytesContent-Length: 74842Cache-Control: max-age=31425911, publicExpires: Tue, 02 Aug 2022 15:41:02 GMTReferrer-Policy: X-Powered-By: W3 Total Cache/0.15.1Pragma: publicKeep-Alive: timeout=5, max=100Content-Type: application/x-javascriptContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 02 03 e4 fd fb 7e 1b c7 b1 28 8c fe ef a7 00 27 0a 31 63 34 40 50 b2 9d 64 a0 11 b6 2e 74 cc 15 c9 d2 92 e4 38 59 34 a3 3d 37 00 43 82 00 0c 80 a2 68 02 fb 7d be 07 3b ef 71 ea d2 d7 b9 00 94 92 ac fd ad 73 f2 73 44 4c df bb ba ba ba aa ba ba ca 1f 5d cf d2 75 31 9f f9 37 22 13 2b 31 15 45 70 77 73 36 3d 8f f0 9f cd e6 ec 7c 80 3f 7a 8b eb d5 c4 bf 6b 8f d7 57 bd d5 3a 5e ae db e1 2c bf 69 bd 88 d7 b9 1f f4 c6 f9 fa 7d 71 05 bf 44 fe 31 9f ad 43 2a 76 b1 6a 6f 83 c1 c7 78 d9 1a 45 19 16 39 99 e6 57 90 bb 7a 76 fb 3e 1e ff 18 43 f9 55 70 d6 3f 17 17 90 9d 2e 73 68 4a 96 80 74 91 4d a3 e9 41 d4 ce e2 75 fc 32 be cd 97 ed 61 fb 70 1a b5 3b d3 b0 dd 1e 5c f4 e2 d5 ed 2c 8d d6 cb eb 1c 3e 56 cb 34 6a 4f d6 eb c5 2a 3c 3a ba b9 b9 e9 8d e7 f3 f1 34 5f c7 e3 ab 78 16 8f f3 65 2f 9d 5f 1d f1 98 86 45 06 ad 14 9d 6c 3a 18 f5 16 f1 12 ba fb 71 9e e5 bd 62 b6 ca 97 eb 67 f9 68 be cc fd 0b 31 0a 06 db c0 bf 29 66 d9 1c e0 32 4f af 71 5c a2 bd 4a 97 c5 62 dd 16 d6 b8 44 fb cf ef 5f 75 5f 7d f3 ec d1 cf 3f fc d0 0e 06 5f 71 a5 de 87 9b 45 7e 35 bf 28 de e5 eb 75 31 1b af a2 3b 2f 89 57 f9 4f cb a9 17 7a 3c d8 5f 8e 7e 39 5a f5 6e 7a f3 e5 f8 97 a3 e2 0a 46 ba fa e5 28 85 01 fc 72 44 55 7f 39 3a 3e fe e5 e8 0f 0f 3f fd e1 e1 2f 47 9e f0 f2 4f 6b a8 db 5b cc c6 f0 b1 fa 38 fe fc b6 a0 12 b5 04 7f 4f b8 31 f8 85 df f3 eb 65 9a 7b e1 9d 97 ce 67 29 ac 04 56 91 6d 53 d3 08 d5 22 9d 14 49 3c eb 01 28 ae 21 65 d1 2d 66 e9 f4 3a c3 8e 2e 56 94 40 d5 ba cb 7c 9a c3 4c 7b 57 c5 0c 01 fe 31 5f 46 df f4 fe d4 fb a3 b7 dd 0e 0e 34 ba c5 22 11 69 70 a7 be 5b 19 a6 04 77 88 2f 69 f4 6e bd 04 98 f5 46 cb f9 d5 f3 49 bc 7c 0e 2b 34 98 f6 52 68 77 f9 36 4f d7 7e 5f f4 c5 65 ef a6 c8 d6 13 f8 3b c9 8b f1 64 1d 88 69 6f 54 4c a7 ef 01 4c 7e da 8b 17 8b e9 ad bf 9e 14 2b 11 07 50 bc cf b8 98 45 97 bd f5 1c f0 36 fe e9 ed 4b 3f f8 27 5a 4d ac 56 f3 52 ab cb 7c 7d bd 84 39 45 51 94 6f f5 14 73 3f e6 09 26 83 62 e4 1f 4c 37 9b 03 d3 78 c0 75 0e 8e 07 ab 9b 62 9d 4e fc 69 6f 0d c9 cf 00 92 d3 62 96 47 de 7a be f0 70 30 f3 d9 3a f2 be eb f7 5b 8f 1e 2e 3e b5 9e 2e 8b 78 ea c1 14 ef 52 28 e9 8d a6 f1 d8 0b 65 53 7e 12 65 fe d9 b7 df 3e fa f6 3b f1 ed 77 7f 7c 08 ff aa df c7 7f 3a 17 4e ce 1f 1f f6 1f 39 d9 41 70 78 e8 34 f0 87 47 8f 1e 42 de f1 c3 3f c2 bf df 3c 7c 64 7e 1f ff d1 4a 3f 36 bf 1f f5 eb cb 7f f3 07 d3 39 b5 ca 9d 5b 45 dd 04 68 bf 54 e2 b8 94 00 3d ed 69 03 fa 0c c4 41 12 0c 08 4c 12 bf e5 32 e9 59 62 c9 3f 7c d7 17 7f fa c3 9f 1e Data
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Aug 2021 22:16:12 GMTServer: ApacheVary: Accept-EncodingLast-Modified: Tue, 03 Aug 2021 00:26:31 GMTETag: "11b54-5c89cbccbd2fc"Accept-Ranges: bytesContent-Length: 72532Cache-Control: max-age=31457418, publicExpires: Wed, 03 Aug 2022 00:26:31 GMTReferrer-Policy: X-Powered-By: W3 Total Cache/0.15.1Pragma: publicKeep-Alive: timeout=5, max=94Connection: Keep-AliveContent-Type: application/x-javascriptContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 02 03 e4 fd f9 7e 1b 47 92 28 8c fe ef a7 00 ab d5 44 95 90 00 41 c9 4b bb a0 12 8e 16 da e6 b4 b6 91 e4 76 f7 d0 b4 4e 6d 00 8a 04 01 18 00 45 d1 04 ce fb 7c 0f 76 df e3 c6 92 6b 2d 20 a5 ee 9e f3 cd bd fd 73 8b a8 dc 33 32 32 32 22 32 32 c2 1f 5d ce d2 75 31 9f f9 57 22 13 2b 31 15 45 70 73 75 32 3d 8d f0 9f cd e6 e4 74 80 3f 7a 8b cb d5 c4 bf 69 8f d7 17 bd d5 3a 5e ae db e1 2c bf 6a 3d 8f d7 b9 1f f4 c6 f9 fa 7d 71 01 bf 44 fe 31 9f ad 43 2a 76 b6 6a 6f 83 c1 c7 78 d9 1a 45 19 16 39 9a e6 17 90 bb 7a 7a fd 3e 1e bf 8a a1 fc 2a 38 e9 9f 8a 33 c8 4e 97 39 34 25 4b 40 ba c8 a6 d1 74 2f 6a 67 f1 3a 7e 11 5f e7 cb f6 b0 bd 3f 8d da 9d 69 d8 6e 0f ce 7a f1 ea 7a 96 46 eb e5 65 0e 1f ab 65 1a b5 27 eb f5 62 15 1e 1c 5c 5d 5d f5 c6 f3 f9 78 9a af e3 f1 45 3c 8b c7 f9 b2 97 ce 2f 0e 78 4c c3 22 83 56 8a 4e 36 1d 8c 7a 8b 78 09 dd bd 9a 67 79 af 98 ad f2 e5 fa 69 3e 9a 2f 73 ff 4c 8c 82 c1 36 f0 af 8a 59 36 07 b8 cc d3 4b 1c 97 68 af d2 65 b1 58 b7 85 35 2e d1 fe f1 fd cb ee cb af 9f 3e fc e5 a7 9f da c1 e0 2b ae d4 fb 70 b5 c8 2f e6 67 c5 bb 7c bd 2e 66 e3 55 74 e3 25 f1 2a ff 79 39 f5 42 8f 07 fb eb c1 af 07 ab de 55 6f be 1c ff 7a 50 5c c0 48 57 bf 1e a4 30 80 5f 0f a8 ea af 07 87 87 bf 1e 7c f7 e0 d3 77 0f 7e 3d f0 84 97 7f 5a 43 dd de 62 36 86 8f d5 c7 f1 e7 b7 05 95 a8 25 f8 7b c4 8d c1 2f fc 9e 5f 2e d3 dc 0b 6f bc 74 3e 4b 61 25 b0 8a 6c 9b 9a 46 a8 16 e9 a4 48 e2 59 0f 40 71 09 29 8b 6e 31 4b a7 97 19 76 74 b6 a2 04 aa d6 5d e6 d3 1c 66 da bb 28 66 08 f0 8f f9 32 fa ba f7 7d ef 2f de 76 3b d8 d3 e8 16 8b 44 a4 c1 8d fa 6e 65 98 12 dc 20 be a4 d1 bb f5 12 60 d6 1b 2d e7 17 cf 26 f1 f2 19 ac d0 60 da 4b a1 dd e5 db 3c 5d fb 7d d1 17 e7 bd ab 22 5b 4f e0 ef 24 2f c6 93 75 20 a6 bd 51 31 9d be 07 30 f9 69 2f 5e 2c a6 d7 fe 7a 52 ac 44 1c 40 f1 3e e3 62 16 9d f7 d6 73 c0 db f8 e7 b7 2f fc e0 9f 68 35 b1 5a cd 4b ad 2e f3 f5 e5 12 e6 14 45 51 be d5 53 cc fd 98 27 98 0c 8a 91 bf 37 dd 6c f6 4c e3 01 d7 d9 3b 1c ac ae 8a 75 3a f1 a7 bd 35 24 3f 05 48 4e 8b 59 1e 79 eb f9 c2 c3 c1 cc 67 eb c8 fb b6 df 6f 3d 7c b0 f8 d4 7a b2 2c e2 a9 07 53 bc 49 a1 a4 37 9a c6 63 2f 94 4d f9 49 94 f9 27 df 7c f3 f0 9b 6f c5 37 df fe e5 01 fc ab 7e 1f 7e 7f 2a 9c 9c bf 3c e8 3f 74 b2 83 60 7f df 69 e0 bb 87 0f 1f 40 de e1 83 bf c0 bf 5f 3f 78 68 7e 1f fe c5 4a 3f 34 bf 1f f6 eb cb 7f fd 9d e9 9c 5a e5 ce ad a2 6e 02 b4 5f 2a 71 58 4a 80 9e 6e 69 03 fa 0c c4 5e 12 0c 08 4c 12 bf e5 32 e9 59 62 c9 ef be ed 8b ef bf fb fe 81 f8 f6 9b fe 43 05 25 95 41 6d 5a b9 d8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Aug 2021 22:16:34 GMTServer: ApacheX-Powered-By: W3 Total Cache/0.15.1Pragma: publicExpires: Wed, 03 Aug 2022 22:16:34 GMTVary: Accept-Encoding,User-AgentCache-Control: max-age=31536000, publicContent-Encoding: gzipLast-Modified: Thu, 05 Nov 2020 12:48:42 GMTETag: "pub1604580522;gz"Content-Length: 72964Referrer-Policy: Keep-Alive: timeout=5, max=93Connection: Keep-AliveContent-Type: application/x-javascript; charset=utf-8Data Raw: 1f 8b 08 00 00 00 00 00 02 03 e4 fd f9 7e 1b 47 92 28 8c fe ef a7 00 ab d5 44 95 90 00 41 c9 4b bb a0 12 8e 16 da e6 b4 b6 91 e4 76 f7 d0 b4 4e 6d 00 8a 04 01 18 00 45 d1 04 ce fb 7c 0f 76 df e3 c6 92 6b 2d 20 a5 ee 9e f3 cd bd fd 73 8b a8 dc 33 32 32 32 22 32 32 c2 1f 5d ce d2 75 31 9f f9 57 22 13 2b 31 15 45 70 73 75 32 3d 8d f0 9f cd e6 e4 74 80 3f 7a 8b cb d5 c4 bf 69 8f d7 17 bd d5 3a 5e ae db e1 2c bf 6a 3d 8f d7 b9 1f f4 c6 f9 fa 7d 71 01 bf 44 fe 31 9f ad 43 2a 76 b6 6a 6f 83 c1 c7 78 d9 1a 45 19 16 39 9a e6 17 90 bb 7a 7a fd 3e 1e bf 8a a1 fc 2a 38 e9 9f 8a 33 c8 4e 97 39 34 25 4b 40 ba c8 a6 d1 74 2f 6a 67 f1 3a 7e 11 5f e7 cb f6 b0 bd 3f 8d da 9d 69 d8 6e 0f ce 7a f1 ea 7a 96 46 eb e5 65 0e 1f ab 65 1a b5 27 eb f5 62 15 1e 1c 5c 5d 5d f5 c6 f3 f9 78 9a af e3 f1 45 3c 8b c7 f9 b2 97 ce 2f 0e 78 4c c3 22 83 56 8a 4e 36 1d 8c 7a 8b 78 09 dd bd 9a 67 79 af 98 ad f2 e5 fa 69 3e 9a 2f 73 ff 4c 8c 82 c1 36 f0 af 8a 59 36 07 b8 cc d3 4b 1c 97 68 af d2 65 b1 58 b7 85 35 2e d1 fe f1 fd cb ee cb af 9f 3e fc e5 a7 9f da c1 e0 2b ae d4 fb 70 b5 c8 2f e6 67 c5 bb 7c bd 2e 66 e3 55 74 e3 25 f1 2a ff 79 39 f5 42 8f 07 fb eb c1 af 07 ab de 55 6f be 1c ff 7a 50 5c c0 48 57 bf 1e a4 30 80 5f 0f a8 ea af 07 87 87 bf 1e 7c f7 e0 d3 77 0f 7e 3d f0 84 97 7f 5a 43 dd de 62 36 86 8f d5 c7 f1 e7 b7 05 95 a8 25 f8 7b c4 8d c1 2f fc 9e 5f 2e d3 dc 0b 6f bc 74 3e 4b 61 25 b0 8a 6c 9b 9a 46 a8 16 e9 a4 48 e2 59 0f 40 71 09 29 8b 6e 31 4b a7 97 19 76 74 b6 a2 04 aa d6 5d e6 d3 1c 66 da bb 28 66 08 f0 8f f9 32 fa ba f7 7d ef 2f de 76 3b d8 d3 e8 16 8b 44 a4 c1 8d fa 6e 65 98 12 dc 20 be a4 d1 bb f5 12 60 d6 1b 2d e7 17 cf 26 f1 f2 19 ac d0 60 da 4b a1 dd e5 db 3c 5d fb 7d d1 17 e7 bd ab 22 5b 4f e0 ef 24 2f c6 93 75 20 a6 bd 51 31 9d be 07 30 f9 69 2f 5e 2c a6 d7 fe 7a 52 ac 44 1c 40 f1 3e e3 62 16 9d f7 d6 73 c0 db f8 e7 b7 2f fc e0 9f 68 35 b1 5a cd 4b ad 2e f3 f5 e5 12 e6 14 45 51 be d5 53 cc fd 98 27 98 0c 8a 91 bf 37 dd 6c f6 4c e3 01 d7 d9 3b 1c ac ae 8a 75 3a f1 a7 bd 35 24 3f 05 48 4e 8b 59 1e 79 eb f9 c2 c3 c1 cc 67 eb c8 fb b6 df 6f 3d 7c b0 f8 d4 7a b2 2c e2 a9 07 53 bc 49 a1 a4 37 9a c6 63 2f 94 4d f9 49 94 f9 27 df 7c f3 f0 9b 6f c5 37 df fe e5 01 fc ab 7e 1f 7e 7f 2a 9c 9c bf 3c e8 3f 74 b2 83 60 7f df 69 e0 bb 87 0f 1f 40 de e1 83 bf c0 bf 5f 3f 78 68 7e 1f fe c5 4a 3f 34 bf 1f f6 eb cb 7f fd 9d e9 9c 5a e5 ce ad a2 6e 02 b4 5f 2a 71 58 4a 80 9e 6e 69 03 fa 0c c4 5e 12 0c 08 4c 12 bf e5 32 e9 59 62 c9 ef be ed 8b ef bf fb fe 81 f8 f6 9b fe 43 05 25 95 41 6d 5a b9 d8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Aug 2021 22:16:37 GMTServer: ApacheVary: Accept-Encoding,CookieLast-Modified: Tue, 03 Aug 2021 21:45:56 GMTETag: "d725-5c8ae9c571df9"Accept-Ranges: bytesContent-Length: 55077Cache-Control: max-age=1758, publicExpires: Tue, 03 Aug 2021 22:45:56 GMTReferrer-Policy: X-Powered-By: W3 Total Cache/0.15.1Pragma: publicKeep-Alive: timeout=5, max=92Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Content-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 ec fd fb 76 db 38 d2 38 8a fe bd b3 d6 79 07 7e e9 d5 d3 9d 8e 24 93 d4 dd 9e e4 1b df e3 24 8e 73 77 ec 99 3e bd 28 91 92 18 53 a2 42 52 be 6e ef b5 df 61 bf c0 7e 96 7d de e4 3c c9 c1 95 c4 a5 40 52 ee 74 4f cf ef 7c 71 db 2d 01 85 42 01 28 14 0a 85 42 e1 ef ff b5 77 b2 fb f1 ec ed be 35 cb e6 d1 f3 bf e3 bf 56 e4 2d a6 cf 1e 07 8b c7 d6 32 09 26 e1 f5 b3 c7 f1 74 13 01 64 cb cd 8d 8d 78 ba 6c cd 83 8d 45 fa c3 63 04 1e 78 fe 73 eb ef ff d5 6c 5a 87 71 3c 8d 02 eb a3 37 b5 8e bd 85 37 0d 12 ab d9 64 79 fb 0b df 90 ff f7 79 90 79 d6 78 e6 25 69 90 3d 7b fc e9 e3 41 73 f0 98 a5 2e bc 79 f0 ec f1 65 18 5c 2d e3 24 7b 6c 8d e3 45 16 2c 10 d4 55 e8 67 b3 67 7e 70 19 8e 83 26 f9 d2 b0 c2 45 98 85 5e d4 4c c7 5e 14 3c 73 5a 36 c2 92 66 37 a8 c6 ec 66 89 d0 64 c1 75 b6 31 4e d3 c7 d6 3c f0 43 ef d9 63 2f 8a 1e 3f df f8 e5 bf ac af ef 56 41 72 63 7d 3a b2 9a d6 a5 d3 72 ec 56 1b 7d 72 6d a7 dd b4 07 4d a7 fb e8 17 de f4 af df 30 e4 2a 6c 8d e3 39 4a 3d 5a 8c a3 95 1f a4 9b 16 cd 68 91 9c 24 68 a1 6a 1a 42 5a 12 a4 e1 ad 37 8a b4 8c 34 88 82 71 06 e5 78 63 84 c8 0f e3 85 96 b1 ca 62 54 fb 32 0a 32 ad d0 68 95 65 7a 09 df cb 82 65 38 be 08 12 2d 07 f5 57 3c 55 53 e7 c1 62 a5 a6 2d 93 78 8a 5a 91 8e 3c 0d 49 1a 85 be 8e 3a 5d 86 8b 85 9e 8c da 9a 6a 69 71 1c 65 e1 12 27 a3 3e fd 18 5b 78 c0 2d 0f 71 cc 3c f6 c3 c9 8d 95 cd c2 14 fd 09 e6 41 03 e5 a5 61 06 0d c7 06 01 48 e2 28 0a 92 8d ff 9e 4c f6 82 89 b7 8a b2 67 9f 83 c4 47 dc f6 a3 bb bb 9d a0 e6 a2 ff a7 de 22 6d a6 41 12 4e fe 36 b9 e2 60 8b 38 99 7b d1 df 26 29 4f 40 7c 10 cc ff 86 06 01 b5 e2 bd e7 87 ab f4 59 67 79 fd b7 d1 74 37 8e e2 e4 05 62 fb 20 79 36 26 ff 50 e2 47 c4 5c ab 24 60 c9 b3 70 3a 8b d0 6f f6 5b 1a 4f 32 94 7d 34 9f 9e 2c bd 71 98 dd 30 88 7e f7 6f 23 34 be 41 22 62 f3 c8 bf bf 4d c6 ec bb 4b fe fd 2d 44 6c 2f 82 b1 64 46 c9 2e 9b 13 13 f2 af 20 25 4f 8f 3c 99 02 9e 21 93 c0 53 73 1a 78 82 4a 84 92 ce a8 e0 bd 16 f4 f0 4f 41 05 4f 9f 46 5e 9a 4a 64 f0 1c 99 0c 9e ea b7 f1 0f 22 83 27 74 c9 bf 82 0c 9e 3e 20 ff f2 61 89 2f 51 07 f9 1e fe 11 46 85 a4 ea 24 d0 74 65 28 48 da 90 fc c3 23 41 be ba 0e fe 11 06 82 a4 76 ba f8 87 57 bd 3d ce c2 cb 40 1b 06 96 ac 57 ce 32 7a 52 ed 2c 31 1f 04 f6 5d ad 9f 25 cb 04 bc e0 4c f7 6c 32 9a 0c 83 40 68 7f 9e 03 f4 41 9e d7 95 fb a1 c0 36 46 5d ed e0 be c8 93 da 3d fc 23 f4 47 9e e3 06 83 36 69 3e 49 df 4f 92 38 79 36 09 26 4e 20 4c 12 9a aa 93 42 d3 87 12 19 34 6d ec db 9e 8d fb 43 fa 9a 57 2f a5 b2 aa 4f d0 08 45 de 0d ef ca bc 7

Source: global traffic	HTTP traffic detected: GET /menu-teppanyaki/ HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/cache/minify/c7035.js HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Referer: http://www.ichiban.menu/menu-teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2018/04/ichiban_horizontal_teppan_small.png HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/menu-teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/cache/minify/fbbf4.js HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Referer: http://www.ichiban.menu/menu-teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/niseko-pirka-teppanyaki-02.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/menu-teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/dina/css/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveOrigin: http://www.ichiban.menuUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Referer: http://www.ichiban.menu/menu-teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=4.9.8 HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Referer: http://www.ichiban.menu/menu-teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/06/cropped-Ichiban_ico-1-32x32.png HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/menu-teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/06/cropped-Ichiban_ico-1-192x192.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.ichiban.menu
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2018/04/ichiban_horizontal_teppan_small.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.ichiban.menu
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/IchibanFrontDoor-768x1002.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/about-1-1-1024x512.png HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/06/japanese_food-t2.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335
Source: global traffic	HTTP traffic detected: GET /wp-content/cache/minify/37e61.js HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Referer: http://www.ichiban.menu/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/06/774388-1920x1280.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/IchibanFrontDoor.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.ichiban.menu
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/about-1-1.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.ichiban.menu
Source: global traffic	HTTP traffic detected: GET /about/ HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/06/japanese_food-t2.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.ichiban.menu
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/06/774332-1920x1280.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/Screen-Shot-8-1.png HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/about/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/06/sushi-backgrounds_112713348_82.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/about/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/Screen-Shot-8-1.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.ichiban.menu
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/06/410666-1920x1280.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /gallery/ayce/ HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /gallery/teppanyaki/ HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/cache/minify/9af47.js HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Referer: http://www.ichiban.menu/gallery/teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/24293862_2175673712446641_5670291794321811786_n.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/gallery/teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/24294086_2175673782446634_2294808588112786641_n.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/gallery/teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/24899790_2187483284599017_7338923987939449924_n.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/gallery/teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/IMG_1963_1-squashed.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/gallery/teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/IMG_1991-squashed-e1502606036564.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/gallery/teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/IMG_2014_1-squashed.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/gallery/teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/IMG_2024_1-squashed.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/gallery/teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/IMG_2023_1-squashed.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/gallery/teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/IMG_2041_1-squashed.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/gallery/teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/06/738370-1920x1280.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/IMG_1922-squashed.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/gallery/teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/IMG_1929-squashed.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/gallery/teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/IMG_1978-squashed.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/gallery/teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/08/IMG_2014_1.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/gallery/teppanyaki/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /menu-ayce/ HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2If-None-Match: "deee-5c8ae52687f2c"
Source: global traffic	HTTP traffic detected: GET /menu/takeaway/ HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /wp-content/cache/minify/853a9.js HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Referer: http://www.ichiban.menu/menu/takeaway/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _gat_UA-114098840-1=1; _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2
Source: global traffic	HTTP traffic detected: GET /avatar/ab8d6594683241f7233cdf471cf9edef?s=20&d=mm&r=g HTTP/1.1Host: 1.gravatar.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/menu/takeaway/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /avatar/ab8d6594683241f7233cdf471cf9edef?s=20&d=mm&r=g HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: 1.gravatar.com
Source: global traffic	HTTP traffic detected: GET /reservations/ HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2; _gat_UA-114098840-1=1
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2016/08/6858880820_12fd062a18_o.jpg HTTP/1.1Host: www.ichiban.menuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://www.ichiban.menu/reservations/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.2063951436.1628061335; _gid=GA1.2.2019788632.1628061335; PHPSESSID=0d4c3d8330e64b2f0127e16534ed64a2; _gat_UA-114098840-1=1

Source: 362e18053d8cbdb4_0.1.dr	String found in binary or memory: '//www.youtube.com/embed/%id%?autoplay=1 equals www.youtube.com (Youtube)
Source: 362e18053d8cbdb4_0.1.dr	String found in binary or memory: //www.youtube.com/embed/%id%?autoplay=1 equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: www.ichiban.menu

Source: 77EC63BDA74BD0D0E0426DC8F8008506.3.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: ee81135c03c7b5b4_0.1.dr, 8faa0d8de0d24714_0.1.dr, 49c8f33c87de4fa9_0.1.dr	String found in binary or memory: http://ichiban.menu/
Source: e0c377885a89094b_0.1.dr	String found in binary or memory: http://ichiban.menu/0K
Source: acfe1214994be3e9_0.1.dr	String found in binary or memory: http://ichiban.menu/:U
Source: c82a6d17667a3b4e_0.1.dr	String found in binary or memory: http://ichiban.menu/B
Source: acfe1214994be3e9_0.1.dr	String found in binary or memory: http://ichiban.menu/gk
Source: 3beb4f631bd2117c_0.1.dr	String found in binary or memory: http://ichiban.menu/h
Source: 49c8f33c87de4fa9_0.1.dr	String found in binary or memory: http://ichiban.menu/t
Source: 3f2d48f104e12204_0.1.dr	String found in binary or memory: http://ichiban.menu/tdD
Source: 3e81a720e5335a28_0.1.dr	String found in binary or memory: http://maps.gstatic.cn
Source: ed62acd94547fee5_0.1.dr	String found in binary or memory: http://maps.gstatic.cn/mapfiles/api-3/images/mapcnt6.png
Source: ed62acd94547fee5_0.1.dr	String found in binary or memory: http://maps.gstatic.cn/mapfiles/api-3/images/mapcnt6_hdpi.png
Source: ed62acd94547fee5_0.1.dr	String found in binary or memory: http://maps.gstatic.cn/mapfiles/transparent.png)
Source: 9a6c0cc2dc7afa9b_0.1.dr	String found in binary or memory: http://www.google.cn
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/#rainmaker_form_2109
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu//
Source: History.1.dr	String found in binary or memory: http://www.ichiban.menu/Ichiban
Source: Favicons.1.dr	String found in binary or memory: http://www.ichiban.menu/about/
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/about/#rainmaker_form_2109
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/about/.About
Source: History.1.dr	String found in binary or memory: http://www.ichiban.menu/about/About
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/about/sl
Source: Favicons.1.dr	String found in binary or memory: http://www.ichiban.menu/gallery/ayce/
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/gallery/ayce/&
Source: History.1.dr	String found in binary or memory: http://www.ichiban.menu/gallery/ayce/Teppanyaki
Source: Favicons.1.dr, Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/gallery/teppanyaki/
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/gallery/teppanyaki/#rainmaker_form_2109
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/gallery/teppanyaki/(Teppanyaki
Source: Favicons.1.dr	String found in binary or memory: http://www.ichiban.menu/gallery/teppanyaki/)
Source: History.1.dr	String found in binary or memory: http://www.ichiban.menu/gallery/teppanyaki/Teppanyaki
Source: Favicons.1.dr	String found in binary or memory: http://www.ichiban.menu/menu-ayce/
Source: Favicons.1.dr	String found in binary or memory: http://www.ichiban.menu/menu-ayce//
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/menu-ayce/3
Source: History.1.dr	String found in binary or memory: http://www.ichiban.menu/menu-ayce/Ichiban
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/menu-teppanyaki/
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/menu-teppanyaki/#rainmaker_form_2109
Source: History-journal.1.dr	String found in binary or memory: http://www.ichiban.menu/menu-teppanyaki/2
Source: History Provider Cache.1.dr	String found in binary or memory: http://www.ichiban.menu/menu-teppanyaki/2:Teppanyaki
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/menu-teppanyaki/:
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/menu-teppanyaki/:Teppanyaki
Source: History-journal.1.dr	String found in binary or memory: http://www.ichiban.menu/menu-teppanyaki/J
Source: History.1.dr	String found in binary or memory: http://www.ichiban.menu/menu-teppanyaki/Teppanyaki
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/menu-teppanyaki/Y
Source: Favicons-journal.1.dr	String found in binary or memory: http://www.ichiban.menu/menu-teppanyaki/zw
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/menu/takeaway/
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/menu/takeaway/#rainmaker_form_2109
Source: Favicons.1.dr	String found in binary or memory: http://www.ichiban.menu/menu/takeaway/&
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/menu/takeaway/&Takeaway
Source: History.1.dr	String found in binary or memory: http://www.ichiban.menu/menu/takeaway/Takeaway
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/reservations/
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/reservations/#rainmaker_form_2109
Source: History.1.dr	String found in binary or memory: http://www.ichiban.menu/reservations/Ichiban
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menu/reservations/PIchiban
Source: 362e18053d8cbdb4_0.1.dr, 3fe29dc3ee4dedc6_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-admin/admin-ajax.php
Source: 8faa0d8de0d24714_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/cache/minify/37e61.js
Source: 3fe29dc3ee4dedc6_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/cache/minify/37e61.jsa
Source: 3fe29dc3ee4dedc6_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/cache/minify/37e61.jsaD
Source: 93f52fb938ee1996_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/cache/minify/853a9.js
Source: 3f2d48f104e12204_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/cache/minify/9af47.js
Source: e0c377885a89094b_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/cache/minify/c7035.js
Source: 2927575d9fcb27ca_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/cache/minify/c7035.jsa
Source: 2927575d9fcb27ca_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/cache/minify/c7035.jsaD
Source: 3beb4f631bd2117c_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/cache/minify/fbbf4.js
Source: 362e18053d8cbdb4_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/cache/minify/fbbf4.jsa
Source: 362e18053d8cbdb4_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/cache/minify/fbbf4.jsaD
Source: 3fe29dc3ee4dedc6_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/uploads/2017/06/410666-1920x1280.jpg
Source: 3fe29dc3ee4dedc6_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/uploads/2017/06/738370-1920x1280.jpg
Source: 3fe29dc3ee4dedc6_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/uploads/2017/06/774332-1920x1280.jpg
Source: 3fe29dc3ee4dedc6_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/uploads/2017/06/774388-1920x1280.jpg
Source: Favicons.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-content/uploads/2017/06/cropped-Ichiban_ico-1-32x32.png
Source: 362e18053d8cbdb4_0.1.dr, 0fcc6d437574cf25_0.1.dr, 3fe29dc3ee4dedc6_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-includes/js/wp-emoji-release.min.js?ver=4.9.8
Source: 0fcc6d437574cf25_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-includes/js/wp-emoji-release.min.js?ver=4.9.8a
Source: 0fcc6d437574cf25_0.1.dr	String found in binary or memory: http://www.ichiban.menu/wp-includes/js/wp-emoji-release.min.js?ver=4.9.8aD
Source: Current Session.1.dr	String found in binary or memory: http://www.ichiban.menuh
Source: manifest.json0.1.dr, 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	String found in binary or memory: https://accounts.google.com
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr	String found in binary or memory: https://ajax.googleapis.com
Source: ee81135c03c7b5b4_0.1.dr, f9a9992f840ec712_0.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Source: dbf0ad74f36c4d17_0.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.jsa
Source: dbf0ad74f36c4d17_0.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.jsaD
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr	String found in binary or memory: https://api.segment.io
Source: manifest.json0.1.dr, 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	String found in binary or memory: https://apis.google.com
Source: Current Session.1.dr	String found in binary or memory: https://booking-widget.quandoo.com.au/iframe.html?agentId=2&merchantId=53825&origin=http%3A%2F%2Fwww
Source: edcb47dfafe4384e_0.1.dr	String found in binary or memory: https://booking-widget.quandoo.com/3.0.1620734422/bootstrap.js
Source: c82a6d17667a3b4e_0.1.dr	String found in binary or memory: https://booking-widget.quandoo.com/index.js
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.1.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr	String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.1.dr	String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.3.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/downloads-lorry
Source: ed62acd94547fee5_0.1.dr	String found in binary or memory: https://developers.google.com/maps/documentation/javascript/error-messages#
Source: b348cfc8-9cc2-4b6b-b4a9-f44319af0088.tmp.3.dr, 70b31bea-6754-4bcc-8164-7ace39cbbc35.tmp.3.dr, 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	String found in binary or memory: https://dns.google
Source: manifest.json0.1.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor.1.dr	String found in binary or memory: https://fonts.googleapis.com/
Source: manifest.json0.1.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	String found in binary or memory: https://fonts.gstatic.com
Source: Network Action Predictor.1.dr	String found in binary or memory: https://fonts.gstatic.com/
Source: manifest.json0.1.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: a4927b8e8b6e8e49_0.1.dr, 6cb099d4e0f055ee_0.1.dr, 997643720c860f01_0.1.dr	String found in binary or memory: https://google.com/
Source: 62809a1915858607_0.1.dr	String found in binary or memory: https://google.com/(
Source: 62809a1915858607_0.1.dr	String found in binary or memory: https://google.com/:
Source: 89199a962e76065d_0.1.dr	String found in binary or memory: https://google.com/D
Source: 89199a962e76065d_0.1.dr	String found in binary or memory: https://google.com/R
Source: 779cdb7592da434b_0.1.dr	String found in binary or memory: https://google.com/X
Source: e7745fb0fb323f3d_0.1.dr	String found in binary or memory: https://google.com/c
Source: 62809a1915858607_0.1.dr	String found in binary or memory: https://google.com/f
Source: manifest.json0.1.dr	String found in binary or memory: https://hangouts.google.com/
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr	String found in binary or memory: https://maps.googleapis.com
Source: Network Action Predictor.1.dr	String found in binary or memory: https://maps.googleapis.com/
Source: 9a6c0cc2dc7afa9b_0.1.dr, 83b514cbc0a57437_0.1.dr	String found in binary or memory: https://maps.googleapis.com/maps-api-v3/api/js/45/8/common.js
Source: 9a6c0cc2dc7afa9b_0.1.dr	String found in binary or memory: https://maps.googleapis.com/maps-api-v3/api/js/45/8/common.jsaD
Source: f8a71b102e62ffe6_0.1.dr	String found in binary or memory: https://maps.googleapis.com/maps-api-v3/api/js/45/8/map.js
Source: 2e06fb361c0b40d3_0.1.dr	String found in binary or memory: https://maps.googleapis.com/maps-api-v3/api/js/45/8/map.jsaD
Source: a4927b8e8b6e8e49_0.1.dr	String found in binary or memory: https://maps.googleapis.com/maps-api-v3/api/js/45/8/onion.js
Source: a4927b8e8b6e8e49_0.1.dr	String found in binary or memory: https://maps.googleapis.com/maps-api-v3/api/js/45/8/onion.jsa
Source: a4927b8e8b6e8e49_0.1.dr	String found in binary or memory: https://maps.googleapis.com/maps-api-v3/api/js/45/8/onion.jsaD
Source: 6cb099d4e0f055ee_0.1.dr	String found in binary or memory: https://maps.googleapis.com/maps-api-v3/api/js/45/8/overlay.js
Source: 6cb099d4e0f055ee_0.1.dr	String found in binary or memory: https://maps.googleapis.com/maps-api-v3/api/js/45/8/overlay.jsaD
Source: 997643720c860f01_0.1.dr	String found in binary or memory: https://maps.googleapis.com/maps-api-v3/api/js/45/8/search_impl.js
Source: 997643720c860f01_0.1.dr	String found in binary or memory: https://maps.googleapis.com/maps-api-v3/api/js/45/8/search_impl.jsaD
Source: 779cdb7592da434b_0.1.dr, ed62acd94547fee5_0.1.dr	String found in binary or memory: https://maps.googleapis.com/maps-api-v3/api/js/45/8/util.js
Source: ed62acd94547fee5_0.1.dr	String found in binary or memory: https://maps.googleapis.com/maps-api-v3/api/js/45/8/util.jsaD
Source: 89199a962e76065d_0.1.dr	String found in binary or memory: https://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d-37.7798781385
Source: 62809a1915858607_0.1.dr	String found in binary or memory: https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 3e81a720e5335a28_0.1.dr	String found in binary or memory: https://maps.gstatic.com
Source: Network Action Predictor.1.dr	String found in binary or memory: https://maps.gstatic.com/
Source: ed62acd94547fee5_0.1.dr	String found in binary or memory: https://maps.gstatic.com/mapfiles/api-3/images/mapcnt6.png
Source: ed62acd94547fee5_0.1.dr	String found in binary or memory: https://maps.gstatic.com/mapfiles/api-3/images/mapcnt6_hdpi.png
Source: 3e81a720e5335a28_0.1.dr	String found in binary or memory: https://maps.gstatic.com/mapfiles/embed/images/defaultphoto
Source: 3e81a720e5335a28_0.1.dr	String found in binary or memory: https://maps.gstatic.com/mapfiles/embed/images/entity11.png);background-size:70px
Source: 3e81a720e5335a28_0.1.dr	String found in binary or memory: https://maps.gstatic.com/mapfiles/embed/images/entity11_hdpi.png);background-size:70px
Source: 3e81a720e5335a28_0.1.dr	String found in binary or memory: https://maps.gstatic.com/mapfiles/embed/images/exp2.png);background-size:109px
Source: 3e81a720e5335a28_0.1.dr	String found in binary or memory: https://maps.gstatic.com/mapfiles/embed/images/exp2_hdpi.png);background-size:109px
Source: ed62acd94547fee5_0.1.dr	String found in binary or memory: https://maps.gstatic.com/mapfiles/transparent.png);height:10px;width:4px;float:left;margin-top:3px;m
Source: e7745fb0fb323f3d_0.1.dr	String found in binary or memory: https://maps.gstatic.com/maps-api-v3/embed/js/45/8/init_embed.js
Source: 3e81a720e5335a28_0.1.dr	String found in binary or memory: https://maps.gstatic.com/maps-api-v3/embed/js/45/8/init_embed.jsa
Source: 3e81a720e5335a28_0.1.dr	String found in binary or memory: https://maps.gstatic.com/maps-api-v3/embed/js/45/8/init_embed.jsaD
Source: 3e81a720e5335a28_0.1.dr	String found in binary or memory: https://myaccount.google.com/
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	String found in binary or memory: https://play.google.com
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr	String found in binary or memory: https://r3---sn-5hneknee.gvt1.com
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr	String found in binary or memory: https://redirector.gvt1.com
Source: 362e18053d8cbdb4_0.1.dr, 3fe29dc3ee4dedc6_0.1.dr	String found in binary or memory: https://s.w.org/images/core/emoji/11/72x72/
Source: 362e18053d8cbdb4_0.1.dr, 3fe29dc3ee4dedc6_0.1.dr	String found in binary or memory: https://s.w.org/images/core/emoji/11/svg/
Source: Network Action Predictor.1.dr	String found in binary or memory: https://s3-eu-west-1.amazonaws.com/
Source: ee81135c03c7b5b4_0.1.dr	String found in binary or memory: https://s3-eu-west-1.amazonaws.com/quandoo-website/widget-builder/
Source: ee81135c03c7b5b4_0.1.dr	String found in binary or memory: https://s3-eu-west-1.amazonaws.com/quandoo-website/widget-builder/quandoo-widget-builder.js
Source: ee81135c03c7b5b4_0.1.dr	String found in binary or memory: https://s3-eu-west-1.amazonaws.com/quandoo-website/widget-builder/quandoo-widget-builder.jsaD
Source: manifest.json.1.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	String found in binary or memory: https://ssl.gstatic.com
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr	String found in binary or memory: https://static.hotjar.com
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr	String found in binary or memory: https://stats.g.doubleclick.net
Source: messages.json83.1.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json83.1.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: 3e81a720e5335a28_0.1.dr	String found in binary or memory: https://support.google.com/maps/?p=thirdpartymaps
Source: 3e81a720e5335a28_0.1.dr	String found in binary or memory: https://support.google.com/maps?p=kml
Source: 0fcc6d437574cf25_0.1.dr	String found in binary or memory: https://twemoji.maxcdn.com/2/
Source: 362e18053d8cbdb4_0.1.dr, 3fe29dc3ee4dedc6_0.1.dr	String found in binary or memory: https://w.soundcloud.com
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr	String found in binary or memory: https://www.google-analytics.com
Source: 49c8f33c87de4fa9_0.1.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: 9a6c0cc2dc7afa9b_0.1.dr, manifest.json0.1.dr, 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	String found in binary or memory: https://www.google.com
Source: 000003.log0.1.dr	String found in binary or memory: https://www.google.com/
Source: Current Session.1.dr	String found in binary or memory: https://www.google.com/maps/embed?pb=
Source: manifest.json0.1.dr	String found in binary or memory: https://www.google.com;
Source: Current Session.1.dr	String found in binary or memory: https://www.google.comh
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr	String found in binary or memory: https://www.googletagmanager.com
Source: 362e18053d8cbdb4_0.1.dr, 3fe29dc3ee4dedc6_0.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: acfe1214994be3e9_0.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-M4B3WHH
Source: 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.1.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 52.218.20.156:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.167.90.204:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.167.90.204:443 -> 192.168.2.3:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.218.20.156:443 -> 192.168.2.3:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.213.64.175:443 -> 192.168.2.3:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.184.78:443 -> 192.168.2.3:49889 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@38/250@26/19

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-610A3E91-2F0.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\fbd055e9-defb-4009-8c3c-5b3254776055.tmp

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'http://www.ichiban.menu/menu-teppanyaki/'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,16433198126318794357,6094034236782199136,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1704 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,16433198126318794357,6094034236782199136,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1704 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Drive-by Compromise1	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading3	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol3	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer2	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://www.ichiban.menu/menu-teppanyaki/	0%	Virustotal		Browse
http://www.ichiban.menu/menu-teppanyaki/	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Link
www.quandoo.com.au	0%	Virustotal	Browse
ichiban.menu	0%	Virustotal	Browse
booking-widget.quandoo.com.au	0%	Virustotal	Browse
www.ichiban.menu	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
http://ichiban.menu/	0%	Avira URL Cloud	safe
http://maps.gstatic.cn/mapfiles/transparent.png)	0%	URL Reputation	safe
http://www.ichiban.menu/wp-content/cache/minify/9af47.js	0%	Avira URL Cloud	safe
http://www.ichiban.menu/menu-teppanyaki/Y	0%	Avira URL Cloud	safe
http://www.ichiban.menu/menu-teppanyaki/2:Teppanyaki	0%	Avira URL Cloud	safe
http://ichiban.menu/:U	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-admin/admin-ajax.php	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/themes/dina/css/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0	0%	Avira URL Cloud	safe
http://www.ichiban.menu/menu-teppanyaki/J	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/cache/minify/37e61.js	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/uploads/2017/08/IMG_1963_1-squashed.jpg	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/cache/minify/c7035.js	0%	Avira URL Cloud	safe
http://ichiban.menu/B	0%	Avira URL Cloud	safe
http://www.ichiban.menu/menu-teppanyaki/:	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/uploads/2017/08/IMG_2024_1-squashed.jpg	0%	Avira URL Cloud	safe
http://maps.gstatic.cn/mapfiles/api-3/images/mapcnt6_hdpi.png	0%	URL Reputation	safe
http://www.ichiban.menu/menu-teppanyaki/2	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/uploads/2017/08/IchibanFrontDoor.jpg	0%	Avira URL Cloud	safe
http://ichiban.menu/tdD	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/uploads/2017/06/738370-1920x1280.jpg	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/downloads-lorry	0%	URL Reputation	safe
http://www.ichiban.menu/wp-content/uploads/2017/08/24899790_2187483284599017_7338923987939449924_n.jpg	0%	Avira URL Cloud	safe
https://dns.google	0%	URL Reputation	safe
http://www.ichiban.menu/wp-content/uploads/2017/06/japanese_food-t2.jpg	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/uploads/2017/06/sushi-backgrounds_112713348_82.jpg	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/uploads/2017/06/410666-1920x1280.jpg	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/uploads/2017/08/IMG_1922-squashed.jpg	0%	Avira URL Cloud	safe
http://www.ichiban.menu/menu/takeaway/&	0%	Avira URL Cloud	safe
http://www.ichiban.menu/about/sl	0%	Avira URL Cloud	safe
https://www.google.com;	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/cache/minify/37e61.jsaD	0%	Avira URL Cloud	safe
http://www.ichiban.menu/menu/takeaway/#rainmaker_form_2109	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/uploads/2017/08/IMG_1991-squashed-e1502606036564.jpg	0%	Avira URL Cloud	safe
http://ichiban.menu/0K	0%	Avira URL Cloud	safe
http://www.ichiban.menu/reservations/#rainmaker_form_2109	0%	Avira URL Cloud	safe
http://www.ichiban.menu//	0%	Avira URL Cloud	safe
http://maps.gstatic.cn	0%	URL Reputation	safe
http://www.ichiban.menu/wp-content/uploads/2017/08/Screen-Shot-8-1.png	0%	Avira URL Cloud	safe
http://ichiban.menu/t	0%	Avira URL Cloud	safe
http://www.ichiban.menu/menu-teppanyaki/#rainmaker_form_2109	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/uploads/2017/08/IMG_2014_1.jpg	0%	Avira URL Cloud	safe
http://ichiban.menu/h	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/uploads/2018/04/ichiban_horizontal_teppan_small.png	0%	Avira URL Cloud	safe
http://www.ichiban.menu/#rainmaker_form_2109	0%	Avira URL Cloud	safe
http://www.ichiban.menu	0%	Avira URL Cloud	safe
http://www.ichiban.menu/menu-teppanyaki/:Teppanyaki	0%	Avira URL Cloud	safe
http://www.ichiban.menu/Ichiban	0%	Avira URL Cloud	safe
http://www.ichiban.menu/gallery/ayce/Teppanyaki	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/uploads/2017/08/24293862_2175673712446641_5670291794321811786_n.jpg	0%	Avira URL Cloud	safe
http://www.ichiban.menu/gallery/teppanyaki/(Teppanyaki	0%	Avira URL Cloud	safe
http://www.ichiban.menu/about/#rainmaker_form_2109	0%	Avira URL Cloud	safe
http://www.ichiban.menu/menu-ayce/3	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/uploads/2017/08/IchibanFrontDoor-768x1002.jpg	0%	Avira URL Cloud	safe
http://www.ichiban.menu/menu-ayce//	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-includes/js/wp-emoji-release.min.js?ver=4.9.8	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/uploads/2017/08/IMG_2014_1-squashed.jpg	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/cache/minify/fbbf4.js	0%	Avira URL Cloud	safe
http://www.ichiban.menu/gallery/teppanyaki/Teppanyaki	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/uploads/2017/08/IMG_2023_1-squashed.jpg	0%	Avira URL Cloud	safe
http://www.ichiban.menu/menu-ayce/	0%	Avira URL Cloud	safe
http://www.ichiban.menu/gallery/teppanyaki/#rainmaker_form_2109	0%	Avira URL Cloud	safe
http://ichiban.menu/gk	0%	Avira URL Cloud	safe
http://www.ichiban.menu/wp-content/uploads/2017/08/niseko-pirka-teppanyaki-02.jpg	0%	Avira URL Cloud	safe
http://www.ichiban.menu/gallery/ayce/&	0%	Avira URL Cloud	safe
https://www.google.comh	0%	URL Reputation	safe
http://www.ichiban.menu/menu-teppanyaki/zw	0%	Avira URL Cloud	safe
http://www.ichiban.menuh	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
gstaticadssl.l.google.com	142.250.186.35	true	false		high
star-mini.c10r.facebook.com	157.240.17.35	true	false		high
s3-eu-west-1.amazonaws.com	52.218.20.156	true	false		high
1.gravatar.com	192.0.73.2	true	false		high
accounts.google.com	216.58.205.77	true	false		high
www-google-analytics.l.google.com	142.250.184.78	true	false		high
stats.l.doubleclick.net	108.177.126.155	true	false		high
www-googletagmanager.l.google.com	142.250.184.72	true	false		high
booking-widget.quandoo.com	143.204.207.60	true	false		high
www.quandoo.com.au	176.34.109.148	true	false	0%, Virustotal, Browse	unknown
ichiban.menu	166.62.28.94	true	false	0%, Virustotal, Browse	unknown
booking-widget.quandoo.com.au	13.32.22.7	true	false	0%, Virustotal, Browse	unknown
youtube-ui.l.google.com	216.58.208.174	true	false		high
www.google.com	142.250.180.164	true	false		high
api.segment.io	35.167.90.204	true	false		high
clients.l.google.com	216.58.208.174	true	false		high
z-p42-instagram.c10r.facebook.com	157.240.17.174	true	false		high
s.w.org	192.0.77.48	true	false		high
googlehosted.l.googleusercontent.com	216.58.208.161	true	false		high
9110-api.quandoo.com	52.213.64.175	true	false		high
static-cdn.hotjar.com	13.32.22.92	true	false		high
www.facebook.com	unknown	unknown	false		high
stats.g.doubleclick.net	unknown	unknown	false		high
clients2.googleusercontent.com	unknown	unknown	false		high
clients2.google.com	unknown	unknown	false		high
www.instagram.com	unknown	unknown	false		high
www.ichiban.menu	unknown	unknown	false	0%, Virustotal, Browse	unknown
static.hotjar.com	unknown	unknown	false		high
www.youtube.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.ichiban.menu/wp-content/cache/minify/9af47.js	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/themes/dina/css/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/reservations/	false		unknown
http://www.ichiban.menu/wp-content/cache/minify/37e61.js	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/uploads/2017/08/IMG_1963_1-squashed.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/cache/minify/c7035.js	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/uploads/2017/08/IMG_2024_1-squashed.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/uploads/2017/08/IchibanFrontDoor.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/uploads/2017/06/738370-1920x1280.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/uploads/2017/08/24899790_2187483284599017_7338923987939449924_n.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/	false		unknown
http://www.ichiban.menu/wp-content/uploads/2017/06/japanese_food-t2.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/uploads/2017/06/sushi-backgrounds_112713348_82.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/uploads/2017/06/410666-1920x1280.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/uploads/2017/08/IMG_1922-squashed.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/uploads/2017/08/IMG_1991-squashed-e1502606036564.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/menu-teppanyaki/	false		unknown
http://www.ichiban.menu/wp-content/uploads/2017/08/Screen-Shot-8-1.png	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/uploads/2017/08/IMG_2014_1.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/gallery/teppanyaki/	false		unknown
http://www.ichiban.menu/menu/takeaway/	false		unknown
http://www.ichiban.menu/wp-content/uploads/2018/04/ichiban_horizontal_teppan_small.png	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/	false		unknown
http://www.ichiban.menu/reservations/	false		unknown
http://www.ichiban.menu/wp-content/uploads/2017/08/24293862_2175673712446641_5670291794321811786_n.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/uploads/2017/08/IchibanFrontDoor-768x1002.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-includes/js/wp-emoji-release.min.js?ver=4.9.8	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/uploads/2017/08/IMG_2014_1-squashed.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/cache/minify/fbbf4.js	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/about/	false		unknown
http://www.ichiban.menu/wp-content/uploads/2017/08/IMG_2023_1-squashed.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/about/	false		unknown
http://www.ichiban.menu/menu-ayce/	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-content/uploads/2017/08/niseko-pirka-teppanyaki-02.jpg	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/menu/takeaway/	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://ichiban.menu/	ee81135c03c7b5b4_0.1.dr, 8faa0d8de0d24714_0.1.dr, 49c8f33c87de4fa9_0.1.dr	false	Avira URL Cloud: safe	unknown
https://w.soundcloud.com	362e18053d8cbdb4_0.1.dr, 3fe29dc3ee4dedc6_0.1.dr	false		high
https://stats.g.doubleclick.net	766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr	false		high
http://maps.gstatic.cn/mapfiles/transparent.png)	ed62acd94547fee5_0.1.dr	false	URL Reputation: safe	unknown
https://s3-eu-west-1.amazonaws.com/quandoo-website/widget-builder/	ee81135c03c7b5b4_0.1.dr	false		high
http://www.ichiban.menu/menu-teppanyaki/Y	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
https://twemoji.maxcdn.com/2/	0fcc6d437574cf25_0.1.dr	false		high
https://google.com/(	62809a1915858607_0.1.dr	false		high
http://www.ichiban.menu/menu-teppanyaki/2:Teppanyaki	History Provider Cache.1.dr	false	Avira URL Cloud: safe	unknown
http://ichiban.menu/:U	acfe1214994be3e9_0.1.dr	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/wp-admin/admin-ajax.php	362e18053d8cbdb4_0.1.dr, 3fe29dc3ee4dedc6_0.1.dr	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/menu-teppanyaki/J	History-journal.1.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com	9a6c0cc2dc7afa9b_0.1.dr, manifest.json0.1.dr, 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	false		high
http://ichiban.menu/B	c82a6d17667a3b4e_0.1.dr	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/menu-teppanyaki/:	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
http://maps.gstatic.cn/mapfiles/api-3/images/mapcnt6_hdpi.png	ed62acd94547fee5_0.1.dr	false	URL Reputation: safe	unknown
https://s.w.org/images/core/emoji/11/72x72/	362e18053d8cbdb4_0.1.dr, 3fe29dc3ee4dedc6_0.1.dr	false		high
http://www.ichiban.menu/menu-teppanyaki/2	History-journal.1.dr	false	Avira URL Cloud: safe	unknown
http://ichiban.menu/tdD	3f2d48f104e12204_0.1.dr	false	Avira URL Cloud: safe	unknown
https://csp.withgoogle.com/csp/report-to/downloads-lorry	Reporting and NEL.3.dr	false	URL Reputation: safe	unknown
https://booking-widget.quandoo.com/index.js	c82a6d17667a3b4e_0.1.dr	false		high
https://dns.google	b348cfc8-9cc2-4b6b-b4a9-f44319af0088.tmp.3.dr, 70b31bea-6754-4bcc-8164-7ace39cbbc35.tmp.3.dr, 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	false	URL Reputation: safe	unknown
https://s3-eu-west-1.amazonaws.com/quandoo-website/widget-builder/quandoo-widget-builder.jsaD	ee81135c03c7b5b4_0.1.dr	false		high
https://support.google.com/chromecast/troubleshooter/2995236	messages.json83.1.dr	false		high
http://www.ichiban.menu/menu/takeaway/&	Favicons.1.dr	false	Avira URL Cloud: safe	unknown
https://support.google.com/maps?p=kml	3e81a720e5335a28_0.1.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	manifest.json.1.dr	false		high
http://www.ichiban.menu/about/sl	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com;	manifest.json0.1.dr	false	Avira URL Cloud: safe	low
http://www.ichiban.menu/wp-content/cache/minify/37e61.jsaD	3fe29dc3ee4dedc6_0.1.dr	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/menu/takeaway/#rainmaker_form_2109	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
http://ichiban.menu/0K	e0c377885a89094b_0.1.dr	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/reservations/#rainmaker_form_2109	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu//	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
http://maps.gstatic.cn	3e81a720e5335a28_0.1.dr	false	URL Reputation: safe	unknown
http://ichiban.menu/t	49c8f33c87de4fa9_0.1.dr	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/menu-teppanyaki/#rainmaker_form_2109	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
http://ichiban.menu/h	3beb4f631bd2117c_0.1.dr	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/#rainmaker_form_2109	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/menu-teppanyaki/:Teppanyaki	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/	000003.log0.1.dr	false		high
https://booking-widget.quandoo.com/3.0.1620734422/bootstrap.js	edcb47dfafe4384e_0.1.dr	false		high
https://feedback.googleusercontent.com	manifest.json0.1.dr	false		high
http://www.ichiban.menu/Ichiban	History.1.dr	false	Avira URL Cloud: safe	unknown
https://api.segment.io	766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr	false		high
http://www.ichiban.menu/gallery/ayce/Teppanyaki	History.1.dr	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/gallery/teppanyaki/(Teppanyaki	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/about/#rainmaker_form_2109	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
https://play.google.com	766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	false		high
https://s.w.org/images/core/emoji/11/svg/	362e18053d8cbdb4_0.1.dr, 3fe29dc3ee4dedc6_0.1.dr	false		high
http://www.ichiban.menu/menu-ayce/3	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
https://support.google.com/maps/?p=thirdpartymaps	3e81a720e5335a28_0.1.dr	false		high
http://www.ichiban.menu/menu-ayce//	Favicons.1.dr	false	Avira URL Cloud: safe	unknown
https://sandbox.google.com/payments/v4/js/integrator.js	manifest.json.1.dr	false		high
http://www.google.cn	9a6c0cc2dc7afa9b_0.1.dr	false		high
http://www.ichiban.menu/gallery/teppanyaki/Teppanyaki	History.1.dr	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/gallery/teppanyaki/#rainmaker_form_2109	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
https://accounts.google.com	manifest.json0.1.dr, 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	false		high
http://ichiban.menu/gk	acfe1214994be3e9_0.1.dr	false	Avira URL Cloud: safe	unknown
http://www.ichiban.menu/gallery/ayce/&	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
https://www.google.comh	Current Session.1.dr	false	URL Reputation: safe	unknown
http://www.ichiban.menu/menu-teppanyaki/zw	Favicons-journal.1.dr	false	Avira URL Cloud: safe	unknown
https://apis.google.com	manifest.json0.1.dr, 766a81c8-70dc-4e7f-a659-38ccea56616c.tmp.3.dr, 0003996a-5449-4d1d-ba52-5cef383641cc.tmp.3.dr	false		high
http://www.ichiban.menuh	Current Session.1.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
52.218.20.156	s3-eu-west-1.amazonaws.com	United States	16509	AMAZON-02US	false
216.58.208.161	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
52.213.64.175	9110-api.quandoo.com	United States	16509	AMAZON-02US	false
35.167.90.204	api.segment.io	United States	16509	AMAZON-02US	false
108.177.126.155	stats.l.doubleclick.net	United States	15169	GOOGLEUS	false
13.32.22.92	static-cdn.hotjar.com	United States	7018	ATT-INTERNET4US	false
13.32.22.7	booking-widget.quandoo.com.au	United States	7018	ATT-INTERNET4US	false
142.250.184.72	www-googletagmanager.l.google.com	United States	15169	GOOGLEUS	false
142.250.180.164	www.google.com	United States	15169	GOOGLEUS	false
142.250.186.35	gstaticadssl.l.google.com	United States	15169	GOOGLEUS	false
216.58.208.174	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
142.250.184.78	www-google-analytics.l.google.com	United States	15169	GOOGLEUS	false
143.204.207.60	booking-widget.quandoo.com	United States	16509	AMAZON-02US	false
216.58.205.77	accounts.google.com	United States	15169	GOOGLEUS	false
192.0.73.2	1.gravatar.com	United States	2635	AUTOMATTICUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
166.62.28.94	ichiban.menu	United States	26496	AS-26496-GO-DADDY-COM-LLCUS	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	458981
Start date:	04.08.2021
Start time:	00:14:42
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 56s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.ichiban.menu/menu-teppanyaki/
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@38/250@26/19
Cookbook Comments:	Adjust boot time Enable AMSI Browse: http://www.ichiban.menu/ Browse: http://www.ichiban.menu/about/ Browse: http://www.ichiban.menu/gallery/ayce/ Browse: http://www.ichiban.menu/menu-ayce/ Browse: http://www.ichiban.menu/menu/takeaway/ Browse: http://www.ichiban.menu/reservations/
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 168.61.161.212, 204.79.197.200, 13.107.21.200, 13.88.21.125, 23.211.6.115, 142.250.184.110, 74.125.8.72, 209.85.226.8, 142.250.180.170, 142.250.180.163, 142.250.180.138, 142.250.184.35, 142.250.184.74, 142.250.184.106, 216.58.198.10, 216.58.198.42, 216.58.205.74, 172.217.21.74, 142.250.180.74, 142.250.180.106, 216.58.206.42, 216.58.208.170, 216.58.209.42, 142.250.184.42, 20.82.210.154, 23.211.4.86, 205.185.216.10, 205.185.216.42, 40.112.88.60, 216.58.208.131, 74.125.8.102, 216.58.209.35, 80.67.82.211, 80.67.82.235, 173.222.108.226, 173.222.108.210 Excluded domains from analysis (whitelisted): r3---sn-5hneknee.gvt1.com, clientservices.googleapis.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, r1.sn-5hne6nzs.gvt1.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, update.googleapis.com, watson.telemetry.microsoft.com, www.gstatic.com, r3.sn-5hneknee.gvt1.com, au-bg-shim.trafficmanager.net, www.google-analytics.com, www.bing.com, fonts.googleapis.com, fs.microsoft.com, content-autofill.googleapis.com, dual-a-0001.a-msedge.net, ajax.googleapis.com, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, www.googleapis.com, r1---sn-5hne6nzs.gvt1.com, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, maps.gstatic.com, au.download.windowsupdate.com.edgesuite.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, r3.sn-5hnekn76.gvt1.com, e12564.dspb.akamaiedge.net, maps.googleapis.com, redirector.gvt1.com, www.googletagmanager.com, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, fonts.gstatic.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, a767.dscg3.akamai.net, r3---sn-5hnekn76.gvt1.com, a-0001.a-afdentry.net.trafficmanager.net, skypedataprdcolwus15.cloudapp.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing network information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtSetInformationFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
00:16:39	API Interceptor	1x Sleep call for process: chrome.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	low
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Microsoft Cabinet archive data, 61020 bytes, 1 file
Category:	dropped
Size (bytes):	61020
Entropy (8bit):	7.994886945086499
Encrypted:	true
SSDEEP:	1536:IZ/FdeYPeFusuQszEfL0/NfXfdl5lNQbGxO4EBJE:0tdeYPiuWAVtlLBGm
MD5:	2902DE11E30DCC620B184E3BB0F0C1CB
SHA1:	5D11D14A2558801A2688DC2D6DFAD39AC294F222
SHA-256:	E6A7F1F8810E46A736E80EE5AC6187690F28F4D5D35D130D410E20084B2C1544
SHA-512:	EFD415CDE25B827AC2A7CA4D6486CE3A43CDCC1C31D3A94FD7944681AA3E83A4966625BF2E6770581C4B59D05E35FF9318D9ADADDADE9070F131076892AF2FA0
Malicious:	false
Reputation:	low
Preview:	MSCF....\.......,...................I........l.........R.q .authroot.stl.N....5..CK..8T....c_.d....A.K....=.D.eWI..r."Y...."i..,.=.l.D.....3...3WW.......y...9..w..D.yM10....`.0.e.._.'..a0xN....)F.C..t.z.,.O20.1``L.....m?H..C..X>Oc..q.....%.!^v%<...O...-..@/.......H.J.W...... T...Fp..2.\|$....._Y..Y`&..s.1........s.{..,.":o}9.......%._.xWS.K..4"9......q.G:.........a.H.y.. ..r...q./6.p.;.`=.Dwj......!......s).B..y.......A.!W.........D!s0..!"X...l.....D0...........Ba...Z.0.o..l.3.v..W1F hSp.S)@.....'Z..QW...G...G.G.y+.x...aa`.3..X&4E..N...._O..<X.......K...xm..+M...O.H...)............o..~4.6.......p.`Bt.(..V.N.!.p.C>..%.ySXY.>.`..f\|....'^K`\..e......j/..\|..)..&i...wEj.w...o..r<.$.....C.....}.x...L..&..).r..\...>....v........7...^..L!.$..'m...,.....7F$..~..S.6$S.-y....\|.!.....x...~k...Q/.w.e...h.[...9<x...Q.x.][}_%Z..K.).3..'....M.6QkJ.N........Y..Q.n.[.(.... ...Bg..33..[...S..[... .Z..<i.-.]...po.k.,...X6......y3^.t[.Dw.]ts. R..L..`..ut_F....

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	326
Entropy (8bit):	3.117636708753809
Encrypted:	false
SSDEEP:	6:kKr8CdoW+N+SkQlPlEGYRMY9z+4KlDA3RUeIlD1Ut:jr5kPlE99SNxAhUe0et
MD5:	AF08AE8CD082EC572D18E91AB98C27D4
SHA1:	E08CDF00B1A720EF2D835E3D5324CBA69EC431FE
SHA-256:	07847D598DDC132D09CA271F009919BAE24557C110BD6DE6CC8F55DCA30A846D
SHA-512:	80A0CC73F3315EF1E191282113519BAAA3C4EF42FAE6F0846355840B14320BB76EA84BF4990E3EC508BE55AE8DA09920D863343AAC970AD158087129FF9A8C85
Malicious:	false
Reputation:	low
Preview:	p...... ...............(....................................................... .........T'._......$...........\...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.6.5.4.2.7.7.5.f.d.7.1.:.0."...

C:\Users\user\AppData\Local\Google\Chrome\User Data\4e660f93-3ca7-40f6-8af5-7eed649b90b2.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	165870
Entropy (8bit):	6.049556176026057
Encrypted:	false
SSDEEP:	3072:9GaYTJQE+mugy9+QV1T7IRwdfLSNPOFcbXafIB0u1GOJmA3iuR5:4xaV+QfT7GSmhEaqfIlUOoSiuR5
MD5:	C057AF0D4D958150A1050BA0D386C2AF
SHA1:	25A447AC133C3CC80C6A05B8AF8D44FD66DE87CF
SHA-256:	8534E090D163E19ED896F427BA60302790D50A31192B7B57849B855853968A60
SHA-512:	A897FE499C933478E8DC146EAD448371657503CE6FF0C8FE0E26FB7C4F56AFDAF2A33B3271519985FB3B05560B59CD8CA79503DB039782EA49295F111694000C
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.628061332406819e+12,"network":1.628028934e+12,"ticks":4483065250.0,"uncertainty":4367825.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016321227"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.254162526001658
Encrypted:	false
SSDEEP:	3:FkXft0xE1G1mstft0xE1G1mstft0xE1n:+ftIE1G1mkftIE1G1mkftIE1n
MD5:	E9224A19341F2979669144B01332DF59
SHA1:	F7F760C7104457DF463306A7F7BAE0142EFCEB5B
SHA-256:	47DD519C226D23F203ACAE0EC44DF9BB6208828E24F726E1602EA52F63C3E2BE
SHA-512:	4184302DEB5009D767FECFC150F580DD57D5CF9CF3BFEB7E52C9F3340E5E6499251B9F0DFF37F0454411FED9046880E0A9204312D021294256372C916B8155AC
Malicious:	false
Reputation:	low
Preview:	sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0003996a-5449-4d1d-ba52-5cef383641cc.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4219
Entropy (8bit):	4.871684703914691
Encrypted:	false
SSDEEP:	48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
MD5:	EDC4A4E22003A711AEF67FAED28DB603
SHA1:	977E551B9ED5F60D018C030B0B4AA2E33B954556
SHA-256:	DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
SHA-512:	84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4db253b3-c9f6-49ea-8793-560fa8ce710c.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22595
Entropy (8bit):	5.535872250505424
Encrypted:	false
SSDEEP:	384:2/htBLlmmXI1kXqKf/pUZNCgVLH2HfDErU8HGqnT8+km4l:GLl7I1kXqKf/pUZNCgVLH2HfYrUwGqnA
MD5:	83BC8D7A974A0522CFD7C16143C44592
SHA1:	8D5CD79D6EDF65D266C65A960E1E1B084B8C0D17
SHA-256:	C6D55E3BFF826D0E0BF4F2F7B7EC978F0DB7FD47848C3E49C4DE9D917606A46D
SHA-512:	6FB0EA72FC2E66AD30D1B59B5A9B3AAF13A244E585E54C1EA6A1D24BA114D95F04298BB466C2602AC31B37CE3F4C736912DA6C24236C55A73A746E2FF8D6E9A4
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272534929324348","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\519b6273-2d33-47ac-8936-fa6149ce560d.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	low
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5f195c04-b565-406a-93b4-7c645131fb3a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1539
Entropy (8bit):	5.593778945655415
Encrypted:	false
SSDEEP:	48:YEeUAieU46UUhlU1KUZqPeUer2UefPwU5Uenw:zeUAieURUUrU1KUUPeU9UE4U5UD
MD5:	F687BF9CEC970A00ABA26FCD7CCE17B2
SHA1:	44CBF3263D02ED4851972999A2F22B1283609F3E
SHA-256:	C056876E4638546404E434A232C1E3B1D4CFA6F312C50B96D8296142FB8EBE4B
SHA-512:	54531194DB3135AD151EFCC9F3BC679F7A906AA05F3B250C7552919BAE80237E7592BE3CA26473DA5EDE90E1478DAE86201B5624363F54DCC1CF95E7D9B98C34
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1638947735.746837,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1628061335.746843},{"expiry":1659597335.043785,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1628061335.043791},{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1638947735.304174,"host":"fJjUrPqhktMfiTHJX3Q0pJi/P12Q72DBgzzJqjlNC4o=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1628061335.30418},{"expiry":1659597333.402484,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1628061333.40249},{"expiry":1633014092.4175,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains":false,"sts_observ

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\69246233-5046-4f1d-9e2c-76dc9c9c6634.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	1539
Entropy (8bit):	5.597689725012484
Encrypted:	false
SSDEEP:	48:YbeUWieUu6UUhlU1KUZqPeUer2UefPwU5Uenw:MeUWieUzUUrU1KUUPeU9UE4U5UD
MD5:	1C2D7ABE5767821CC5CB16CA1A17E969
SHA1:	465799648921A8CF2DE2D803C9C14B74D6CBB520
SHA-256:	3F6EFCCA7652324564B546010460C43CFDFD9B0FF791A6CCF9FF4AFF6BAFD842
SHA-512:	4AED9288778908C9DB070FBA3C05B2C369330D5D46E891B0620A37D4C01919DE78303283370301A344E8C0F5081153C828C5D475739605E693D29DF52EB5A6D7
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1638947795.698289,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1628061395.698294},{"expiry":1659597398.148832,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1628061398.148839},{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1638947735.304174,"host":"fJjUrPqhktMfiTHJX3Q0pJi/P12Q72DBgzzJqjlNC4o=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1628061335.30418},{"expiry":1659597333.402484,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1628061333.40249},{"expiry":1633014092.4175,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains":false,"sts_observ

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6eec1960-4fc4-4231-9567-8e4eb9e3515e.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5783
Entropy (8bit):	5.188622326290684
Encrypted:	false
SSDEEP:	96:nRCfkn9SwxXRcKIXok0JCKL8hkk1IbOTQVuwn:nRCq9rhcA4KykkQ
MD5:	CE47936928842D721C6D3ADDAAE7841C
SHA1:	E3B1836670EA7CECE2FE8C31AB1A02DD9ACBAE75
SHA-256:	3AA5CE647CC21F309EE588DFC0E9BAB64341416B1904E4984F4C11D623094843
SHA-512:	73FBE9D0DEC635ED97113F99D3F7932D7B936DD2570FD199C933876D09181D41AC734C2013EED622137DF470CCE12C60A114E10FEF4151F91F808E5DB7271AD6
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272534929626370","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\70d8e68d-654b-4bd3-a574-7b6422efd888.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5809
Entropy (8bit):	5.191173759512403
Encrypted:	false
SSDEEP:	96:nRCfzn9SwxXRcKITok0JCKL8hkk15bOTQVuwn:nRCL9rhcE4KykkP
MD5:	07CA9118F6C64E14A2EDCDBD2E207923
SHA1:	E21D5AA18A58B9DA64B4D81678999E79E9A50EE5
SHA-256:	1BE1881FA85AB86C3476730C5CCC2B3636C9AA9A77B07809714031A0D9F03092
SHA-512:	40D36513099D3E1F7AE4276993C5C251E51029B9AAD3F0404EF4C815C507FF5ABA829A52B1DD118D8304C6E964CF9C2A9B09744DAAD95FC34C20ADE5AA784FE8
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272534929626370","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\766a81c8-70dc-4e7f-a659-38ccea56616c.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4122
Entropy (8bit):	4.894981539348123
Encrypted:	false
SSDEEP:	96:JTOXGDHzhlzes6VM2erNsSGuGpT5j6l5KzFGdw5GbIH:JTOXGDHzhFes6VM2eruSD4T5j6l5KFP/
MD5:	16C55AF035F5826766FEF328F81C9E7A
SHA1:	1EC194710ED060DBC390F21BF6B0479F2E6982C8
SHA-256:	F903070491FE3105E48FA5F9E3214A9CB75018841C57FB4D37B357329A7E6BE0
SHA-512:	6020928D129C1E2E43490825FB488E522B2B9ED9194D5CA29BBE88B38CDFE88143BDCDE4FC54251D0DEF0D03F5D00FF55A74D42F98BBC55D89E73F9CE36BD3EB
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13275126932510936","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13275126932511847","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13275126932697074","port":443,"protocol_str":"quic"},{"advertised

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.221428881628009
Encrypted:	false
SSDEEP:	6:m4o+M+q2PWXp+N23iKKdK9RXXTZIFUtpldyZmwPl1MMVkwOWXp+N23iKKdK9RXXH:S+va5Kk7XT2FUtpu/P/NV5f5Kk7XVJ
MD5:	078C8BA5A09319C95F547264689E9F47
SHA1:	815A490BCE2DA65661FEA558095357DFF7659B07
SHA-256:	17FB9138CEF4AD5BB6C0FE4292BE52AA450118421BD8B275200B6952C7DC08CC
SHA-512:	23E023E9A7B46FA03E83DCEA23D206DCFF24CED2A01A15CC689E9CD104E213A4C041EF6426B759D4E3FCBB5B079EA66B628C35C675D5B9A368D1D64B5714E032
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:40.897 1b1c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/08/04-00:15:40.912 1b1c Recovering log #3.2021/08/04-00:15:40.913 1b1c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old=& (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.221428881628009
Encrypted:	false
SSDEEP:	6:m4o+M+q2PWXp+N23iKKdK9RXXTZIFUtpldyZmwPl1MMVkwOWXp+N23iKKdK9RXXH:S+va5Kk7XT2FUtpu/P/NV5f5Kk7XVJ
MD5:	078C8BA5A09319C95F547264689E9F47
SHA1:	815A490BCE2DA65661FEA558095357DFF7659B07
SHA-256:	17FB9138CEF4AD5BB6C0FE4292BE52AA450118421BD8B275200B6952C7DC08CC
SHA-512:	23E023E9A7B46FA03E83DCEA23D206DCFF24CED2A01A15CC689E9CD104E213A4C041EF6426B759D4E3FCBB5B079EA66B628C35C675D5B9A368D1D64B5714E032
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:40.897 1b1c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/08/04-00:15:40.912 1b1c Recovering log #3.2021/08/04-00:15:40.913 1b1c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	318
Entropy (8bit):	5.198154860355162
Encrypted:	false
SSDEEP:	6:m4JM+q2PWXp+N23iKKdKyDZIFUtplUfZmwPlwMVkwOWXp+N23iKKdKyJLJ:Y+va5Kk02FUtpef/PPV5f5KkWJ
MD5:	33BE0FF6E651AD2780875B450E85BA61
SHA1:	FC1B72FA14CF20A405E3F44B851E8A8EE3680D32
SHA-256:	5A8B540F0866EBEBAF5DFE4E2D557BC953D1AA6EC18ADBCCC3A563343969508E
SHA-512:	C5625086640CF1E7AA5C1BEA8F943AE624FED4ADFAE6F32C65EF84CC68D98AEC6B2A9C0D92C63771B1F0FEC198BB672E73CDC2C858680DD8CFC3ACE32EA74DBC
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:40.882 1b1c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/08/04-00:15:40.886 1b1c Recovering log #3.2021/08/04-00:15:40.887 1b1c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldon (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	318
Entropy (8bit):	5.198154860355162
Encrypted:	false
SSDEEP:	6:m4JM+q2PWXp+N23iKKdKyDZIFUtplUfZmwPlwMVkwOWXp+N23iKKdKyJLJ:Y+va5Kk02FUtpef/PPV5f5KkWJ
MD5:	33BE0FF6E651AD2780875B450E85BA61
SHA1:	FC1B72FA14CF20A405E3F44B851E8A8EE3680D32
SHA-256:	5A8B540F0866EBEBAF5DFE4E2D557BC953D1AA6EC18ADBCCC3A563343969508E
SHA-512:	C5625086640CF1E7AA5C1BEA8F943AE624FED4ADFAE6F32C65EF84CC68D98AEC6B2A9C0D92C63771B1F0FEC198BB672E73CDC2C858680DD8CFC3ACE32EA74DBC
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:40.882 1b1c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/08/04-00:15:40.886 1b1c Recovering log #3.2021/08/04-00:15:40.887 1b1c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0fcc6d437574cf25_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	14466
Entropy (8bit):	5.826478110281821
Encrypted:	false
SSDEEP:	384:XoA8VrbTfpMo0EtDSpy7ZuYW+TJr3J//bEI+XgA5U6e:43HWnEtDcy7ZlBlr3J//YfXgAC6e
MD5:	A39784FD942DFF8A3387C40514EAD6A4
SHA1:	A785FB9E4BAA6A4E83C3D98AF944C0AE6653A5D1
SHA-256:	9FFFB8CEA260BF33C34F02984A428484DBE8E507209D6A195D05F8F01D43D77A
SHA-512:	494499DE57DEDC28553A4B3FCC2A53A096F0BAECD54C5C719CCEECC19F1CC6191B73F93F26ADA8B24BC3FF85DA31D4B6CC7E06F4C20995EF29AB40CD4591C0F6
Malicious:	false
Reputation:	low
Preview:	0\r..m......b.../^%....._keyhttp://www.ichiban.menu/wp-includes/js/wp-emoji-release.min.js?ver=4.9.8 .http://ichiban.menu/...L'/......................E..g...D.v..Itr&y.I(\|E..SJ.A..Eo......3RF..........A..Eo................................'.......O.....6..\. -....................x....... ................(S.\..`n.... L`......L`......Qc>.......twemoji..(S....`......L`B.....Rc`...........(......M....O...Qb.P.7....c.....QbV.......d.....Qb.M......e.....Qbz..~....f..........Qb>.}.....h......S...QbR9......j.....Qbn9.+....m.....Qb.UN.....o.....Qb..t....p.....Qb.r'H....q.....Qbj.......r.....Qb.......s.....Qb.#L.....t.....R....Qb........v.....Qbz......w...s................................................................................I`....Daz....G...(S.....IaW.............@.-....TP.A.....H...http://www.ichiban.menu/wp-includes/js/wp-emoji-release.min.js?ver=4.9.8a........D`....D`....D`.....\|...`:...&...&....&....&.(S...Ia...........O......d........@...........&.(S.....Ia..............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2927575d9fcb27ca_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	105784
Entropy (8bit):	5.804471270344644
Encrypted:	false
SSDEEP:	1536:MCez8UvxRxisbiszH3eH326x/7vkXLgVFbmdmh4h4nCtlO/:MZlFbigeGmveLgfbmmh4hlw
MD5:	4C2190F4CAD4A2C4DD718DA94B9514C4
SHA1:	3EA34FEFAC43CD799DBD9FAE3BBE8E41E76C594E
SHA-256:	0059C26BEFCBD443FCD0A2A3BE462B0E1DEC8FA89CA2B0A0643CC53A8C190FA3
SHA-512:	28359856D7E2AFDA2DC476E7A719F618EBF8446AE32E3261716B45E3C6CF1348F7F6A03D816D3D00E34B95861CC61E0A87A717C18F3B45E4B3FF3C996E0A293D
Malicious:	false
Reputation:	low
Preview:	0\r..m......@......B....671C25995607767730D65CBCEA8500D9C97FDBBAD6C5DA42D603EB474C2C7139..............'..{....O$......w..................4'......x.......d...........................................................................D........................................(S.X..`h.... L`.....(S.p.`......L`.....0Rc...................O.`....I`....Da....,.....Q.@./`....module....Qc..\%....exports...Qc~.PU....document.(S........5.a...............a..............a..........a....a............a...........Pc.........exportsa........I..Q..@.-....DP.......8...http://www.ichiban.menu/wp-content/cache/minify/c7035.jsa........D`....D`....D`..........`....&...&....&....&.(S...5'..`"N.......L`P......Q.Rc............J......M...Qb.P.7....c.....QbV.......d.....Qb.M......e.....Qbz..~....f..........Qb>.}.....h......S...QbR9......j.....Qbr.......k.....QbZ..g....l.....Qb..&.....n.....Qb.UN.....o.....Qb..t....p.....Qb.r'H....q.....Qbj.......r.....Qb.......s.....R....Qb........v.....Qbz......w.....QbRt....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2e06fb361c0b40d3_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	102816
Entropy (8bit):	5.916246925607827
Encrypted:	false
SSDEEP:	1536:oq7alBOreIQ6I+JbwvrZEdgl7SKTmKbfHFHgBuBV23/bxVUG15cKZEl/9:vSIreyIg4rZEaumH2Bu+3kec+k9
MD5:	4C7E058E0E02835FD273ECFFB0263953
SHA1:	707907AB07D32FFC5CD9B5E8983B05AA5E2BF61A
SHA-256:	A74FED669425B4003C859679AF7B9D0F02EC5CD2CA0889F02A14D6799C7D578B
SHA-512:	428C7B431B041348DFD79DD05E8ABD70BC76F1ACB57F726CA4FFAEF49F877B391EB7FEFF07157806BBB350FFDC6CFB1DA7918C6D001576CEFD0C82950C7D9319
Malicious:	false
Reputation:	low
Preview:	0\r..m......@...S.......C5DA1F7A90AA7902D89C292054BABC51773665111A64F74FD6FBC0D7210A463A..............'.r.....O#...@.....i.............................................................h...............................................D...................L....................(S.H..`H.....L`......Q.@...4....google....QbB..k....maps..Qd.t.....__gjsload__...Qb.X.g....map..(S......`.$.......L`.....E.Rc............F.....Qb...p...._...........Qb2.4.....ns....Qb..._....Fia...Qbr.#.....os....Qb.j......ps....QbJ.c.....Gia...Qb. .^....qs....Qb...-....Hia...Qb........Iia...Qbz}i.....rs....Qb...3....Jia...Qb.ZN.....Kia...Qb........Lia...Qb&.T<....Mia...Qb........Nia...Qb........Oia...Qb..u.....Pia...Qb........Qia...Qb........ss....Qb..hP....Ria...Qb..W.....ts....Qb.n......Sia...Qb........us....Qb.w......Tia...Qb6.".....Via...Qb.o]....Wia...Qb6.Je....Xia...Qb........Yia...Qbjo;.....Zia...Qb......vs....Qb.r.....ws....Qb..\|f....$ia...Qb.+p.....xs....Qb........ys....Qb.amZ....zs....Qb.:.....aja...Q

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\362e18053d8cbdb4_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	145240
Entropy (8bit):	5.851719246549156
Encrypted:	false
SSDEEP:	3072:3HnHHUOZDLYSLrPXSaCcP4o5XzPKq+KatYP2R8HpwRU3xXqGXiSF:3HUMYmWohNF
MD5:	0F0470CF39863084E8AD0595352C5412
SHA1:	02A670F61F14019E165A4E39E3297BF4299B0189
SHA-256:	8E08CAE1EFE64F84692ED7F5FAEB1D0783849A6BF5DE039FD86EAE457D1B45EA
SHA-512:	96E637453DA7E15F3321904F72E66FBF6824AE5E425CBA4DDE5AB5166D5E235E1D13CFB28834BF10453E9BBA8D46EA8EE05280D0DA72CB1811458A74ADD4BE42
Malicious:	false
Reputation:	low
Preview:	0\r..m......@....:\|.....16903FC3C734C924C597C57257528BB3DA5BC5DEC9AC2699C0AEF217C4E55EC7..............'.......O1....5...5..................4...............................t...................................................@........... .......\.......<.......d...................p................................................(S.....`,......L`R.....L`......Qd..b>....bap_object....Qc.h.....ajaxurl..$Qg.......es_widget_page_notices....Qb..n.....ES....Qd.(.x....Rainmaker....(S..`P....DL`......Qb.......push....a..........Qd...0....gtm.start...C..Qc6......event.....Qc.......gtm.js...Y...Qc.......getTime...... QfF.......getElementsByTagName..Qe........createElement.....Q.PN.......dataLayer.....Qb........&l=.I....8Ql&.4.+...https://www.googletagmanager.com/gtm.js?id=...Qb.C.g....src...Qd...,....parentNode....Qd........insertBefore..K`....D...@...0.........%...'..'....\|.0...%...&.(...&.}..)&....&.e....&.(...&.X.../...Y....(...&.Y....&....&.(...&.Y....&...g. ....&.%.4.!....&..-.."..&

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3beb4f631bd2117c_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.897885926053165
Encrypted:	false
SSDEEP:	6:m9lPD4FEYAILvnN2aXiSUKy+siXVKDBOMHw3DK6tmT7Y7V3QJTymQ2bod7KDBOMy:II7nN1DUKs0VKDBj2gT7Y7VQlDBjy
MD5:	7D3C7CAA36A4770C0695CF30380C7BD7
SHA1:	12479A2970492B2C7A4562386F2CD25FA170BA1E
SHA-256:	441E71A047B23846AA6BE478444463C302F9ED8B7C82BC9036E084723A76707B
SHA-512:	29904B805FAC21BFABAEF58E3B2036FF4B953994342E2A659BDA05D0856579A944AFB617D6C3B26157B77C6BDC08BF94301FAAFE77B33177BFBF9A8707C21AEE
Malicious:	false
Reputation:	low
Preview:	0\r..m......R....Vq....._keyhttp://www.ichiban.menu/wp-content/cache/minify/fbbf4.js .http://ichiban.menu/h...L'/.....................i..MA\|......^9.(k6.)"O?.?..H..A..Eo....../............A..Eo..................h...L'/..6..16903FC3C734C924C597C57257528BB3DA5BC5DEC9AC2699C0AEF217C4E55EC7..i..MA\|......^9.(k6.)"O?.?..H..A..Eo......f_.L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3e81a720e5335a28_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	330888
Entropy (8bit):	6.093095395089364
Encrypted:	false
SSDEEP:	6144:HOprnCbkPZbncB7ZduJmhKCLR0BT8ohfbXTulB:uprnPZE14sjKNiv
MD5:	57C61CBF5C648278651F7BB74237B023
SHA1:	8B6D05D4DAE0DA01FA7539DA5F1D2B4EA2B1F423
SHA-256:	C2C2CAE2F073709F6BA196AC89E5A89E9CEDD063354905DD64BAD27256FC61F2
SHA-512:	F3145A3EDEB9F149A47E1634A469D7018DDB22B45498F5BCF8253E83383B070BD742B49A7C2DBDA90DB02B25C0BAB80F601959388C8440B7C6B639E9844A45F8
Malicious:	false
Reputation:	low
Preview:	0\r..m......@...)L.3....5C126F5C1AA97CED4EC65B186D5F60018EBA48E319FBC252952F9D202447F7FC..............'.......Oa...0...\|..b.................a..(....!..................@...................h...................................................`...................(...............................................................................................................................................................X...............................h.......(...................8...........4............................(S.<..`2.....L`.....(S....a.`.......).L`........!Rc............:.............Qb.c;&....aa....QbF.......ba....Qb6..c....ca....Qb.P......da....Qb.=.....p.....QbN\|.)....ea....Qb...p....fa....Qbf.......ha....Qb~W3.....ia....Qb...J....q.....QbF.J.....ja....Qb..X.....ka....Qb.. .....la....Qb.qC.....ma....Qb..e.....na....Qb.\......pa....Qb..[.....qa....Qb"o......ra....Qb.$.....sa....Qb........ta....Qb........ua....QbvK.m....va....Qb>.d.....wa....Qb&.......xa....Qb........r.....Qb

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3f2d48f104e12204_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.479977751220825
Encrypted:	false
SSDEEP:	6:mcVD4FEYAILG2vCXi/h6/m24LoAgPK6t:jIi2vW0b24ux
MD5:	69979ED0112F47E0ACBB83B106A7D6E3
SHA1:	8D193245CFF3B6A1EB0124840DEBD2ED3DA3805B
SHA-256:	1D07D2EA12EBD043588599AC6D4842B9409AF8831C64823F2471262CD0AEC5D6
SHA-512:	62A950FAC1E22673A7A45829520F696E49E3ACD2FF695390CBCFD95313EB8195CABF289CF9BFD3030BCE09407035C6A26C849AAB958D9B75295CB5C3C144FF87
Malicious:	false
Reputation:	low
Preview:	0\r..m......R...I......._keyhttp://www.ichiban.menu/wp-content/cache/minify/9af47.js .http://ichiban.menu/tdD.L'/.............@..........".4...{EBq.v.-.Eh.<...SE3.9B.A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3fe29dc3ee4dedc6_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	155080
Entropy (8bit):	5.88278036435692
Encrypted:	false
SSDEEP:	3072:6T93mITbTmVWJQE3RW4CF5P+QnmaKatYP2R8HpwRU3ML9WG:2baEJfhW4ImtG
MD5:	AA82DAC0025586BF127E48E302BDE1C7
SHA1:	57AA8AEAE16D181E79F439CF44208563E9587145
SHA-256:	F45DA9E777000F997092A6AE8B503B85AA1A407003488C168BAE32C55C64F8C3
SHA-512:	3EC3DBBE29079D34155E88E05E43685CFCFF260BCBDC7397754CF5DB39E3EBBD6ABB15515D1CCA115E35A4009845BE7EAD3085B56D9DE5A0A3A2AAC61CE9C837
Malicious:	false
Reputation:	low
Preview:	0\r..m......@....k.....DCDE908F43C012E4194CE988ED6E315DDD156A3AD5048CB25CED2034B3767664..............'.......O3...(\...U`.................................................................................................................................................................................................p....................(S.....`.......L`V.....L`......Qd...R....bap_object....Qc...B....ajaxurl..$Qg.A.....es_widget_page_notices....Qb........ES....Qd.<......Rainmaker....(S..`P....DL`......Qbb..v....push....a..........Qd.~.`....gtm.start...C..Qc6J......event.....Qc.!.'....gtm.js...Y...Qc.<`(....getTime..../. Qf..A....getElementsByTagName..Qe........createElement.....Q.P.x......dataLayer.....Qb.k.....&l=.I....8Ql.W}.+...https://www.googletagmanager.com/gtm.js?id=...Qbbh~^....src...Qd.n......parentNode....Qd..}I....insertBefore..K`....D...@...0.........%...'..'....\|.0...%...&.(...&.}..)&....&.e....&.(...&.X.../...Y....(...&.Y....&..*..&.(...&.Y....&...g. ....&.%.4.!....&.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\49c8f33c87de4fa9_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1421
Entropy (8bit):	5.531548774139003
Encrypted:	false
SSDEEP:	24:MIQ3iFde/mV2IQ3ue/mbC2IQ3pwie/meT2IQ3He/mQ2IQ39Ne/mQ2IQ3SDCe/mNJ:ML3ifV2L3uu2L3pdeT2L3HQ2L3LQ2L3d
MD5:	FA3DB6711928004DFC8507FB2D83DB27
SHA1:	43860E6B335829BE7FA76C652506A4554651C891
SHA-256:	15AB3CEE37D977D2230ACAF88BA28F05452F0DEBC39531EAEEBCF818C546B701
SHA-512:	9BDAD6F0AA01A83A2BF4CD6DF14CC2076630961B07F83DB21BE702FEA0BB11BBD9205B5079800413BCA4E5086E85168742ABDD64736F109D1AD10DF42C187CC4
Malicious:	false
Reputation:	low
Preview:	0\r..m......G...u......._keyhttps://www.google-analytics.com/analytics.js .http://ichiban.menu/.n..L'/......................?...s6a......Cwa3C..A6.T...N..A..Eo.......53..........A..Eo..................0\r..m......G...u......._keyhttps://www.google-analytics.com/analytics.js .http://ichiban.menu/....L'/......................?...s6a......Cwa3C..A6.T...N..A..Eo......2..o.........A..Eo..................0\r..m......G...u......._keyhttps://www.google-analytics.com/analytics.js .http://ichiban.menu/....L'/.............0........?...s6a......Cwa3C..A6.T...N..A..Eo.......)...........A..Eo..................0\r..m......G...u......._keyhttps://www.google-analytics.com/analytics.js .http://ichiban.menu/.hK.L'/.....................?...s6a......Cwa3C..A6.T...N..A..Eo........ .........A..Eo..................0\r..m......G...u......._keyhttps://www.google-analytics.com/analytics.js .http://ichiban.menu/.7.L'/..............U.......?...s6a......Cwa3C..A6.T...N..A..Eo......_............A..Eo...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\62809a1915858607_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2191
Entropy (8bit):	5.688336581902472
Encrypted:	false
SSDEEP:	48:D5rmT955rm755rmfS55rmS55rm9SN55rmQ55rmtL:G5J
MD5:	A96DAB35030BD82E71989555C50235A6
SHA1:	FC51D508BC6F21F9F8EFC30700B5A79B2946B34A
SHA-256:	BAF3FE062A98DD2354BDE03547935DE0E309D1E13B858E84323D4493749D190C
SHA-512:	A325A096C73F9B8C2F887BB7FA279B81CBD4BE68D0C27AE48DEA1FE64FAE76C239FE502286527BB7671EF9133D04A5B1820A18DF71E56D7CED83F5AFD0D2B313
Malicious:	false
Reputation:	low
Preview:	0\r..m..........8......._keyhttps://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en_US&region=au&callback=onApiLoad .https://google.com/f...L'/...................}G..0.6\|.U...;....>...T,.Rc..A..Eo...................A..Eo..................0\r..m..........8......._keyhttps://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en_US&region=au&callback=onApiLoad .https://google.com/...L'/.............Z.......}G..0.6\|.U...;....>...T,.Rc..A..Eo.......$..........A..Eo..................0\r..m..........8......._keyhttps://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geometry,search&v=3.exp&language=en_US&region=au&callback=onApiLoad .https://google.com/:...L'/.............8.......}G..0.6\|.U...;....>...T,.Rc..A..Eo......X3b..........A..Eo..................0\r..m..........8......._keyhttps://maps.googleapis.com/maps/

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6cb099d4e0f055ee_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	6143
Entropy (8bit):	5.530682103710191
Encrypted:	false
SSDEEP:	96:7yiwPsvQG3wmwraFoJVR9hvrTkoZmhNKvx+RbQPeD4bNUfI:uiwrlmwrAoJ9hIymhNKvx+RbQW0NUw
MD5:	C2C8C6339E9F04511ED56973EB8713AA
SHA1:	7EC29D1512A20F55C3DCC696AF944D846989D8FF
SHA-256:	1AC3DBE0B09F00498221F485BB619B9780572CD2290C322D0FD5A860111DA74C
SHA-512:	B51B9EC24E990AAE45825E2684AEB1D9A1B30F1A84139D563A7678386CC8BA33EE6C87B475F4FA5E95914A43648D72EB743BC55EACD3D7EA3F6772ACF47D599B
Malicious:	false
Reputation:	low
Preview:	0\r..m......W....d)....._keyhttps://maps.googleapis.com/maps-api-v3/api/js/45/8/overlay.js .https://google.com/\|...L'/.............?.......>.&H..F.....T.$...s..Y..Y,..r..[.A..Eo..................A..Eo................................'.i.....O..........Bs.....................................(S.H..`H.....L`......Q.@...4....google....QbB..k....maps..Qd*.t.....__gjsload__...Qcr%T.....overlay..(S.}..`......L`L.....RcH.................Qb...p...._.....Qb........jt....Qb........Jka...Qb........kt....QbJ.].....Kka...Qb6d......Lka...Qbno......Pka...Qb^-......Oka...QbRTi.....Mka...Qb..t.....Nka...QbFh83....Qka...QbFvI.....lt....Qb........mt....QbJB.Y....nt..m$.......................................................I`....DaV........(S.......!.a>...K.........@.-....LP.!.....>...https://maps.googleapis.com/maps-api-v3/api/js/45/8/overlay.js..a........D`....D`....D`.........`B...&...&..q.&..a.&.(S.$..`....]..K`....Dc.................,Rc.................a.`.....a..............A.d....................&

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\779cdb7592da434b_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.8521352639925315
Encrypted:	false
SSDEEP:	6:mZllXYZHfY7t/guL6Bikt/CNvnyl+1t4Z+qRK6tDx8kceXTn+326vnyl+1t4Li/:All+/ix+iktKlnykPartTcej+3jnykPd
MD5:	6DEDA4D1058330742A48DA2A7467B6F8
SHA1:	DC991943CCB67B717B53EBA8400E9B43D9CC40E4
SHA-256:	D9596837A9A26C42FA4D6E628A8EB7488301440D3714EDA031F0CDE78A5FCFC9
SHA-512:	41E737F708D8BDD2F64AD96A626F2AAF14D167933026B2CE1DEDF70A4576618038D7004197FE68B54E4613D74FB0C94A2301C12F99BAFDA7D9530D90572A0E77
Malicious:	false
Reputation:	low
Preview:	0\r..m......T...H.m....._keyhttps://maps.googleapis.com/maps-api-v3/api/js/45/8/util.js .https://google.com/X...L'/.....................F.y..d..lJ....Ni.3..}-^..k.-[.y.A..Eo...................A..Eo..................X...L'/..0..A280A94EA610005A02E9627B317177629B3F95A3242CF39B051BA33C57C82812.F.y..d..lJ....Ni.3..}-^..k.-[.y.A..Eo..........L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\83b514cbc0a57437_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	350
Entropy (8bit):	5.870015757431693
Encrypted:	false
SSDEEP:	6:mcxYZHfY7tOSuKLv64XlF6Uwf/yP4DlDK6tU37D0TtanLUPqeMUwf/yP4pl:PQ/tKzve6P8l1rqUhe6P
MD5:	28D5C75EA9A75A749380C7DAEBD101FC
SHA1:	7DAFB82CD749B7F6E7230151E39D54475C994923
SHA-256:	B33C0D15C82EC0C3D959F9E61863D4F564A483A3A2EF59D1501EAB940E45B0D6
SHA-512:	A4157D370FB872D987FB6539C1CF1BFB84233F15D301D15AC90F69B32ABA4610099909BC7426ABDBB093356F34F1B0BE1D1EDE4CFA5E301696B442429DA69716
Malicious:	false
Reputation:	low
Preview:	0\r..m......V.........._keyhttps://maps.googleapis.com/maps-api-v3/api/js/45/8/common.js .https://google.com/...L'/....................g).%.8.Qt>.,g...2\..?Z...\Y..A..Eo.......9u..........A..Eo.....................L'/.H...4C69F8ED662C10B8B9E5176B0EFEA22B7E451CEA5E3011185F39D573F420C2A4g).%.8.Qt>.,g...2\..?Z...\Y..A..Eo.......6..L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\89199a962e76065d_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	3080
Entropy (8bit):	5.842026986056491
Encrypted:	false
SSDEEP:	48:fVa5rEP7tVa5rQtVa5rY/7tVa5rQtVa5rL8tVa5rftVa5r/:ff9FZBNi
MD5:	271F7D480E5CA2287E2DD105B71DF029
SHA1:	127D05810C3D84CCA07100BA07EF6F2272C85654
SHA-256:	DFDFE011A79C96740D001DCBAAB840E6BABA0BC6C9BC5298CB0F5F326D4377CF
SHA-512:	EE579DFF8DC56414643AAB879901666FBDD82C55F0B6242B98E23ECB135A701F189C941FAC50FD4985FE51FB4263CA2748267717D9CD46BCF84FD15547405EC4
Malicious:	false
Reputation:	low
Preview:	0\r..m......4...N..G...._keyhttps://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d-37.77987813852119&2d145.15647795731974&2m2&1d-37.77199153617042&2d145.17606725993295&2u16&4sen-US&5e0&6sm%40566000000&7b0&8e0&11e289&12e2&callback=_xdc_._l28xeh&client=google-maps-embed&token=4805 .https://google.com/.>#.L'/.............g........p.5....._...E.}.l!.~S.S...".PT.A..Eo......7...........A..Eo..................0\r..m......4...N..G...._keyhttps://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d-37.77987813852119&2d145.15647795731974&2m2&1d-37.77199153617042&2d145.17606725993295&2u16&4sen-US&5e0&6sm%40566000000&7b0&8e0&11e289&12e2&callback=_xdc_._l28xeh&client=google-maps-embed&token=4805 .https://google.com/D...L'/.............\........p.5....._...E.}.l!.~S.S...".PT.A..Eo........5m.........A..Eo..................0\r..m......4...N..G...._keyhttps://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d-37.77

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8faa0d8de0d24714_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.945460431883082
Encrypted:	false
SSDEEP:	6:melD4FEYAILe4sNwXiNv6gkl/ulRMAMsLhTkhK6tn/rfVZV8QwlRMAMsLh:LfIC4J+vhs8MSeBf/6MS
MD5:	0337E68CD92EBB2F5ACB21F98246354C
SHA1:	6B7434348A37B7E6A811E6DD5C04AFB2E6564A12
SHA-256:	6872F0C13C06EA842977510E02A2891E12A2DBBB4AE349B833616817C8A8D65D
SHA-512:	C1DFA6DC05C0AF288AC75CAA4D1DE29B9584E3D875BD9C70BF666295F82DF9B5325BADB40642180D5E1B148FFDDD5D723B85E817FD29B1C76A2EE86B23D8F709
Malicious:	false
Reputation:	low
Preview:	0\r..m......R.....%E...._keyhttp://www.ichiban.menu/wp-content/cache/minify/37e61.js .http://ichiban.menu/!...L'/.............B........L..@....(..b....@=.._..W>%....A..Eo..................A..Eo..................!...L'/. ]..DCDE908F43C012E4194CE988ED6E315DDD156A3AD5048CB25CED2034B3767664.L..@....(..b....@=.._..W>%....A..Eo........5hL.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\93f52fb938ee1996_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.517631285851526
Encrypted:	false
SSDEEP:	6:mDD4FEYAILRiCXiDs6NF2pdy4lxhZK6t:wIcWdAF2TpXT
MD5:	AC277ED29775006BDE1706C6CC19B106
SHA1:	8DA270E567E95C6D97CCA34D1722D7A3C0BE0012
SHA-256:	1897DA128B038564D5184A89F496C5F5F83F2AA8BF43BA1F50BBF5FCD2BF0CD7
SHA-512:	6ADF234CC877041BE680366ECB72C318DD9EB1EF1ACEDA618CE589139D222DDA0F2D55F0DDE93957915F43BE0B05BB8FF85C83F19BE6AC2D4FCF8959F1D27A4C
Malicious:	false
Reputation:	low
Preview:	0\r..m......R...\.%....._keyhttp://www.ichiban.menu/wp-content/cache/minify/853a9.js .http://ichiban.menu/.@..L'/.............q........nG.*...d^.....(.o....)...X1...A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\997643720c860f01_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	4027
Entropy (8bit):	5.784502049724419
Encrypted:	false
SSDEEP:	48:PWH+yUZ9QIsUD0Zkm5xEe9lwbocTjyj6yvf+bmDgVeGe7CqFz5EoQUg:OaAIDs1bwbocTu1HBUk1CqFz5bg
MD5:	B39D7F4AC9A2A85479E79F73AB1057DB
SHA1:	D28D4B08C130560D3B8935BD03E25C4544031555
SHA-256:	86056F0AAA7E84FDE1A185DD04BC7375C1555CE6C5C568BCCD764ABB393C07D8
SHA-512:	32A939FDA40CABE29AC50BDD5B3057ADE860AB147F559A243C8C7CE1872536CB086749DCBFD9AF11EC75E6443DC7A6859C0AB49241D5A1C13478E485C3346A88
Malicious:	false
Reputation:	low
Preview:	0\r..m......[..........._keyhttps://maps.googleapis.com/maps-api-v3/api/js/45/8/search_impl.js .https://google.com/^=#.L'/.............F........i.w.]..A0..bE.1u...+S.X..d..\|..A..Eo...................A..Eo..................^=#.L'/...................'.......O....P...G_9.................\|....................(S.H..`H.....L`......Q.@...4....google....QbB..k....maps..Qd.t.....__gjsload__...Qd........search_impl..(S.-..`.....xL`8.....Rc<.................Qb...p...._.....QbVc......Dcb...Qb~).'....Fcb...Qb..q.....Gcb...QbN.......Hcb...Qb.P&.....X$....Qb.i.?....Icb...Qb..7.....Lcb...Qb.m......Jcb...Qb.......Kcb...QbN.a.....Ecb.j$...........................................I`....Da^........(S.........aC...U.........@.-....PP.1.....B...https://maps.googleapis.com/maps-api-v3/api/js/45/8/search_impl.js..a........D`....D`"...D`.....\...`...&...&....&..q.&.(S.....1.ab...........Q.d....................&.(S.......q.a..............d....................&.(S.......a...........d....................&.(S.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9a6c0cc2dc7afa9b_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	130800
Entropy (8bit):	5.687134933748195
Encrypted:	false
SSDEEP:	3072:MMkjTS3CrlMGENx2YubZE7pLFp5oWAb0QtKUliEgCPvdq0Vlh7tB+YpisgBosj8d:GMNxr7pLFp5oWAb0QtKUliEgCPlH7tBR
MD5:	03B61A1882FDD072DA302590B96787CB
SHA1:	3281266197DB373119188FF3B78962E7A378E3F1
SHA-256:	F2CEFBB7EA3A63708068934A8A921CDC1AD5D1B54DD39EF1A79FEFD9D21E1A68
SHA-512:	AE07A4DDFDEFF88625164DEB68902C7C76331E08499BFC055A7AB6B29338EA88821A61533640417B604AF81B71D892AB3FD52695074288B1D5FA8394326F5D4B
Malicious:	false
Reputation:	low
Preview:	0\r..m......@.....j0....4C69F8ED662C10B8B9E5176B0EFEA22B7E451CEA5E3011185F39D573F420C2A4..............'..Z....O(.......c).!.................I..........,.......................................................x................................................................................(S.H..`H.....L`......Q.@...4....google....QbB..k....maps..Qd*.t.....__gjsload__...Qc.k(.....common...(S....I.`\|........L`.......a.Rc............N.....Qb...p...._.....Qb>.......ofa...Qb.?......nfa...QbR.A.....pfa...Qb.@......rfa...Qb.BK.....Mk....Qb.I......Ok....Qb.x=.....vfa...QbF.......wfa...Qb..v.....Tk....Qb......xfa...Qb...z....yfa...Qb..7.....Afa...Qb.D.n....pl....Qbfgk7....Kfa...Qb........Mfa...Qb.".....Nfa...Qbr.v(....Ofa...Qb.s......Pfa...Qb.U.....Rfa...Qb.C.F....qfa...Qb>......Sfa...Qb..~....Ml....Qb.u....Ql....Qb...r....Vfa...Qb........Yfa...Qb.e......Xfa...Qb..F....$fa...Qb.n.....cm....Qbr.......cga...Qb.<.....ega...Qb^......mm....Qbz.k.....fga...Qb...J....gga...Qb.r0}....tm....Q

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a4927b8e8b6e8e49_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	36221
Entropy (8bit):	5.624850224274241
Encrypted:	false
SSDEEP:	768:fJfGOYK4pni/dOdA2x5cdQJsZF4JxjUJ5:hfMBn7Z5cdAOFYjUv
MD5:	38ED791E7BB87FD26F094296CCC9F0CF
SHA1:	D71DC2A544EEBF7F40363C937556EECADD183E1E
SHA-256:	2B6DB9CA4B5E7D6C84ACE63AF2888E69DD8D263169922F2E9B3FFC6C08EACDC4
SHA-512:	85E506A849FC5299C8E8691089D33CEAEC7D2EDADCA57FB65B2BE6ED9FDAB611AA01D9FCFCED0540708E84CFC62C5293E3E4EC98A1EF443C354FA54BB069C903
Malicious:	false
Reputation:	low
Preview:	0\r..m......U....}......_keyhttps://maps.googleapis.com/maps-api-v3/api/js/45/8/onion.js .https://google.com/.t..L'/.............i........DV.Fv(\|.pJ.....3,..X$4..&Q.wC..A..Eo...................A..Eo................................'..c....O.........:+r............H........................................................(S.H..`H.....L`......Q.@...4....google....QbB..k....maps..Qd*.t.....__gjsload__...Qc........onion....(S.%..`.....!.L`.......1.Rc..................Qb...p...._.....Qb..!.....RG....Qb.g. ....EBa...Qb.h......FBa...Qb......TG....Qbn..Z....GBa...Qb...H....HBa...Qb...P....eH....Qb..d.....fH....Qb..g.....gH....Qb2@.4....IBa...QbB)......hH....Qb..4.....JBa...QbF.Z.....KBa...Qb..V.....LBa...Qb........MBa...Qb..^.....NBa...Qb...N....OBa...Qb~.......QBa...Qb........RBa...Qbv.W.....UBa...QbZ.......jH....Qb:.~....WBa...Qb.y6.....YBa...Qbz.V.....aCa...Qb>......XBa...Qb..u.....ZBa...Qb2..P....bCa...Qb.<.-....$Ba...Qb.......cCa...Qb.......kH....Qb.U......mH....Qb.n.....nH....Qb.m

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\acfe1214994be3e9_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1484
Entropy (8bit):	5.700818666952989
Encrypted:	false
SSDEEP:	24:YwEIa3HtSwrH3HXSwf/S3HgrSwY3HxSwC83HmjSwD/U3HXSww3HX:LEIa91jn13Swr1YB1C8Wj17Un1wn
MD5:	39A99C7D66A13603B4823C1A71231BCE
SHA1:	8DA56D34A2C0CFD389CD213274B9FDFBB778F5B3
SHA-256:	1673004F1671C26087DD6881FA04736E9B38B28C3AD6DBAAD6FE3D692F9F472D
SHA-512:	A64092C7B59AB1F4068184B003A462C8FC11A42898B9CE816FF0A3D54364C4A3839935554D43DD6A985B2BB018305DB30A0932713C0A407272BC522C37D00030
Malicious:	false
Reputation:	low
Preview:	0\r..m......P....v....._keyhttps://www.googletagmanager.com/gtm.js?id=GTM-M4B3WHH .http://ichiban.menu/gk..L'/....................?#M.-....:..k,..l.%..o.>&......k.A..Eo......y...........A..Eo..................0\r..m......P....v....._keyhttps://www.googletagmanager.com/gtm.js?id=GTM-M4B3WHH .http://ichiban.menu/....L'/....................?#M.-....:..k,..l.%..o.>&......k.A..Eo.........T.........A..Eo..................0\r..m......P....v....._keyhttps://www.googletagmanager.com/gtm.js?id=GTM-M4B3WHH .http://ichiban.menu/....L'/....................?#M.-....:..k,..l.%..o.>&......k.A..Eo.......!i.........A..Eo..................0\r..m......P....v....._keyhttps://www.googletagmanager.com/gtm.js?id=GTM-M4B3WHH .http://ichiban.menu/..I.L'/.............`.......?#M.-....:..k,..l.%..o.>&......k.A..Eo......stI..........A..Eo..................0\r..m......P....v....._keyhttps://www.googletagmanager.com/gtm.js?id=GTM-M4B3WHH .http://ichiban.menu/..3.L'/..............T......?#M.-....:..k,..l.%.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c82a6d17667a3b4e_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	201
Entropy (8bit):	5.518019773866926
Encrypted:	false
SSDEEP:	3:m+ltt1A8RzYK6oKfKLBsDmXniR73lHCvnCkiIsVxYkH5m3FQlpK5kt:mGnYKxKfaBFXiavCkrsVxJH43FKK6t
MD5:	C2AEFE7D0DA3E1E844F2BA38870F5B22
SHA1:	5712F74031BE23B5A8279EDF6457BAB0004D1B21
SHA-256:	0B780455EDE36C6BD1F7129211D7A2BF9D879EEE530640F01142BB567F030863
SHA-512:	42A1AD691CF6CA0918696557E34F288B944655B8109957B8240D5D697B1FAC5B664561B2C43E731A1988F22D5F4012930395AA4641FA0C4CB63365A7A89704F0
Malicious:	false
Reputation:	low
Preview:	0\r..m......E....I......_keyhttps://booking-widget.quandoo.com/index.js .http://ichiban.menu/B...L'/..............\|.........;(\<`..\|..l........<V......A..Eo.......] ..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dbf0ad74f36c4d17_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	98048
Entropy (8bit):	5.806847685174559
Encrypted:	false
SSDEEP:	1536:CY0hqOo71nTTW11VNXi34LDBvGjiTu8ozYpk30+K3:WM7xzQPa2eE+K3
MD5:	9F94AD91EC5CE991F6BC7B08652BB95B
SHA1:	5EA780E02CC03F6C290B998A568E813AB3382B88
SHA-256:	33D7D08014D42AFD6227C6037CBCB81EF122D905489FCD05CC158D82426C64B9
SHA-512:	F31511EF3A8B20D306DB8FFB50127FA571EB0E9F889610D64F9CE556A14D010C808B67EF7981DBA0A83BEFB9A20A01811B0A4E74C660D6E987609A7BD7B89F4F
Malicious:	false
Reputation:	low
Preview:	0\r..m......@....>*K....013793D1F1FE6AAC21BE7247376C5796657B46E656CE6CCD58B17A4E2B973FE0..............'..m....O#....}....2.................<$......................................................................L...........................l................................(S.4..`$.....L`.....(S...=$.`0H.......L`.........Rc............8.....Qb.;......t.....Qb..e.....e.....Qb.-Y....._.....Qb........H.....Qb.......B.....Qb.......et.....R...QbV.......ut....Qb.k......at....Qbb.......ft....Qb..<.....lt....Qb.G.s....Lt....Qb&.J.....At....QbN......Ot....Qb..ar....Mt....Qb.u+....._t....Qb......Qt....QbVt.H....Gt....Qb..IT....Yt....Qb.j......Zt....Qb........en....Qb..G.....tn....Qb^X'.....nn....Qb.......fn....Qb^.x....kn....Qb..1.....Ln....Qb...W....An....Qb.p......On....Qbn.......Fn....Qbz.......In....Qb..>6....$n....QbB......Jn....Qb".4.....Kn....Qbb.......Qn....Qb2.+.....Yn....Qb..U.....Zn....Qb^.5.....tr....QbJ..e....n.....Qb........r......S...Qbzp.9....o.....R.....M...Qb.l.7....f...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e0c377885a89094b_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.819969480998976
Encrypted:	false
SSDEEP:	6:m4eXD4FEYAILNXijC+YOitdzzlz6gK4kZK6tpREVl0dwt9oIvnRUAzzlz6gK4eL:4IlVfzzlm3ZldwHNnqAzzlmvL
MD5:	740472C09A2658416CC916E53B223A5E
SHA1:	FC7BB9C9443CB4D59ED7E04A87A6FEF877F89397
SHA-256:	0068A4E4A3D3BFA757F6D7C22FA8AD6001A70F23FC33A69C852CD533E6C171A5
SHA-512:	D778F6ED0F6F53B4412FE70AC5391968418A74E2CAD4A74D4627E691C83832A568D0DBE83A08A8A9FF69CC54B0BD6B2415DBCD08D5C758263C12B336AC64CCE8
Malicious:	false
Reputation:	low
Preview:	0\r..m......R...-k....._keyhttp://www.ichiban.menu/wp-content/cache/minify/c7035.js .http://ichiban.menu/0K..L'/....................\....'@26".....g..b.N.../...A..Eo......t..k.........A..Eo..................0K..L'/.....671C25995607767730D65CBCEA8500D9C97FDBBAD6C5DA42D603EB474C2C7139.\....'@26".....g..b.N.../...A..Eo......{RB~L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e7745fb0fb323f3d_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	353
Entropy (8bit):	5.925873342688047
Encrypted:	false
SSDEEP:	6:mau/PYzdv3IeDugQO61/ES/HhIh/hK6tiTm1GxTcCK7fES/Hhr7l:5tf6ztn/mTam4oV/N7
MD5:	DE03635CCF3D8837DF6495E39F01B7D9
SHA1:	5CE28DD6C50D1DCC61ACA7FD7B5703D151A828E8
SHA-256:	599B0D9DB77307C06991A736027F4CBD9F5720B60FFED6192F8CF9EAC2A598EC
SHA-512:	01271E48E2BFC36505E043C3F51208F6E05DCF5534497A9FFDC8BFEB31F7D75EB11596814E5458F0A74F9E7936BB74056E9A7659B3FF5E9E362256C6B9F20271
Malicious:	false
Reputation:	low
Preview:	0\r..m......Y.../.6...._keyhttps://maps.gstatic.com/maps-api-v3/embed/js/45/8/init_embed.js .https://google.com/c...L'/....................`.Fq..iY.)A.n....{(Z....>.W......A..Eo.......Th..........A..Eo..................c...L'/.....5C126F5C1AA97CED4EC65B186D5F60018EBA48E319FBC252952F9D202447F7FC`.Fq..iY.)A.n....{(Z....>.W......A..Eo......j...L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ed62acd94547fee5_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	274728
Entropy (8bit):	5.874760394982651
Encrypted:	false
SSDEEP:	3072:v4Hi6WcoCI6UMmTRmPtQ9JGogJGo/CG4ba5ZW7tvci0nu7SlKfT:vX9coCI1MmYa+wSCGn5g7th0n/lKr
MD5:	9AEF2A77C7E8D79A0D9B7F559E0DA632
SHA1:	27AF64DD21C078788A1C095B13B6ED76B95C1559
SHA-256:	1994E121AC3EEF3909E30E1E707E73C7A5147D1B1DA252BCD5E82DDFE404CE0A
SHA-512:	04C7D740821EF4CE1C8490D3E83DCD464AD19BEAB77FC1786B8C80D0935076F44502AEF96954F829A0E98729E2833C63A68ADC09367B3723164C8E17C6B34E27
Malicious:	false
Reputation:	low
Preview:	0\r..m......@...........A280A94EA610005A02E9627B317177629B3F95A3242CF39B051BA33C57C82812..............'.P.....OR..../.....~.................o......\|...........0...................................................................................................<.......0...............................D...4...$.......$... ...........$...D...$...t... ....... ...0... ....... ....... ... ... ...<... ....... ...........(...8...........<.......x................(S.H..`H.....L`......Q.@...4....google....QbB..k....maps..Qd*.t.....__gjsload__...Qb.7.d....util.(S....o.`.........L`v......}.Rc....................Qb...p...._...........Qb........Rka...QbF.}.....Tka...Qb..L.....Uka...Qb.akX....Vka....R...Qb.M.)....$ka...QbFC......ala...Qb..7v....cla...QbvB=.....dla...Qb..Y.....At....Qb.b......Bt....Qb...q....sla...Qb:U......Gt....Qb.6.%....yla...Qb.C.C....zla...Qb.S.....It....Qb.......Ala...Qb...t....Jt....Qb.(.,....Kt....Qb2le.....Lt....Qb..b.....Dla...Qb..xR....Cla...Qb~.......Mt....Qb..(.....Fla...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\edcb47dfafe4384e_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	220
Entropy (8bit):	5.627509783793103
Encrypted:	false
SSDEEP:	3:m+llIplta8RzYK6oKfKWLV9WXEYvDmXniRVFelHCSK/lwhvfmpiD+l/Zme/tlpK+:miI5XYKxKfNLXQETXi91ecp2de/ZK6t
MD5:	4936499A0EE4A08651CD6286DDD8153F
SHA1:	338E0F5E6781CC378F934D5BB4ACBC0FEDFD6157
SHA-256:	4C369ED590280B3B46FC887F73062819982DBF01C0BF4A07653AD276E674180A
SHA-512:	F9B578B59271A85D2729B377AE4AC6201B0A4D869F412EF5C56EB341361C73076574478D9B9A7D7B58A655CF001891B10BFD9914EB4D519C116144FF18881B80
Malicious:	false
Reputation:	low
Preview:	0\r..m......X.........._keyhttps://booking-widget.quandoo.com/3.0.1620734422/bootstrap.js .http://ichiban.menu/.*..L'/..............}......../W...%..C.KQ.Hy....T.U...6.A..Eo......{=a..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ee81135c03c7b5b4_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	3357
Entropy (8bit):	6.0829279271701795
Encrypted:	false
SSDEEP:	48:yCWcVAl+fvK9qcHozqITNPRwYx7OM2cpmfOViUsiP+Qr9+LTo5:ywAMfKqcozq6PmYNOMwfch+i
MD5:	74677C065BA90D4964D92A22A178DC0F
SHA1:	6190182449A5217436BC55690EF2B075EF103714
SHA-256:	4998742EAEC14D09E8A145A140FA65C755A7D899220D80DFB4E029B7D96929A9
SHA-512:	9FB51B936EDB8EAF47AD866BD259BD55803637BD605A01602B7DCD5D5975332544A690DCDCE33111C1F0DCA22A68F40C717485F9CBA36F95E10B9EECE908885A
Malicious:	false
Reputation:	low
Preview:	0\r..m......u...c.>}...._keyhttps://s3-eu-west-1.amazonaws.com/quandoo-website/widget-builder/quandoo-widget-builder.js .http://ichiban.menu/....L'/................... .Y.p...#a...,y8.+.....M.n.8...A..Eo......(,..........A..Eo......................L'/...................'..X....O........_...............t................(S.4..`$.....L`.....(S.i..`......L`F....xRc8.................Qb..?.....w.....Q.@..6.....jQuery....Qe.......segmentAPIKey.....QdZ.-.....scriptHost....Qc.lq....images....Qc..CC....loadCss...QdB..n....deferQuandoo..Qd...=....loadWidget... Qf..b.....getDataFromClasses....Qb.W.e....maini$.......................................I`....Da........(S...`.....HL` ....4Rc.................Qc........onLoad..`......Qdr.$.....loadScript..`....Da..........A...QcF.dU....document..Qe........createElement....9...Qd.^......setAttribute.....Q.`..(6....text/javascript...Qb.C.g....src...Qd&:.4....readyState...(S........5.a..........Qd..e.....script_tag.....a............ Qf.. .....onread

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f8a71b102e62ffe6_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	347
Entropy (8bit):	5.81701148591848
Encrypted:	false
SSDEEP:	6:msTYZHfY7t+uN6ZGwSIxg/4UhL4lbK6t/bqkgmjCuglR3AMIxg/4UhK:Bq/ukGogz1oNZpjy2gz
MD5:	BB6184CAB4B8DD231737092844840CCB
SHA1:	B09C56E68AB51ADFD7DAAD9346A7132179001805
SHA-256:	147E44F39F12C63F7E9CE512525D8657481A27CC1611DF868B685576C8FC3F88
SHA-512:	D2A0675EBD18933A0D96B402785B51CB9AAA24031F0402F476EF3ED8A3947334362D6E2C569A001AE730CC1BDC8ADF83742A4396E2631EF481D73F8F1E92A89C
Malicious:	false
Reputation:	low
Preview:	0\r..m......S......y...._keyhttps://maps.googleapis.com/maps-api-v3/api/js/45/8/map.js .https://google.com/.}..L'/.............<........ Ir.v)...u.~.j.E)aR..6...K4.c..A..Eo.......N1).........A..Eo...................}..L'/.....C5DA1F7A90AA7902D89C292054BABC51773665111A64F74FD6FBC0D7210A463A. Ir.v)...u.~.j.E)aR..6...K4.c..A..Eo.......4..L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f9a9992f840ec712_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	354
Entropy (8bit):	5.9354434016834405
Encrypted:	false
SSDEEP:	6:mb/VYSHT8NWQA2A2XiIs15qbwnK6t2aTkGPZkqheXAINb5:Wz8NWQduPlpqGqqAv
MD5:	DA78334F6D4C7484CF9C28AF3DB4D934
SHA1:	DBF364F0554E87B3643E95977E319DB3B92F1EEC
SHA-256:	A888FA12C924CBC3319E466C5486995EB222302BEA83EB4F0C30BBE719A2BA61
SHA-512:	17ADF112046970AE86D519D23C176EF044EE4BEBB2DB02E3A642DF7F00BC3DF945293DE91CF7DC54F8A1705969CB4F98FCA03FF276179D8C105C11535CE593CF
Malicious:	false
Reputation:	low
Preview:	0\r..m......Z....p]....._keyhttps://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js .http://ichiban.menu/...L'/....................3[9!\|P"Q...-..j..-'...r.h...n..A..Eo........_0.........A..Eo.....................L'/.X~..013793D1F1FE6AAC21BE7247376C5796657B46E656CE6CCD58B17A4E2B973FE0.3[9!\|P"Q...-..j..-'...r.h...n..A..Eo......\(\|IL.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.195832753957213
Encrypted:	false
SSDEEP:	48:TekLLOpEO5J/Kn7U12JPdCOxZLLOpEO5J/Kn7Uo1L26hpLLOpEO5J/Kn7Us1tu8q:dNwEhDNwMxrNwgTfPsZ
MD5:	970BC4E38F00462AC5CEC391326F3AC7
SHA1:	4DC0C3B19CA63B4AEC2B59D71F9574F39F19F302
SHA-256:	936316FCBC9F69444634711ABE0BD2A01EDAF4873EFA6FC0989709280E9C4002
SHA-512:	0950CC3A6217E57E66292ABB2E602422C8E1E8987920A49881459A7581AF91969D56CD55533C93313D83C68FED80C7DC3EE9927C5B88A4664D33749C742BEE79
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38508
Entropy (8bit):	1.0995332098971424
Encrypted:	false
SSDEEP:	48:t8NOZHpq5LLOpEO5J/Kn7U/gCOs/JPyqekLLOpEO5J/Kn7Ur51LtX6tWqZLLOpEL:aOHpcNwv/hyMNwpxoW8Nwm
MD5:	3389ABC826B88F736AF43FAE729B6CD1
SHA1:	B7C7877227B426FD565C4F37F6ED2BB70D740B0B
SHA-256:	FEF9B0E76BDAE9C78BFFE9E2705B06A9674B4AB32A2EDDAE27EFF373B4599998
SHA-512:	7D8B874455A805FF9C497124B41B0AE404A885B311FA633E3FA438F54B46E3A8B41DDA6D39AE4B1E9C0F01BFC1EA05ED9F07254ADCD0030116E6131ECFAA95FB
Malicious:	false
Reputation:	low
Preview:	..............*.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	39693
Entropy (8bit):	3.1161771455889373
Encrypted:	false
SSDEEP:	384:sQ9JbQFbLypHdrigVwYeLAhgOd4gOz4zA4cq:sApSCbtVwSa67cX2
MD5:	B818151E3B3FFB1099F9EC98A05A7A5C
SHA1:	FF8482B7017672AF05944BF2CC07E59FCFF41325
SHA-256:	8707CD646DC9E7F663E155CBD9E1683332859941F12A8599C23FCFC9DB002AA3
SHA-512:	B8C7A00B90212671B036847379762642A1B731941277FCC383AAB5123EDECE363BFEBFBCF7DAAAAC631235959A8FA3E9D040C5C361BC40D019B1B93C1162A481
Malicious:	false
Reputation:	low
Preview:	SNSS....................................................!.............................................1..,.......$...bcfb9cc0_596e_4ef4_a9af_5448c29d755a..........................................................................................................5..0.......&...{524A03AB-861D-4591-9B4E-BDD69F9D425A}.............5..0...........(...http://www.ichiban.menu/menu-teppanyaki/:...T.e.p.p.a.n.y.a.k.i. .b.y. .I.c.h.i.b.a.n. .J.a.p.a.n.e.s.e. .R.e.s.t.a.u.r.a.n.t. .\|. .D.o.n.c.a.s.t.e.r. .E.a.s.t.................................................h.......`............................................... .........d.......d.....`.......x...............................X...(...h.t.t.p.:././.w.w.w...i.c.h.i.b.a.n...m.e.n.u./.m.e.n.u.-.t.e.p.p.a.n.y.a.k.i./.........................P.......H...............h.......................................................................h...0.......?.%. .B.l.i.n.k. .s.e.r.i.a.l.i.z.e.d. .f.o.r.m. .s.t.a.t.e. .v.e.r.s.i.o.n. .1.0. .....=.&.................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Reputation:	low
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.391736045892206
Encrypted:	false
SSDEEP:	3:FQxlXayz/t2Hmwg0EOZL7Ao4uhFkEuRLKyC5Ei5+Gg:qT5z/t2qoEwhXeLKB
MD5:	0A906A9A542CDF08FF50DAAF1D1E596E
SHA1:	B97D6274196F40874A368C265799F5FA78C52893
SHA-256:	EB9CABBF5FDA1AD535300B0110EAA4068A083248BA928A631C9278545935426D
SHA-512:	8795E905B711ADE6B1C4B402D50AF491B64D157AA738669482DDBFC30E857DF970BFFB774A925F3F4A0802BD27AFAF939CE140894FF09B67FB9C0BB83ED4491A
Malicious:	false
Reputation:	low
Preview:	.f.5................i.Wd...............Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_rules.declarativeContent.onPageChanged.[]..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.1874673704249705
Encrypted:	false
SSDEEP:	6:m+Nyq2PWXp+N23iKKdK8aPrqIFUtpjX1ZmwPjMRkwOWXp+N23iKKdK8amLJ:zNyva5KkL3FUtpjl/PjMR5f5KkQJ
MD5:	F4001BCD3E48E6FC497968D7004FAC45
SHA1:	E74A93DFF545F55731DFA46C0A506682E6C864B9
SHA-256:	94B2E21421406AE79A28738418ED3A7516733C40207667D910ADF3F61CD3315C
SHA-512:	AE57551E90D798F06B64E54D8AC036A6A2568D53CCDF8C558BFEC15D77B0AEA2FE79EC92F351BD4739FEA0D362F572F53F48CAB1D6C757E6FC8F6B04CD2ACF21
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:29.658 1010 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/08/04-00:15:29.661 1010 Recovering log #3.2021/08/04-00:15:29.662 1010 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.oldF (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.1874673704249705
Encrypted:	false
SSDEEP:	6:m+Nyq2PWXp+N23iKKdK8aPrqIFUtpjX1ZmwPjMRkwOWXp+N23iKKdK8amLJ:zNyva5KkL3FUtpjl/PjMR5f5KkQJ
MD5:	F4001BCD3E48E6FC497968D7004FAC45
SHA1:	E74A93DFF545F55731DFA46C0A506682E6C864B9
SHA-256:	94B2E21421406AE79A28738418ED3A7516733C40207667D910ADF3F61CD3315C
SHA-512:	AE57551E90D798F06B64E54D8AC036A6A2568D53CCDF8C558BFEC15D77B0AEA2FE79EC92F351BD4739FEA0D362F572F53F48CAB1D6C757E6FC8F6B04CD2ACF21
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:29.658 1010 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/08/04-00:15:29.661 1010 Recovering log #3.2021/08/04-00:15:29.662 1010 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	570
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
MD5:	D4BA0AE0BB0B9FAFF3DA6F35FDBC3C8A
SHA1:	FB3E9DEC7F35A9B1D94E54A5659DD0DE484055E7
SHA-256:	99DEF1B557F19F04C1AFFC6F247D0451F33FC10EC42E73792223C3215AC98BE6
SHA-512:	86FD07C34B9ABD4C52BA19EAE291936F92BC6D38A75C021EDC1DEDBC15617669876180CD99F959C62476D82EC6BB9F5FE4C6CB4D82CB037EFB76D99A4D3D9C51
Malicious:	false
Reputation:	low
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.16753318022203
Encrypted:	false
SSDEEP:	6:mu08q2PWXp+N23iKKdK8NIFUtpOAhZmwPaNyzkwOWXp+N23iKKdK8+eLJ:f08va5KkpFUtpB/PLz5f5KkqJ
MD5:	CE26011036A6510CCA2E9A2B7874D61C
SHA1:	23F7DD84EB645FBD99F7E95B983490D94A9C34E4
SHA-256:	707B53518D66A87FE6B15BF3DD56F7354D190A54E586583AAD772112DB03A9F4
SHA-512:	12EDC4885E6C2EFEA76BBED6EABF400DACDC323A94DD7BC2FC66F921E92EECDA54495D450ACB26AD6C7824A4B3AA11E7BCBD360981B0C651BDD81E43E55A17DE
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:32.308 1170 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/08/04-00:15:32.310 1170 Recovering log #3.2021/08/04-00:15:32.314 1170 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old. (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.16753318022203
Encrypted:	false
SSDEEP:	6:mu08q2PWXp+N23iKKdK8NIFUtpOAhZmwPaNyzkwOWXp+N23iKKdK8+eLJ:f08va5KkpFUtpB/PLz5f5KkqJ
MD5:	CE26011036A6510CCA2E9A2B7874D61C
SHA1:	23F7DD84EB645FBD99F7E95B983490D94A9C34E4
SHA-256:	707B53518D66A87FE6B15BF3DD56F7354D190A54E586583AAD772112DB03A9F4
SHA-512:	12EDC4885E6C2EFEA76BBED6EABF400DACDC323A94DD7BC2FC66F921E92EECDA54495D450ACB26AD6C7824A4B3AA11E7BCBD360981B0C651BDD81E43E55A17DE
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:32.308 1170 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/08/04-00:15:32.310 1170 Recovering log #3.2021/08/04-00:15:32.314 1170 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	11217
Entropy (8bit):	6.069602775336632
Encrypted:	false
SSDEEP:	192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
MD5:	90F880064A42B29CCFF51FE5425BF1A3
SHA1:	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
SHA-256:	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
SHA-512:	D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
Malicious:	false
Reputation:	low
Preview:	{"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	23474
Entropy (8bit):	6.059847580419268
Encrypted:	false
SSDEEP:	384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb
MD5:	6AE2135EA4583C2F06CDEBEA4AE70FA4
SHA1:	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2
SHA-256:	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
SHA-512:	B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312
Malicious:	false
Reputation:	low
Preview:	{"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQRpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc=","eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKnMKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9uqQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	1.4652289349035788
Encrypted:	false
SSDEEP:	192:mm+Uq88dIYAg/ZRKTD7sVfWV8VJqJYVJqbYB:1+UAuqhRWvsJWV8zqJYzqbYB
MD5:	3A1248771992038DD309B7B3D9196431
SHA1:	3D66664CC7BD7193DEA7EB11D71A3BBFD90E8C6B
SHA-256:	2984C36DE5EB7AC1284DDEB72BD34284CC984930803100E583CA6F3FAD9DED09
SHA-512:	27F5E6F23EE7D00016E4F55AAAAA663ED8097479052744A0DBD3DAC59094A2E6D02A4C755BBEA4706A88203E1C5B4CC1F67CF6FBC780553A7EB95F4EB558D3D3
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	43740
Entropy (8bit):	0.6434789676502546
Encrypted:	false
SSDEEP:	24:E/OUZRyLiXxh0GY/l1rWR1PmCx9fZjsBX+T6UwKKyLyt3hzby+ub6YFhBKVz0YzC:odBmw6fUcV3hzG+u5gVAY5nfBofJc8
MD5:	D61257193751375F34376B6C1C8648E8
SHA1:	983273B55F4A7812354A2B9E2FE11DCECEC0AF56
SHA-256:	9103356F15828B94A0302F0DA5DEF8F08121BF8308FC4F6C908812D0AB3E9568
SHA-512:	758C04BC220BC74C76EA720E1D3AD4959BB63916858EFCE9B052F05174DB0EBCF3CCAA886D8A88699FE6FF856AC0CD02BA12A04125990849D600F4D1B74F183C
Malicious:	false
Reputation:	low
Preview:	.............*.`........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlX:qT
MD5:	0407B455F23E3655661BA46A574CFCA4
SHA1:	855CB7CC8EAC30458B4207614D046CB09EE3A591
SHA-256:	AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7
SHA-512:	3020F7C87DC5201589FA43E03B1591ED8BEB64523B37EB3736557F3AB7D654980FB42284115A69D91DE44204CEFAB751B60466C0EF677608467DE43D41BFB939
Malicious:	false
Reputation:	low
Preview:	.f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	372
Entropy (8bit):	5.221741913853241
Encrypted:	false
SSDEEP:	6:m4A/qM+q2PWXp+N23iKKdK25+Xqx8chI+IFUtplnZZmwPlRMMVkwOWXp+N23iKKN:c3+va5KkTXfchI3FUtpZZ/PvNV5f5KkI
MD5:	4E58E55D528408F5F0A998E62510D358
SHA1:	549D64B94B4AD773DB85C15AC79578BF4964A8F1
SHA-256:	4837965EA04FA0BEF303B46D5FD182285E8F590674BC808C7AA73378A0862BE9
SHA-512:	897525983138CDFA62878122F3EB9F7785FB5F0C124B17EE24265B707D0EEC92CE452E52EC9A61B62FBD22B9AFAF454829C3077337580735951B9044C17282E7
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:40.820 1b1c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/08/04-00:15:40.821 1b1c Recovering log #3.2021/08/04-00:15:40.823 1b1c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	372
Entropy (8bit):	5.221741913853241
Encrypted:	false
SSDEEP:	6:m4A/qM+q2PWXp+N23iKKdK25+Xqx8chI+IFUtplnZZmwPlRMMVkwOWXp+N23iKKN:c3+va5KkTXfchI3FUtpZZ/PvNV5f5KkI
MD5:	4E58E55D528408F5F0A998E62510D358
SHA1:	549D64B94B4AD773DB85C15AC79578BF4964A8F1
SHA-256:	4837965EA04FA0BEF303B46D5FD182285E8F590674BC808C7AA73378A0862BE9
SHA-512:	897525983138CDFA62878122F3EB9F7785FB5F0C124B17EE24265B707D0EEC92CE452E52EC9A61B62FBD22B9AFAF454829C3077337580735951B9044C17282E7
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:40.820 1b1c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/08/04-00:15:40.821 1b1c Recovering log #3.2021/08/04-00:15:40.823 1b1c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.202112573587329
Encrypted:	false
SSDEEP:	6:m4gRoqM+q2PWXp+N23iKKdK25+XuoIFUtplgBZmwPlgTfMVkwOWXp+N23iKKdK28:z+va5KkTXYFUtpI/PgkV5f5KkTXHJ
MD5:	C92B1CBC8069CB4A55A3696DF7C5D68B
SHA1:	CF33D0ED098380C783623E2A34AAD7FFF19A49F2
SHA-256:	D0767FFECBA39FEE2DA4A500328B08B6B3A66AACD270E853B21753A63DD5850F
SHA-512:	1E953F7074FE028CFF7987D9EA13AE414DF70ED41FA1E007F607FD4253515EAA2BCAD64C637B2F11F5180120A34835E13E22EA196906CCDF31434BED9CB95B44
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:40.814 1b1c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/08/04-00:15:40.815 1b1c Recovering log #3.2021/08/04-00:15:40.816 1b1c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.202112573587329
Encrypted:	false
SSDEEP:	6:m4gRoqM+q2PWXp+N23iKKdK25+XuoIFUtplgBZmwPlgTfMVkwOWXp+N23iKKdK28:z+va5KkTXYFUtpI/PgkV5f5KkTXHJ
MD5:	C92B1CBC8069CB4A55A3696DF7C5D68B
SHA1:	CF33D0ED098380C783623E2A34AAD7FFF19A49F2
SHA-256:	D0767FFECBA39FEE2DA4A500328B08B6B3A66AACD270E853B21753A63DD5850F
SHA-512:	1E953F7074FE028CFF7987D9EA13AE414DF70ED41FA1E007F607FD4253515EAA2BCAD64C637B2F11F5180120A34835E13E22EA196906CCDF31434BED9CB95B44
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:40.814 1b1c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/08/04-00:15:40.815 1b1c Recovering log #3.2021/08/04-00:15:40.816 1b1c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.21175770225398
Encrypted:	false
SSDEEP:	6:m4oq2PWXp+N23iKKdKWT5g1IdqIFUtploU9ZmwPlCUERFkwOWXp+N23iKKdKWT5i:Ova5Kkg5gSRFUtph/PU75f5Kkg5gS3SJ
MD5:	0585438E80A367075E67842C4B856BF8
SHA1:	54C3DEB2B2D8CBA001E158F35517F2412EC888C4
SHA-256:	3478F3E6E0E6FE327794A1CB62DCAEC20A0E3AACDA0DDFC5EAD1EC1D9D98D5A8
SHA-512:	71A54D7C0CBDAA4AF02E7EB91C20B5093FDEAD1D129BC65B316F72E3BEA10EA392978B61542C281E638BAF54461A4B9F5365CADE6414E054462AD121F8801018
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:40.680 1214 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/08/04-00:15:40.682 1214 Recovering log #3.2021/08/04-00:15:40.683 1214 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old= (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.21175770225398
Encrypted:	false
SSDEEP:	6:m4oq2PWXp+N23iKKdKWT5g1IdqIFUtploU9ZmwPlCUERFkwOWXp+N23iKKdKWT5i:Ova5Kkg5gSRFUtph/PU75f5Kkg5gS3SJ
MD5:	0585438E80A367075E67842C4B856BF8
SHA1:	54C3DEB2B2D8CBA001E158F35517F2412EC888C4
SHA-256:	3478F3E6E0E6FE327794A1CB62DCAEC20A0E3AACDA0DDFC5EAD1EC1D9D98D5A8
SHA-512:	71A54D7C0CBDAA4AF02E7EB91C20B5093FDEAD1D129BC65B316F72E3BEA10EA392978B61542C281E638BAF54461A4B9F5365CADE6414E054462AD121F8801018
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:40.680 1214 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/08/04-00:15:40.682 1214 Recovering log #3.2021/08/04-00:15:40.683 1214 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.394865471597977
Encrypted:	false
SSDEEP:	96:Wmo2UcO/DqUgFjwxe4CdUlnwxH4x8lUn2:Wmo2UZ/DqUgZwc4CdUlnw94x8lUn2
MD5:	9E5E58B3A8A8C2F9BCEE3FF33AD016F6
SHA1:	D8A7A7230492FFE1317527E283125962CC4CF1C7
SHA-256:	449A129C032CDC0D23C34E519F2B47CE999FB3316B13CC6BF2E25A63E5586611
SHA-512:	BB62A3A42D49E4E652B901C16CD7C71FBC9286CF63F6EFDD593B2D3DA8E8725E946D5086ED6BB400775384BA99525A4984CDA9291D100D50C715A607ED2A60E9
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	691
Entropy (8bit):	5.2596866068102734
Encrypted:	false
SSDEEP:	12:ToW1Q/0XhSDfVIvruPjqJCSwVTG7W3XDs13uGfvYMBk778B/xgskZBa9sdukWk3/:TouQcxSDk6LZhVqWXDs13u+Q2Y78BJg3
MD5:	83E1ABF41C413310F0A9DB562D1F710C
SHA1:	813CB712EA283C1E2CADAB9DB9183DF0C66E10F3
SHA-256:	38D574C28EF494A75F781CC0C680270D2A280D18EDFEC905BDD0B5D9B91A231B
SHA-512:	30BA8D04AB8FB617D3435C6FF7A33EBBB7B04515141E2C7D092245696C75DABE59F3626A8AC22333378960321576EB8907BFAF29267D579874F9C701DDF9CB88
Malicious:	false
Reputation:	low
Preview:	............"S....by..doncaster..east..http..ichiban..japanese..menu..restaurant..teppanyaki..www{......by......doncaster......east......http......ichiban......japanese......menu......restaurant......teppanyaki......www..2.........a.............b.........c.........d........e.............h.........i.........j........k........m........n.............o........p..........r.........s...........t............u.........w........y....:\............................................................................................B............. .......(http://www.ichiban.menu/menu-teppanyaki/2:Teppanyaki by Ichiban Japanese Restaurant \| Doncaster East:...............J......................,6

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	158572
Entropy (8bit):	0.2960967897145685
Encrypted:	false
SSDEEP:	48:Sqa3kaZX1AUUyARAnuOnUUj6U6/rylLjwx1UcAybHDU+4:SdlAUYMuOnUUP5Fwx1U1a4p
MD5:	302B5B5A833FA22756141A746E694060
SHA1:	0830CD34B0392E487F905D6C94AD763775E007DE
SHA-256:	FC515AC46CCB1CF8B99BEFEE2F321D697B3C959A3839C4E8EFE94ABA5BA0410A
SHA-512:	B1EF4902461A12DF6BCD5F1F6793BA8D119A9D69B32808E156A412CFADE3641AAEA833CE3E4DAAA485FA90A48CF94BF7DE2D132E952217B6403EA569397E4392
Malicious:	false
Reputation:	low
Preview:	.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Sessionn (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	39693
Entropy (8bit):	3.1161771455889373
Encrypted:	false
SSDEEP:	384:sQ9JbQFbLypHdrigVwYeLAhgOd4gOz4zA4cq:sApSCbtVwSa67cX2
MD5:	B818151E3B3FFB1099F9EC98A05A7A5C
SHA1:	FF8482B7017672AF05944BF2CC07E59FCFF41325
SHA-256:	8707CD646DC9E7F663E155CBD9E1683332859941F12A8599C23FCFC9DB002AA3
SHA-512:	B8C7A00B90212671B036847379762642A1B731941277FCC383AAB5123EDECE363BFEBFBCF7DAAAAC631235959A8FA3E9D040C5C361BC40D019B1B93C1162A481
Malicious:	false
Reputation:	low
Preview:	SNSS....................................................!.............................................1..,.......$...bcfb9cc0_596e_4ef4_a9af_5448c29d755a..........................................................................................................5..0.......&...{524A03AB-861D-4591-9B4E-BDD69F9D425A}.............5..0...........(...http://www.ichiban.menu/menu-teppanyaki/:...T.e.p.p.a.n.y.a.k.i. .b.y. .I.c.h.i.b.a.n. .J.a.p.a.n.e.s.e. .R.e.s.t.a.u.r.a.n.t. .\|. .D.o.n.c.a.s.t.e.r. .E.a.s.t.................................................h.......`............................................... .........d.......d.....`.......x...............................X...(...h.t.t.p.:././.w.w.w...i.c.h.i.b.a.n...m.e.n.u./.m.e.n.u.-.t.e.p.p.a.n.y.a.k.i./.........................P.......H...............h.......................................................................h...0.......?.%. .B.l.i.n.k. .s.e.r.i.a.l.i.z.e.d. .f.o.r.m. .s.t.a.t.e. .v.e.r.s.i.o.n. .1.0. .....=.&.................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabs (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Reputation:	low
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2955
Entropy (8bit):	5.462926841229076
Encrypted:	false
SSDEEP:	48:dyG0yva7+M98dbw05k5MbQSefgGlNrS0U9RdiN977+:Fa7+MWdbwu+MbQ5fgGXrS0Vy
MD5:	EA3C11C8F35322588F389A32B6DF2B38
SHA1:	C10A34FAD59BD09F467412B33C1F7FE27A507877
SHA-256:	EEFFF9E63CA355F5A5C87A11B8D2EBBA068808552741D3DBD172245282921A24
SHA-512:	6F396D182A48370C2E29A4C1E10A453366E9353DC495AE50D76D6B1BAC4CDAAEF58D89AF47F1AFDFC33F224B27FBC3A202F4CE3576AACB309A93AEF24DE8FD21
Malicious:	false
Reputation:	low
Preview:	-@....*............8META:chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..............Y_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.HangoutSinkDiscoveryService;.{"cache":{"sinks":{},"g":{},"h":null},"manualHangouts":{}}.a_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.IdGenerator.cast.RequestIdGenerator..192663000.H_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.LogManager...["[2021-08-04 00:15:42.24][INFO][mr.Init] MR instance ID: e634bf7b-42bd-4278-8f26-50d0b2576700\n","[2021-08-04 00:15:42.24][INFO][mr.Init] Native Cast MRP is disabled.\n","[2021-08-04 00:15:42.24][INFO][mr.Init] Native Mirroring Service is enabled.\n","[2021-08-04 00:15:42.24][INFO][mr.PersistentDataManager] removeTemporary_: 163 chars used\n","[2021-08-04 00:15:42.24][INFO][mr.PersistentDataManager] initialize: 163 chars used, 67 other chars\n","[2021-08-04 00:15:42.24][INFO][mr.CastProvider] Query enabled: true\n","[2021-08-04 00:15:42.24][INFO][mr.CloudProvider]

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.184626848267575
Encrypted:	false
SSDEEP:	6:m+fq2PWXp+N23iKKdK8a2jMGIFUtpjcXZmwPjeQRNDkwOWXp+N23iKKdK8a2jMmd:zfva5Kk8EFUtpjI/Pj35f5Kk8bJ
MD5:	F8CDA82D93223A07C9D8C8AA0A9F07D4
SHA1:	425AA6424D77693CDF96030BA648B437EF199EE9
SHA-256:	2C8498F0C31DF76AAB3A319CBF7F5A68828777B22EA35B9883D872B50AC5B0D4
SHA-512:	47D8A25E68C034D7876695083B2D6B68A1B6BA3B8377F8F1A62095D37ACBA6A811E11B56C8F217D701575567D8FE074D3E2AB329177F2F912005E49ADF2250A2
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:29.380 d14 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/08/04-00:15:29.382 d14 Recovering log #3.2021/08/04-00:15:29.383 d14 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old. (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.184626848267575
Encrypted:	false
SSDEEP:	6:m+fq2PWXp+N23iKKdK8a2jMGIFUtpjcXZmwPjeQRNDkwOWXp+N23iKKdK8a2jMmd:zfva5Kk8EFUtpjI/Pj35f5Kk8bJ
MD5:	F8CDA82D93223A07C9D8C8AA0A9F07D4
SHA1:	425AA6424D77693CDF96030BA648B437EF199EE9
SHA-256:	2C8498F0C31DF76AAB3A319CBF7F5A68828777B22EA35B9883D872B50AC5B0D4
SHA-512:	47D8A25E68C034D7876695083B2D6B68A1B6BA3B8377F8F1A62095D37ACBA6A811E11B56C8F217D701575567D8FE074D3E2AB329177F2F912005E49ADF2250A2
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:29.380 d14 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/08/04-00:15:29.382 d14 Recovering log #3.2021/08/04-00:15:29.383 d14 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	1.1993314343159756
Encrypted:	false
SSDEEP:	96:vOqAuhjspnWO4DM5OqAuhjspnWOM5s868:HvDMt5
MD5:	F4CCF9D8A1FF8D3BC41650E4E87A1D31
SHA1:	B7C61D3365FCDE6A7E7B7E9BB3B292F4B4FBA239
SHA-256:	577573071A1E781236312A63980AFB9939AE53CAD3D0652FF7CB3671612523D4
SHA-512:	97E2288F15D2A0F6000316C30A7980D9DC98D3421C8EFD9A10495D9DDAB268E809D638FBC0D57DC60A367D5E044B8AC01D9E41F6FC1D7E4EAD85A03E242B8B92
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C.......,......\.t.+.>...,............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	25672
Entropy (8bit):	1.0195193840797179
Encrypted:	false
SSDEEP:	48:coq7w/qALihje9kqL42WOT/jKqrw/qALihje9kqL42WOT//8:coUOqAuhjspnWOCkOqAuhjspnWOg
MD5:	3D3CF783F5373AAE569CA0B256555380
SHA1:	64777FAEF9EF443DBFC8ADDD6FA164571939ED8C
SHA-256:	F5FBDD8A38E9B741CBBE8F2E248E878EB87A527932898BFD3BB160E5C4B623DE
SHA-512:	F4A0E4F2668FC65C396A2584CA4B3B939BF8EB10255A49238384A8929CE019822814E117DD8D0BB4FCA694D22FD3E9F2C8551EFFD297F27EEED40A1C3B876E2E
Malicious:	false
Reputation:	low
Preview:	..............M.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State. (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4219
Entropy (8bit):	4.871684703914691
Encrypted:	false
SSDEEP:	48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
MD5:	EDC4A4E22003A711AEF67FAED28DB603
SHA1:	977E551B9ED5F60D018C030B0B4AA2E33B954556
SHA-256:	DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
SHA-512:	84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State8 (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4122
Entropy (8bit):	4.894981539348123
Encrypted:	false
SSDEEP:	96:JTOXGDHzhlzes6VM2erNsSGuGpT5j6l5KzFGdw5GbIH:JTOXGDHzhFes6VM2eruSD4T5j6l5KFP/
MD5:	16C55AF035F5826766FEF328F81C9E7A
SHA1:	1EC194710ED060DBC390F21BF6B0479F2E6982C8
SHA-256:	F903070491FE3105E48FA5F9E3214A9CB75018841C57FB4D37B357329A7E6BE0
SHA-512:	6020928D129C1E2E43490825FB488E522B2B9ED9194D5CA29BBE88B38CDFE88143BDCDE4FC54251D0DEF0D03F5D00FF55A74D42F98BBC55D89E73F9CE36BD3EB
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13275126932510936","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13275126932511847","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13275126932697074","port":443,"protocol_str":"quic"},{"advertised

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.244177612196206
Encrypted:	false
SSDEEP:	6:m+iIq2PWXp+N23iKKdKgXz4rRIFUtpj4tZmwPjvmFkwOWXp+N23iKKdKgXz4q8LJ:ziIva5KkgXiuFUtpj4t/PjS5f5KkgX2J
MD5:	4C439A5D3A976B531C139E493868203F
SHA1:	52C599AEEC59203AE2DDDD51CBB8E600A2E76ADC
SHA-256:	3EB03D3F485AF07765F2804A512BC1D385EEC77BFD16E141DB14CB1F219587D2
SHA-512:	993F5C968D3696E6A6F853CFCAF577BEAC948653690DDE8E74DE184293EFCFA9AE7E168367678C95E0ACA1BD61A4FB3CDC0F80863FDDE1182095DE4573525455
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:29.676 1170 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/08/04-00:15:29.681 1170 Recovering log #3.2021/08/04-00:15:29.683 1170 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.244177612196206
Encrypted:	false
SSDEEP:	6:m+iIq2PWXp+N23iKKdKgXz4rRIFUtpj4tZmwPjvmFkwOWXp+N23iKKdKgXz4q8LJ:ziIva5KkgXiuFUtpj4t/PjS5f5KkgX2J
MD5:	4C439A5D3A976B531C139E493868203F
SHA1:	52C599AEEC59203AE2DDDD51CBB8E600A2E76ADC
SHA-256:	3EB03D3F485AF07765F2804A512BC1D385EEC77BFD16E141DB14CB1F219587D2
SHA-512:	993F5C968D3696E6A6F853CFCAF577BEAC948653690DDE8E74DE184293EFCFA9AE7E168367678C95E0ACA1BD61A4FB3CDC0F80863FDDE1182095DE4573525455
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:29.676 1170 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/08/04-00:15:29.681 1170 Recovering log #3.2021/08/04-00:15:29.683 1170 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5809
Entropy (8bit):	5.191173759512403
Encrypted:	false
SSDEEP:	96:nRCfzn9SwxXRcKITok0JCKL8hkk15bOTQVuwn:nRCL9rhcE4KykkP
MD5:	07CA9118F6C64E14A2EDCDBD2E207923
SHA1:	E21D5AA18A58B9DA64B4D81678999E79E9A50EE5
SHA-256:	1BE1881FA85AB86C3476730C5CCC2B3636C9AA9A77B07809714031A0D9F03092
SHA-512:	40D36513099D3E1F7AE4276993C5C251E51029B9AAD3F0404EF4C815C507FF5ABA829A52B1DD118D8304C6E964CF9C2A9B09744DAAD95FC34C20ADE5AA784FE8
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272534929626370","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesTM (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5783
Entropy (8bit):	5.1885579163192554
Encrypted:	false
SSDEEP:	96:nRCfkn9SwxXRcKIQok0JCKL8hkk1IbOTQVuwn:nRCq9rhch4KykkQ
MD5:	E3DB35D6F23F893F24DA78EDE1FD88EC
SHA1:	42BD70CE06226B900B1A1A4CA44DF0C5C409D52E
SHA-256:	29505DFF88C98B29BA1ECE318CCE06172C6945FD6E27A38A54BBD5FE7C99BA70
SHA-512:	65C253CBC85DF948117F3C0CEDBB70D7D3C67EE5521EED80913D4B7789C46FB9461543A70A5D7887C9645479BEB2D26469344CD9810BE053CAD5717FAB5D91E5
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272534929626370","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.0030668581546078
Encrypted:	false
SSDEEP:	48:TUIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGURTO:wIElwQF8mpcSdy
MD5:	F637F7B845AB8F8DC1FFA9E837008D3B
SHA1:	614977A4444420547F2F9D3EE9928A7E70243C04
SHA-256:	F574AFC6E572B6BB8EDDBA867BF7D4E6FEE4EBB76FA8B2AD012C830B6F39B4ED
SHA-512:	A62788FD348175B8B1BCD6B700757B9E09F803D7A1585728A13F847F636BAE8D1ED1CA8275BD0D1C933E25FE0F4000BE3EF3020C922945F8D8861C9CB324B749
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C..........g...^.........j............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	21044
Entropy (8bit):	0.8268285005338882
Encrypted:	false
SSDEEP:	48:qwqkIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGU06:qwhIElwQF8mpcSd
MD5:	3BA8682970B95A96AEB30AEDCEB3AD1D
SHA1:	0F5B5E46654126A0B9132F651B1500E4578F271C
SHA-256:	55E35C1AD5A4DC04330B341A42714176456CAD07FB8E201D860E7943DCFDDF1C
SHA-512:	91DC8A3CEAD2B0E99EE8EADAC34499F131CAC1D7693881928EFC51A53F16BFF788276A82D7489366625904E6669F1E971D4D73F014FBF31C9725B5CE35E68620
Malicious:	false
Reputation:	low
Preview:	..............+.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences3d (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22595
Entropy (8bit):	5.535872250505424
Encrypted:	false
SSDEEP:	384:2/htBLlmmXI1kXqKf/pUZNCgVLH2HfDErU8HGqnT8+km4l:GLl7I1kXqKf/pUZNCgVLH2HfYrUwGqnA
MD5:	83BC8D7A974A0522CFD7C16143C44592
SHA1:	8D5CD79D6EDF65D266C65A960E1E1B084B8C0D17
SHA-256:	C6D55E3BFF826D0E0BF4F2F7B7EC978F0DB7FD47848C3E49C4DE9D917606A46D
SHA-512:	6FB0EA72FC2E66AD30D1B59B5A9B3AAF13A244E585E54C1EA6A1D24BA114D95F04298BB466C2602AC31B37CE3F4C736912DA6C24236C55A73A746E2FF8D6E9A4
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272534929324348","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences5d (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22596
Entropy (8bit):	5.535776875249774
Encrypted:	false
SSDEEP:	384:2/htBLlmmXI1kXqKf/pUZNCgVLH2HfDErU8HGBnT8+Om43:GLl7I1kXqKf/pUZNCgVLH2HfYrUwGBnE
MD5:	A0219BE62A910D9C1D5E3AF33259B6C6
SHA1:	D4ACE3ED1389C6834F1191B13FC013E2EB5F8480
SHA-256:	EE25F5F0DA163F9F84AA09EFAF1439ECF41EAE696D59F0F5C63BF9F9C2AC38D2
SHA-512:	163E02220001508187A33BB8F174D29439165DB49586D8A0B173CE3F8296278FBD2C09147EB38C8CBB2663DE54E05741CBF0DAEE0E4579B1179304637518C707
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272534929324348","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferenceseo (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	16745
Entropy (8bit):	5.577118838687711
Encrypted:	false
SSDEEP:	384:2/htMLlmmXI1kXqKf/pUZNCgVLH2HfDErUEK2m4F:9Ll7I1kXqKf/pUZNCgVLH2HfYrUUm2
MD5:	4293C47769B30CE3233497B99EB68B8B
SHA1:	A3925AC8E2E060BBDC56C3F142694CAAC217C2C7
SHA-256:	B124D5D0026AD8A1CC6A3C4B38D4A4A8A0F15C53B92F9DACD686433816353E7A
SHA-512:	2A2B00AACCB305EE05817DA6EF7697E1B9EFBB97BFE82E9B5D0CBE1EBA08B80359859FD6686BEB9995E78DC4748658D0B477C3197779EE7DAF2F146F9D39D708
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272534929324348","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	5.179785208089463
Encrypted:	false
SSDEEP:	12:5lpnq6ICAGs+BBC3A/X2Q0lc1CKlXwwECbC5YBAkf0CpolLAKCllK4h6FkmCT:7pnq6M+BX27qlXwrpYJfdolLArlK4hjB
MD5:	53B6638CA711AEF630D34EB5A2D50A15
SHA1:	E649B42653752C8171353942A265A20BCE718FA7
SHA-256:	50251925C09DCA6D9B834C4F5D8EB07252625E4CC0CD89485BB261046002E1BF
SHA-512:	A00515F92A138D2640798DA188B3B90D3A7CD83AA55A6699CAA2BF6CD07C4269B986B0D7AF9F1841407516B9D1BC29A59C11DAE0770CED967856F95528782BB0
Malicious:	false
Reputation:	low
Preview:	..&f.................K[e................next-map-id.1.Fnamespace-bcfb9cc0_596e_4ef4_a9af_5448c29d755a-https://www.google.com/.0V.e................V.e................V.e................U.Dve................next-map-id.2.Fnamespace-6003f412_ca6a_4d60_9632_121bd93e7ffc-https://www.google.com/.1. ..................g*.e................next-map-id.3.Fnamespace-bda5dedd_3059_468a_a16c_7f66256b88ff-https://www.google.com/.2.&..e................next-map-id.4.Fnamespace-c7c4eded_30c1_431b_8ffc_c4d83ba6ce24-https://www.google.com/.3.r..e................next-map-id.5.Fnamespace-434d094d_7a25_4eb3_867e_ddf3aa87c857-https://www.google.com/.4..UOe................next-map-id.6.Fnamespace-9650b281_3c90_45a2_9d8a_bc16dc31c485-https://www.google.com/.5....e................next-map-id.7.Fnamespace-bbabeb9f_7131_476e_81b4_b0bb792fed65-https://www.google.com/.6

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.158118451260149
Encrypted:	false
SSDEEP:	6:m+WEyq2PWXp+N23iKKdKrQMxIFUtpjk+r1ZmwPjEVjRkwOWXp+N23iKKdKrQMFLJ:zWEyva5KkCFUtpjP/PjoR5f5KktJ
MD5:	8420B9411DD7F4A41D54E000F14155F3
SHA1:	62B5BCFFAD835D360600929770D9720680AED6FD
SHA-256:	8975E292012607F9725E2A35BCEB7ADE025A8D0CE0AD18AE11C0C82843A2D749
SHA-512:	3212D05FB0B39C531C91B2D55925F5613E92E8F08FBF5D3F83FFF044E3A099C481E966D5F1E77027559099C2EF8DBFD851869CAE0E00996C4FD296D674E6FE81
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:29.575 1010 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/08/04-00:15:29.586 1010 Recovering log #3.2021/08/04-00:15:29.587 1010 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.158118451260149
Encrypted:	false
SSDEEP:	6:m+WEyq2PWXp+N23iKKdKrQMxIFUtpjk+r1ZmwPjEVjRkwOWXp+N23iKKdKrQMFLJ:zWEyva5KkCFUtpjP/PjoR5f5KktJ
MD5:	8420B9411DD7F4A41D54E000F14155F3
SHA1:	62B5BCFFAD835D360600929770D9720680AED6FD
SHA-256:	8975E292012607F9725E2A35BCEB7ADE025A8D0CE0AD18AE11C0C82843A2D749
SHA-512:	3212D05FB0B39C531C91B2D55925F5613E92E8F08FBF5D3F83FFF044E3A099C481E966D5F1E77027559099C2EF8DBFD851869CAE0E00996C4FD296D674E6FE81
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:29.575 1010 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/08/04-00:15:29.586 1010 Recovering log #3.2021/08/04-00:15:29.587 1010 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.1746036776402216
Encrypted:	false
SSDEEP:	6:m+8IYQyq2PWXp+N23iKKdK7Uh2ghZIFUtpjy0MAG1ZmwPj8SQRkwOWXp+N23iKKF:z8IAva5KkIhHh2FUtpjy0Mj1/Pjw5f5m
MD5:	E74C923C67F0BAA8B31105BE70673A71
SHA1:	F52DF62CFF722DF35FFD730394E4B5A24D78A7B4
SHA-256:	2A325592CFBC3C22159E0271B51A484629ACA7023DEEB5330863C913307ACEFB
SHA-512:	3835C17C92C5BA9B396FCF5AB5F9A41C36B0542FC06D3401712FCB9EBFC9E661869363DFA17CE43AE1D051D39930E959B1253CCB14BD98757A41F5242F1B5C31
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:29.345 f30 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/08/04-00:15:29.359 f30 Recovering log #3.2021/08/04-00:15:29.360 f30 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.1746036776402216
Encrypted:	false
SSDEEP:	6:m+8IYQyq2PWXp+N23iKKdK7Uh2ghZIFUtpjy0MAG1ZmwPj8SQRkwOWXp+N23iKKF:z8IAva5KkIhHh2FUtpjy0Mj1/Pjw5f5m
MD5:	E74C923C67F0BAA8B31105BE70673A71
SHA1:	F52DF62CFF722DF35FFD730394E4B5A24D78A7B4
SHA-256:	2A325592CFBC3C22159E0271B51A484629ACA7023DEEB5330863C913307ACEFB
SHA-512:	3835C17C92C5BA9B396FCF5AB5F9A41C36B0542FC06D3401712FCB9EBFC9E661869363DFA17CE43AE1D051D39930E959B1253CCB14BD98757A41F5242F1B5C31
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:29.345 f30 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/08/04-00:15:29.359 f30 Recovering log #3.2021/08/04-00:15:29.360 f30 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Reputation:	low
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	427
Entropy (8bit):	5.277056541701496
Encrypted:	false
SSDEEP:	6:m+lq2PWXp+N23iKKdKusNpV/2jMGIFUtpjAJZmwPjBkwOWXp+N23iKKdKusNpV/s:zlva5KkFFUtpjC/PjB5f5KkOJ
MD5:	4583E9696EB7F57F614AEF35670A06BF
SHA1:	3F1575C11FF112FFE2FAA605E7EA87F7E80F65BE
SHA-256:	83839520869C4C785F389C31E63B16772DEC0361C7B8CC72032F5847CC7C47CC
SHA-512:	FDDBE58183AD2D77FA7C1280406F160655D31B950B83796A8F984B01449033EB3C84E8AF1AE0D1AE1F2C26BB131041507AAE21F03ECEF77270AC39705AC71C46
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:29.609 834 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/08/04-00:15:29.610 834 Recovering log #3.2021/08/04-00:15:29.611 834 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	427
Entropy (8bit):	5.277056541701496
Encrypted:	false
SSDEEP:	6:m+lq2PWXp+N23iKKdKusNpV/2jMGIFUtpjAJZmwPjBkwOWXp+N23iKKdKusNpV/s:zlva5KkFFUtpjC/PjB5f5KkOJ
MD5:	4583E9696EB7F57F614AEF35670A06BF
SHA1:	3F1575C11FF112FFE2FAA605E7EA87F7E80F65BE
SHA-256:	83839520869C4C785F389C31E63B16772DEC0361C7B8CC72032F5847CC7C47CC
SHA-512:	FDDBE58183AD2D77FA7C1280406F160655D31B950B83796A8F984B01449033EB3C84E8AF1AE0D1AE1F2C26BB131041507AAE21F03ECEF77270AC39705AC71C46
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:29.609 834 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/08/04-00:15:29.610 834 Recovering log #3.2021/08/04-00:15:29.611 834 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.985305467053914
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
MD5:	C401B619D9D8E0ADABC25A47EE49CFBA
SHA1:	C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
SHA-256:	8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
SHA-512:	BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.303723065724325
Encrypted:	false
SSDEEP:	6:m+Gq2PWXp+N23iKKdKusNpqz4rRIFUtpjiZmwPjpfkwOWXp+N23iKKdKusNpqz4n:zGva5KkmiuFUtpji/Pjpf5f5Kkm2J
MD5:	B74EF9974B8087844C63F84BABC9AA56
SHA1:	21053EDB8E5208E4E77A9E0BE216E6390691F76E
SHA-256:	B9C6AE5A332315527BF523D0591C69312C3D8F96D6EA83AF70FE0807542AE1BE
SHA-512:	D285EA94C5CC9DFBAF8EE497F17EFD9E75D41A465D205E600A3FE099FB229E61FE438E2EB5D248F73813E07CE0174213CAAE621C2B6758288AC1AF90BB017901
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:29.683 444 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/08/04-00:15:29.686 444 Recovering log #3.2021/08/04-00:15:29.690 444 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.303723065724325
Encrypted:	false
SSDEEP:	6:m+Gq2PWXp+N23iKKdKusNpqz4rRIFUtpjiZmwPjpfkwOWXp+N23iKKdKusNpqz4n:zGva5KkmiuFUtpji/Pjpf5f5Kkm2J
MD5:	B74EF9974B8087844C63F84BABC9AA56
SHA1:	21053EDB8E5208E4E77A9E0BE216E6390691F76E
SHA-256:	B9C6AE5A332315527BF523D0591C69312C3D8F96D6EA83AF70FE0807542AE1BE
SHA-512:	D285EA94C5CC9DFBAF8EE497F17EFD9E75D41A465D205E600A3FE099FB229E61FE438E2EB5D248F73813E07CE0174213CAAE621C2B6758288AC1AF90BB017901
Malicious:	false
Reputation:	low
Preview:	2021/08/04-00:15:29.683 444 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/08/04-00:15:29.686 444 Recovering log #3.2021/08/04-00:15:29.690 444 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Reputation:	low
Preview:	..&f...............

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 4, 2021 00:15:32.821388960 CEST	49711	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:32.822200060 CEST	49712	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:32.830343962 CEST	49713	443	192.168.2.3	216.58.208.174
Aug 4, 2021 00:15:32.839823008 CEST	49714	443	192.168.2.3	216.58.205.77
Aug 4, 2021 00:15:32.852624893 CEST	443	49713	216.58.208.174	192.168.2.3
Aug 4, 2021 00:15:32.852770090 CEST	49713	443	192.168.2.3	216.58.208.174
Aug 4, 2021 00:15:32.862761974 CEST	443	49714	216.58.205.77	192.168.2.3
Aug 4, 2021 00:15:32.862878084 CEST	49714	443	192.168.2.3	216.58.205.77
Aug 4, 2021 00:15:32.866489887 CEST	49713	443	192.168.2.3	216.58.208.174
Aug 4, 2021 00:15:32.866750002 CEST	49714	443	192.168.2.3	216.58.205.77
Aug 4, 2021 00:15:32.889139891 CEST	443	49713	216.58.208.174	192.168.2.3
Aug 4, 2021 00:15:32.890223980 CEST	443	49714	216.58.205.77	192.168.2.3
Aug 4, 2021 00:15:32.905180931 CEST	443	49713	216.58.208.174	192.168.2.3
Aug 4, 2021 00:15:32.905227900 CEST	443	49713	216.58.208.174	192.168.2.3
Aug 4, 2021 00:15:32.905266047 CEST	443	49713	216.58.208.174	192.168.2.3
Aug 4, 2021 00:15:32.905283928 CEST	49713	443	192.168.2.3	216.58.208.174
Aug 4, 2021 00:15:32.905298948 CEST	443	49713	216.58.208.174	192.168.2.3
Aug 4, 2021 00:15:32.905347109 CEST	49713	443	192.168.2.3	216.58.208.174
Aug 4, 2021 00:15:32.905427933 CEST	443	49714	216.58.205.77	192.168.2.3
Aug 4, 2021 00:15:32.905468941 CEST	443	49714	216.58.205.77	192.168.2.3
Aug 4, 2021 00:15:32.905525923 CEST	49714	443	192.168.2.3	216.58.205.77
Aug 4, 2021 00:15:33.039977074 CEST	49716	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:33.076253891 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.076395035 CEST	49712	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:33.081007957 CEST	49712	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:33.082859039 CEST	80	49711	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.082957029 CEST	49711	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:33.292484045 CEST	80	49716	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.292659998 CEST	49716	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:33.335724115 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.348376036 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.348433018 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.348475933 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.348512888 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.348520041 CEST	49712	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:33.348551035 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.348552942 CEST	49712	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:33.348588943 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.348624945 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.348634005 CEST	49712	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:33.348663092 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.348700047 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.348701954 CEST	49712	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:33.348949909 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.349015951 CEST	49712	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:33.353954077 CEST	49713	443	192.168.2.3	216.58.208.174
Aug 4, 2021 00:15:33.354304075 CEST	49713	443	192.168.2.3	216.58.208.174
Aug 4, 2021 00:15:33.354440928 CEST	49713	443	192.168.2.3	216.58.208.174
Aug 4, 2021 00:15:33.375143051 CEST	443	49713	216.58.208.174	192.168.2.3
Aug 4, 2021 00:15:33.375209093 CEST	443	49713	216.58.208.174	192.168.2.3
Aug 4, 2021 00:15:33.375282049 CEST	49713	443	192.168.2.3	216.58.208.174
Aug 4, 2021 00:15:33.376938105 CEST	49714	443	192.168.2.3	216.58.205.77
Aug 4, 2021 00:15:33.379856110 CEST	49713	443	192.168.2.3	216.58.208.174
Aug 4, 2021 00:15:33.380959988 CEST	49714	443	192.168.2.3	216.58.205.77
Aug 4, 2021 00:15:33.381150007 CEST	443	49713	216.58.208.174	192.168.2.3
Aug 4, 2021 00:15:33.382359028 CEST	49714	443	192.168.2.3	216.58.205.77
Aug 4, 2021 00:15:33.382518053 CEST	49714	443	192.168.2.3	216.58.205.77
Aug 4, 2021 00:15:33.396419048 CEST	443	49713	216.58.208.174	192.168.2.3
Aug 4, 2021 00:15:33.396452904 CEST	443	49713	216.58.208.174	192.168.2.3
Aug 4, 2021 00:15:33.396471977 CEST	443	49713	216.58.208.174	192.168.2.3
Aug 4, 2021 00:15:33.396490097 CEST	443	49713	216.58.208.174	192.168.2.3
Aug 4, 2021 00:15:33.396527052 CEST	49713	443	192.168.2.3	216.58.208.174
Aug 4, 2021 00:15:33.396569967 CEST	49713	443	192.168.2.3	216.58.208.174
Aug 4, 2021 00:15:33.398664951 CEST	443	49714	216.58.205.77	192.168.2.3
Aug 4, 2021 00:15:33.402395010 CEST	443	49714	216.58.205.77	192.168.2.3
Aug 4, 2021 00:15:33.402522087 CEST	49714	443	192.168.2.3	216.58.205.77
Aug 4, 2021 00:15:33.404192924 CEST	443	49714	216.58.205.77	192.168.2.3
Aug 4, 2021 00:15:33.405364990 CEST	443	49713	216.58.208.174	192.168.2.3
Aug 4, 2021 00:15:33.425601959 CEST	443	49714	216.58.205.77	192.168.2.3
Aug 4, 2021 00:15:33.425652981 CEST	443	49714	216.58.205.77	192.168.2.3
Aug 4, 2021 00:15:33.425683022 CEST	443	49714	216.58.205.77	192.168.2.3
Aug 4, 2021 00:15:33.425708055 CEST	443	49714	216.58.205.77	192.168.2.3
Aug 4, 2021 00:15:33.425781965 CEST	49714	443	192.168.2.3	216.58.205.77
Aug 4, 2021 00:15:33.425816059 CEST	49714	443	192.168.2.3	216.58.205.77
Aug 4, 2021 00:15:33.425820112 CEST	443	49714	216.58.205.77	192.168.2.3
Aug 4, 2021 00:15:33.456223965 CEST	49714	443	192.168.2.3	216.58.205.77
Aug 4, 2021 00:15:33.456248045 CEST	49714	443	192.168.2.3	216.58.205.77
Aug 4, 2021 00:15:33.457611084 CEST	49713	443	192.168.2.3	216.58.208.174
Aug 4, 2021 00:15:33.479469061 CEST	443	49714	216.58.205.77	192.168.2.3
Aug 4, 2021 00:15:33.480408907 CEST	443	49713	216.58.208.174	192.168.2.3
Aug 4, 2021 00:15:33.602574110 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.602606058 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.602632046 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.602659941 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.602678061 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.602690935 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.602705002 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.602704048 CEST	49712	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:33.602730989 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.602749109 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.602754116 CEST	49712	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:33.602757931 CEST	49712	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:33.602762938 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.602777004 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.602790117 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.602799892 CEST	49712	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:33.602833033 CEST	49712	80	192.168.2.3	166.62.28.94
Aug 4, 2021 00:15:33.855215073 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.855254889 CEST	80	49712	166.62.28.94	192.168.2.3
Aug 4, 2021 00:15:33.855293036 CEST	80	49712	166.62.28.94	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 4, 2021 00:15:32.778825998 CEST	192.168.2.3	8.8.8.8	0x2103	Standard query (0)	www.ichiban.menu	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:32.795274019 CEST	192.168.2.3	8.8.8.8	0xcd1d	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:32.802877903 CEST	192.168.2.3	8.8.8.8	0x988c	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:34.127536058 CEST	192.168.2.3	8.8.8.8	0xfea3	Standard query (0)	s.w.org	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:34.331661940 CEST	192.168.2.3	8.8.8.8	0x3b9b	Standard query (0)	s3-eu-west-1.amazonaws.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:34.916996956 CEST	192.168.2.3	8.8.8.8	0x823	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:34.976445913 CEST	192.168.2.3	8.8.8.8	0x4885	Standard query (0)	www.instagram.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:34.976490974 CEST	192.168.2.3	8.8.8.8	0x1b4d	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:34.981867075 CEST	192.168.2.3	8.8.8.8	0x1f63	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.964498997 CEST	192.168.2.3	8.8.8.8	0x48b	Standard query (0)	api.segment.io	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:36.025564909 CEST	192.168.2.3	8.8.8.8	0xa037	Standard query (0)	static.hotjar.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:36.507069111 CEST	192.168.2.3	8.8.8.8	0x629	Standard query (0)	stats.g.doubleclick.net	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:38.961869001 CEST	192.168.2.3	8.8.8.8	0x5479	Standard query (0)	api.segment.io	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:38.961915016 CEST	192.168.2.3	8.8.8.8	0x780d	Standard query (0)	www.ichiban.menu	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:41.534362078 CEST	192.168.2.3	8.8.8.8	0x3aa2	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:33.594248056 CEST	192.168.2.3	8.8.8.8	0xe699	Standard query (0)	www.ichiban.menu	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:34.091085911 CEST	192.168.2.3	8.8.8.8	0x46e	Standard query (0)	1.gravatar.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:34.260344028 CEST	192.168.2.3	8.8.8.8	0x4c1a	Standard query (0)	s.w.org	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:37.795916080 CEST	192.168.2.3	8.8.8.8	0xab7a	Standard query (0)	1.gravatar.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:38.708877087 CEST	192.168.2.3	8.8.8.8	0xacd0	Standard query (0)	booking-widget.quandoo.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.185419083 CEST	192.168.2.3	8.8.8.8	0x852e	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.187473059 CEST	192.168.2.3	8.8.8.8	0x7bd	Standard query (0)	www.instagram.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.189631939 CEST	192.168.2.3	8.8.8.8	0x741b	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.312515974 CEST	192.168.2.3	8.8.8.8	0xe997	Standard query (0)	9110-api.quandoo.com	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.738996983 CEST	192.168.2.3	8.8.8.8	0x45dc	Standard query (0)	www.quandoo.com.au	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.741797924 CEST	192.168.2.3	8.8.8.8	0x44bc	Standard query (0)	booking-widget.quandoo.com.au	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 4, 2021 00:15:32.814940929 CEST	8.8.8.8	192.168.2.3	0x2103	No error (0)	www.ichiban.menu	ichiban.menu		CNAME (Canonical name)	IN (0x0001)
Aug 4, 2021 00:15:32.814940929 CEST	8.8.8.8	192.168.2.3	0x2103	No error (0)	ichiban.menu		166.62.28.94	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:32.827931881 CEST	8.8.8.8	192.168.2.3	0xcd1d	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)
Aug 4, 2021 00:15:32.827931881 CEST	8.8.8.8	192.168.2.3	0xcd1d	No error (0)	clients.l.google.com		216.58.208.174	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:32.838119984 CEST	8.8.8.8	192.168.2.3	0x988c	No error (0)	accounts.google.com		216.58.205.77	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:34.156738043 CEST	8.8.8.8	192.168.2.3	0xfea3	No error (0)	s.w.org		192.0.77.48	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:34.354269981 CEST	8.8.8.8	192.168.2.3	0x93c4	No error (0)	gstaticadssl.l.google.com		142.250.186.35	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:34.366014004 CEST	8.8.8.8	192.168.2.3	0x3b9b	No error (0)	s3-eu-west-1.amazonaws.com		52.218.20.156	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:34.952222109 CEST	8.8.8.8	192.168.2.3	0x823	No error (0)	www.google.com		142.250.180.164	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.010150909 CEST	8.8.8.8	192.168.2.3	0x1b4d	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)
Aug 4, 2021 00:15:35.010150909 CEST	8.8.8.8	192.168.2.3	0x1b4d	No error (0)	star-mini.c10r.facebook.com		157.240.17.35	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.010399103 CEST	8.8.8.8	192.168.2.3	0x4885	No error (0)	www.instagram.com	z-p42-instagram.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)
Aug 4, 2021 00:15:35.010399103 CEST	8.8.8.8	192.168.2.3	0x4885	No error (0)	z-p42-instagram.c10r.facebook.com		157.240.17.174	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.023297071 CEST	8.8.8.8	192.168.2.3	0x1f63	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)
Aug 4, 2021 00:15:35.023297071 CEST	8.8.8.8	192.168.2.3	0x1f63	No error (0)	youtube-ui.l.google.com		216.58.208.174	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.023297071 CEST	8.8.8.8	192.168.2.3	0x1f63	No error (0)	youtube-ui.l.google.com		216.58.209.46	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.023297071 CEST	8.8.8.8	192.168.2.3	0x1f63	No error (0)	youtube-ui.l.google.com		142.250.184.46	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.023297071 CEST	8.8.8.8	192.168.2.3	0x1f63	No error (0)	youtube-ui.l.google.com		142.250.184.78	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.023297071 CEST	8.8.8.8	192.168.2.3	0x1f63	No error (0)	youtube-ui.l.google.com		142.250.184.110	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.023297071 CEST	8.8.8.8	192.168.2.3	0x1f63	No error (0)	youtube-ui.l.google.com		216.58.198.46	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.023297071 CEST	8.8.8.8	192.168.2.3	0x1f63	No error (0)	youtube-ui.l.google.com		172.217.21.78	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.023297071 CEST	8.8.8.8	192.168.2.3	0x1f63	No error (0)	youtube-ui.l.google.com		142.250.180.78	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.023297071 CEST	8.8.8.8	192.168.2.3	0x1f63	No error (0)	youtube-ui.l.google.com		142.250.180.110	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.023297071 CEST	8.8.8.8	192.168.2.3	0x1f63	No error (0)	youtube-ui.l.google.com		142.250.180.142	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.023297071 CEST	8.8.8.8	192.168.2.3	0x1f63	No error (0)	youtube-ui.l.google.com		142.250.180.174	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.023297071 CEST	8.8.8.8	192.168.2.3	0x1f63	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.023297071 CEST	8.8.8.8	192.168.2.3	0x1f63	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.023297071 CEST	8.8.8.8	192.168.2.3	0x1f63	No error (0)	youtube-ui.l.google.com		216.58.208.142	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.745809078 CEST	8.8.8.8	192.168.2.3	0xb12f	No error (0)	www-googletagmanager.l.google.com		142.250.184.72	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.988867044 CEST	8.8.8.8	192.168.2.3	0x48b	No error (0)	api.segment.io		35.167.90.204	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.988867044 CEST	8.8.8.8	192.168.2.3	0x48b	No error (0)	api.segment.io		52.43.10.86	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.988867044 CEST	8.8.8.8	192.168.2.3	0x48b	No error (0)	api.segment.io		52.10.17.224	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.988867044 CEST	8.8.8.8	192.168.2.3	0x48b	No error (0)	api.segment.io		52.39.143.152	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.988867044 CEST	8.8.8.8	192.168.2.3	0x48b	No error (0)	api.segment.io		52.89.95.104	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.988867044 CEST	8.8.8.8	192.168.2.3	0x48b	No error (0)	api.segment.io		52.39.24.11	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.988867044 CEST	8.8.8.8	192.168.2.3	0x48b	No error (0)	api.segment.io		54.68.253.11	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:35.988867044 CEST	8.8.8.8	192.168.2.3	0x48b	No error (0)	api.segment.io		54.190.208.247	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:36.067531109 CEST	8.8.8.8	192.168.2.3	0x7db	No error (0)	www-google-analytics.l.google.com		142.250.184.78	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:36.069538116 CEST	8.8.8.8	192.168.2.3	0xa037	No error (0)	static.hotjar.com	static-cdn.hotjar.com		CNAME (Canonical name)	IN (0x0001)
Aug 4, 2021 00:15:36.069538116 CEST	8.8.8.8	192.168.2.3	0xa037	No error (0)	static-cdn.hotjar.com		13.32.22.92	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:36.069538116 CEST	8.8.8.8	192.168.2.3	0xa037	No error (0)	static-cdn.hotjar.com		13.32.22.41	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:36.069538116 CEST	8.8.8.8	192.168.2.3	0xa037	No error (0)	static-cdn.hotjar.com		13.32.22.75	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:36.069538116 CEST	8.8.8.8	192.168.2.3	0xa037	No error (0)	static-cdn.hotjar.com		13.32.22.91	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:36.550403118 CEST	8.8.8.8	192.168.2.3	0x629	No error (0)	stats.g.doubleclick.net	stats.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Aug 4, 2021 00:15:36.550403118 CEST	8.8.8.8	192.168.2.3	0x629	No error (0)	stats.l.doubleclick.net		108.177.126.155	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:36.550403118 CEST	8.8.8.8	192.168.2.3	0x629	No error (0)	stats.l.doubleclick.net		108.177.126.156	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:36.550403118 CEST	8.8.8.8	192.168.2.3	0x629	No error (0)	stats.l.doubleclick.net		108.177.126.157	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:36.550403118 CEST	8.8.8.8	192.168.2.3	0x629	No error (0)	stats.l.doubleclick.net		108.177.126.154	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:38.995172977 CEST	8.8.8.8	192.168.2.3	0x5479	No error (0)	api.segment.io		35.167.90.204	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:38.995172977 CEST	8.8.8.8	192.168.2.3	0x5479	No error (0)	api.segment.io		52.43.10.86	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:38.995172977 CEST	8.8.8.8	192.168.2.3	0x5479	No error (0)	api.segment.io		52.10.17.224	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:38.995172977 CEST	8.8.8.8	192.168.2.3	0x5479	No error (0)	api.segment.io		52.39.143.152	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:38.995172977 CEST	8.8.8.8	192.168.2.3	0x5479	No error (0)	api.segment.io		52.89.95.104	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:38.995172977 CEST	8.8.8.8	192.168.2.3	0x5479	No error (0)	api.segment.io		52.39.24.11	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:38.995172977 CEST	8.8.8.8	192.168.2.3	0x5479	No error (0)	api.segment.io		54.68.253.11	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:38.995172977 CEST	8.8.8.8	192.168.2.3	0x5479	No error (0)	api.segment.io		54.190.208.247	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:38.998425007 CEST	8.8.8.8	192.168.2.3	0x780d	No error (0)	www.ichiban.menu	ichiban.menu		CNAME (Canonical name)	IN (0x0001)
Aug 4, 2021 00:15:38.998425007 CEST	8.8.8.8	192.168.2.3	0x780d	No error (0)	ichiban.menu		166.62.28.94	A (IP address)	IN (0x0001)
Aug 4, 2021 00:15:41.567867041 CEST	8.8.8.8	192.168.2.3	0x3aa2	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Aug 4, 2021 00:15:41.567867041 CEST	8.8.8.8	192.168.2.3	0x3aa2	No error (0)	googlehosted.l.googleusercontent.com		216.58.208.161	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:33.626610994 CEST	8.8.8.8	192.168.2.3	0xe699	No error (0)	www.ichiban.menu	ichiban.menu		CNAME (Canonical name)	IN (0x0001)
Aug 4, 2021 00:16:33.626610994 CEST	8.8.8.8	192.168.2.3	0xe699	No error (0)	ichiban.menu		166.62.28.94	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:34.125076056 CEST	8.8.8.8	192.168.2.3	0x46e	No error (0)	1.gravatar.com		192.0.73.2	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:34.285154104 CEST	8.8.8.8	192.168.2.3	0x4c1a	No error (0)	s.w.org		192.0.77.48	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:37.828176022 CEST	8.8.8.8	192.168.2.3	0xab7a	No error (0)	1.gravatar.com		192.0.73.2	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:37.922597885 CEST	8.8.8.8	192.168.2.3	0x1ad5	No error (0)	gstaticadssl.l.google.com		216.58.198.3	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:38.753567934 CEST	8.8.8.8	192.168.2.3	0xacd0	No error (0)	booking-widget.quandoo.com		143.204.207.60	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:38.753567934 CEST	8.8.8.8	192.168.2.3	0xacd0	No error (0)	booking-widget.quandoo.com		143.204.207.124	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:38.753567934 CEST	8.8.8.8	192.168.2.3	0xacd0	No error (0)	booking-widget.quandoo.com		143.204.207.63	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:38.753567934 CEST	8.8.8.8	192.168.2.3	0xacd0	No error (0)	booking-widget.quandoo.com		143.204.207.107	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.221286058 CEST	8.8.8.8	192.168.2.3	0x852e	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)
Aug 4, 2021 00:16:39.221286058 CEST	8.8.8.8	192.168.2.3	0x852e	No error (0)	star-mini.c10r.facebook.com		157.240.17.35	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.224025011 CEST	8.8.8.8	192.168.2.3	0x741b	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)
Aug 4, 2021 00:16:39.224025011 CEST	8.8.8.8	192.168.2.3	0x741b	No error (0)	youtube-ui.l.google.com		216.58.208.174	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.224025011 CEST	8.8.8.8	192.168.2.3	0x741b	No error (0)	youtube-ui.l.google.com		216.58.209.46	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.224025011 CEST	8.8.8.8	192.168.2.3	0x741b	No error (0)	youtube-ui.l.google.com		142.250.184.46	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.224025011 CEST	8.8.8.8	192.168.2.3	0x741b	No error (0)	youtube-ui.l.google.com		142.250.184.78	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.224025011 CEST	8.8.8.8	192.168.2.3	0x741b	No error (0)	youtube-ui.l.google.com		142.250.184.110	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.224025011 CEST	8.8.8.8	192.168.2.3	0x741b	No error (0)	youtube-ui.l.google.com		216.58.198.46	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.224025011 CEST	8.8.8.8	192.168.2.3	0x741b	No error (0)	youtube-ui.l.google.com		172.217.21.78	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.224025011 CEST	8.8.8.8	192.168.2.3	0x741b	No error (0)	youtube-ui.l.google.com		142.250.180.78	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.224025011 CEST	8.8.8.8	192.168.2.3	0x741b	No error (0)	youtube-ui.l.google.com		142.250.180.110	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.224025011 CEST	8.8.8.8	192.168.2.3	0x741b	No error (0)	youtube-ui.l.google.com		142.250.180.142	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.224025011 CEST	8.8.8.8	192.168.2.3	0x741b	No error (0)	youtube-ui.l.google.com		142.250.180.174	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.224025011 CEST	8.8.8.8	192.168.2.3	0x741b	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.224025011 CEST	8.8.8.8	192.168.2.3	0x741b	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.224025011 CEST	8.8.8.8	192.168.2.3	0x741b	No error (0)	youtube-ui.l.google.com		216.58.208.142	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.226793051 CEST	8.8.8.8	192.168.2.3	0x7bd	No error (0)	www.instagram.com	z-p42-instagram.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)
Aug 4, 2021 00:16:39.226793051 CEST	8.8.8.8	192.168.2.3	0x7bd	No error (0)	z-p42-instagram.c10r.facebook.com		157.240.17.174	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.347829103 CEST	8.8.8.8	192.168.2.3	0xe997	No error (0)	9110-api.quandoo.com		52.213.64.175	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.347829103 CEST	8.8.8.8	192.168.2.3	0xe997	No error (0)	9110-api.quandoo.com		52.214.46.190	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.347829103 CEST	8.8.8.8	192.168.2.3	0xe997	No error (0)	9110-api.quandoo.com		3.248.134.122	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.811969042 CEST	8.8.8.8	192.168.2.3	0x44bc	No error (0)	booking-widget.quandoo.com.au		13.32.22.7	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.811969042 CEST	8.8.8.8	192.168.2.3	0x44bc	No error (0)	booking-widget.quandoo.com.au		13.32.22.46	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.811969042 CEST	8.8.8.8	192.168.2.3	0x44bc	No error (0)	booking-widget.quandoo.com.au		13.32.22.59	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.811969042 CEST	8.8.8.8	192.168.2.3	0x44bc	No error (0)	booking-widget.quandoo.com.au		13.32.22.65	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.864726067 CEST	8.8.8.8	192.168.2.3	0x45dc	No error (0)	www.quandoo.com.au		176.34.109.148	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:39.864726067 CEST	8.8.8.8	192.168.2.3	0x45dc	No error (0)	www.quandoo.com.au		54.217.223.212	A (IP address)	IN (0x0001)
Aug 4, 2021 00:16:41.663414001 CEST	8.8.8.8	192.168.2.3	0x5f40	No error (0)	www-google-analytics.l.google.com		142.250.184.78	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

www.ichiban.menu

1.gravatar.com

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exe PID: 752 Parent PID: 968

General

Start time:	00:15:28
Start date:	04/08/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'http://www.ichiban.menu/menu-teppanyaki/'
Imagebase:	0x7ff77b960000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: chrome.exe PID: 4720 Parent PID: 752

General

Start time:	00:15:30
Start date:	04/08/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,16433198126318794357,6094034236782199136,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1704 /prefetch:8
Imagebase:	0x7ff77b960000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Network device logs, Network intrusion detection system, Packet capture, Process use of network, SSL/TLS inspection, Web proxy
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report http://www.ichiban.menu/menu-teppanyaki/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: chrome.exe PID: 752 Parent PID: 968

General

Analysis Process: chrome.exe PID: 4720 Parent PID: 752

General

Disassembly