Edit tour

Windows Analysis Report
https://tonymaster.com.br/php/php/secured_file.html

Overview

General Information

Sample URL:	https://tonymaster.com.br/php/php/secured_file.html
Analysis ID:	626411
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish10

Antivirus detection for URL or domain

Phishing site detected (based on logo template match)

Phishing site detected (based on image similarity)

Queries the volume information (name, serial number etc) of a device

HTML body contains low number of good links

HTML title does not match URL

Classification

Process Tree

System is w10x64

cmd.exe (PID: 4932 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://tonymaster.com.br/php/php/secured_file.html" > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 3180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

wget.exe (PID: 4516 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://tonymaster.com.br/php/php/secured_file.html" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)

chrome.exe (PID: 5636 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "C:\Users\user\Desktop\download\secured_file.html MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,9400304986910000489,8858670297383190551,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1956 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1504,9400304986910000489,8858670297383190551,131072 --lang=en-GB --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=2936 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
09046.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 13 May 2022 21:49:31 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Sat, 02 May 2020 00:40:58 GMTAccept-Ranges: bytesContent-Length: 11816Vary: Accept-EncodingContent-Type: text/html

Source: wget.exe, 00000002.00000003.230520856.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.230958367.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.230604368.0000000002D58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000002.00000003.230520856.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.230958367.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.230604368.0000000002D58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.3.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://ajax.googleapis.com
Source: ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://apis.google.com
Source: ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.3.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://content-autofill.googleapis.com
Source: ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 4c4d1e94-9048-4789-9401-bf533ea4a4d0.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://dns.google
Source: ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://fonts.googleapis.com
Source: ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://fonts.gstatic.com
Source: craw_window.js.3.dr, craw_background.js.3.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://ogs.google.com
Source: craw_window.js.3.dr, manifest.json.3.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://play.google.com
Source: ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr	String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://redirector.gvt1.com
Source: craw_window.js.3.dr, manifest.json.3.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://ssl.gstatic.com
Source: wget.exe, 00000002.00000002.230941921.0000000001265000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.230958367.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.230604368.0000000002D58000.00000004.00000800.00020000.00000000.sdmp, cmdline.out.0.dr	String found in binary or memory: https://tonymaster.com.br/php/php/secured_file.html
Source: wget.exe, 00000002.00000003.230520856.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.230958367.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.230604368.0000000002D58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tonymaster.com.br/php/php/secured_file.htmlI
Source: wget.exe, 00000002.00000002.230941921.0000000001265000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tonymaster.com.br/php/php/secured_file.htmlp/ph
Source: wget.exe, 00000002.00000003.230520856.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.230958367.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.230604368.0000000002D58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tonymaster.com.br/php/php/secured_file.htmly
Source: History Provider Cache.3.dr	String found in binary or memory: https://tonymaster.com.br/wp-includes/certificates/certificates/secured_file.html2
Source: History Provider Cache.3.dr	String found in binary or memory: https://tonymaster.com.br/wp-includes/certificates/certificates/secured_file.html2:
Source: wget.exe, 00000002.00000003.230510051.0000000002D98000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.230978933.0000000002D90000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.230985715.0000000002D98000.00000004.00000800.00020000.00000000.sdmp, History Provider Cache.3.dr, secured_file.html.2.dr	String found in binary or memory: https://tonymaster.com.br/wp-includes/widgets/secured_file/important_document/business_proposal.html
Source: craw_window.js.3.dr, craw_background.js.3.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.3.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.3.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.3.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.3.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.3.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.3.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: craw_window.js.3.dr, ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, craw_background.js.3.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.3.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.3.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.3.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.3.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.3.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	String found in binary or memory: https://www.gstatic.com

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitContent-type: text/xmlX-MSEdge-ExternalExpType: JointCoordX-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40X-PositionerType: DesktopX-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguageX-Search-SafeSearch: ModerateX-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8}X-UserAgeClass: UnknownX-BM-Market: USX-BM-DateFormat: M/d/yyyyX-CortanaAccessAboveLock: falseX-Device-OSSKU: 48X-BM-DTZ: 60X-BM-FirstEnabledTime: 132061327679472806X-DeviceID: 0100748C0900D485X-BM-DeviceScale: 100X-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-BM-DeviceDimensionsLogical: 1232x1024X-BM-DeviceDimensions: 1232x1024X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAcrCUQHVmc1QWYMPz0DXFqeRx8wamoowmwbwUSyNYpjtyJpJRDfEtLg1rKS4/zxABCoKsuMFRUBIP7PFid4xD2qKyI0URDzKuBMFjFkKzlG3Ps9MGF%2BBZXTdKnpAzZrlgOtRPCtamchXz28q0CRmPxXD6ZHI2rcMOvnUBLbt1zkoTBTKYibaVaGygpAEYQDTKkpAamKV8eOep8EnHN50LiR92MCKiQtLylSx/qTDVfvmE81bne2UzPZEbqlm/DPuKdzajAWp%2BXa91MUXk%2BgPu95uggy8QPGrNOWbn7IkTjFjqBdAhJ5m/BiU45rQu3ck%2B6RC%2BU%2BEalYU42PwbfQmsDwDZgAACHBtXI8rJNLaqAG5bveMLq14sdqoo9yPGDTdHxA7OjsAOmIxUTUXgi%2B44zK9rStYOMPMq4e6et15tJFBbG2jKGVdJMY3ZkTFu%2BHWNopmckOWLVgFNq79y3hmsdxc1wOedU50wO01k4tR95v4Imjx%2BJujGLa9TWHvuxeDQi9Y4ybY/y9vY1LteXSo0kKHbGazTsLNxyFfmSDOcn8ClbW9bmk0c4jHKD1yRpmMUoJ6GMEDPMqNOCkwrk63Ab7wPb/Ik//Xt/R1gr%2Bom7Tc2OeYYcdyru5UC/xxsJOAvl6NlTvqnrrwv3tNwIcpsdUqBF6TuxWSlAQvZrc4R0FfqAmC1gmCnHgcn6LOJmRb0NP4X2cysqVe7yMirSTCCMByWMIyPaVuut%2BME7E/g1i7%2BF6GOmOb4jaw5esWXZItZITutJph%2B%2BiB5Jhj5m5K8KwagRMAS5gWCtioSFd8CezxoiPqJxEvqdn2z7PYPJa2IEPLnuo8hgVRtHuU8/aTQiACqk%2BA7ilNPbpjD1XsiVE35rwQalWYecZgjOX1bVhMm1bTSpRC5s14qea2UC8ENIkJSR9nRsud1AE%3D%26p%3DX-Agent-DeviceId: 0100748C0900D485X-BM-CBT: 1646732532X-Device-isOptin: trueX-Device-Touch: falseX-Device-ClientSession: B3FD0EB2977A44E390C07B484049F516X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeaderAccept: */*Accept-Language: en-USAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: www.bing.comContent-Length: 87238Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=BEEBF15262804E24A8DF6781500AB975; _SS=CPID=1652478558452&AC=1&CPH=4ef661f2

Source: unknown

DNS traffic detected: queries for: tonymaster.com.br

Source: global traffic	HTTP traffic detected: GET /php/php/secured_file.html HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: /Accept-Encoding: identityHost: tonymaster.com.brConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-includes/widgets/secured_file/important_document/business_proposal.html HTTP/1.1Host: tonymaster.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-includes/certificates/certificates/secured_file.html HTTP/1.1Host: tonymaster.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://tonymaster.com.br/wp-includes/widgets/secured_file/important_document/business_proposal.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wp-includes/certificates/certificates/important_document.html HTTP/1.1Host: tonymaster.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: objectReferer: https://tonymaster.com.br/wp-includes/certificates/certificates/secured_file.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /php/php/sec HTTP/1.1Host: _wildcard_.avenue180.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://tonymaster.com.br/wp-includes/certificates/certificates/important_document.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /php/php/sec/ HTTP/1.1Host: _wildcard_.avenue180.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://tonymaster.com.br/wp-includes/certificates/certificates/important_document.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://_wildcard_.avenue180.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://_wildcard_.avenue180.com/php/php/sec/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://_wildcard_.avenue180.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://_wildcard_.avenue180.com/php/php/sec/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /php/php/sec/css/hover.css HTTP/1.1Host: _wildcard_.avenue180.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://_wildcard_.avenue180.com/php/php/sec/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /php/php/sec/css/album.css HTTP/1.1Host: _wildcard_.avenue180.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://_wildcard_.avenue180.com/php/php/sec/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://_wildcard_.avenue180.com/php/php/sec/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://_wildcard_.avenue180.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://_wildcard_.avenue180.com/php/php/sec/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /php/php/sec/images/onedrive-w.png HTTP/1.1Host: _wildcard_.avenue180.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://_wildcard_.avenue180.com/php/php/sec/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /php/php/sec/images/office3651.png HTTP/1.1Host: _wildcard_.avenue180.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://_wildcard_.avenue180.com/php/php/sec/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /php/php/sec/images/outlook1.png HTTP/1.1Host: _wildcard_.avenue180.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://_wildcard_.avenue180.com/php/php/sec/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /php/php/sec/images/gmail.png HTTP/1.1Host: _wildcard_.avenue180.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://_wildcard_.avenue180.com/php/php/sec/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /php/php/sec/video/onedrive.mp4 HTTP/1.1Host: _wildcard_.avenue180.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: identity;q=1, ;q=0Accept: /*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://_wildcard_.avenue180.com/php/php/sec/Accept-Language: en-GB,en-US;q=0.9,en;q=0.8Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /php/php/sec/images/onedrive-white.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: _wildcard_.avenue180.com
Source: global traffic	HTTP traffic detected: GET /php/php/sec/images/onedrive-w.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: _wildcard_.avenue180.com
Source: global traffic	HTTP traffic detected: GET /php/php/sec/images/office3651.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: _wildcard_.avenue180.com
Source: global traffic	HTTP traffic detected: GET /php/php/sec/images/outlook1.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: _wildcard_.avenue180.com
Source: global traffic	HTTP traffic detected: GET /php/php/sec/images/gmail.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: _wildcard_.avenue180.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tonymaster.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tonymaster.com.br/wp-includes/certificates/certificates/secured_file.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Thu, 20 Apr 2017 16:10:39 GMTUser-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown	HTTPS traffic detected: 162.241.3.4:443 -> 192.168.2.4:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.31.22:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.31.22:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.4.86:443 -> 192.168.2.4:49792 version: TLS 1.2

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://tonymaster.com.br/php/php/secured_file.html" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://tonymaster.com.br/php/php/secured_file.html"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "C:\Users\user\Desktop\download\secured_file.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,9400304986910000489,8858670297383190551,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1956 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1504,9400304986910000489,8858670297383190551,131072 --lang=en-GB --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=2936 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://tonymaster.com.br/php/php/secured_file.html"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,9400304986910000489,8858670297383190551,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1956 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1504,9400304986910000489,8858670297383190551,131072 --lang=en-GB --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=2936 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3180:120:WilError_01

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\71585f6f-7143-4a51-a51c-aacf8d51218a.tmp

Jump to behavior

Source: classification engine

Classification label: mal72.phis.win@31/92@12/12

Source: C:\Windows\SysWOW64\wget.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\wget.exe

Queries volume information: C:\Users\user\Desktop\download VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	12 System Information Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 Remote System Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	5 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://tonymaster.com.br/php/php/secured_file.html	0%	Avira URL Cloud	safe
https://tonymaster.com.br/php/php/secured_file.html	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://tonymaster.com.br/wp-includes/certificates/certificates/secured_file.html	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://tonymaster.com.br/wp-includes/certificates/certificates/important_document.html	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://tonymaster.com.br/wp-includes/certificates/certificates/secured_file.html2	0%	Avira URL Cloud	safe
https://_wildcard_.avenue180.com/php/php/sec/images/office3651.png	0%	Avira URL Cloud	safe
https://_wildcard_.avenue180.com/php/php/sec/images/onedrive-white.png	0%	Avira URL Cloud	safe
https://_wildcard_.avenue180.com/php/php/sec/css/album.css	0%	Avira URL Cloud	safe
https://tonymaster.com.br/php/php/secured_file.htmly	0%	Avira URL Cloud	safe
https://_wildcard_.avenue180.com/php/php/sec/images/onedrive-w.png	0%	Avira URL Cloud	safe
https://tonymaster.com.br/wp-includes/certificates/certificates/secured_file.html2:	0%	Avira URL Cloud	safe
https://_wildcard_.avenue180.com/php/php/sec/images/gmail.png	0%	Avira URL Cloud	safe
https://dns.google	0%	URL Reputation	safe
https://tonymaster.com.br/php/php/secured_file.htmlI	0%	Avira URL Cloud	safe
https://_wildcard_.avenue180.com/php/php/sec	0%	Avira URL Cloud	safe
https://_wildcard_.avenue180.com/php/php/sec/css/hover.css	0%	Avira URL Cloud	safe
https://_wildcard_.avenue180.com/php/php/sec/images/outlook1.png	0%	Avira URL Cloud	safe
https://_wildcard_.avenue180.com/php/php/sec/video/onedrive.mp4	0%	Avira URL Cloud	safe
https://tonymaster.com.br/favicon.ico	0%	Avira URL Cloud	safe
https://tonymaster.com.br/php/php/secured_file.htmlp/ph	0%	Avira URL Cloud	safe
https://tonymaster.com.br/wp-includes/widgets/secured_file/important_document/business_proposal.html	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
tonymaster.com.br	162.241.3.4	true	false	unknown
gstaticadssl.l.google.com	172.217.168.3	true	false	high
stackpath.bootstrapcdn.com	104.18.11.207	true	false	high
_wildcard_.avenue180.com	192.185.31.22	true	false	unknown
accounts.google.com	172.217.168.45	true	false	high
cdnjs.cloudflare.com	104.17.24.14	true	false	high
maxcdn.bootstrapcdn.com	104.18.10.207	true	false	high
clients.l.google.com	142.250.203.110	true	false	high
clients2.google.com	unknown	unknown	false	high
ka-f.fontawesome.com	unknown	unknown	false	high
code.jquery.com	unknown	unknown	false	high
kit.fontawesome.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://_wildcard_.avenue180.com/php/php/sec/images/office3651.png	true	Avira URL Cloud: safe	low
https://_wildcard_.avenue180.com/php/php/sec/images/onedrive-white.png	true	Avira URL Cloud: safe	low
https://tonymaster.com.br/wp-includes/certificates/certificates/important_document.html	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown
https://_wildcard_.avenue180.com/php/php/sec/css/album.css	true	Avira URL Cloud: safe	low
https://tonymaster.com.br/wp-includes/certificates/certificates/important_document.html	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown
https://_wildcard_.avenue180.com/php/php/sec/images/onedrive-w.png	true	Avira URL Cloud: safe	low
https://_wildcard_.avenue180.com/php/php/sec/	true		low
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false		high
https://_wildcard_.avenue180.com/php/php/sec/	true		low
https://_wildcard_.avenue180.com/php/php/sec/images/gmail.png	true	Avira URL Cloud: safe	low
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	false		high
https://_wildcard_.avenue180.com/php/php/sec	false	Avira URL Cloud: safe	low
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css	false		high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://_wildcard_.avenue180.com/php/php/sec/css/hover.css	true	Avira URL Cloud: safe	low
https://_wildcard_.avenue180.com/php/php/sec/images/outlook1.png	true	Avira URL Cloud: safe	low
https://_wildcard_.avenue180.com/php/php/sec/video/onedrive.mp4	true	Avira URL Cloud: safe	low
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	false		high
https://tonymaster.com.br/favicon.ico	false	Avira URL Cloud: safe	unknown
https://tonymaster.com.br/wp-includes/certificates/certificates/secured_file.html	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown
https://tonymaster.com.br/php/php/secured_file.html	true		unknown
https://tonymaster.com.br/wp-includes/certificates/certificates/secured_file.html	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown
https://tonymaster.com.br/wp-includes/widgets/secured_file/important_document/business_proposal.html	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://tonymaster.com.br/wp-includes/certificates/certificates/secured_file.html2	History Provider Cache.3.dr	true	Avira URL Cloud: safe	unknown
https://www.google.com/images/cleardot.gif	craw_window.js.3.dr	false		high
https://play.google.com	ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	false		high
https://sandbox.google.com/payments/v4/js/integrator.js	craw_window.js.3.dr, manifest.json.3.dr	false		high
https://accounts.google.com/MergeSession	craw_window.js.3.dr	false		high
https://www.google.com	ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	false		high
https://tonymaster.com.br/php/php/secured_file.htmly	wget.exe, 00000002.00000003.230520856.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.230958367.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.230604368.0000000002D58000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://accounts.google.com	ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	false		high
https://tonymaster.com.br/wp-includes/certificates/certificates/secured_file.html2:	History Provider Cache.3.dr	true	Avira URL Cloud: safe	unknown
https://apis.google.com	ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	false		high
https://www.google.com/accounts/OAuthLogin?issueuberauth=1	craw_window.js.3.dr	false		high
https://www-googleapis-staging.sandbox.google.com	craw_window.js.3.dr, craw_background.js.3.dr	false		high
https://clients2.google.com	ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	false		high
https://dns.google	ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 4c4d1e94-9048-4789-9401-bf533ea4a4d0.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	false	URL Reputation: safe	unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p	craw_window.js.3.dr, craw_background.js.3.dr	false		high
https://www.google.com/intl/en-US/chrome/blank.html	craw_background.js.3.dr	false		high
https://ogs.google.com	ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	craw_window.js.3.dr, manifest.json.3.dr	false		high
https://tonymaster.com.br/php/php/secured_file.htmlI	wget.exe, 00000002.00000003.230520856.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000002.230958367.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000002.00000003.230604368.0000000002D58000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://www.google.com/images/x2.gif	craw_window.js.3.dr	false		high
https://www.google.com/images/dot2.gif	craw_window.js.3.dr	false		high
https://clients2.googleusercontent.com	ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp.4.dr, 70af35c3-664a-466d-9e29-53c2262b10f4.tmp.4.dr	false		high
https://tonymaster.com.br/php/php/secured_file.htmlp/ph	wget.exe, 00000002.00000002.230941921.0000000001265000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://www.google.com/	manifest.json.3.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json.3.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
192.185.31.22	_wildcard_.avenue180.com	United States	46606	UNIFIEDLAYER-AS-1US	false
142.250.203.110	clients.l.google.com	United States	15169	GOOGLEUS	false
162.241.3.4	tonymaster.com.br	United States	26337	OIS1US	false
104.18.11.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
172.217.168.45	accounts.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.168.3	gstaticadssl.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
192.168.2.4
127.0.0.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	626411
Start date and time: 13/05/202223:48:15	2022-05-13 23:48:15 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	urldownload.jbs
Sample URL:	https://tonymaster.com.br/php/php/secured_file.html
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.phis.win@31/92@12/12
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): audiodg.exe, SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.168.14, 74.125.100.201, 142.250.185.99, 69.16.175.10, 69.16.175.42, 172.217.168.10, 104.18.23.52, 104.18.22.52, 142.250.203.106, 188.114.97.10, 188.114.96.10, 216.58.215.234, 142.250.186.163, 142.250.203.99, 172.217.132.71
Excluded domains from analysis (whitelisted): kit.fontawesome.com.cdn.cloudflare.net, cds.s5x3j6q5.hwcdn.net, fonts.googleapis.com, fs.microsoft.com, ka-f.fontawesome.com.cdn.cloudflare.net, content-autofill.googleapis.com, ajax.googleapis.com, fonts.gstatic.com, clientservices.googleapis.com, r4---sn-5hne6nz6.gvt1.com, redirector.gvt1.com, update.googleapis.com, r4.sn-5hne6nz6.gvt1.com, www.gstatic.com, r2---sn-5hne6nsr.gvt1.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	204570
Entropy (8bit):	6.073964760532891
Encrypted:	false
SSDEEP:	3072:5Z82u8ttIkp++ThccJGe2NY7Z5gRUT/YlbNFcbXafIB0u1GOJmA3iuRi:jTttj+tcJGFkZmR9aqfIlUOoSiuRi
MD5:	2DB5FA25450EAD80A607D0EB33A7BAE8
SHA1:	B30D78A616A01494D56AA09B90D8DE4BF5E8794F
SHA-256:	AA06B6DD2E4AE76734D2C0D535E9BF21A6666E103C7457790AF2438A1C091FAC
SHA-512:	B0E0D9EEC63297E2900DB5A3EF52F4CF839245CAA89B86E6ACC5F09458BABD81E28614D4CE761314369C4AF3EDB83F2687A7B13A58F532D9AA17D2D0901FF7D9
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.652478579207872e+12,"network":1.652478564e+12,"ticks":113153522.0,"uncertainty":3807418.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABaHlwIoHYlQKZwuwW8V0yxAAAAAAIAAAAAABBmAAAAAQAAIAAAAOT4j8Zm9U1zXX6oEUpPqIYBIjSlOiLGeiMKiIFJZDroAAAAAA6AAAAAAgAAIAAAAFW1OavBhyV7qwszPZbindD+KU2Osh5O7HSmDPpFnuCDMAAAAGEkmqbufgFUSmOzx4cW7Aup7spqps4DvqbPrwRgUGqSpRZvQkbO+yVH56WF9zMTt0AAAAAyRwtYxjf7/AqYrFr0JZ6kbTiUt0/2PKkCw7ntLtbN2qrad7I3MeL4iNGDFgqRlhWgsb/6w0gJzQxAfL6rdzxi"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715401452"},"plugins":{"metadata":{"adobe-flash-player":{"d

Source: https://tonymaster.com.br/wp-includes/certificates/certificates/secured_file.html	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://tonymaster.com.br/wp-includes/certificates/certificates/important_document.html	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Source: https://_wildcard_.avenue180.com/php/php/sec/	HTTP Parser: Number of links: 0
Source: https://_wildcard_.avenue180.com/php/php/sec/	HTTP Parser: Number of links: 0

Source: https://_wildcard_.avenue180.com/php/php/sec/	HTTP Parser: Title: Document Storage does not match URL
Source: https://_wildcard_.avenue180.com/php/php/sec/	HTTP Parser: Title: Document Storage does not match URL

Source: https://_wildcard_.avenue180.com/php/php/sec/	HTTP Parser: No <meta name="author".. found
Source: https://_wildcard_.avenue180.com/php/php/sec/	HTTP Parser: No <meta name="author".. found

Source: https://_wildcard_.avenue180.com/php/php/sec/	HTTP Parser: No <meta name="copyright".. found
Source: https://_wildcard_.avenue180.com/php/php/sec/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 74.125.8.234
Source: unknown	TCP traffic detected without corresponding DNS query: 74.125.162.10
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.108.210
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.108.210
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.4.86

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	553
Entropy (8bit):	5.0624105155570485
Encrypted:	false
SSDEEP:	12:HGy3aF5OAHn0RUpBVn0U5T1De5RhKW01DbfbKJkvpPVjRifbKJZ1n:vo5DH0GBV0wxePgW01XbywRRKbyjn
MD5:	005EB3F87896A26C6A4648F81F17D783
SHA1:	DB0586A20D98E9FE0C7892426AD9BA72D9106A28
SHA-256:	25FCC65EA34361F6B7184DCCA8C0084B17F3E36B7F5140C675D772D6DAB0DB53
SHA-512:	513230A15ABA2CF3C0346D273079475E808742307C265CCCE5F4CDE3F68F606726EF94C6D5CFC4D762B8ED3DAEDB5A59B8771FACB0641AC5EC225A811DFA4651
Malicious:	false
Reputation:	low
Preview:	--2022-05-13 23:49:32-- https://tonymaster.com.br/php/php/secured_file.html..Resolving tonymaster.com.br (tonymaster.com.br)... 162.241.3.4..Connecting to tonymaster.com.br (tonymaster.com.br)\|162.241.3.4\|:443... connected...HTTP request sent, awaiting response... 200 OK..Length: 227 [text/html]..Saving to: 'C:/Users/user/Desktop/download/secured_file.html'.... 0K 100% 72.4K=0.003s....2022-05-13 23:49:33 (72.4 KB/s) - 'C:/Users/user/Desktop/download/secured_file.html' saved [227/227]....

Process:	C:\Windows\SysWOW64\wget.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	227
Entropy (8bit):	4.62095304794071
Encrypted:	false
SSDEEP:	6:qvSsGSLAqJmOXGmmHxrZvyfpBCSUYHBiRWFiD0i1McGb:cSK0qJmuGxHNZKfvCSFpeX1Mbb
MD5:	00D6622EB88364A80438D76411C34FB4
SHA1:	76A9B0C7565E8A6B0490AB3D4BC3A7EAFD38ED07
SHA-256:	047F4CE08B1012633159A9148025B805FD5ADD45E93A263883250A3F0D835307
SHA-512:	D50234E054076552FE9D41422F4DE8236F1AD866405A5CC9FAC0A0E420A143E5E1B5412A5474469FFABB0372B5469488137210B99EC62607F16D5F70C0AF77F7
Malicious:	false
Reputation:	low
Preview:	<html >.. <head>.. <script type="text/javascript">.. window.location.href = "https://tonymaster.com.br/wp-includes/widgets/secured_file/important_document/business_proposal.html".. </script>..</html>

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 13, 2022 23:49:10.678426027 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:11.444382906 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:16.404154062 CEST	62099	53	192.168.2.4	8.8.8.8
May 13, 2022 23:49:16.553663015 CEST	53	62099	8.8.8.8	192.168.2.4
May 13, 2022 23:49:22.629826069 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:22.638267994 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:23.003835917 CEST	64454	53	192.168.2.4	8.8.8.8
May 13, 2022 23:49:23.005274057 CEST	60506	53	192.168.2.4	8.8.8.8
May 13, 2022 23:49:23.007328033 CEST	64277	53	192.168.2.4	8.8.8.8
May 13, 2022 23:49:23.024899006 CEST	53	60506	8.8.8.8	192.168.2.4
May 13, 2022 23:49:23.026354074 CEST	53	64277	8.8.8.8	192.168.2.4
May 13, 2022 23:49:23.148395061 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:23.153961897 CEST	53	64454	8.8.8.8	192.168.2.4
May 13, 2022 23:49:23.380697012 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:23.390706062 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:23.898760080 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:24.131772995 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:24.141778946 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:24.534296036 CEST	60381	53	192.168.2.4	8.8.8.8
May 13, 2022 23:49:24.649807930 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:24.680119038 CEST	53	60381	8.8.8.8	192.168.2.4
May 13, 2022 23:49:25.909143925 CEST	54069	53	192.168.2.4	8.8.8.8
May 13, 2022 23:49:25.917642117 CEST	58171	53	192.168.2.4	8.8.8.8
May 13, 2022 23:49:25.917902946 CEST	57594	53	192.168.2.4	8.8.8.8
May 13, 2022 23:49:25.939382076 CEST	53	58171	8.8.8.8	192.168.2.4
May 13, 2022 23:49:26.142817020 CEST	61361	53	192.168.2.4	8.8.8.8
May 13, 2022 23:49:26.150445938 CEST	50445	53	192.168.2.4	8.8.8.8
May 13, 2022 23:49:26.154810905 CEST	51679	53	192.168.2.4	8.8.8.8
May 13, 2022 23:49:26.167845964 CEST	53	50445	8.8.8.8	192.168.2.4
May 13, 2022 23:49:26.175179958 CEST	53	51679	8.8.8.8	192.168.2.4
May 13, 2022 23:49:27.854721069 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:27.856034040 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:27.857364893 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:28.609114885 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:28.609153032 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:28.609158993 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:29.360296011 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:29.360337973 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:29.360344887 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:30.424854994 CEST	58816	53	192.168.2.4	8.8.8.8
May 13, 2022 23:49:30.427354097 CEST	58818	443	192.168.2.4	142.250.203.110
May 13, 2022 23:49:30.443783045 CEST	53	58816	8.8.8.8	192.168.2.4
May 13, 2022 23:49:30.457153082 CEST	443	58818	142.250.203.110	192.168.2.4
May 13, 2022 23:49:30.630016088 CEST	58818	443	192.168.2.4	142.250.203.110
May 13, 2022 23:49:30.659271002 CEST	443	58818	142.250.203.110	192.168.2.4
May 13, 2022 23:49:30.659317970 CEST	443	58818	142.250.203.110	192.168.2.4
May 13, 2022 23:49:30.659357071 CEST	443	58818	142.250.203.110	192.168.2.4
May 13, 2022 23:49:30.659398079 CEST	443	58818	142.250.203.110	192.168.2.4
May 13, 2022 23:49:30.709235907 CEST	58818	443	192.168.2.4	142.250.203.110
May 13, 2022 23:49:30.712728977 CEST	58818	443	192.168.2.4	142.250.203.110
May 13, 2022 23:49:30.740803957 CEST	58818	443	192.168.2.4	142.250.203.110
May 13, 2022 23:49:30.742053986 CEST	58818	443	192.168.2.4	142.250.203.110
May 13, 2022 23:49:30.783081055 CEST	443	58818	142.250.203.110	192.168.2.4
May 13, 2022 23:49:30.783251047 CEST	443	58818	142.250.203.110	192.168.2.4
May 13, 2022 23:49:30.784584999 CEST	443	58818	142.250.203.110	192.168.2.4
May 13, 2022 23:49:30.799081087 CEST	443	58818	142.250.203.110	192.168.2.4
May 13, 2022 23:49:30.799127102 CEST	443	58818	142.250.203.110	192.168.2.4
May 13, 2022 23:49:30.799155951 CEST	443	58818	142.250.203.110	192.168.2.4
May 13, 2022 23:49:30.841351032 CEST	58818	443	192.168.2.4	142.250.203.110
May 13, 2022 23:49:30.842962027 CEST	58818	443	192.168.2.4	142.250.203.110
May 13, 2022 23:49:30.906529903 CEST	58818	443	192.168.2.4	142.250.203.110
May 13, 2022 23:49:31.688170910 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:31.691123962 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:32.439654112 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:32.441572905 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:33.190670967 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:33.193656921 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:34.437593937 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:35.188838959 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:49:35.939863920 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:50:21.724215031 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:50:22.474831104 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:50:23.225989103 CEST	137	137	192.168.2.4	192.168.2.255
May 13, 2022 23:51:10.564116001 CEST	138	138	192.168.2.4	192.168.2.255

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:49:07 UTC	0	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Content-type: text/xml X-MSEdge-ExternalExpType: JointCoord X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40 X-PositionerType: Desktop X-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguage X-Search-SafeSearch: Moderate X-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8} X-UserAgeClass: Unknown X-BM-Market: US X-BM-DateFormat: M/d/yyyy X-CortanaAccessAboveLock: false X-Device-OSSKU: 48 X-BM-DTZ: 60 X-BM-FirstEnabledTime: 132061327679472806 X-DeviceID: 0100748C0900D485 X-BM-DeviceScale: 100 X-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time X-BM-Theme: 000000;0078d7 X-BM-DeviceDimensionsLogical: 1232x1024 X-BM-DeviceDimensions: 1232x1024 X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAcrCUQHVmc1QWYMPz0DXFqeRx8wamoowmwbwUSyNYpjtyJpJRDfEtLg1rKS4/zxABCoKsuMFRUBIP7PFid4xD2qKyI0URDzKuBMFjFkKzlG3Ps9MGF%2BBZXTdKnpAzZrlgOtRPCtamchXz28q0CRmPxXD6ZHI2rcMOvnUBLbt1zkoTBTKYibaVaGygpAEYQDTKkpAamKV8eOep8EnHN50LiR92MCKiQtLylSx/qTDVfvmE81bne2UzPZEbqlm/DPuKdzajAWp%2BXa91MUXk%2BgPu95uggy8QPGrNOWbn7IkTjFjqBdAhJ5m/BiU45rQu3ck%2B6RC%2BU%2BEalYU42PwbfQmsDwDZgAACHBtXI8rJNLaqAG5bveMLq14sdqoo9yPGDTdHxA7OjsAOmIxUTUXgi%2B44zK9rStYOMPMq4e6et15tJFBbG2jKGVdJMY3ZkTFu%2BHWNopmckOWLVgFNq79y3hmsdxc1wOedU50wO01k4tR95v4Imjx%2BJujGLa9TWHvuxeDQi9Y4ybY/y9vY1LteXSo0kKHbGazTsLNxyFfmSDOcn8ClbW9bmk0c4jHKD1yRpmMUoJ6GMEDPMqNOCkwrk63Ab7wPb/Ik//Xt/R1gr%2Bom7Tc2OeYYcdyru5UC/xxsJOAvl6NlTvqnrrwv3tNwIcpsdUqBF6TuxWSlAQvZrc4R0FfqAmC1gmCnHgcn6LOJmRb0NP4X2cysqVe7yMirSTCCMByWMIyPaVuut%2BME7E/g1i7%2BF6GOmOb4jaw5esWXZItZITutJph%2B%2BiB5Jhj5m5K8KwagRMAS5gWCtioSFd8CezxoiPqJxEvqdn2z7PYPJa2IEPLnuo8hgVRtHuU8/aTQiACqk%2BA7ilNPbpjD1XsiVE35rwQalWYecZgjOX1bVhMm1bTSpRC5s14qea2UC8ENIkJSR9nRsud1AE%3D%26p%3D X-Agent-DeviceId: 0100748C0900D485 X-BM-CBT: 1646732532 X-Device-isOptin: true X-Device-Touch: false X-Device-ClientSession: B3FD0EB2977A44E390C07B484049F516 X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeader Accept: / Accept-Language: en-US Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 Host: www.bing.com Content-Length: 87238 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=BEEBF15262804E24A8DF6781500AB975; _SS=CPID=1652478558452&AC=1&CPH=4ef661f2
2022-05-13 21:49:07 UTC	2	OUT	Data Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 31 34 44 35 41 36 39 41 42 45 46 46 36 39 36 32 30 31 34 35 41 44 30 35 42 46 43 37 36 38 35 38 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 31 66 61 37 30 66 62 64 31 62 66 63 34 39 66 61 38 64 65 65 61 62 63 31 34 36 35 65 65 61 64 62 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 43 46 22 3a 22 70 62 69 74 63 70 64 69 73 61 62 6c 65 64 2c 41 6d 62 69 65 Data Ascii: <ClientInstRequest><CID>14D5A69ABEFF69620145AD05BFC76858</CID><Events><E><T>Event.ClientInst</T><IG>1fa70fbd1bfc49fa8deeabc1465eeadb</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","CF":"pbitcpdisabled,Ambie
2022-05-13 21:49:07 UTC	18	OUT	Data Raw: 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 43 46 22 3a 22 70 62 69 74 63 70 64 69 73 61 62 6c 65 64 2c 41 6d 62 69 65 6e 74 57 69 64 65 73 63 72 65 65 6e 2c 72 73 31 6d 75 73 69 63 70 72 6f 64 2c 43 6f 72 74 61 6e 61 53 50 41 58 61 6d 6c 48 65 61 64 65 72 22 2c 22 54 22 3a 22 43 49 2e 51 46 50 65 72 66 50 69 6e 67 22 2c 22 53 54 22 3a 22 41 70 70 43 61 63 68 65 22 2c 22 43 56 49 44 22 3a 22 66 37 62 31 38 31 62 34 62 39 38 31 34 33 32 36 38 63 34 66 62 35 66 63 33 61 61 39 63 30 30 39 22 2c 22 4f 46 46 53 45 54 53 22 3a 5b 7b 22 49 22 3a 35 2c 22 45 22 3a 7b 22 30 Data Ascii: CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","CF":"pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeader","T":"CI.QFPerfPing","ST":"AppCache","CVID":"f7b181b4b98143268c4fb5fc3aa9c009","OFFSETS":[{"I":5,"E":{"0
2022-05-13 21:49:07 UTC	34	OUT	Data Raw: 31 33 2c 22 32 39 36 22 3a 31 7d 2c 22 66 62 63 53 63 6f 72 65 22 3a 30 2e 38 32 34 39 31 7d 7d 2c 7b 22 54 22 3a 22 44 2e 55 72 6c 22 2c 22 4b 22 3a 31 30 30 32 2c 22 51 22 3a 22 43 68 6f 6f 73 65 20 61 20 64 65 66 61 75 6c 74 20 77 65 62 20 62 72 6f 77 73 65 72 22 2c 22 4d 51 22 3a 22 64 65 66 61 75 6c 74 20 62 72 6f 77 73 65 72 22 2c 22 56 61 6c 22 3a 22 53 54 22 2c 22 48 6f 22 3a 32 2c 22 47 72 22 3a 31 2c 22 44 65 76 69 63 65 53 69 67 6e 61 6c 73 22 3a 7b 22 52 61 6e 6b 22 3a 38 31 32 36 2c 22 50 48 69 74 73 22 3a 22 53 79 73 74 65 6d 2e 50 61 72 73 69 6e 67 4e 61 6d 65 22 2c 22 49 64 22 3a 22 41 41 41 5f 53 79 73 74 65 6d 53 65 74 74 69 6e 67 73 5f 44 65 66 61 75 6c 74 41 70 70 73 5f 42 72 6f 77 73 65 72 22 2c 22 44 4e 61 6d 65 22 3a 22 43 68 6f 6f Data Ascii: 13,"296":1},"fbcScore":0.82491}},{"T":"D.Url","K":1002,"Q":"Choose a default web browser","MQ":"default browser","Val":"ST","Ho":2,"Gr":1,"DeviceSignals":{"Rank":8126,"PHits":"System.ParsingName","Id":"AAA_SystemSettings_DefaultApps_Browser","DName":"Choo
2022-05-13 21:49:07 UTC	50	OUT	Data Raw: 51 75 65 72 79 22 20 76 61 6c 75 65 3d 22 66 61 6c 73 65 22 2f 3e 3c 72 65 71 75 65 73 74 49 6e 66 6f 20 6b 65 79 3d 22 46 6f 72 6d 22 20 76 61 6c 75 65 3d 22 22 2f 3e 3c 75 73 65 72 49 6e 66 6f 20 6b 65 79 3d 22 41 70 70 4e 61 6d 65 22 20 76 61 6c 75 65 3d 22 53 6d 61 72 74 53 65 61 72 63 68 22 2f 3e 3c 2f 4f 76 72 3e 3c 2f 4d 3e 3c 2f 47 72 6f 75 70 3e 3c 47 72 6f 75 70 3e 3c 4d 3e 3c 49 47 3e 66 61 66 39 62 35 31 32 61 35 38 61 34 61 30 61 38 33 66 33 36 64 62 30 30 34 36 63 61 32 33 34 3c 2f 49 47 3e 3c 44 53 3e 3c 21 5b 43 44 41 54 41 5b 5b 7b 22 54 22 3a 22 44 2e 41 67 67 72 65 67 61 74 6f 72 22 2c 22 53 65 72 76 69 63 65 22 3a 22 41 75 74 6f 53 75 67 67 65 73 74 22 2c 22 53 63 65 6e 61 72 69 6f 22 3a 22 41 67 67 72 65 67 61 74 6f 72 22 2c 22 41 70 Data Ascii: Query" value="false"/><requestInfo key="Form" value=""/><userInfo key="AppName" value="SmartSearch"/></Ovr></M></Group><Group><M><IG>faf9b512a58a4a0a83f36db0046ca234</IG><DS><![CDATA[[{"T":"D.Aggregator","Service":"AutoSuggest","Scenario":"Aggregator","Ap
2022-05-13 21:49:07 UTC	66	OUT	Data Raw: 74 73 22 3a 22 53 79 73 74 65 6d 2e 50 61 72 73 69 6e 67 4e 61 6d 65 22 2c 22 49 64 22 3a 22 41 41 41 5f 53 65 74 74 69 6e 67 73 50 61 67 65 4e 65 74 77 6f 72 6b 53 74 61 74 75 73 22 2c 22 44 4e 61 6d 65 22 3a 22 4e 65 74 77 6f 72 6b 20 73 74 61 74 75 73 22 2c 22 4d 44 4e 22 3a 31 7d 7d 2c 7b 22 54 22 3a 22 44 2e 55 72 6c 22 2c 22 4b 22 3a 31 30 30 33 2c 22 51 22 3a 22 43 68 65 63 6b 20 6e 65 74 77 6f 72 6b 20 73 74 61 74 75 73 22 2c 22 56 61 6c 22 3a 22 53 54 22 2c 22 48 6f 22 3a 32 2c 22 47 72 22 3a 31 2c 22 44 65 76 69 63 65 53 69 67 6e 61 6c 73 22 3a 7b 22 52 61 6e 6b 22 3a 31 32 38 30 30 31 2c 22 50 48 69 74 73 22 3a 22 53 79 73 74 65 6d 2e 50 61 72 73 69 6e 67 4e 61 6d 65 22 2c 22 49 64 22 3a 22 41 41 41 5f 53 65 74 74 69 6e 67 73 5f 47 72 6f 75 70 Data Ascii: ts":"System.ParsingName","Id":"AAA_SettingsPageNetworkStatus","DName":"Network status","MDN":1}},{"T":"D.Url","K":1003,"Q":"Check network status","Val":"ST","Ho":2,"Gr":1,"DeviceSignals":{"Rank":128001,"PHits":"System.ParsingName","Id":"AAA_Settings_Group
2022-05-13 21:49:07 UTC	82	OUT	Data Raw: 2e 35 2c 22 31 33 36 22 3a 31 2c 22 31 33 37 22 3a 31 36 2c 22 31 35 37 22 3a 31 2c 22 31 35 39 22 3a 36 39 34 36 2c 22 31 36 39 22 3a 31 2c 22 32 36 34 22 3a 31 2c 22 32 36 39 22 3a 36 39 34 36 2c 22 32 37 30 22 3a 36 39 34 36 2c 22 32 38 34 22 3a 38 2c 22 32 39 36 22 3a 31 7d 2c 22 6d 72 75 53 75 70 70 72 65 73 73 69 6f 6e 53 63 6f 72 65 22 3a 30 2e 31 34 37 34 38 7d 7d 2c 7b 22 54 22 3a 22 44 2e 55 72 6c 22 2c 22 4b 22 3a 31 30 30 35 2c 22 51 22 3a 22 42 6c 6f 63 6b 20 6f 72 20 61 6c 6c 6f 77 20 70 6f 70 2d 75 70 73 22 2c 22 56 61 6c 22 3a 22 53 54 22 2c 22 48 6f 22 3a 32 2c 22 47 72 22 3a 31 2c 22 44 65 76 69 63 65 53 69 67 6e 61 6c 73 22 3a 7b 22 52 61 6e 6b 22 3a 38 36 38 2c 22 50 48 69 74 73 22 3a 22 53 79 73 74 65 6d 2e 50 61 72 73 69 6e 67 4e 61 Data Ascii: .5,"136":1,"137":16,"157":1,"159":6946,"169":1,"264":1,"269":6946,"270":6946,"284":8,"296":1},"mruSuppressionScore":0.14748}},{"T":"D.Url","K":1005,"Q":"Block or allow pop-ups","Val":"ST","Ho":2,"Gr":1,"DeviceSignals":{"Rank":868,"PHits":"System.ParsingNa
2022-05-13 21:49:07 UTC	87	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: FCAC0B6569884DA49E1F2AA279BFA114 Ref B: FRA31EDGE0612 Ref C: 2022-05-13T21:49:07Z Date: Fri, 13 May 2022 21:49:06 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:49:12 UTC	88	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Content-type: text/xml X-MSEdge-ExternalExpType: JointCoord X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40 X-PositionerType: Desktop X-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguage X-Search-SafeSearch: Moderate X-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8} X-UserAgeClass: Unknown X-BM-Market: US X-BM-DateFormat: M/d/yyyy X-CortanaAccessAboveLock: false X-Device-OSSKU: 48 X-BM-DTZ: 60 X-BM-FirstEnabledTime: 132061327679472806 X-DeviceID: 0100748C0900D485 X-BM-DeviceScale: 100 X-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time X-BM-Theme: 000000;0078d7 X-BM-DeviceDimensionsLogical: 1232x1024 X-BM-DeviceDimensions: 1232x1024 X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAcrCUQHVmc1QWYMPz0DXFqeRx8wamoowmwbwUSyNYpjtyJpJRDfEtLg1rKS4/zxABCoKsuMFRUBIP7PFid4xD2qKyI0URDzKuBMFjFkKzlG3Ps9MGF%2BBZXTdKnpAzZrlgOtRPCtamchXz28q0CRmPxXD6ZHI2rcMOvnUBLbt1zkoTBTKYibaVaGygpAEYQDTKkpAamKV8eOep8EnHN50LiR92MCKiQtLylSx/qTDVfvmE81bne2UzPZEbqlm/DPuKdzajAWp%2BXa91MUXk%2BgPu95uggy8QPGrNOWbn7IkTjFjqBdAhJ5m/BiU45rQu3ck%2B6RC%2BU%2BEalYU42PwbfQmsDwDZgAACHBtXI8rJNLaqAG5bveMLq14sdqoo9yPGDTdHxA7OjsAOmIxUTUXgi%2B44zK9rStYOMPMq4e6et15tJFBbG2jKGVdJMY3ZkTFu%2BHWNopmckOWLVgFNq79y3hmsdxc1wOedU50wO01k4tR95v4Imjx%2BJujGLa9TWHvuxeDQi9Y4ybY/y9vY1LteXSo0kKHbGazTsLNxyFfmSDOcn8ClbW9bmk0c4jHKD1yRpmMUoJ6GMEDPMqNOCkwrk63Ab7wPb/Ik//Xt/R1gr%2Bom7Tc2OeYYcdyru5UC/xxsJOAvl6NlTvqnrrwv3tNwIcpsdUqBF6TuxWSlAQvZrc4R0FfqAmC1gmCnHgcn6LOJmRb0NP4X2cysqVe7yMirSTCCMByWMIyPaVuut%2BME7E/g1i7%2BF6GOmOb4jaw5esWXZItZITutJph%2B%2BiB5Jhj5m5K8KwagRMAS5gWCtioSFd8CezxoiPqJxEvqdn2z7PYPJa2IEPLnuo8hgVRtHuU8/aTQiACqk%2BA7ilNPbpjD1XsiVE35rwQalWYecZgjOX1bVhMm1bTSpRC5s14qea2UC8ENIkJSR9nRsud1AE%3D%26p%3D X-Agent-DeviceId: 0100748C0900D485 X-BM-CBT: 1646732532 X-Device-isOptin: true X-Device-Touch: false X-Device-ClientSession: B3FD0EB2977A44E390C07B484049F516 X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeader Accept: / Accept-Language: en-US Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 Host: www.bing.com Content-Length: 88754 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=BEEBF15262804E24A8DF6781500AB975; _SS=CPID=1652478558452&AC=1&CPH=4ef661f2
2022-05-13 21:49:12 UTC	90	OUT	Data Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 31 34 44 35 41 36 39 41 42 45 46 46 36 39 36 32 30 31 34 35 41 44 30 35 42 46 43 37 36 38 35 38 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 43 30 34 30 39 45 38 34 43 37 45 43 34 44 31 36 41 32 43 44 44 41 34 38 30 35 45 32 44 33 43 34 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 43 46 22 3a 22 70 62 69 74 63 70 64 69 73 61 62 6c 65 64 2c 41 6d 62 69 65 Data Ascii: <ClientInstRequest><CID>14D5A69ABEFF69620145AD05BFC76858</CID><Events><E><T>Event.ClientInst</T><IG>C0409E84C7EC4D16A2CDDA4805E2D3C4</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","CF":"pbitcpdisabled,Ambie
2022-05-13 21:49:12 UTC	106	OUT	Data Raw: 22 51 46 22 2c 22 43 46 22 3a 22 70 62 69 74 63 70 64 69 73 61 62 6c 65 64 2c 41 6d 62 69 65 6e 74 57 69 64 65 73 63 72 65 65 6e 2c 72 73 31 6d 75 73 69 63 70 72 6f 64 2c 43 6f 72 74 61 6e 61 53 50 41 58 61 6d 6c 48 65 61 64 65 72 22 2c 22 54 65 78 74 22 3a 22 5b 63 6f 6e 73 74 72 61 69 6e 74 49 6e 64 65 78 44 6f 77 6e 6c 6f 61 64 65 72 2e 74 72 79 44 6f 77 6e 6c 6f 61 64 46 72 6f 6d 55 72 6c 41 73 79 6e 63 5d 20 44 6f 77 6e 6c 6f 61 64 20 66 61 69 6c 65 64 22 2c 22 53 74 61 63 6b 22 3a 22 5b 63 6f 6e 73 74 72 61 69 6e 74 49 6e 64 65 78 44 6f 77 6e 6c 6f 61 64 65 72 2e 74 72 79 44 6f 77 6e 6c 6f 61 64 46 72 6f 6d 55 72 6c 41 73 79 6e 63 5d 20 44 6f 77 6e 6c 6f 61 64 20 66 61 69 6c 65 64 5c 6e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f Data Ascii: "QF","CF":"pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeader","Text":"[constraintIndexDownloader.tryDownloadFromUrlAsync] Download failed","Stack":"[constraintIndexDownloader.tryDownloadFromUrlAsync] Download failed\nhttps://www.bing.com/
2022-05-13 21:49:12 UTC	122	OUT	Data Raw: 63 70 72 6f 64 2c 43 6f 72 74 61 6e 61 53 50 41 58 61 6d 6c 48 65 61 64 65 72 22 2c 22 65 72 72 6f 72 54 79 70 65 22 3a 22 53 65 6e 64 54 69 6d 65 64 4f 75 74 22 2c 22 66 61 69 6c 43 6f 75 6e 74 22 3a 31 2c 22 54 53 22 3a 31 35 39 35 34 39 39 39 32 34 39 31 36 2c 22 52 54 53 22 3a 35 35 36 39 2c 22 53 45 51 22 3a 32 2c 22 55 54 53 22 3a 31 36 35 32 34 37 38 35 36 38 34 37 39 7d 5d 5d 3e 3c 2f 44 3e 3c 54 53 3e 31 35 39 35 34 39 39 39 32 34 39 31 36 3c 2f 54 53 3e 3c 2f 45 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 43 30 34 30 39 45 38 34 43 37 45 43 34 44 31 36 41 32 43 44 44 41 34 38 30 35 45 32 44 33 43 34 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 Data Ascii: cprod,CortanaSPAXamlHeader","errorType":"SendTimedOut","failCount":1,"TS":1595499924916,"RTS":5569,"SEQ":2,"UTS":1652478568479}...</D><TS>1595499924916</TS></E><E><T>Event.ClientInst</T><IG>C0409E84C7EC4D16A2CDDA4805E2D3C4</IG><D><![CDATA[{"CurUrl":"https
2022-05-13 21:49:12 UTC	138	OUT	Data Raw: 74 6f 53 75 67 67 65 73 74 22 2c 22 53 63 65 6e 61 72 69 6f 22 3a 22 4d 50 50 22 2c 22 53 43 22 3a 31 2c 22 44 53 22 3a 5b 7b 22 54 22 3a 22 44 2e 55 72 6c 22 2c 22 4b 22 3a 31 30 30 33 2c 22 51 22 3a 22 54 61 73 6b 20 4d 61 6e 61 67 65 72 22 2c 22 56 61 6c 22 3a 22 50 50 22 2c 22 48 6f 22 3a 32 2c 22 47 72 22 3a 30 2c 22 48 53 22 3a 31 2c 22 44 65 76 69 63 65 53 69 67 6e 61 6c 73 22 3a 7b 22 52 61 6e 6b 22 3a 30 2c 22 50 48 69 74 73 22 3a 22 53 79 73 74 65 6d 2e 50 61 72 73 69 6e 67 4e 61 6d 65 22 2c 22 49 64 22 3a 22 4d 69 63 72 6f 73 6f 66 74 2e 41 75 74 6f 47 65 6e 65 72 61 74 65 64 2e 7b 39 32 33 44 44 34 37 37 2d 35 38 34 36 2d 36 38 36 42 2d 41 36 35 39 2d 30 46 43 43 44 37 33 38 35 31 41 38 7d 22 2c 22 44 4e 61 6d 65 22 3a 22 54 61 73 6b 20 4d 61 Data Ascii: toSuggest","Scenario":"MPP","SC":1,"DS":[{"T":"D.Url","K":1003,"Q":"Task Manager","Val":"PP","Ho":2,"Gr":0,"HS":1,"DeviceSignals":{"Rank":0,"PHits":"System.ParsingName","Id":"Microsoft.AutoGenerated.{923DD477-5846-686B-A659-0FCCD73851A8}","DName":"Task Ma
2022-05-13 21:49:12 UTC	154	OUT	Data Raw: 66 6f 22 3a 7b 22 4d 55 49 44 22 3a 22 42 45 45 42 46 31 35 32 36 32 38 30 34 45 32 34 41 38 44 46 36 37 38 31 35 30 30 41 42 39 37 35 22 2c 22 41 43 56 65 72 22 3a 22 34 65 66 36 36 31 66 32 22 2c 22 46 44 50 61 72 74 6e 65 72 45 6e 74 72 79 22 3a 22 61 75 74 6f 73 75 67 67 65 73 74 22 2c 22 69 73 4f 66 66 6c 69 6e 65 22 3a 30 2c 22 77 65 62 52 65 71 75 65 73 74 65 64 22 3a 31 2c 22 65 6e 74 72 79 50 6f 69 6e 74 22 3a 22 57 4e 53 53 54 42 22 2c 22 70 72 65 76 69 6f 75 73 45 78 70 65 72 69 65 6e 63 65 22 3a 22 53 65 61 72 63 68 42 6f 78 22 2c 22 64 65 76 69 63 65 48 69 73 74 6f 72 79 45 6e 61 62 6c 65 64 22 3a 31 2c 22 77 69 6e 64 6f 77 73 41 63 63 6f 75 6e 74 22 3a 22 33 22 2c 22 63 6f 72 74 61 6e 61 41 63 63 6f 75 6e 74 22 3a 22 33 22 2c 22 73 65 61 72 Data Ascii: fo":{"MUID":"BEEBF15262804E24A8DF6781500AB975","ACVer":"4ef661f2","FDPartnerEntry":"autosuggest","isOffline":0,"webRequested":1,"entryPoint":"WNSSTB","previousExperience":"SearchBox","deviceHistoryEnabled":1,"windowsAccount":"3","cortanaAccount":"3","sear
2022-05-13 21:49:12 UTC	170	OUT	Data Raw: 69 63 65 53 69 67 6e 61 6c 73 22 3a 7b 22 52 61 6e 6b 22 3a 30 2c 22 50 48 69 74 73 22 3a 22 53 79 73 74 65 6d 2e 50 61 72 73 69 6e 67 4e 61 6d 65 22 2c 22 49 64 22 3a 22 4d 69 63 72 6f 73 6f 66 74 2e 41 75 74 6f 47 65 6e 65 72 61 74 65 64 2e 7b 39 32 33 44 44 34 37 37 2d 35 38 34 36 2d 36 38 36 42 2d 41 36 35 39 2d 30 46 43 43 44 37 33 38 35 31 41 38 7d 22 2c 22 44 4e 61 6d 65 22 3a 22 54 61 73 6b 20 4d 61 6e 61 67 65 72 22 2c 22 41 70 70 4c 6e 63 68 22 3a 30 2c 22 41 72 67 73 22 3a 30 2c 22 4d 44 4e 22 3a 30 2c 22 45 78 74 22 3a 22 2e 65 78 65 22 7d 7d 5d 7d 2c 7b 22 54 22 3a 22 44 2e 50 50 22 2c 22 41 70 70 4e 53 22 3a 22 53 6d 61 72 74 53 65 61 72 63 68 22 2c 22 53 65 72 76 69 63 65 22 3a 22 41 75 74 6f 53 75 67 67 65 73 74 22 2c 22 53 63 65 6e 61 72 Data Ascii: iceSignals":{"Rank":0,"PHits":"System.ParsingName","Id":"Microsoft.AutoGenerated.{923DD477-5846-686B-A659-0FCCD73851A8}","DName":"Task Manager","AppLnch":0,"Args":0,"MDN":0,"Ext":".exe"}}]},{"T":"D.PP","AppNS":"SmartSearch","Service":"AutoSuggest","Scenar
2022-05-13 21:49:12 UTC	177	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: CCE6D117F6C84199803C35DCFC9CC99F Ref B: FRA31EDGE0618 Ref C: 2022-05-13T21:49:12Z Date: Fri, 13 May 2022 21:49:11 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:49:24 UTC	185	IN	HTTP/1.1 200 OK Date: Fri, 13 May 2022 21:49:23 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 12 May 2022 06:01:34 GMT Accept-Ranges: bytes Content-Length: 192 Vary: Accept-Encoding Content-Type: text/html
2022-05-13 21:49:24 UTC	185	IN	Data Raw: 3c 6f 62 6a 65 63 74 20 64 61 74 61 3d 22 68 74 74 70 73 3a 2f 2f 74 6f 6e 79 6d 61 73 74 65 72 2e 63 6f 6d 2e 62 72 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 63 65 72 74 69 66 69 63 61 74 65 73 2f 63 65 72 74 69 66 69 63 61 74 65 73 2f 69 6d 70 6f 72 74 61 6e 74 5f 64 6f 63 75 6d 65 6e 74 2e 68 74 6d 6c 22 20 69 64 3d 22 6f 62 6a 22 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 68 65 69 67 68 74 3d 22 31 30 30 25 22 20 74 79 70 65 3d 22 74 65 78 74 2f 68 74 6d 6c 22 3e 0d 0a 20 20 20 20 41 6c 74 65 72 6e 61 74 69 76 65 20 43 6f 6e 74 65 6e 74 0d 0a 3c 2f 6f 62 6a 65 63 74 3e Data Ascii: <object data="https://tonymaster.com.br/wp-includes/certificates/certificates/important_document.html" id="obj" width="100%" height="100%" type="text/html"> Alternative Content</object>

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:49:25 UTC	187	IN	HTTP/1.1 301 Moved Permanently Date: Fri, 13 May 2022 21:49:25 GMT Server: Apache Location: https://_wildcard_.avenue180.com/php/php/sec/ Content-Length: 253 Connection: close Content-Type: text/html; charset=iso-8859-1
2022-05-13 21:49:25 UTC	187	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 5f 77 69 6c 64 63 61 72 64 5f 2e 61 76 65 6e 75 65 31 38 30 2e 63 6f 6d 2f 70 68 70 2f 70 68 70 2f 73 65 63 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://_wildcard_.avenue180.com/php/php/sec/">here</a>.</p></body></html>

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:49:26 UTC	394	IN	HTTP/1.1 200 OK Date: Fri, 13 May 2022 21:49:26 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03fa9-4af4" Last-Modified: Mon, 04 May 2020 16:15:37 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" CF-Cache-Status: HIT Age: 1376711 Expires: Wed, 03 May 2023 21:49:26 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p1WRvqRrzLwyA7J7UjLjz8dGbDxyLx8Nv%2FhVnMR2yva9Vq%2FYG9N3lqlMuXjDYQeaC9j3LHvq41GeQCCjjrM9R%2B7R%2B4HqxumAzeBBDyDdk%2FfeoPm1MOH9bFJNT5KldXOrbKNsdt0u"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 70ae9a9f0e5c9195-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2022-05-13 21:49:26 UTC	395	IN	Data Raw: 34 61 66 34 0d 0a 2f 2a 0a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 46 65 64 65 72 69 63 6f 20 5a 69 76 6f 6c 6f 20 32 30 31 37 0a 20 44 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 28 6c 69 63 65 6e 73 65 20 74 65 72 6d 73 20 61 72 65 20 61 74 20 68 74 74 70 3a 2f 2f 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 4d 49 54 29 2e 0a 20 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 27 6f 62 6a 65 63 74 27 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 27 75 6e 64 65 66 69 6e 65 64 27 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 27 66 75 6e 63 74 69 6f 6e 27 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 Data Ascii: 4af4/* Copyright (C) Federico Zivolo 2017 Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT). */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&
2022-05-13 21:49:26 UTC	396	IN	Data Raw: 70 65 72 3d 74 28 29 7d 29 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 66 75 6e 63 74 69 6f 6e 20 65 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 27 5b 6f 62 6a 65 63 74 20 46 75 6e 63 74 69 6f 6e 5d 27 3d 3d 3d 7b 7d 2e 74 6f 53 74 72 69 6e 67 2e 63 61 6c 6c 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 2c 74 29 7b 69 66 28 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e 5b 5d 3b 76 61 72 20 6f 3d 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 65 2c 6e 75 6c 6c 29 3b 72 65 74 75 72 6e 20 74 3f 6f 5b 74 5d 3a 6f 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 72 65 74 75 72 6e 27 48 54 4d 4c 27 3d 3d 3d 65 2e 6e 6f 64 65 4e 61 6d 65 3f 65 3a 65 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 65 2e 68 6f Data Ascii: per=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.ho
2022-05-13 21:49:26 UTC	397	IN	Data Raw: 27 48 54 4d 4c 27 3d 3d 3d 69 29 7b 76 61 72 20 6e 3d 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 72 3d 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 73 63 72 6f 6c 6c 69 6e 67 45 6c 65 6d 65 6e 74 7c 7c 6e 3b 72 65 74 75 72 6e 20 72 5b 6f 5d 7d 72 65 74 75 72 6e 20 65 5b 6f 5d 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 65 2c 74 29 7b 76 61 72 20 6f 3d 32 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 76 6f 69 64 20 30 21 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 32 5d 26 26 61 72 67 75 6d 65 6e 74 73 5b 32 5d 2c 69 3d 61 28 74 2c 27 74 6f 70 27 29 2c 6e 3d 61 28 74 2c 27 6c 65 66 74 27 29 2c 72 3d 6f 3f 2d 31 3a 31 3b 72 65 74 75 72 6e 20 65 2e 74 6f 70 2b 3d 69 2a 72 2c 65 2e 62 6f 74 74 6f 6d 2b 3d 69 Data Ascii: 'HTML'===i){var n=e.ownerDocument.documentElement,r=e.ownerDocument.scrollingElement\|\|n;return r[o]}return e[o]}function l(e,t){var o=2<arguments.length&&void 0!==arguments[2]&&arguments[2],i=a(t,'top'),n=a(t,'left'),r=o?-1:1;return e.top+=i*r,e.bottom+=i
2022-05-13 21:49:26 UTC	398	IN	Data Raw: 2c 72 3d 27 48 54 4d 4c 27 3d 3d 3d 6f 2e 6e 6f 64 65 4e 61 6d 65 2c 70 3d 67 28 65 29 2c 73 3d 67 28 6f 29 2c 64 3d 6e 28 65 29 2c 61 3d 74 28 6f 29 2c 66 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 2e 62 6f 72 64 65 72 54 6f 70 57 69 64 74 68 2c 31 30 29 2c 6d 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 2e 62 6f 72 64 65 72 4c 65 66 74 57 69 64 74 68 2c 31 30 29 2c 68 3d 63 28 7b 74 6f 70 3a 70 2e 74 6f 70 2d 73 2e 74 6f 70 2d 66 2c 6c 65 66 74 3a 70 2e 6c 65 66 74 2d 73 2e 6c 65 66 74 2d 6d 2c 77 69 64 74 68 3a 70 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 70 2e 68 65 69 67 68 74 7d 29 3b 69 66 28 68 2e 6d 61 72 67 69 6e 54 6f 70 3d 30 2c 68 2e 6d 61 72 67 69 6e 4c 65 66 74 3d 30 2c 21 69 26 26 72 29 7b 76 61 72 20 75 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 2e 6d Data Ascii: ,r='HTML'===o.nodeName,p=g(e),s=g(o),d=n(e),a=t(o),f=parseFloat(a.borderTopWidth,10),m=parseFloat(a.borderLeftWidth,10),h=c({top:p.top-s.top-f,left:p.left-s.left-m,width:p.width,height:p.height});if(h.marginTop=0,h.marginLeft=0,!i&&r){var u=parseFloat(a.m
2022-05-13 21:49:26 UTC	400	IN	Data Raw: 3b 69 66 28 2d 31 3d 3d 3d 65 2e 69 6e 64 65 78 4f 66 28 27 61 75 74 6f 27 29 29 72 65 74 75 72 6e 20 65 3b 76 61 72 20 70 3d 79 28 6f 2c 69 2c 72 2c 6e 29 2c 73 3d 7b 74 6f 70 3a 7b 77 69 64 74 68 3a 70 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 74 2e 74 6f 70 2d 70 2e 74 6f 70 7d 2c 72 69 67 68 74 3a 7b 77 69 64 74 68 3a 70 2e 72 69 67 68 74 2d 74 2e 72 69 67 68 74 2c 68 65 69 67 68 74 3a 70 2e 68 65 69 67 68 74 7d 2c 62 6f 74 74 6f 6d 3a 7b 77 69 64 74 68 3a 70 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 70 2e 62 6f 74 74 6f 6d 2d 74 2e 62 6f 74 74 6f 6d 7d 2c 6c 65 66 74 3a 7b 77 69 64 74 68 3a 74 2e 6c 65 66 74 2d 70 2e 6c 65 66 74 2c 68 65 69 67 68 74 3a 70 2e 68 65 69 67 68 74 7d 7d 2c 64 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 73 29 2e 6d 61 70 28 66 Data Ascii: ;if(-1===e.indexOf('auto'))return e;var p=y(o,i,r,n),s={top:{width:p.width,height:t.top-p.top},right:{width:p.right-t.right,height:p.height},bottom:{width:p.width,height:p.bottom-t.bottom},left:{width:t.left-p.left,height:p.height}},d=Object.keys(s).map(f
2022-05-13 21:49:26 UTC	401	IN	Data Raw: 6e 20 65 2e 69 6e 64 65 78 4f 66 28 69 29 7d 66 75 6e 63 74 69 6f 6e 20 43 28 74 2c 6f 2c 69 29 7b 76 61 72 20 6e 3d 76 6f 69 64 20 30 3d 3d 3d 69 3f 74 3a 74 2e 73 6c 69 63 65 28 30 2c 44 28 74 2c 27 6e 61 6d 65 27 2c 69 29 29 3b 72 65 74 75 72 6e 20 6e 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 5b 27 66 75 6e 63 74 69 6f 6e 27 5d 26 26 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 27 60 6d 6f 64 69 66 69 65 72 2e 66 75 6e 63 74 69 6f 6e 60 20 69 73 20 64 65 70 72 65 63 61 74 65 64 2c 20 75 73 65 20 60 6d 6f 64 69 66 69 65 72 2e 66 6e 60 21 27 29 3b 76 61 72 20 69 3d 74 5b 27 66 75 6e 63 74 69 6f 6e 27 5d 7c 7c 74 2e 66 6e 3b 74 2e 65 6e 61 62 6c 65 64 26 26 65 28 69 29 26 26 28 6f 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 3d 63 28 6f Data Ascii: n e.indexOf(i)}function C(t,o,i){var n=void 0===i?t:t.slice(0,D(t,'name',i));return n.forEach(function(t){t['function']&&console.warn('`modifier.function` is deprecated, use `modifier.fn`!');var i=t['function']\|\|t.fn;t.enabled&&e(i)&&(o.offsets.popper=c(o
2022-05-13 21:49:26 UTC	402	IN	Data Raw: 27 27 2c 74 68 69 73 2e 70 6f 70 70 65 72 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 27 2c 74 68 69 73 2e 70 6f 70 70 65 72 2e 73 74 79 6c 65 2e 74 6f 70 3d 27 27 2c 74 68 69 73 2e 70 6f 70 70 65 72 2e 73 74 79 6c 65 5b 57 28 27 74 72 61 6e 73 66 6f 72 6d 27 29 5d 3d 27 27 29 2c 74 68 69 73 2e 64 69 73 61 62 6c 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 73 28 29 2c 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 72 65 6d 6f 76 65 4f 6e 44 65 73 74 72 6f 79 26 26 74 68 69 73 2e 70 6f 70 70 65 72 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 74 68 69 73 2e 70 6f 70 70 65 72 29 2c 74 68 69 73 7d 66 75 6e 63 74 69 6f 6e 20 42 28 65 29 7b 76 61 72 20 74 3d 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3b 72 65 74 75 72 6e 20 74 3f 74 2e Data Ascii: '',this.popper.style.position='',this.popper.style.top='',this.popper.style[W('transform')]=''),this.disableEventListeners(),this.options.removeOnDestroy&&this.popper.parentNode.removeChild(this.popper),this}function B(e){var t=e.ownerDocument;return t?t.
2022-05-13 21:49:26 UTC	404	IN	Data Raw: 69 6f 6e 28 6f 29 7b 76 61 72 20 69 3d 74 5b 6f 5d 3b 21 31 3d 3d 3d 69 3f 65 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 6f 29 3a 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6f 2c 74 5b 6f 5d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 46 28 65 2c 74 2c 6f 29 7b 76 61 72 20 69 3d 54 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6f 3d 65 2e 6e 61 6d 65 3b 72 65 74 75 72 6e 20 6f 3d 3d 3d 74 7d 29 2c 6e 3d 21 21 69 26 26 65 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 6e 61 6d 65 3d 3d 3d 6f 26 26 65 2e 65 6e 61 62 6c 65 64 26 26 65 2e 6f 72 64 65 72 3c 69 2e 6f 72 64 65 72 7d 29 3b 69 66 28 21 6e 29 7b 76 61 72 20 72 3d 27 60 27 2b 74 2b 27 60 27 3b 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 27 60 27 2b 6f 2b Data Ascii: ion(o){var i=t[o];!1===i?e.removeAttribute(o):e.setAttribute(o,t[o])})}function F(e,t,o){var i=T(e,function(e){var o=e.name;return o===t}),n=!!i&&e.some(function(e){return e.name===o&&e.enabled&&e.order<i.order});if(!n){var r='`'+t+'`';console.warn('`'+o+
2022-05-13 21:49:26 UTC	405	IN	Data Raw: 5d 2e 63 6f 6e 63 61 74 28 70 2e 73 6c 69 63 65 28 73 2b 31 29 29 5d 3b 72 65 74 75 72 6e 20 61 3d 61 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 65 2c 69 29 7b 76 61 72 20 6e 3d 28 31 3d 3d 3d 69 3f 21 72 3a 72 29 3f 27 68 65 69 67 68 74 27 3a 27 77 69 64 74 68 27 2c 70 3d 21 31 3b 72 65 74 75 72 6e 20 65 2e 72 65 64 75 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 27 27 3d 3d 3d 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 26 26 2d 31 21 3d 3d 5b 27 2b 27 2c 27 2d 27 5d 2e 69 6e 64 65 78 4f 66 28 74 29 3f 28 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 3d 74 2c 70 3d 21 30 2c 65 29 3a 70 3f 28 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 2b 3d 74 2c 70 3d 21 31 2c 65 29 3a 65 2e 63 6f 6e 63 61 74 28 74 29 7d 2c 5b 5d 29 2e 6d 61 70 28 66 75 6e 63 74 Data Ascii: ].concat(p.slice(s+1))];return a=a.map(function(e,i){var n=(1===i?!r:r)?'height':'width',p=!1;return e.reduce(function(e,t){return''===e[e.length-1]&&-1!==['+','-'].indexOf(t)?(e[e.length-1]=t,p=!0,e):p?(e[e.length-1]+=t,p=!1,e):e.concat(t)},[]).map(funct
2022-05-13 21:49:26 UTC	406	IN	Data Raw: 62 6c 65 3d 6f 2e 65 6e 75 6d 65 72 61 62 6c 65 7c 7c 21 31 2c 6f 2e 63 6f 6e 66 69 67 75 72 61 62 6c 65 3d 21 30 2c 27 76 61 6c 75 65 27 69 6e 20 6f 26 26 28 6f 2e 77 72 69 74 61 62 6c 65 3d 21 30 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 6f 2e 6b 65 79 2c 6f 29 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 2c 6f 2c 69 29 7b 72 65 74 75 72 6e 20 6f 26 26 65 28 74 2e 70 72 6f 74 6f 74 79 70 65 2c 6f 29 2c 69 26 26 65 28 74 2c 69 29 2c 74 7d 7d 28 29 2c 70 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6f 29 7b 72 65 74 75 72 6e 20 74 20 69 6e 20 65 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 74 2c 7b 76 61 6c 75 65 3a 6f 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 Data Ascii: ble=o.enumerable\|\|!1,o.configurable=!0,'value'in o&&(o.writable=!0),Object.defineProperty(e,o.key,o)}return function(t,o,i){return o&&e(t.prototype,o),i&&e(t,i),t}}(),pe=function(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,config
2022-05-13 21:49:26 UTC	408	IN	Data Raw: 2e 6d 6f 64 69 66 69 65 72 73 5b 65 5d 29 7d 29 2e 73 6f 72 74 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 65 2e 6f 72 64 65 72 2d 74 2e 6f 72 64 65 72 7d 29 2c 74 68 69 73 2e 6d 6f 64 69 66 69 65 72 73 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 65 6e 61 62 6c 65 64 26 26 65 28 74 2e 6f 6e 4c 6f 61 64 29 26 26 74 2e 6f 6e 4c 6f 61 64 28 6e 2e 72 65 66 65 72 65 6e 63 65 2c 6e 2e 70 6f 70 70 65 72 2c 6e 2e 6f 70 74 69 6f 6e 73 2c 74 2c 6e 2e 73 74 61 74 65 29 7d 29 2c 74 68 69 73 2e 75 70 64 61 74 65 28 29 3b 76 61 72 20 70 3d 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 65 76 65 6e 74 73 45 6e 61 62 6c 65 64 3b 70 26 26 74 68 69 73 2e 65 6e 61 62 6c 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 73 28 29 2c 74 68 69 73 Data Ascii: .modifiers[e])}).sort(function(e,t){return e.order-t.order}),this.modifiers.forEach(function(t){t.enabled&&e(t.onLoad)&&t.onLoad(n.reference,n.popper,n.options,t,n.state)}),this.update();var p=this.options.eventsEnabled;p&&this.enableEventListeners(),this
2022-05-13 21:49:26 UTC	409	IN	Data Raw: 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6f 3d 70 5b 65 5d 3b 72 65 74 75 72 6e 20 70 5b 65 5d 3c 69 5b 65 5d 26 26 21 74 2e 65 73 63 61 70 65 57 69 74 68 52 65 66 65 72 65 6e 63 65 26 26 28 6f 3d 4a 28 70 5b 65 5d 2c 69 5b 65 5d 29 29 2c 70 65 28 7b 7d 2c 65 2c 6f 29 7d 2c 73 65 63 6f 6e 64 61 72 79 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6f 3d 27 72 69 67 68 74 27 3d 3d 3d 65 3f 27 6c 65 66 74 27 3a 27 74 6f 70 27 2c 6e 3d 70 5b 6f 5d 3b 72 65 74 75 72 6e 20 70 5b 65 5d 3e 69 5b 65 5d 26 26 21 74 2e 65 73 63 61 70 65 57 69 74 68 52 65 66 65 72 65 6e 63 65 26 26 28 6e 3d 5f 28 70 5b 6f 5d 2c 69 5b 65 5d 2d 28 27 72 69 67 68 74 27 3d 3d 3d 65 3f 70 2e 77 69 64 74 68 3a 70 2e 68 65 69 67 68 74 29 29 29 2c 70 65 28 7b 7d 2c 6f 2c 6e 29 7d 7d 3b 72 Data Ascii: ction(e){var o=p[e];return p[e]<i[e]&&!t.escapeWithReference&&(o=J(p[e],i[e])),pe({},e,o)},secondary:function(e){var o='right'===e?'left':'top',n=p[o];return p[e]>i[e]&&!t.escapeWithReference&&(n=_(p[o],i[e]-('right'===e?p.width:p.height))),pe({},o,n)}};r
2022-05-13 21:49:26 UTC	410	IN	Data Raw: 64 5b 67 5d 2d 75 29 29 2c 64 5b 6d 5d 2b 75 3e 73 5b 67 5d 26 26 28 65 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 5b 6d 5d 2b 3d 64 5b 6d 5d 2b 75 2d 73 5b 67 5d 29 2c 65 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 3d 63 28 65 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 29 3b 76 61 72 20 62 3d 64 5b 6d 5d 2b 64 5b 6c 5d 2f 32 2d 75 2f 32 2c 77 3d 74 28 65 2e 69 6e 73 74 61 6e 63 65 2e 70 6f 70 70 65 72 29 2c 79 3d 70 61 72 73 65 46 6c 6f 61 74 28 77 5b 27 6d 61 72 67 69 6e 27 2b 66 5d 2c 31 30 29 2c 45 3d 70 61 72 73 65 46 6c 6f 61 74 28 77 5b 27 62 6f 72 64 65 72 27 2b 66 2b 27 57 69 64 74 68 27 5d 2c 31 30 29 2c 76 3d 62 2d 65 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 5b 6d 5d 2d 79 2d 45 3b 72 65 74 75 72 6e 20 76 3d 4a 28 5f 28 73 5b 6c 5d 2d Data Ascii: d[g]-u)),d[m]+u>s[g]&&(e.offsets.popper[m]+=d[m]+u-s[g]),e.offsets.popper=c(e.offsets.popper);var b=d[m]+d[l]/2-u/2,w=t(e.instance.popper),y=parseFloat(w['margin'+f],10),E=parseFloat(w['border'+f+'Width'],10),v=b-e.offsets.popper[m]-y-E;return v=J(_(s[l]-
2022-05-13 21:49:26 UTC	412	IN	Data Raw: 75 29 3b 28 6d 7c 7c 62 7c 7c 79 29 26 26 28 65 2e 66 6c 69 70 70 65 64 3d 21 30 2c 28 6d 7c 7c 62 29 26 26 28 69 3d 70 5b 64 2b 31 5d 29 2c 79 26 26 28 72 3d 4b 28 72 29 29 2c 65 2e 70 6c 61 63 65 6d 65 6e 74 3d 69 2b 28 72 3f 27 2d 27 2b 72 3a 27 27 29 2c 65 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 3d 73 65 28 7b 7d 2c 65 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 2c 53 28 65 2e 69 6e 73 74 61 6e 63 65 2e 70 6f 70 70 65 72 2c 65 2e 6f 66 66 73 65 74 73 2e 72 65 66 65 72 65 6e 63 65 2c 65 2e 70 6c 61 63 65 6d 65 6e 74 29 29 2c 65 3d 43 28 65 2e 69 6e 73 74 61 6e 63 65 2e 6d 6f 64 69 66 69 65 72 73 2c 65 2c 27 66 6c 69 70 27 29 29 7d 29 2c 65 7d 2c 62 65 68 61 76 69 6f 72 3a 27 66 6c 69 70 27 2c 70 61 64 64 69 6e 67 3a 35 2c 62 6f 75 6e 64 61 72 69 Data Ascii: u);(m\|\|b\|\|y)&&(e.flipped=!0,(m\|\|b)&&(i=p[d+1]),y&&(r=K(r)),e.placement=i+(r?'-'+r:''),e.offsets.popper=se({},e.offsets.popper,S(e.instance.popper,e.offsets.reference,e.placement)),e=C(e.instance.modifiers,e,'flip'))}),e},behavior:'flip',padding:5,boundari
2022-05-13 21:49:26 UTC	413	IN	Data Raw: 6c 3d 72 28 65 2e 69 6e 73 74 61 6e 63 65 2e 70 6f 70 70 65 72 29 2c 66 3d 67 28 6c 29 2c 6d 3d 7b 70 6f 73 69 74 69 6f 6e 3a 6e 2e 70 6f 73 69 74 69 6f 6e 7d 2c 68 3d 7b 6c 65 66 74 3a 58 28 6e 2e 6c 65 66 74 29 2c 74 6f 70 3a 58 28 6e 2e 74 6f 70 29 2c 62 6f 74 74 6f 6d 3a 58 28 6e 2e 62 6f 74 74 6f 6d 29 2c 72 69 67 68 74 3a 58 28 6e 2e 72 69 67 68 74 29 7d 2c 63 3d 27 62 6f 74 74 6f 6d 27 3d 3d 3d 6f 3f 27 74 6f 70 27 3a 27 62 6f 74 74 6f 6d 27 2c 75 3d 27 72 69 67 68 74 27 3d 3d 3d 69 3f 27 6c 65 66 74 27 3a 27 72 69 67 68 74 27 2c 62 3d 57 28 27 74 72 61 6e 73 66 6f 72 6d 27 29 3b 69 66 28 64 3d 27 62 6f 74 74 6f 6d 27 3d 3d 63 3f 2d 66 2e 68 65 69 67 68 74 2b 68 2e 62 6f 74 74 6f 6d 3a 68 2e 74 6f 70 2c 73 3d 27 72 69 67 68 74 27 3d 3d 75 3f 2d 66 Data Ascii: l=r(e.instance.popper),f=g(l),m={position:n.position},h={left:X(n.left),top:X(n.top),bottom:X(n.bottom),right:X(n.right)},c='bottom'===o?'top':'bottom',u='right'===i?'left':'right',b=W('transform');if(d='bottom'==c?-f.height+h.bottom:h.top,s='right'==u?-f
2022-05-13 21:49:26 UTC	414	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:49:17 UTC	178	IN	HTTP/1.1 200 OK Date: Fri, 13 May 2022 21:49:17 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 13 May 2022 14:52:02 GMT Accept-Ranges: bytes Content-Length: 227 Vary: Accept-Encoding Content-Type: text/html
2022-05-13 21:49:17 UTC	178	IN	Data Raw: 3c 68 74 6d 6c 20 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 22 68 74 74 70 73 3a 2f 2f 74 6f 6e 79 6d 61 73 74 65 72 2e 63 6f 6d 2e 62 72 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 77 69 64 67 65 74 73 2f 73 65 63 75 72 65 64 5f 66 69 6c 65 2f 69 6d 70 6f 72 74 61 6e 74 5f 64 6f 63 75 6d 65 6e 74 2f 62 75 73 69 6e 65 73 73 5f 70 72 6f 70 6f 73 61 6c 2e 68 74 6d 6c 22 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html > <head> <script type="text/javascript"> window.location.href = "https://tonymaster.com.br/wp-includes/widgets/secured_file/important_document/business_proposal.html" </script></html>

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:49:23 UTC	178	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
2022-05-13 21:49:23 UTC	179	OUT	Data Raw: 20 Data Ascii:

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:49:31 UTC	2803	IN	HTTP/1.1 200 OK Date: Fri, 13 May 2022 21:49:31 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 26 Jan 2020 22:27:16 GMT Accept-Ranges: bytes Content-Length: 16538 Content-Type: image/png
2022-05-13 21:49:31 UTC	2804	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 f2 00 00 00 a7 08 06 00 00 00 2b 2b 01 e0 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 39 ee 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 0a 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d Data Ascii: PNGIHDR++ cHRMz&u0`:pQ<sRGBgAMAapHYs9iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?><x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
2022-05-13 21:49:31 UTC	2823	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:
2022-05-13 21:49:31 UTC	2831	IN	Data Raw: 49 96 a1 3c bb e8 a2 65 4b 98 90 45 fc 93 70 39 a2 47 cc d5 37 c8 30 b0 02 e6 6e 3d 42 1e f6 cf 18 23 d8 bb c0 25 e0 e2 f1 12 c2 d9 1c e4 d5 07 77 4f c4 e2 a5 85 bd 1b c6 15 e9 42 16 30 bd f5 08 f9 ed a3 b5 88 61 2e 69 3e 23 7f 8a b8 04 5c 3c 5e c2 54 52 7f d9 f5 24 60 66 f7 23 e4 15 87 ba b6 1b 8b 98 15 2c bf 23 8b 98 0c 7e 0c f9 4a c3 2d 62 a2 a9 cd e4 15 df fe d0 d5 86 5b c8 44 d6 32 ea 65 43 16 31 b3 68 11 74 ba 6f ad 45 4c 34 65 26 8b c7 cb 53 96 0c b9 c5 1d 0e 7a 7b f4 7c 2a e8 54 3b f2 d9 45 82 9e ce cc e9 72 21 db 8d 59 c1 d1 98 d3 ec c8 67 ee 72 30 d2 91 99 4d f7 65 17 cc 64 6f cc 4b 85 ec b1 9a 15 ed 89 39 c5 8e bc f7 ae 06 51 7d 9a 61 8f d6 b0 00 21 c3 24 6a bb f2 32 21 fb 7c 4c 06 5b 31 db 91 61 01 42 86 05 08 19 26 f3 ee f1 5a c8 b0 80 6f 21 Data Ascii: I<eKEp9G70n=B#%wOB0a.i>#\<^TR$`f#,#~J-b[D2eC1htoEL4e&Sz{\|*T;Er!Ygr0MedoK9Q}a!$j2!\|L[1aB&Zo!

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:49:31 UTC	2811	IN	HTTP/1.1 404 Not Found Date: Fri, 13 May 2022 21:49:31 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sat, 02 May 2020 00:40:58 GMT Accept-Ranges: bytes Content-Length: 11816 Vary: Accept-Encoding Content-Type: text/html
2022-05-13 21:49:31 UTC	2812	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Typ
2022-05-13 21:49:31 UTC	2819	IN	Data Raw: 69 74 65 43 6f 6e 64 20 25 7b 52 45 51 55 45 53 54 5f 46 49 4c 45 4e 41 4d 45 7d 20 21 2d 64 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 52 65 77 72 69 74 65 52 75 6c 65 20 2e 20 2f 69 6e 64 65 78 2e 70 68 70 20 5b 4c 5d 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 26 6c 74 3b 2f 49 66 4d 6f 64 75 6c 65 26 67 74 3b 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 23 20 45 6e 64 20 57 6f 72 64 50 72 65 73 73 0a 09 09 09 09 09 09 09 09 09 3c 2f 70 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 3c 70 3e 49 66 20 79 6f 75 72 20 62 6c 6f 67 20 69 73 20 73 68 6f 77 69 6e 67 20 74 68 65 20 77 72 6f 6e 67 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 69 6e 20 6c 69 6e 6b 73 2c 20 72 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 61 6e 6f 74 68 65 Data Ascii: iteCond %{REQUEST_FILENAME} !-d<br>RewriteRule . /index.php [L]<br></IfModule><br># End WordPress</p></div><p>If your blog is showing the wrong domain name in links, redirecting to anothe

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:49:35 UTC	2832	IN	HTTP/1.1 200 OK Date: Fri, 13 May 2022 21:49:35 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 19 Jan 2020 06:50:20 GMT Accept-Ranges: bytes Content-Length: 18147 Content-Type: image/png
2022-05-13 21:49:35 UTC	2832	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 bb 00 00 00 bc 08 06 00 00 00 20 95 df d2 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 3a ee 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 0a 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d Data Ascii: PNGIHDR cHRMz&u0`:pQ<sRGBgAMAapHYs:iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?><x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
2022-05-13 21:49:35 UTC	2841	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii:
2022-05-13 21:49:35 UTC	2849	IN	Data Raw: 21 17 c3 2c 99 41 b2 8f 11 c8 32 40 ec 1c 78 37 12 ad 41 a6 dd 69 11 bc 16 55 e2 6f a0 3d 95 c7 fe 19 f2 18 b9 14 66 89 1a c9 3e ca 20 c6 d3 14 3b d8 9c 8d 34 5b c8 89 b4 4b 9e 44 10 ff 00 f9 0e ed c9 8c 5a ce b2 ed 24 c3 fe 76 51 5a 91 ec a3 00 02 1c 27 f7 91 0f 21 c6 77 c9 98 1e 6c 36 1b 5b 16 5b 26 c4 bf 97 da c9 72 de 46 76 85 c9 d1 20 d9 af 03 36 b8 bd c4 2f 46 80 65 88 b0 83 9c c9 92 e4 49 d8 f2 b1 9c 7b a9 f6 7e c0 44 96 7f 05 b5 b7 34 31 e5 48 f6 11 c2 c6 3d 48 d6 d0 9c c8 06 df cc 86 3f 94 75 c1 93 b0 65 0e e2 ef 61 70 23 31 f1 6d bd a4 16 c9 de 00 6c c4 0b 64 33 b1 83 cd af b0 81 9f 1d dc d8 61 16 d7 54 ad 8b be f2 98 74 22 d9 eb 80 dc bb c9 0a 36 e4 74 04 7f 88 44 79 b0 d9 44 de 1b 6a 2a 91 ec 57 81 dc 6f 93 0d 64 2a 62 df 6b 2f d3 12 3c 1b 48 Data Ascii: !,A2@x7AiUo=f> ;4[KDZ$vQZ'!wl6[[&rFv 6/FeI{~D41H=H?ueap#1mld3aTt"6tDyDjWodbk/<H

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://tonymaster.com.br/php/php/secured_file.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Google\Chrome\User Data\022216ff-b4d7-41f5-a252-41686b91f359.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\26090662-b8d6-4c9b-879f-466530a38447.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\3c682c41-e0ae-44c9-93f8-ee0302b80a44.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\6c15d1cb-d883-4250-9aa7-9f93b99c0d1d.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\6d39c6eb-d588-4e70-96c9-ae6b9023ad9c.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\60f2af6a-d40c-45ef-90c1-a06661b71d1c.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\70af35c3-664a-466d-9e29-53c2262b10f4.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7103b23e-5633-427b-b9dc-1e390f0a47f9.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\781e9d9a-e402-4b5b-843e-1ef50aa0dd37.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\842d91ed-5908-4184-b3c6-1d1618a0b3d6.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\4c4d1e94-9048-4789-9401-bf533ea4a4d0.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ac25b8af-d8ea-4af1-a701-7abe3b163b49.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d3639dea-a0e9-4b28-baa5-e75d1fa02902.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ddf7ff6d-e0a3-46b0-b904-fb8ddd31a634.tmp

Windows Analysis Report
https://tonymaster.com.br/php/php/secured_file.html

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:49:35 UTC	2840	IN	HTTP/1.1 200 OK Date: Fri, 13 May 2022 21:49:35 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 19 Jan 2020 06:38:46 GMT Accept-Ranges: bytes Content-Length: 771 Content-Type: image/png
2022-05-13 21:49:35 UTC	2840	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 1a 00 00 00 1a 08 06 00 00 00 a9 4a 4c ce 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 02 b8 49 44 41 54 48 0d b5 94 cb 6b 14 41 10 87 6b 36 bb 62 9e 46 31 82 8f 48 40 b3 d1 98 e8 6a 40 10 61 51 03 82 a2 28 82 82 20 92 9b 20 1e c4 ab f8 00 fd 0b d4 b3 88 20 88 41 f4 10 44 f4 90 15 49 0e e2 e3 e0 03 05 45 09 88 1e 84 98 b8 31 b8 a0 ed 57 93 1e d2 3b 3b b3 59 d7 64 f8 7d 5d d5 55 35 5d d3 9d de 78 22 33 3f c6 98 1a aa da 21 03 1b 41 ed a4 e7 79 fb f1 2b 52 32 5c c5 a2 8b 89 6d 81 4e 58 07 3d 90 86 70 ed 30 b1 8a 95 64 e1 5e aa 33 16 fd da 0e fc f0 a2 84 4a c5 bb 5a d7 58 9a 29 8a 14 d8 f9 84 50 5c ad 86 78 31 0b 33 e9 aa b6 4d e8 30 87 8c b3 f6 6d 10 dd ba da b9 e0 09 8b 1e e4 d8 46 b0 Data Ascii: PNGIHDRJLbKGDIDATHkAk6bF1H@j@aQ( ADIE1W;;Yd}]U5]x"3?!Ay+R2\mNX=p0d^3JZX)P\x13M0mF

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:49:35 UTC	2851	IN	HTTP/1.1 200 OK Date: Fri, 13 May 2022 21:49:35 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 14 Jan 2020 07:06:14 GMT Accept-Ranges: bytes Content-Length: 66743 Content-Type: image/png
2022-05-13 21:49:35 UTC	2851	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 05 00 08 06 00 00 00 18 e4 ff f7 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 09 70 48 59 73 00 00 b8 8c 00 00 b8 8c 01 cc f6 bb 2f 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 77 77 77 2e 69 6e 6b 73 63 61 70 65 2e 6f 72 67 9b ee 3c 1a 00 00 20 00 49 44 41 54 78 9c ec dd 7b 78 9c 75 9d f7 f1 cf ef 9e 49 d2 73 53 0a a5 39 51 28 05 85 4a a1 4c 26 c9 24 05 83 56 7c 10 10 05 ba e2 09 1f c5 23 ae 0a 22 a2 ac b2 5a 77 d1 65 45 51 76 f5 51 f1 84 c8 aa 55 14 41 5d 39 56 68 9b a4 49 38 da aa a0 14 48 32 29 60 a1 85 a6 cd 69 ee ef f3 07 07 29 f4 90 c3 cc fc 66 ee 79 bf bc b8 d4 b4 4c de 70 75 9a cc a7 bf 7b 6e 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: PNGIHDRsBIT\|dpHYs/tEXtSoftwarewww.inkscape.org< IDATx{xuIsS9Q(JL&$V\|#"ZweEQvQUA]9VhI8H2)`i)fyLpu{n
2022-05-13 21:49:35 UTC	2859	IN	Data Raw: 00 c0 8b d5 c6 14 dc be b9 a1 e1 10 df 21 40 d4 31 00 02 39 d4 97 4c d6 85 99 e0 76 49 07 fb 6e 01 00 00 00 80 82 63 aa cb c4 74 7b ba 79 e9 02 df 29 40 94 31 00 02 39 d2 93 4a d5 b8 b8 6e 77 d2 42 df 2d 00 00 00 00 50 b8 6c 81 59 fc e6 47 5b 96 56 fb 2e 01 a2 8a f7 00 04 72 60 73 73 f3 bc 8c 8d dc 21 e9 15 be 5b 00 00 00 00 a0 48 6c 74 c3 e1 ab ab bb bb ff ee 3b 04 88 1a 4e 00 02 59 b6 a5 b1 71 56 46 23 bf 15 e3 1f 00 00 00 00 8c c7 91 56 1e dc bc a9 f5 98 4a df 21 40 d4 30 00 02 59 d4 93 4a 4d 1d 0c c2 1b 64 4a f8 6e 01 00 00 00 80 22 74 4c c5 50 d9 2f 37 b5 b6 4e f1 1d 02 44 09 03 20 90 25 5d 89 44 59 4c 23 ab 24 1d ef bb 05 00 00 00 00 8a 95 49 ad e5 43 03 3f b3 d6 d6 b8 ef 16 20 2a 18 00 81 2c 30 29 a8 2a 77 3f 34 b9 93 7d b7 00 00 00 00 40 04 9c da Data Ascii: !@19LvInct{y)@19JnwB-PlYG[V.r`ss![Hlt;NYqVF#VJ!@0YJMdJn"tLP/7ND %]DYL#$IC? ,0)w?4}@
2022-05-13 21:49:35 UTC	2867	IN	Data Raw: 3c 04 48 72 dd a3 6a 78 fe 45 29 95 72 1d 05 00 00 00 b3 95 48 aa 61 fb cf 95 5c df e3 3a 09 2a a4 fd 27 3f 51 53 47 c7 b5 7b b0 c9 ed c0 f2 a7 bf 69 9b ed 79 80 e5 6c 05 ae 73 9f 8b 29 f7 b8 eb 10 a8 1d 0a c0 88 38 b7 e6 fe db ad 31 db 5c e7 28 47 a5 56 ff 55 e2 dc 3f e9 93 0b 4b db df f5 f1 ca 62 c8 24 ba ba d5 b8 7b 48 a6 75 9e eb 28 00 00 00 28 91 69 6e 91 b7 6b 3f 67 3b 87 4d 2c a6 cf fd 87 ff 20 e9 93 fb b1 fc 47 97 35 7a fa 57 92 ef 57 ed 3c c0 5a ee 3e 73 c7 6c 7f a7 ab eb 0e d7 29 50 1b 14 80 11 91 4a 27 ff 17 49 77 ba ce e1 c2 6c 5f d1 29 75 eb af 24 25 17 7d 55 cd df f8 66 59 f9 10 4c b1 c5 4b e4 0d 1e 62 5a 1c 00 00 40 1d 30 6d ed f2 06 86 14 5f da e1 3a 0a aa 60 de f7 be a7 e6 6f 7c e3 da ef ad a4 fc e5 2b 1a 3d 7d 66 da 12 30 ba 8b fa 66 ed Data Ascii: <HrjxE)rHa\:*'?QSG{iyls)81\(GVU?Kb${Hu((ink?g;M, G5zWW<Z>sl)PJ'Iwl_)u$%}UfYLKbZ@0m_:`o\|+=}f0f
2022-05-13 21:49:35 UTC	2875	IN	Data Raw: 59 87 bc bd 47 58 0d 8e 22 85 37 4e 29 bd f9 31 76 91 00 15 56 e9 12 d0 8f 5b 56 01 ce 11 05 e0 1c 19 59 0a 40 20 e0 ec d8 98 d2 cf 6d e3 fc 16 14 31 4d 4d f2 76 0c 70 ee 13 00 44 48 a2 ab 5b de ce 7d 32 cd 2d ae a3 20 60 f2 27 8e 2b bd fd 29 d9 d1 11 d7 51 80 50 aa 68 09 68 ed 1f 95 ff 45 a2 89 02 70 0e 3e 78 f8 eb 9f 92 d1 03 ae 73 00 28 c1 c4 04 b7 ec f0 4b ae 93 20 68 26 27 3f f6 f4 ba 4e 02 00 a8 b2 e4 5a 26 c2 63 7a b9 57 5f 51 e6 85 67 a5 6c d6 75 14 20 d4 2a 58 02 ae be f0 c0 03 6d 95 c8 14 35 14 80 73 50 c8 25 fe 48 fc d9 01 f5 c3 5a e5 86 8f 2a 7b 70 50 b2 15 1f 47 8f 7a 66 8c 52 3d 1b 95 ea db 2a 19 1e d6 01 20 74 8c 51 aa b7 5f a9 7e 1e e7 31 85 b5 ca 1e 3d a8 ec 10 cf 0f 81 5a a9 50 09 18 8f c5 ec f7 2a 95 29 4a b8 0a ce 0d db 7f 81 3a 94 7b Data Ascii: YGX"7N)1vV[VY@ m1MMvpDH[}2- `'+)QPhhEp>xs(K h&'?NZ&czW_Qglu Xm5sP%HZ{pPGzfR=* tQ_~1=ZP*)J:{
2022-05-13 21:49:35 UTC	2883	IN	Data Raw: 85 6c 4e 71 93 0e f5 0e d2 50 17 80 31 c5 43 fd 97 07 00 28 4d fe c4 71 8d 3f dd 2f 7b e5 b2 eb 28 08 98 44 57 b7 1a 77 0f c9 b4 86 fe d8 97 c8 32 cd 2d f2 76 ed e7 ec 47 14 b1 a3 23 4a 3f f3 24 67 c6 02 00 a4 42 41 b9 ac 0d f5 24 e0 70 17 80 96 01 20 00 80 8f f9 6f bf a5 f4 96 4d 4c 75 44 91 d8 e2 25 f2 06 0f 31 0d 36 84 4c 5b bb bc 81 21 c5 97 76 b8 8e 82 80 b1 97 2e 2a bd ad 4f 85 37 4f b9 8e 02 00 08 8a ab 63 0b 5d 47 a8 a6 50 17 80 be 7c 0a 40 00 c0 35 fe 3b e7 34 fe f8 06 f9 67 4e bb 8e 82 80 89 cd 5f a0 c6 03 c7 14 5b b8 c8 75 14 54 08 7f a7 98 89 7f fe ac c6 9f e0 5a 00 00 b8 91 9f cb df e3 3a 43 35 85 ba 00 34 32 14 80 00 80 1b d8 0f 2f 2a bd 65 93 0a 27 5f 77 1d 05 01 63 da da e5 ed 39 ac f8 8a 4e d7 51 50 a6 f8 b2 0e 79 7b 8f b0 aa 13 45 0a 6f Data Ascii: lNqP1C(Mq?/{(DWw2-vG#J?$gBA$p oMLuD%16L[!v.O7Oc]GP\|@5;4gN_[uTZ:C542/e'_wc9NQPy{Eo
2022-05-13 21:49:35 UTC	2890	IN	Data Raw: 3b cf 00 08 00 00 4c f9 4b a3 2a ad 5d a9 fa fe e4 1c 3e 57 3f 38 ac 52 ef 8a 44 5f fd 08 00 00 a2 c1 a7 d2 cf 59 37 b4 5a e2 06 c0 52 25 7c 55 92 b7 ee 00 00 00 c9 e6 27 26 54 da b8 2e 11 cf c1 ab 0d 0e a8 d4 b7 46 7e bc 60 9d 02 00 00 a0 6c 2e f7 8f d6 0d ad 96 b8 01 f0 8e 03 07 ae 48 3a 63 dd 01 00 00 f0 de 49 b8 95 fe 1d d6 25 4d 53 dd 3b 79 02 72 a5 62 9d 02 00 00 20 97 cd d6 3e 7a f2 e4 5b d6 1d ad 96 b8 01 50 92 e4 78 0e 20 00 00 88 08 ef 55 ed df a9 ca 53 5f 96 7c 68 5d d3 38 de ab b2 f3 29 55 b6 c7 ec bf 17 00 00 68 6b a9 5c f6 6d eb 06 0b 89 1c 00 3d 07 81 00 00 80 88 a9 ee 9b bc 52 ae 5c b6 4e 59 bc c9 2b 1b ab bb fb ad 4b 00 00 00 3e 20 c8 a4 4f 5a 37 58 48 e4 00 18 70 05 20 00 00 88 a0 da e0 80 8a eb 1f 90 1f bb 62 9d b2 60 7e bc a0 d2 86 d5 Data Ascii: ;LK*]>W?8RD_Y7ZR%\|U'&T.F~`l.H:cI%MS;yrb >z[Px US_\|h]8)Uhk\m=R\NY+K> OZ7XHp b`~
2022-05-13 21:49:35 UTC	2898	IN	Data Raw: 7c 5c 57 7d ff ff f7 b9 b3 49 1a ed 8b 93 38 09 89 6d c9 0e 98 42 82 2c db 92 13 6a 42 a0 34 25 34 2c 86 90 6f 43 bf 05 1a 68 81 6f 7e a5 14 f8 b5 65 6f cb 8f 5f 09 ed 2f 2c a5 7c a1 cb 97 02 2d 4d 81 94 02 29 4b 21 34 71 16 c7 90 04 9c d0 34 89 37 69 b4 78 5f 24 db b2 66 ce ef 0f 5b b6 34 9a e5 ce cc 9d 39 b3 bc 9e 79 f8 61 e9 de 73 cf f9 c8 60 8f e6 ad cf b9 b7 90 87 7f 64 bb 3e d3 ef f5 20 d2 d5 f9 ad 15 63 63 8f b8 ae 03 d5 83 00 10 8b 1c 3a 76 e2 e3 32 7a d2 75 1d e9 ca 75 bf 86 f4 6d c0 8b c6 e5 78 18 c8 a2 b0 2f 67 b7 e0 e2 39 ac b5 da f3 17 1f d7 e4 d7 bf 56 40 c5 00 00 00 00 50 1f 26 bf fe 75 ed 78 d3 9b a4 d4 f9 db d2 e5 6b ba f0 db 94 91 eb 58 b6 8f 4b 55 8d a1 a1 89 c5 4e ab d3 fe 0f d7 75 a0 ba 10 00 62 91 b5 3b 76 cc 1a 79 ef 70 5d 87 1f e5 Data Ascii: \|\W}I8mB,jB4%4,oCho~eo_/,\|-M)K!4q47ix_$f[49yas`d> cc:v2zuumx/g9V@P&uxkXKUNub;vyp]
2022-05-13 21:49:35 UTC	2906	IN	Data Raw: 00 00 59 95 e3 de 81 e5 bc 07 a1 93 fb 8c fb 14 6a 6e 3a 61 e2 ad 43 ae eb 00 ca a9 5a ff fe 01 81 49 8c 5c 75 99 b5 e1 6d 92 fa 5c d7 92 4b b9 7b ee 2a d5 d3 17 78 f7 20 9d 80 00 00 00 68 40 95 7a b3 5e ee 75 aa 3d 74 30 e1 b0 6d ea eb db bc 72 7c fc c7 ae 6b 01 ca 89 0e 40 d4 bd e5 5b 7f ba db 1a 73 93 a4 39 d7 b5 e4 52 ee a7 7d 55 ea 89 62 b9 ba 07 0b f9 b5 60 42 3a 01 01 00 00 50 33 4a 79 ea 6f 45 be 5f af c0 3a 2e 9e 64 5c 14 63 14 e9 e9 79 27 e1 1f 1a 41 d5 ff 7d 04 82 32 b6 71 fd 3b 64 ec 1d ae eb 28 44 a5 ef c4 57 05 77 fe cb 2e 65 35 fd e4 53 3a 7d 88 4e 40 00 00 00 c0 8f 4a bf e1 af b5 80 21 b2 ac f7 2b ab a7 f6 df ec ba 0e a0 12 6a ed ef 27 50 92 b1 e1 a1 4f 49 7a 9b eb 3a 8a e1 32 9c ab 9a 60 d0 9e 0d 01 d9 0e 0c 00 00 00 9c e3 f2 8d 7d ad 86 Data Ascii: Yjn:aCZI\um\K{*x h@z^u=t0mr\|k@[s9R}Ub`B:P3JyoE_:.d\cy'A}2q;d(DWw.e5S:}N@J!+j'POIz:2`}
2022-05-13 21:49:35 UTC	2914	IN	Data Raw: 40 55 f3 9a 62 a7 42 f1 f8 bd 91 e6 e8 47 56 8c 4e dc e3 ba 1e 00 00 82 42 00 08 00 a8 5b e3 9b 86 d6 a6 ac d9 22 6b df 20 69 85 eb 7a 24 d1 09 08 00 55 c6 8b 44 92 5e 6b fc e7 5e 2c fa 39 9e e2 0b 00 a8 57 04 80 00 80 ba 67 25 6f 7c c3 e0 88 35 de 16 19 bd 5e 52 9f db 82 08 01 01 c0 25 13 0a d9 50 6b 7c a7 69 8a 7d 79 a0 77 d9 47 cc 8e 1d b3 ae 6b 02 00 a0 9c 08 00 01 00 0d c5 6e d9 12 4a ec dd f5 22 6b cc 1b 8c f4 4a 67 0f 0f 21 04 04 80 ca f2 3c 45 e2 2d 93 a6 a5 e5 cb b3 29 fb fe b5 fb f6 1d 77 5d 12 00 00 95 42 00 08 00 68 58 fb 36 6d 6a 3b 6d 4f dd 68 ad b9 d9 48 2f b6 52 a4 a2 05 70 4f 40 00 28 2f 63 14 6a 8d ef 0b 35 37 dd 19 8a 7b 1f 5a b9 73 6a d2 75 49 00 00 b8 40 00 08 00 80 a4 dd 57 5f dd 15 4a ce de e0 c9 be dc 4a d7 4b 8a 57 64 61 3a 01 01 Data Ascii: @UbBGVNB["k iz$UD^k^,9Wg%o\|5^R%Pk\|i}ywGknJ"kJg!<E-)w]BhX6mj;mOhH/RpO@(/cj57{ZsjuI@W_JJKWda:

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:50:15 UTC	2917	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2022-05-13 21:50:15 UTC	2917	IN	HTTP/1.1 200 OK Content-Length: 55 Content-Type: application/octet-stream Last-Modified: Thu, 20 Apr 2017 16:10:39 GMT Accept-Ranges: bytes ETag: "f9c874a7f0b9d21:0" Server: Microsoft-IIS/10.0 Content-Disposition: attachment; filename=config.json X-Powered-By: ASP.NET Cache-Control: public, max-age=195162 Date: Fri, 13 May 2022 21:50:15 GMT Connection: close X-CID: 2

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:50:16 UTC	2918	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Thu, 20 Apr 2017 16:10:39 GMT User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2022-05-13 21:50:16 UTC	2918	IN	HTTP/1.1 200 OK Last-Modified: Thu, 20 Apr 2017 16:10:39 GMT ETag: "f9c874a7f0b9d21:0" Content-Type: application/octet-stream Accept-Ranges: bytes Server: Microsoft-IIS/7.5 Content-Disposition: attachment; filename=config.json X-Powered-By: ASP.NET Content-Length: 55 Cache-Control: public, max-age=181228 Date: Fri, 13 May 2022 21:50:16 GMT Connection: close X-CID: 2
2022-05-13 21:50:16 UTC	2918	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:49:23 UTC	179	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-1v0g7674mhe2RQ7l2Cc1zw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 13 May 2022 21:49:23 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 5611 X-Daystart: 53363 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2022-05-13 21:49:23 UTC	180	IN	Data Raw: 33 36 64 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 36 31 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 35 33 33 36 33 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 36d<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5611" elapsed_seconds="53363"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2022-05-13 21:49:23 UTC	181	IN	Data Raw: 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 61 Data Ascii: mmhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app><a
2022-05-13 21:49:23 UTC	181	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2022-05-13 21:49:23 UTC	181	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 13 May 2022 21:49:23 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-pzGVhblVqZZ_4pb5ezgpOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'nonce-pzGVhblVqZZ_4pb5ezgpOA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport Cross-Origin-Opener-Policy: same-origin Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2022-05-13 21:49:23 UTC	183	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2022-05-13 21:49:23 UTC	183	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	23:49:31
Start date:	13/05/2022
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://tonymaster.com.br/php/php/secured_file.html" > cmdline.out 2>&1
Imagebase:	0x1190000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	2
Start time:	23:49:32
Start date:	13/05/2022
Path:	C:\Windows\SysWOW64\wget.exe
Wow64 process (32bit):	true
Commandline:	wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://tonymaster.com.br/php/php/secured_file.html"
Imagebase:	0x400000
File size:	3895184 bytes
MD5 hash:	3DADB6E2ECE9C4B3E1E322E617658B60
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	3
Start time:	23:49:35
Start date:	13/05/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "C:\Users\user\Desktop\download\secured_file.html
Imagebase:	0x7ff7964c0000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	4
Start time:	23:49:36
Start date:	13/05/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,9400304986910000489,8858670297383190551,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1956 /prefetch:8
Imagebase:	0x7ff7964c0000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low