Windows Analysis Report
http://document--1111011111.company.com/

Overview

General Information

Sample URL:	http://document--1111011111.company.com/
Analysis ID:	635117
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish20

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://document--1111011111.company.com/

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected HtmlPhish20

Source: Yara match

File source: 25855.0.pages.csv, type: HTML

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 May 2022 12:31:06 GMTServer: ApacheSet-Cookie: is_mobile=0; path=/; domain=document--1111011111.company.comVary: X-W-SSL,Accept-Encoding,User-AgentSet-Cookie: language=en; expires=Fri, 10-Jun-2022 12:31:06 GMT; Max-Age=1209600; path=/Cache-Control: privateETag: W/"9c914c4469a59d58104fecad7951b405-gzip"Content-Encoding: gzipX-Host: blu105.sf2p.intern.weebly.netX-UA-Compatible: IE=edge,chrome=1Content-Length: 5871Keep-Alive: timeout=10, max=72Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 3c fd 77 db 46 8e 3f 5b ef ed ff 30 65 bb a5 dc 88 a2 64 4b fe d0 57 cf 71 dc 6e fa da c4 1b 3b d7 db 8b b3 7a 23 72 24 31 a6 48 86 a4 2c eb 5c fd ef 07 60 86 5f 12 e5 8f a6 e9 de de 8b db 48 e4 0c 80 c1 60 00 0c 06 04 d5 fb ea c5 eb d3 cb 7f 9c 9f b1 69 3c 73 07 95 1e 7e 31 97 7b 93 be 26 3c 6d 50 d9 e9 4d 05 b7 e1 7b a7 17 3b b1 2b 06 cf a1 f3 9a 5d e2 35 33 d8 df fc 99 e8 99 b2 a7 37 13 31 67 41 e8 07 22 8c 97 7d cd 9f 74 22 27 16 43 8f cf 84 c6 2c df 8b 85 17 f7 b5 1c 01 8d 99 30 e4 26 5a 2c 3b 9f 82 62 8b c8 0a 9d 20 76 7c ef 69 88 ce 8c 4f f2 63 4d e3 38 e8 98 a6 ed 5b f3 19 34 18 46 13 fe 1a f8 d1 ac 5b fe 2c e0 de 12 bf cd 79 e0 fa dc 8e cc a6 d9 82 7f 47 66 b3 d5 3c 6a 35 9a 47 07 66 13 38 11 c2 8b a6 7e 6c ec 35 f6 9a 46 a3 65 ec 1d 18 3c 36 9a c7 46 fb 18 da 0c 3f 74 26 d9 c7 10 3f ea 81 37 f9 f3 78 14 b6 13 fb a1 b9 f7 00 ab cd bd 8c 4b 64 f0 fb e6 41 7b af 75 d0 38 6a ec ff 79 bc ee 07 76 f0 04 61 cd 43 f7 77 0c 4f d4 2a 3d d7 01 7d 09 85 db d7 1c 0b 35 29 5e 06 02 ae 71 4e 26 8d 39 0d c5 b8 af 99 e6 62 b1 a8 2f 84 18 b9 45 ee 43 11 09 d7 15 a1 c9 a3 48 c4 91 b9 df 3e 38 3c 68 1d 1d b7 8d 31 bf 41 92 75 f8 90 63 55 14 f3 c8 a1 21 3e ce 9d 9b be 76 2a d9 36 2e 61 d8 dc 24 62 71 1b 9b 68 99 5d 66 4d 79 08 94 fb f3 78 6c 1c 11 21 c6 24 1d 34 b3 be 76 e3 88 45 e0 87 71 0e 7b e1 d8 f1 b4 6f 0b 18 5f 18 74 53 63 8e e7 c4 0e 77 8d c8 e2 ae e8 37 eb 0d c9 d3 ce 0e 1a 3a 09 c1 b1 01 13 ed d7 18 f1 48 18 51 bc 44 1b 22 d1 d0 75 34 15 22 4e 04 44 0c 5a 51 94 c9 c7 b2 bd bd 3a 6a d9 6c 89 44 48 48 00 60 e2 4d 54 87 ab ef 47 73 c7 b5 2f 1d 60 1a 94 0a d6 f9 e0 e8 48 29 55 b6 08 9f 32 92 ef da e6 98 7b d6 72 e4 df d2 80 9f 67 98 c8 b7 50 90 b8 b6 b9 79 c5 eb f3 9a 01 2a 87 91 c8 de 6a a0 b0 1f 84 25 9d d5 93 59 19 3b 00 61 ce b8 e3 0d 09 3a 99 1c 18 66 f3 a0 d1 02 3c f4 77 c9 ea c5 53 31 13 06 e1 a7 23 11 21 dd 34 c7 a0 22 51 7d e2 fb 13 57 f0 c0 89 92 49 7d 3f e6 33 c7 5d f6 7f c1 7e 11 86 3c ee b4 1a 8d da 61 a3 f1 6d 34 1f a1 fa b9 3c 76 bc 1a 7d 1a c0 9f 4e cc eb 19 f3 ba 64 5e 4f 98 d7 a5 79 11 c0 7a d7 Data Ascii: <wF?[0edKWqn;z#r$1H,\`_H`i<s~1{&<mPM{;+]5371gA"}t"'C,0&Z,;b v\|iOcM8[4F[,yGf<j5Gf8~l5Fe<6F?t&?7xKdA{u8jyvaCwO*=}
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxContent-Type: text/cssLast-Modified: Thu, 19 May 2022 17:44:26 GMTETag: W/"628681fa-347ac"Expires: Fri, 03 Jun 2022 19:57:18 GMTCache-Control: max-age=1209600X-Host: grn89.sf2p.intern.weebly.netContent-Encoding: gzipVia: 1.1 varnish, 1.1 varnishContent-Length: 29746Accept-Ranges: bytesDate: Fri, 27 May 2022 12:31:06 GMTAge: 578029Connection: keep-aliveX-Served-By: cache-sjc10034-SJC, cache-mxp6924-MXPX-Cache: HIT, HITX-Cache-Hits: 1, 75X-Timer: S1653654667.651470,VS0,VE0Vary: Accept-EncodingAccess-Control-Allow-Origin: Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ec bd 8b 92 e3 b8 91 28 fa 2b 3c 55 d1 31 5d b3 a2 9a e2 43 8f 52 78 8e 3d 63 cf ae 23 76 6d c7 f1 9e bd 27 ee b1 a3 83 92 a8 2a ba 29 51 4b 4a f5 b0 a2 fe fd e2 49 26 5e 24 48 51 35 33 77 ba 35 3d 2d 91 40 22 91 48 20 13 89 44 e6 6f bf 24 af db 22 de 25 a5 53 1e d2 fd d9 fb 70 3e 16 f1 be dc e6 c5 ee be c8 8f f1 31 f9 e8 6d 92 87 bb b7 89 a7 7b 17 4c e9 db b7 4f df fe 0f e7 7f 25 db 2c 79 71 9e 26 e3 68 ec 39 ae f3 78 3c 1e ca fb 4f 9f 1e d2 e3 e3 69 35 5e e7 bb 4f 59 92 fc 23 2f 36 f1 fe 53 41 0b 7f fb 69 fc 50 a4 9b f3 26 2d 0f 59 fc 7a 9f ee b3 74 9f b8 ab 2c 5f 7f 59 f2 87 ee ae 74 71 e9 55 fe 52 3d c3 bf 97 df 8a d5 96 ff cc f3 dd fd 64 c9 cb bb cf 45 7c b8 c7 ff 5b 4a 3f 0f f1 66 93 ee 1f ee bd e5 2e 2e 1e d2 3d fa 72 c8 cb f4 98 e6 fb fb 22 c9 e2 63 fa 94 2c 9f d3 cd f1 f1 1e 77 1c 95 42 b5 eb 9f 59 72 3c 26 85 5b 1e e2 35 86 e2 7a e3 60 92 ec 9c ff 91 ee 0e 79 71 8c f7 c7 e5 b7 52 91 3d 22 5a 9c c1 12 cf 88 0e 10 42 18 88 10 b2 b4 3c ba e5 f1 35 4b dc e3 eb 21 41 10 f6 c9 1b 21 d6 fd 2a 41 63 90 8c e8 8f 78 8b da 39 6b 9b 13 db e0 cf 1e d3 63 42 1e 26 fc 91 d8 3b da 88 f3 ad d0 0c fa 79 79 43 0c 32 1d 71 3e 48 f7 13 67 e2 c4 a7 63 be 14 7e 71 2c ce 68 d0 dd 32 fd 27 06 bc 42 ad a0 b6 d1 93 66 1c f5 55 fe ef 3a 8b cb f2 db df dc e0 b2 9f 3f af f3 cc bd f9 fb 95 18 6f 93 16 c9 9a 70 13 6a e6 b4 db 2f f5 4f 2f 1a b5 46 86 7d 4a 8a 63 ba 8e 33 37 ce d2 87 fd fd 31 af 79 7e e2 1d 18 fd 10 11 92 2c 3b ab 80 78 ef 28 35 da 46 8a 92 e9 94 65 e5 ba 48 92 bd 03 60 8f d0 42 91 1f e1 93 b3 cc 68 74 24 26 3e 78 b1 fc 96 7e 5f 2c c6 0b b1 d4 84 95 5a 4c c6 53 f4 67 56 17 45 8b 0e 79 20 14 f7 58 f1 79 30 0e f0 9f aa 38 7a e0 93 07 b0 f8 82 95 9e 45 55 b9 59 28 61 30 67 65 a6 53 09 01 f4 40 45 60 c6 4a 47 73 a9 7d f4 40 6d 7f ca 4b d7 14 08 65 0a 44 ac 4c 28 13 20 d4 11 20 64 a5 03 b9 ff 81 ae ff 01 2b ed d7 fd f7 e5 fe 57 c3 24 f7 7f a2 eb 3f 1f 2e b9 fb 55 ef 7f bb 4b 36 69 ec 7c dc a5 7b b6 02 39 e1 1c f1 e7 dd 19 40 79 29 2d d9 03 17 ec c6 21 b8 46 37 26 41 35 6c f8 04 15 eb c6 2a a8 42 37 6e 41 15 6c 18 06 15 eb c6 33 a8 42 37 b6 41 15 6c 38 07 15 eb c6 3c 78 6c da f8 47 cb 40 5e b2 13 f8 a7 dc 59 f2 0f 2e d8 8d 7f 70 8d 6e fc 83 6a d8 f0 0f 2a d6 8d 7f Data Ascii: (+<U1]CRx=c#vm')QKJI&^$HQ53w5=-@"H Do$"%Sp>1m{LO%,yq&h9x<O
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxContent-Type: text/cssLast-Modified: Thu, 19 May 2022 17:44:26 GMTETag: W/"628681fa-3319"Expires: Fri, 03 Jun 2022 19:57:20 GMTCache-Control: max-age=1209600X-Host: blu86.sf2p.intern.weebly.netContent-Encoding: gzipVia: 1.1 varnish, 1.1 varnishContent-Length: 1640Accept-Ranges: bytesDate: Fri, 27 May 2022 12:31:06 GMTAge: 578026Connection: keep-aliveX-Served-By: cache-sjc10031-SJC, cache-mxp6937-MXPX-Cache: HIT, HITX-Cache-Hits: 1, 1479X-Timer: S1653654667.652356,VS0,VE0Vary: Accept-EncodingAccess-Control-Allow-Origin: Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 5a cb 72 ea 38 10 dd cf 57 64 c8 e6 a6 2a 24 d8 10 02 a6 a6 66 fe 61 b6 b3 91 6d 01 2a 6c 8b b1 45 08 37 95 7f 1f c9 f2 83 47 4b 6a 1b d7 5d 4d 56 29 bb cf e9 a3 3e 46 ef bf d6 3c 13 e3 35 89 e8 57 f5 5f ca 92 53 30 3a 16 3c 62 24 19 ad 8a 3c 0a 0e 79 f2 e3 f5 35 8a 33 ff 85 c6 4c a4 a7 82 09 fa 12 f1 f4 55 61 8a d7 e3 df 65 f0 6b 05 7a a1 5c fc 29 8a 3f bc f9 9b bf 5c f8 fe 7c be 98 2f 9e 06 63 7a 64 74 cd 3e 9f 1e d6 3c 4f 89 f8 31 a2 69 48 e3 98 c6 63 be a7 99 38 ed e9 e8 e9 b9 6b 9e 23 5f af 6f 25 37 29 d4 eb 1e ac 42 d8 48 45 7e a0 3d e5 16 1f 9b db b2 54 2f db 04 32 6a f4 b4 2a 6d 3d 52 b6 d9 8a 20 53 6f 12 fd a8 10 a7 84 56 4f be 5f 8e 2a e3 58 33 8c e3 9c 85 61 28 df 86 54 72 d1 af 48 c6 cb d2 06 a3 7f e8 7c 12 8d ea 68 a9 6f bc cf 79 7c 88 44 47 64 15 1d f1 84 e7 0f 9d 72 af 4a 4c f0 b8 9e bc bf 93 c9 15 5f f1 ef 81 e4 d4 40 f8 0c c5 c2 a1 5f 21 89 76 9b 9c 1f b2 78 dc 3b 5f 40 d6 82 e6 1d b2 6a 80 b1 c1 e5 df 95 80 94 b0 04 2c d4 d4 66 12 02 65 31 c8 82 ae b5 4e e7 d3 70 4a 31 c5 52 64 88 12 a9 30 c0 94 6e 79 d0 86 b4 c1 a6 06 82 66 a8 4e 34 e4 7c 07 16 67 62 33 04 89 b4 98 e2 60 68 8c 09 df 96 cb 05 a6 60 35 21 a2 5c 75 28 64 50 e7 7c 68 93 2e 01 a6 06 c3 46 25 2c da e5 e3 84 ae 05 58 af d8 ea 15 1a 6c b3 cb 49 52 37 60 32 99 4f e3 08 55 c1 96 13 53 be 36 1a f0 ad 57 56 bc 75 d7 18 53 e3 6d ee e5 e5 80 06 15 8f 22 ec c3 a0 dd fe d9 58 da 36 4c 26 8b 59 87 52 96 a4 f8 2a 96 e1 d0 80 d5 2b 6f 57 0f cf 40 e6 02 18 4d 04 4b b7 70 db e7 c0 39 8d 33 e0 fb fe e6 d0 e5 1a e0 97 d6 d1 20 c8 9a 85 dd 9a 7d 72 28 c0 02 cd 6c c6 20 50 16 5b 2c e8 5a 6b 1c cf c2 e9 12 53 28 45 86 28 90 0a 03 0c e9 96 07 6d 47 1b 6c 6a 20 68 06 cb 0a 41 36 39 49 c1 ea bc db 1c c1 42 2d b6 b8 28 9a 69 c5 fa dd 5f 86 98 9a 35 8c 88 92 35 b1 d0 c4 a2 7b 46 b4 55 57 08 53 a3 41 bf 12 96 ed e4 0a 2e 03 0b e6 db ec 42 22 2d 6e 39 18 1a b3 16 0b 12 a2 26 cd 35 21 a2 66 75 28 64 55 e7 7c 68 a7 2e 01 a6 06 c3 bd 1c 93 b1 39 2d e0 e1 7b 69 ed ea 90 50 5b 7f e7 a0 a8 a5 47 91 ef f9 ef a8 ce a8 66 c4 f4 45 75 2c e0 56 8f 8c f8 3e f0 12 61 6a 34 e8 57 5e c0 03 c4 9b cd 29 37 c8 e2 91 19 dc 08 f5 e7 6f be 8f a9 95 e4 42 d4 47 46 41 13 b9 2e 59 d0 5e 34 b1 c6 c6 41 2e 88 43 1a 26 e0 Data Ascii: Zr8Wd$fam*lE7GKj]MV)>F<5W_S0:<b$<y53LUaekz\)?\\|/czdt><O1iH
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxContent-Type: application/javascriptLast-Modified: Thu, 19 May 2022 17:43:17 GMTETag: "628681b5-2c075"Expires: Fri, 03 Jun 2022 19:57:18 GMTCache-Control: max-age=1209600X-Host: grn87.sf2p.intern.weebly.netContent-Encoding: gzipVia: 1.1 varnish, 1.1 varnishContent-Length: 32604Accept-Ranges: bytesDate: Fri, 27 May 2022 12:31:06 GMTAge: 578028Connection: keep-aliveX-Served-By: cache-sjc10043-SJC, cache-mxp6932-MXPX-Cache: HIT, HITX-Cache-Hits: 1, 22X-Timer: S1653654667.652116,VS0,VE0Vary: Accept-EncodingAccess-Control-Allow-Origin: *Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cc bd db 76 1b 49 92 20 f8 dc fd 15 51 d5 d5 25 e5 94 88 14 25 e5 4d 95 95 35 bc 49 a2 44 52 4c 82 94 5a 39 9a c1 71 00 0e 20 c4 40 04 32 2e a4 90 6a 9d d3 2f fb 05 bb 2f f3 38 67 1f f6 cc 43 bf cd 1f e4 9f f4 97 ac dd dc c3 03 f0 40 04 40 68 67 cf 51 26 23 02 e6 e6 e6 ee e6 e6 66 e6 e6 e6 ff 78 1b c6 c3 e4 b6 d3 7b 1b fc 2d 90 e7 b7 5a f7 a3 f9 d2 fb bf fe 6b f0 e9 f3 5f ff b1 f7 b6 33 d6 79 37 cc f5 89 8a c7 85 1a eb ab 8b 13 00 1e 15 f1 20 0f 93 f8 7e 04 9f bf fa f4 8f ff 90 ea bc 48 e3 e0 de d7 5f ab 2c d3 79 b6 93 e5 6a 1c c6 e3 ce 2d e1 eb c4 3a ff fa 43 f6 35 82 7f fd cf f8 ff 7f fe 3a cb a3 ce 87 ec ef fd 22 8c 86 97 e1 54 ff 6d f7 d1 e3 27 7f be d7 49 f5 2c 52 03 7d ff 1e c3 dd 7b 10 50 25 7f fd c7 cf 48 4e 1e 85 7f b3 b5 67 5f 7d 92 8a b3 bf d2 af 99 50 0a 24 de d3 f1 3d 6a c0 28 8f fe 86 3f c1 9f fb b6 e4 57 01 10 7d a3 d2 60 e4 b6 26 a3 cf f4 3d 87 ef 79 94 fd 97 ec bf 62 5f 64 7f 95 cf 0a 3e ef a5 a9 9a 77 66 69 92 27 f9 7c a6 3b 59 14 0e 74 67 a0 a2 e8 be 4a c7 c5 54 c7 79 f6 20 d8 fd 0a cb 8c 92 34 b8 8f 05 43 28 f8 f0 af f0 e7 c7 40 75 22 1d 8f f3 09 bc fd e5 2f 5c e3 3f 50 75 9d 6c 16 85 f9 fd 7b 9f 3e dd fb 4b f8 97 7b 9f 3f df fb aa f3 21 09 e3 fb ea bf 84 ff 95 d0 7d 86 ff e0 9f 34 3a 0f fe 0e 85 4c 7f 7d fd df de bf cf fe d3 fd ce 5f fe fe 15 3e fc e9 eb 07 c1 bd 3f ed de fb 2a 78 4a e4 7f 7e f0 8f ff 00 0d 82 7a 5e 76 5f 9f 75 66 2a cd a0 8f 3f bd ff 63 3e d1 53 dd 19 ea 5c 85 51 f6 fe 8f 4f df ff f1 d0 3c 3f 30 bf 66 45 1f 1a ab 22 fa b9 6b 5f ec ef 83 89 1e 5c 27 45 4e bf 1f d8 17 fb 7b aa d5 f0 2c b9 a5 9f 2f e0 39 a0 17 fb 73 5f 0d ae 2f 93 fd 28 19 13 c4 3e bc 06 79 12 f0 87 92 88 89 4a 35 53 c0 4f 0f 4a e2 b3 41 1a ce 70 0c a5 01 ce bb 85 fa 35 9f d3 af 3f e3 5f fc aa a7 d0 73 b9 ce 3a 3a d2 34 6a 9d 41 92 5c 87 7a 27 99 e5 3b d0 80 ce 30 cc 06 91 02 de 4c a9 e0 e5 24 cc 82 5b dd 47 2e 0b 8a 4c 67 c1 54 a5 d7 3a 07 3e 0f 54 3c 0c f2 14 08 c7 97 5c 0f 26 71 02 d4 87 80 3c 78 3d 23 08 40 18 24 a3 20 27 24 61 14 05 50 4b 30 4f 0a f3 03 f0 4f c0 f5 03 f7 e8 8f 03 0d 3f 23 fb e4 93 24 d3 41 ac f5 50 0f b1 57 d2 02 46 7e a2 0d 21 1d e8 4b 20 27 9f a8 3c c8 92 a9 0e 80 31 87 c5 20 47 e2 e6 41 9c Data Ascii: vI Q%%M5IDRLZ9q @2.j//8gC@@hgQ&#fx{-Zk_3y7 ~H_,y
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxContent-Type: application/javascriptLast-Modified: Thu, 19 May 2022 17:44:49 GMTETag: "62868211-8250f"Expires: Fri, 03 Jun 2022 19:57:19 GMTCache-Control: max-age=1209600X-Host: blu94.sf2p.intern.weebly.netContent-Encoding: gzipVia: 1.1 varnish, 1.1 varnishContent-Length: 158975Accept-Ranges: bytesDate: Fri, 27 May 2022 12:31:07 GMTAge: 578028Connection: keep-aliveX-Served-By: cache-sjc10033-SJC, cache-mxp6962-MXPX-Cache: HIT, HITX-Cache-Hits: 1, 5X-Timer: S1653654667.045205,VS0,VE0Vary: Accept-EncodingAccess-Control-Allow-Origin: Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 7b 77 db 46 f2 28 f8 ff 7e 0a 09 e3 91 01 13 a2 44 d9 71 62 d0 08 af fc 4a 3c 63 c5 1e 4b 1e 27 a1 18 2e 44 36 25 d8 14 c0 00 a0 65 45 e4 7e f6 ad 47 3f 01 50 b6 e7 37 77 cf 3d 67 f3 10 81 46 3f aa bb ab eb d5 d5 d5 fe 6c 99 4d aa 34 cf 7c 11 dc 7c 4a 8a ad 2a be 59 f7 55 e2 56 e6 17 c1 4d 3a f3 ab 61 31 0a 0a 51 2d 8b 6c 0b 9f bb e2 f3 22 2f aa b2 8f 45 d2 18 93 e2 1b 99 16 dd ac c3 74 1a 15 e1 3c 4f a6 62 1a cd 92 79 29 d6 7d 81 c5 26 c9 7c ee a7 aa 74 98 86 e6 39 0b fa 69 97 8b c4 55 b1 14 7d d9 9c ce b1 ce ba 97 b1 e8 67 dd 49 5c c1 df 45 ec 5d 54 d5 a2 8c f6 f6 26 d3 ec a0 2b a6 69 75 79 5d a6 95 e8 4e f2 cb bd 0f e5 9e e7 e6 f2 3a 57 69 36 cd af ba 87 c7 c7 cf 4f 8e c7 4f 0e 8f 9f 77 3c ca b8 5a 41 4e d5 60 e6 ef 07 eb c0 1f 9a 91 09 2b 80 ee 46 28 40 e2 cc bf 7f d0 0b d6 61 3d 07 0e 46 d1 df f6 8b 58 7f a1 d1 93 ed be 17 e2 6c 7e bd 1d c7 cb 6c 2a 66 69 26 a6 3b 3b ce a7 ee 87 7f 2d 45 e1 e4 08 6e 24 54 6d 19 d7 ee 37 99 c8 83 0c 00 01 50 22 08 0b b7 41 df 74 a3 08 36 f5 21 4c a9 17 c3 cc ef 05 a3 30 8d 6d 24 71 00 89 e5 db f8 bd 79 5a ad 00 83 f4 5b 77 59 cd 63 e7 6d b5 6a a9 0e 3e cd 92 74 2e a6 27 f3 32 6e 49 5b ad 86 a3 7e 4b 7a 77 b1 2c 2f a0 1e 35 79 c2 6e 7a e6 34 3d fb 52 d3 2f aa 96 b6 31 b1 b5 71 fc 50 6b dd f3 fe 07 1d 7f d7 d6 fa bb 4d ad bf fb 52 eb a5 d3 7a f9 a5 d6 8f db 5a 3f de d4 fa f1 17 5b 17 d5 d3 3c ff 98 8a b8 15 bf e2 4c 5c 6d 3d 4b 2a 58 e4 98 f5 24 bd 14 7e d1 3d 97 4f 41 27 bb 77 f0 e0 de c3 7d fc af 27 ee 07 92 ca 78 80 b8 69 21 ca d8 eb 14 dd 2a 7f 77 f2 f4 b8 2a d2 ec dc 0f fa d3 7c b2 bc 14 59 05 4b 9f 5a 15 1d 0f 72 55 1d af bf e5 75 52 1b b2 c9 5c 24 45 03 36 7b 40 34 ec 00 b2 e7 85 bb b0 d2 ad f2 e7 2d 3d 53 94 93 5a 25 60 b3 b8 06 51 b7 5c cc d3 ca f7 fa 5e d0 9f e5 85 cf c3 b0 df 2f 1e 67 dd b9 c8 ce ab 8b 7e d1 e9 70 45 69 9c 01 ad ec 5f 5d c0 50 03 b1 9c 5c 24 c5 61 05 44 29 8e bd 2d 2f 48 e3 b4 5b 2e cf 4a ee 7a 0f a8 e6 0c 32 01 7c e2 f3 6b 20 d4 90 6b 3f d0 a4 d3 64 ac 64 33 40 71 f9 21 58 b7 4d 1c d3 10 20 b3 26 e9 ed f3 a7 87 6f 4e 9e fe 7c 38 7e f3 ee c9 ab 97 4f c7 ff 7c fe 9b 44 95 a1 d7 f6 d1 1b c5 de c3 57 b3 07 af 1f bd 3b 3e c4 7f 5e 1f 27 8f 26 2f 1e 1c Data Ascii: {wF(~DqbJ<cK'.D6%eE~G?P7w=gF?lM4\|\|JYUVM:a1Q-l"/Et<Oby)}&\|t9iU}
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxContent-Type: application/javascriptLast-Modified: Wed, 25 May 2022 14:22:37 GMTETag: "628e3bad-124fe"Expires: Thu, 09 Jun 2022 08:38:41 GMTCache-Control: max-age=1209600X-Host: blu11.sf2p.intern.weebly.netContent-Encoding: gzipVia: 1.1 varnish, 1.1 varnishContent-Length: 25752Accept-Ranges: bytesDate: Fri, 27 May 2022 12:31:07 GMTAge: 100346Connection: keep-aliveX-Served-By: cache-sjc10069-SJC, cache-mxp6962-MXPX-Cache: HIT, HITX-Cache-Hits: 1, 1953X-Timer: S1653654668.533048,VS0,VE0Vary: Accept-EncodingAccess-Control-Allow-Origin: *Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c4 7d 6b 7b da c8 92 f0 e7 33 bf c2 d6 d9 f5 48 43 1b 03 be 06 ac 78 6d 27 76 ee c9 24 76 9c 84 30 7e 1a 10 20 0c 08 24 71 b3 61 7f fb 5b 55 7d 51 4b e0 24 73 ce ee be e7 64 8c d4 97 ea ee ea ea ba 75 a9 db 6e 8d 07 8d d8 0f 06 1b 9e 5d 67 6d d6 74 1e 74 4a c3 1e b0 ae f3 e0 b7 ec cd 76 75 50 13 4f 75 7a 9a f0 70 c3 77 e3 f9 d0 0b 5a 1b a1 37 1a fb a1 e7 ba 96 aa 6a 6d 6d c9 c4 0a d6 e9 6e 6d f9 ce 43 e8 c5 e3 70 b0 e1 03 d4 cd 82 b3 84 0c ae 13 b9 4c 44 b8 7d 77 e0 4d 37 9e 87 61 10 da d6 39 1f 0c 82 78 a3 e5 0f 9a 1b fd a0 39 ee 79 1b bf 5b b9 41 ce fa dd 72 2a 71 27 0c a6 1b fd 7c 23 68 7a ae f5 f6 fd b3 eb 37 cf 6f df bd bf ba bd 78 7f fd ee 99 c5 fa 04 af e3 62 ef dd 07 6f 36 0c c2 38 2a 3f 2c 97 15 1c 45 b5 50 cb 37 78 af 67 77 f2 32 8b a9 fe db 3d 31 c4 c0 a5 82 c5 5a b5 57 ab c8 ae 36 ec e0 24 28 f7 9c 25 eb b0 a4 a6 c7 04 f6 96 b2 14 36 a9 32 a9 17 fc 97 b0 d5 82 31 63 e9 96 5b a8 b4 8e 9b f9 9e 37 68 c7 9d 4a 2b 97 73 1e 1a 76 b3 da aa e9 16 1a 4b c7 7e 28 96 ab ba cf 12 06 13 68 62 b2 71 31 90 57 9f de bf a3 a9 c0 07 e7 01 ff ba 80 07 5b 57 16 c5 da bd a0 ce 7b ee 85 4a b5 64 5b 71 c7 8f 2c c7 76 18 55 14 a5 f2 8f c0 d4 e4 d3 b2 07 7a 7e 07 c7 c5 c2 89 55 80 99 2b 0f 70 e6 25 2e 9e f1 d8 cb 0f c3 20 0e 30 21 1f 07 08 64 d3 44 8d f3 b0 b6 8c ab 3b 7e e7 cd 13 d2 8a 2e fc 81 1f 7b 36 f6 37 3f e1 bd b1 f7 be 65 3b ce 09 bd b7 bd f8 fa ea fc 62 dc eb 7d f5 78 68 3b 39 6b db ca b5 6c 23 ef 6d 30 88 3b 90 51 5c 93 87 dd 00 50 39 eb 2a 93 f1 22 18 87 11 e5 94 b3 e0 fc c1 38 f6 d6 e7 7d f2 1a c1 a0 29 f2 be 59 e5 01 f4 ea b7 65 e5 53 1c fa 83 f6 ea 68 df 8d fb 75 2f 5c 4d 3f 0b 82 9e c7 07 bf 88 9e 34 56 96 44 96 8d 99 bb 53 fd 3e 2e c0 ff f0 2f 6f c2 df 83 42 61 9b 7e f6 e0 ef 61 a1 f5 7d 5c 3c ac ef d1 df fd ef e3 52 a1 d0 d8 a6 9f 16 fe 2d 1d d1 4b 89 5e 0e 0a f4 72 00 2f 2d af 85 7f 5b 2d 4c 82 9f 56 6d a7 cd bc a8 c1 87 bc de f3 b0 d1 ef df ad ef 33 6c 6a 56 6c 7d 9f 1d b6 e0 e1 49 eb ff a0 13 6d 3e 64 c0 4e bc 41 cc fa 5e cc dd 07 eb 7b 1d e6 e7 3b fc 65 d6 f7 98 1e 63 7c 1c d0 e3 00 1f 5b f4 d8 c2 c7 90 1e 43 8b fd 6e fd 5e fe 1d 06 f1 3b 24 7e a7 44 f8 59 b2 d0 1b 56 f4 1a 18 8d 03 20 9b 88 a6 d5 79 Data Ascii: }k{3HCxm'v$v0~ $qa[U}QK$sdun]gmttJvuPOuzpwZ7jmmnmCpLD}wM7a9x9

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54599
Source: unknown	Network traffic detected: HTTP traffic on port 54599 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57477 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57477

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js?_=1653687066398 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/main_style.css?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/css,/;q=0.1Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /css/sites.css?buildTime=1651866883 HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/css,/;q=0.1Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/old/fancybox.css?1651866883 HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/css,/;q=0.1Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/social-icons.css?buildtime=1651866883 HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/css,/;q=0.1Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/lang/en/stl.js?buildTime=1651866883& HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/site/main.js?buildTime=1651866883 HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/theme/plugins.js?1565969634 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /files/theme/custom.js?1565969634 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /js/site/main-customer-accounts-site.js?buildTime=1651866883 HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uploads/1/4/1/8/141840186/1screenshot-2021-04-26-at-19-59-20-orig-orig-orig_orig.png HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /uploads/1/4/1/8/141840186/editor/2screenshot-2021-04-26-at-19-59-12-orig-orig.png?1652460803 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /uploads/1/4/1/8/141840186/3pdp-orig-orig_orig.png HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/627fbb5a-3bae-4cd9-b617-2f923e29d55e.woff2?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/2cd55546-ec00-4af9-aeca-4a3cd186da53.woff2?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/2e3f5cb9-101f-46cf-a7b3-dfaa58261e03.woff2?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /js/wsnbn/snowday262.js HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/f26faddb-86cc-4477-a253-1e1287684336.woff?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; _snow_id.8a80=cdee608d-345c-4729-a8ec-f49d163ae349.1653687067.1.1653687067.1653687067.284b84f9-1721-4504-87d0-8d672f14f019; _snow_ses.8a80=*
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/1e9892c0-6927-4412-9874-1b82801ba47a.woff?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; _snow_id.8a80=cdee608d-345c-4729-a8ec-f49d163ae349.1653687067.1.1653687067.1653687067.284b84f9-1721-4504-87d0-8d672f14f019; _snow_ses.8a80=*
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/fa19948e-5e38-4909-b31e-41acd170d6f2.woff?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; _snow_id.8a80=cdee608d-345c-4729-a8ec-f49d163ae349.1653687067.1.1653687067.1653687067.284b84f9-1721-4504-87d0-8d672f14f019; _snow_ses.8a80=*
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/63a74598-733c-4d0c-bd91-b01bffcd6e69.ttf?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; _snow_id.8a80=cdee608d-345c-4729-a8ec-f49d163ae349.1653687067.1.1653687067.1653687067.284b84f9-1721-4504-87d0-8d672f14f019; _snow_ses.8a80=*
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/46cf1067-688d-4aab-b0f7-bd942af6efd8.ttf?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; _snow_id.8a80=cdee608d-345c-4729-a8ec-f49d163ae349.1653687067.1.1653687067.1653687067.284b84f9-1721-4504-87d0-8d672f14f019; _snow_ses.8a80=*
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/6de0ce4d-9278-467b-b96f-c1f5f0a4c375.ttf?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; _snow_id.8a80=cdee608d-345c-4729-a8ec-f49d163ae349.1653687067.1.1653687067.1653687067.284b84f9-1721-4504-87d0-8d672f14f019; _snow_ses.8a80=*
Source: global traffic	HTTP traffic detected: GET /uploads/reseller/assets/356764895-favicon.ico HTTP/1.1Host: www.weebly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uploads/1/4/1/8/141840186/1screenshot-2021-04-26-at-19-59-20-orig-orig-orig_orig.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: document--1111011111.company.com
Source: global traffic	HTTP traffic detected: GET /uploads/1/4/1/8/141840186/editor/2screenshot-2021-04-26-at-19-59-12-orig-orig.png?1652460803 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: document--1111011111.company.com
Source: global traffic	HTTP traffic detected: GET /uploads/1/4/1/8/141840186/3pdp-orig-orig_orig.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: document--1111011111.company.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 May 2022 12:31:09 GMTContent-Type: text/htmlContent-Length: 3739Connection: keep-aliveETag: "61c39c46-e9b"X-Host: grn63.sf2p.intern.weebly.netX-W-DC: SFO

Source: History Provider Cache.1.dr	String found in binary or memory: http://document--1111011111.company.com/2
Source: 67268b83-2658-4083-928c-f181c95a7676.tmp.1.dr, a2acd1b4-60a6-4573-adf6-b0849a814490.tmp.1.dr	String found in binary or memory: http://document--1111011111.company.com:80
Source: pnacl_public_x86_64_pnacl_sz_nexe.1.dr, pnacl_public_x86_64_pnacl_llc_nexe.1.dr	String found in binary or memory: http://llvm.org/):
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.1.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://ajax.googleapis.com
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://apis.google.com
Source: pnacl_public_x86_64_libcrt_platform_a.1.dr, pnacl_public_x86_64_ld_nexe.1.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libcrt_platform_a.1.dr, pnacl_public_x86_64_ld_nexe.1.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.1.dr, manifest.json0.1.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: pnacl_public_x86_64_ld_nexe.1.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.1.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://content-autofill.googleapis.com
Source: craw_background.js.1.dr, craw_window.js.1.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr, craw_window.js.1.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: manifest.json.1.dr, craw_window.js.1.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://ssl.gstatic.com
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://update.googleapis.com
Source: craw_background.js.1.dr, craw_window.js.1.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.1.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, craw_background.js.1.dr, craw_window.js.1.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://www.gstatic.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\5ae4c494-9b98-4270-8ec8-e8c7e50b1839.tmp

Jump to behavior

Source: classification engine

Classification label: mal56.phis.win@26/127@10/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument http://document--1111011111.company.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,10588110985535776619,16488514565616499681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,10588110985535776619,16488514565616499681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62914314-1DF4.pma

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.115.50.110	weebly.com	United States	27647	WEEBLYUS	false
151.101.1.46	weebly.map.fastly.net	United States	54113	FASTLYUS	false
199.34.228.55	document--1111011111.company.com	United States	27647	WEEBLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.141	accounts.google.com	United States	15169	GOOGLEUS	false
52.25.131.159	sp-2020021412301152490000000a-1069308460.us-west-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
142.251.37.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
gstaticadssl.l.google.com	142.250.185.99	true
company.com	35.71.162.193	true
accounts.google.com	142.250.185.141	true
www-google-analytics.l.google.com	142.250.185.174	true
sp-2020021412301152490000000a-1069308460.us-west-2.elb.amazonaws.com	52.25.131.159	true
weebly.map.fastly.net	151.101.1.46	true
www.google.com	142.251.37.100	true
clients.l.google.com	142.250.185.174	true
weebly.com	74.115.50.110	true
document--1111011111.company.com	199.34.228.55	true
www.company.com	unknown	unknown
ec.editmysite.com	unknown	unknown
clients2.google.com	unknown	unknown
cdn2.editmysite.com	unknown	unknown
www.weebly.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
http://document--1111011111.company.com/files/theme/fonts/2cd55546-ec00-4af9-aeca-4a3cd186da53.woff2?1652461604	false	high
http://document--1111011111.company.com/	false	high
http://document--1111011111.company.com/files/theme/fonts/2e3f5cb9-101f-46cf-a7b3-dfaa58261e03.woff2?1652461604	false	high
http://document--1111011111.company.com/files/theme/fonts/63a74598-733c-4d0c-bd91-b01bffcd6e69.ttf?1652461604	false	high
http://document--1111011111.company.com/files/theme/fonts/627fbb5a-3bae-4cd9-b617-2f923e29d55e.woff2?1652461604	false	high
http://cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1651866883	false	high
http://www.weebly.com/uploads/reseller/assets/356764895-favicon.ico	false	high
http://cdn2.editmysite.com/css/old/fancybox.css?1651866883	false	high
http://cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1651866883&	false	high
http://document--1111011111.company.com/	false	high
http://ec.editmysite.com/com.snowplowanalytics.snowplow/tp2	false	high
http://cdn2.editmysite.com/css/social-icons.css?buildtime=1651866883	false	high
http://document--1111011111.company.com/uploads/1/4/1/8/141840186/editor/2screenshot-2021-04-26-at-19-59-12-orig-orig.png?1652460803	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high
http://document--1111011111.company.com/files/main_style.css?1652461604	false	high
http://document--1111011111.company.com/files/theme/plugins.js?1565969634	false	high
http://cdn2.editmysite.com/js/wsnbn/snowday262.js	false	high
http://cdn2.editmysite.com/css/sites.css?buildTime=1651866883	false	high
http://document--1111011111.company.com/uploads/1/4/1/8/141840186/3pdp-orig-orig_orig.png	false	high
http://document--1111011111.company.com/uploads/1/4/1/8/141840186/1screenshot-2021-04-26-at-19-59-20-orig-orig-orig_orig.png	false	high
http://document--1111011111.company.com/files/theme/fonts/6de0ce4d-9278-467b-b96f-c1f5f0a4c375.ttf?1652461604	false	high
http://document--1111011111.company.com/files/theme/fonts/46cf1067-688d-4aab-b0f7-bd942af6efd8.ttf?1652461604	false	high
http://document--1111011111.company.com/ajax/api/JsonRPC/CustomerAccounts/?CustomerAccounts[CustomerAccounts::getAccountDetails]	false	high
http://document--1111011111.company.com/files/theme/fonts/f26faddb-86cc-4477-a253-1e1287684336.woff?1652461604	false	high
http://document--1111011111.company.com/files/theme/custom.js?1565969634	false	high
http://document--1111011111.company.com/files/theme/fonts/1e9892c0-6927-4412-9874-1b82801ba47a.woff?1652461604	false	high
http://document--1111011111.company.com/files/theme/fonts/fa19948e-5e38-4909-b31e-41acd170d6f2.woff?1652461604	false	high
http://cdn2.editmysite.com/js/site/main.js?buildTime=1651866883	false	high
https://www.google.com/recaptcha/api.js?_=1653687066398	false	high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Google\Chrome\User Data\499806a5-d09f-49ac-abc4-ab4becf5f9d4.tmp	ASCII text, with very long lines, with no line terminators	0BA35633508CFBDF33CB751D882F8CD1	ECE810FC9214D2FFB14069F95F43CF444486709A	0ED3A61FA1F92BFA7BF2833206E10C4AF495F8BDF7783E0C29FE64274CDEB63F
C:\Users\user\AppData\Local\Google\Chrome\User Data\4eb1b1cd-c449-40dc-9516-10535441562b.tmp	data	3E78A1C4ACBE4D45570F6548A10F8A2F	6698ABC23ED159C58653AE2C013A2D83B00CBFD4	97D0793FBAE298FE73E1C0C4415233C25F322C4E9935F43AA0A67859D9970C58
C:\Users\user\AppData\Local\Google\Chrome\User Data\5e11aab8-c49c-4022-a59f-5e45fdc69027.tmp	ASCII text, with very long lines, with no line terminators	1F566330D7C8C2072DFEC5E764F7A094	E7C578908DB21772E37D6DB9A3EE4D61389357CD	D466799A5C571540141376019C2FCA46B654E532C6051FA2AFF1B465FA7905B6
C:\Users\user\AppData\Local\Google\Chrome\User Data\727fce5a-1a3e-4378-b9b1-ddb83343e565.tmp	data	654A824A16BF922B536AC5B18F077C05	382094896D065FA5360E73B3656D149707B09AEB	F8FC7A5E5364A52D8986E2DF4AC4D4B162E876D293EE1752AD3B9E4333ADA465
C:\Users\user\AppData\Local\Google\Chrome\User Data\7e38bfa8-be9b-4562-a91f-0b9502d1d361.tmp	ASCII text, with very long lines, with no line terminators	4383B706518AA2B70528158AC26FBF6A	234E3F32F73D75633A125AE09088176F6C131A09	A024DA314A790568D18A6E81A64E11CB2F1A94E2141DBAC3F598661651597BA9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	FA7200D6F80CD1757911C45559E59C0E	89C6E99BAEC4EBB3E9A97B928FB473D1498EBA88	D9779EA4D6DD544A23C2A1C53146B6A4E596927F47DFA0680B0A7EE751D43BB2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1c99278d-fcc2-4dcb-a5ed-5b75bc43e837.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	523B28EF06B1DBB3D1C5CE0A04026AFE	3C76EAF30B91F980D48CBE108284EDCF2B142ECC	743979B73444728A1673627F7EE8E1513F8BE59CB33CFF7494CC0C4BE849A83D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1d3b1e1c-593f-48c0-84a3-231da72d3e94.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	5BDB71CEF4214F72C166E77373338076	BE7E57D1787FD2DA92DB0C33707115C44D46E5BA	F3EB18327FE2BFE5765C53EDB549A423FDB8B88D9E3EFDA30818065DC1D58613
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\20b3f0bc-ad58-4855-bb18-1da675183ef2.tmp	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel	1B40AC9ABB964672109D49ABFCFE2717	966E224F2887075825D42D2E7E0063BFAA81A99C	503149B1B47F8296DEDB800251DBD9AF614856F0D7E6AB1C03DBC90EBCE53674
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp	ASCII text, with very long lines, with no line terminators	DE37D147F5065E1B35362AE2F4C2B922	31D1640A16F13EC7DAC1515DD5C8A518406A054A	871E788C1D1AC32D41FC63A1309B48E874180718EAD5EA90EA66BE01F40618AF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp	ASCII text, with very long lines, with no line terminators	CAB8BEABE7E66A4015C98A3C77B3698B	C960AAAEA7014E105290C7D0F09BFCA837C8E8CC	75431010BFE77818B8BEF4B0C4B328C00668DC6B13C09AAB769EBF58BDA4EDF7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\67268b83-2658-4083-928c-f181c95a7676.tmp	ASCII text, with very long lines, with no line terminators	49D66ABD349F5A0E235BFCD9E721C4F9	0FB6D446CCC8139253B7EF0EF506F381B6A5642E	33CF52BF6C9C18D9E0C9AD9C0455E90A1CF9F0BEF7B1717204BBA67046861808
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\85846f46-90c1-40dd-8abd-b654f55dc759.tmp	ASCII text, with very long lines, with no line terminators	8145FE81D26AAEE8EC162625905D5E80	83C8495D8EEECAB0AED6F9485A4099445CF38D53	39FDAE15A4FF45D4E3655EDBBA0A53658F96CDA383A75B110473D9B848363FA8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	2E2110A99AD3AE9721A458C95C64C868	72AE17599EDC0B2DC61C41D946E3E296864F2CBA	BB46BA705D5F6F43F66B07EA5DA4CC7CC0BF8FE635CCC4EBBA30A5D4A54158DE
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico (copy)	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel	1B40AC9ABB964672109D49ABFCFE2717	966E224F2887075825D42D2E7E0063BFAA81A99C	503149B1B47F8296DEDB800251DBD9AF614856F0D7E6AB1C03DBC90EBCE53674
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	682329F1AE8519E4B1B369C263F2338A	F6DC1CEC35FEA30A28372812B9B308866EF7BC79	FE67C664F35C2986C9054321BFB150E60542D93C66ADDB4AEE727D1F3DC48A5A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	DE37D147F5065E1B35362AE2F4C2B922	31D1640A16F13EC7DAC1515DD5C8A518406A054A	871E788C1D1AC32D41FC63A1309B48E874180718EAD5EA90EA66BE01F40618AF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	49D66ABD349F5A0E235BFCD9E721C4F9	0FB6D446CCC8139253B7EF0EF506F381B6A5642E	33CF52BF6C9C18D9E0C9AD9C0455E90A1CF9F0BEF7B1717204BBA67046861808
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	EB2C637FDC9552BA8F813F10C4C88EFA	F5DC02F999035D80762D487C43FE5F31F1F2B099	06573A13A38E948AE3F987D0CEF93BA873EAE54333088D56DA6F87A052BCB251
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\8a436e02-2cc8-482b-a1f3-19d163320340.tmp	ASCII text, with no line terminators	038931FF72A0C6AA0695A404960B1B22	90802F36B75C3CA70FC8CD1CF8BDFBAE0E8723A4	BEF93811AE263E2E9145A44205340015843B1D4485D084BB642EAEB500FE564C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)	ASCII text, with no line terminators	038931FF72A0C6AA0695A404960B1B22	90802F36B75C3CA70FC8CD1CF8BDFBAE0E8723A4	BEF93811AE263E2E9145A44205340015843B1D4485D084BB642EAEB500FE564C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\MANIFEST-000001	PGP\011Secret Key -	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)	ASCII text, with no line terminators	038931FF72A0C6AA0695A404960B1B22	90802F36B75C3CA70FC8CD1CF8BDFBAE0E8723A4	BEF93811AE263E2E9145A44205340015843B1D4485D084BB642EAEB500FE564C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST-000001	PGP\011Secret Key -	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\c5fc1302-d5fd-4216-aa4a-f4f071904f83.tmp	ASCII text, with no line terminators	038931FF72A0C6AA0695A404960B1B22	90802F36B75C3CA70FC8CD1CF8BDFBAE0E8723A4	BEF93811AE263E2E9145A44205340015843B1D4485D084BB642EAEB500FE564C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a2acd1b4-60a6-4573-adf6-b0849a814490.tmp	ASCII text, with very long lines, with no line terminators	4693CC13A2345DD7E016FAFD592315C0	BC70FD487D140640E7F5C352ABE0794595DD4CEB	AD075F2E02C9DCA235CF5EA5D3343FFDE2D42C861CF16F65EDFE8E7A20503401
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ca4ba07d-98ad-463d-afed-ceec1e048be7.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	EB2C637FDC9552BA8F813F10C4C88EFA	F5DC02F999035D80762D487C43FE5F31F1F2B099	06573A13A38E948AE3F987D0CEF93BA873EAE54333088D56DA6F87A052BCB251
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cfc18fbb-f0d3-42f4-81a4-e8618419cc32.tmp	ASCII text, with very long lines, with no line terminators	552658F56B3C1947CB8C4C31A209D1A2	4D81BC5C1D47EED0F839808A6284256475E7F117	03FCD1441AB6EB11AD5E031386622C9EABB68EDF5C6AEBB73E43DFD2A3F217C5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d18e047f-30fc-45b3-b16a-fb20ae6500b8.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	2DD3B13D40C16C98650E23BC99034905	526FADC9F8773D282D6C9FCA3F2C43CFC36335E9	AD3EC5A28CF5F73CE3E2876927663F874B9E4A02CD9E0E7373E188F28A4602B5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d1e89f4b-7e1d-413c-9fbd-a8f908ec9df5.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp	ASCII text	AEFD77F47FB84FAE5EA194496B44C67A	DCFBB6A5B8D05662C4858664F81693BB7F803B82	4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)	ASCII text	AEFD77F47FB84FAE5EA194496B44C67A	DCFBB6A5B8D05662C4858664F81693BB7F803B82	4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e4fd2138-f319-4a7a-9d0b-926a20d0a893.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	35CEBF0C546BB70985F6A3CEBB3FB800	E6D9F86AEC73DD2C911A175DFD28EA3B1AB9ABBD	9066845D5DD0EFD3891DF735268DE8D13287033AFDF4C2FC27736C5DD3642317
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	3A0E5D4F452CF99191634D0FFAB744A0	F115BBB898EEFF640D8D19AD44A86C3FCDFFC0AD	B9D528D3AE283039F4700C7E4E790744C58A26353A91B536DD91CBA4F648A35F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	4383B706518AA2B70528158AC26FBF6A	234E3F32F73D75633A125AE09088176F6C131A09	A024DA314A790568D18A6E81A64E11CB2F1A94E2141DBAC3F598661651597BA9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)	data	3E78A1C4ACBE4D45570F6548A10F8A2F	6698ABC23ED159C58653AE2C013A2D83B00CBFD4	97D0793FBAE298FE73E1C0C4415233C25F322C4E9935F43AA0A67859D9970C58
C:\Users\user\AppData\Local\Google\Chrome\User Data\a2403b9b-7004-4a7a-95ee-55d7bfa2c7dc.tmp	ASCII text, with very long lines, with no line terminators	4383B706518AA2B70528158AC26FBF6A	234E3F32F73D75633A125AE09088176F6C131A09	A024DA314A790568D18A6E81A64E11CB2F1A94E2141DBAC3F598661651597BA9
C:\Users\user\AppData\Local\Google\Chrome\User Data\aae121d2-04ba-4014-985f-a6ecaec89d8f.tmp	ASCII text, with very long lines, with no line terminators	BBDA26C36C4FC378FABDE7E696E82B42	BEDB2B549AA2A3E934EA44C7F1AE7FA3807FAA88	25F2F7BB32C401085756EC74DE28BCDD12A3BEA7A119161EF889416AE092333E
C:\Users\user\AppData\Local\Google\Chrome\User Data\cbbf4a0d-adf6-4d91-ac4e-bba7a2dfb889.tmp	ASCII text, with very long lines, with no line terminators	1F566330D7C8C2072DFEC5E764F7A094	E7C578908DB21772E37D6DB9A3EE4D61389357CD	D466799A5C571540141376019C2FCA46B654E532C6051FA2AFF1B465FA7905B6
C:\Users\user\AppData\Local\Google\Chrome\User Data\e710675e-db93-44e8-9cc9-1408be8d0606.tmp	data	5498B27520B32F08772E0733F3E83A82	6F00092105BF911F5A28E03AB4E964D8E69AB708	91D5241B81409E53D1154041AE0694ACFE5376FFB24C6E25DB276105D21996C6
C:\Users\user\AppData\Local\Google\Chrome\User Data\ee67e556-b169-4ab0-9a9f-4ef379a7a09a.tmp	ASCII text, with very long lines, with no line terminators	7EE59BB83670681BAA7B140EA47D2609	798AB5E71C69751879E1D2E435DAF4E3CE6DB766	5653DD43D356DC20C4BCAD549624651B5ACC03F9A13B35E4C13B77B629F18E1C
C:\Users\user\AppData\Local\Temp\0e479653-eaf5-46cd-9f7a-a2120da53793.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\183bb6f2-8ab3-49e9-b97c-e56322ef6ad2.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)	173CA02E5B06065771DEB2F28E4E5A9E	20F1774FB280C94C13082A255C27D7A786EFD5C7	634557AE2916F2FAA0CBF2557F8F96E26845ABE94D2784FD73B169EC5618B186
C:\Users\user\AppData\Local\Temp\18622864-0537-4583-84fc-877c68bf9f16.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)	A83A2746B84F1CF573B02965B72ED592	85CC572D6F90029EB99AAFA56297D1BCA494313A	DF4B53C1C7C48E80753D4945E6EC7847084F51BF57F0ED9D341326C74651D6EC
C:\Users\user\AppData\Local\Temp\4c2a4d8d-a8ae-41a8-b2ba-3b26fbbdd479.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)	3E5CCD9B583763AF68E28C5101373167	2005CDC0A8070B65E321A197D576698ECC267496	41412C0863920BA95E9FDBD3AF000CBE926A73C078997A233DF55379A5C4D274
C:\Users\user\AppData\Local\Temp\7668_1088337683\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	8B6C3E16DFBF5FD1C9AC2267801DB38E	F5CADC5914DF858C96C189B092BC89C29407BBAA	FD986A547D9585E98F451B87CA85DEB4B61EE540C6FAC678D7BEDABF04653095
C:\Users\user\AppData\Local\Temp\7668_1088337683\_platform_specific\x86_64\pnacl_public_pnacl_json	ASCII text	35D5F285F255682477F4C50E93299146	FB58813C4D785412F05962CD379434669DE79C2B	5424C7B084EC4C8BA0A9C69683E5EE88C325BA28564112CC941CD22E392D8433
C:\Users\user\AppData\Local\Temp\7668_1088337683\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped	604FF8F351A88E7A1DBD7C836378AE86	9D8D89AE9F13D6306E619A4EAAD51EDE91A5F9F3	947E64BE43E821562CE894F1AFCC3D09CD7FF614C107FC94250CD3EA5C943302
C:\Users\user\AppData\Local\Temp\7668_1088337683\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped	88C08CD63DE9EA244F70BFC53BBCADF6	8F38A113A66B18BAA02E2C995099CF1145A29DAA	127F903CC986466AA5A13C17DFDD37AC99762F81A794180339069F48986BC7A3
C:\Users\user\AppData\Local\Temp\7668_1088337683\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped	75E79F5DB777862140B04CC6861C84A7	4DB7BDC80206765461AC68CEC03CE28689BBEE0C	74E8885B87ED185E6811C23942FD9BD1FBAC9115768849AF95A9DECF6644B2EA
C:\Users\user\AppData\Local\Temp\7668_1088337683\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377, stripped	0BB967D2E99BE65C05A646BC67734833	220A41A326F85081A74C4BB7C5F4E115D1B4B960	C6C2D0C2FC3E38A9BFA19C78066439C2F745393F1FD1C49C3C6777F697222C76
C:\Users\user\AppData\Local\Temp\7668_1088337683\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a	current ar archive	0CE951B216FCF76F754C9A845700F042	6F99A259C0C8DAD5AD29EE983D35B6A0835D8555	7A1852EA4BB14A2A623521FA53F41F02F8BA3052046CF1AA0903CFAD0D1E1A7B
C:\Users\user\AppData\Local\Temp\7668_1088337683\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a	current ar archive	C37CA2EB468E6F05A4E37DF6E6020D0F	EA787E5EADFB488632EC60D8B80B555796FA9FE9	C1483ED423FEE15D86E8B5D698B2CDAB89186CE7FF9C4E3D5F3F961FD80D7C6E
C:\Users\user\AppData\Local\Temp\7668_1088337683\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a	current ar archive	4E8BEDA73EB7BD99528BF62B7835A3FA	DC0F263A7B2A649D11FF7B56FE9CFAC44F946036	6B835FD48DF505EB336FF6518CE7B93BB0ED854DADAA5C1EEED48D420291F62C
C:\Users\user\AppData\Local\Temp\7668_1088337683\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a	current ar archive	F950F89D06C45E63CE9862BE59E937C9	9CFAD34139CC428CE0C07A869C15B71A9632365D	945B1C8A1666CBF05E8B8941B70D9D044BAAFB59B006F728F8995072DE7C4C40
C:\Users\user\AppData\Local\Temp\7668_1088337683\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce, stripped	9B159191C29E766EBBF799FA951C581B	D1D4BBC63AB5FC1E4A54EB7B82095A6F2CE535EE	2F4A3A0730142C5EE4FA2C05D27A5DEFC18886A382D45F5DB254B61B28ED642B
C:\Users\user\AppData\Local\Temp\7668_1088337683\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped	9DC3172630E525854B232FF71499D77C	0082C58EDCE3769E90DB48E7C26090CE706AD434	6AA1DA6C264E0AF4E32A004F4076C7557C6AC6D9C38B0C5DE97302D83FA248C3
C:\Users\user\AppData\Local\Temp\7668_1088337683\manifest.fingerprint	ASCII text, with no line terminators	C00BCE97F21B1AD61EB9B8CD001795EE	8E0392FF3DB267D847711C3F4E0D7468060E1535	59F06F04230E32E8BC839F45B984D31D611930427B631C963D09E7064A602363
C:\Users\user\AppData\Local\Temp\7668_1088337683\manifest.json	ASCII text	1863B86D0863199AFDA179482032945F	36F56692E12F2A1EFCA7736C236A8D776B627A86	F14E451CE2314D29087B8AD0309A1C8B8E81D847175EF46271E0EB49B4F84DC5
C:\Users\user\AppData\Local\Temp\a0f69cf9-0a73-4e80-84ef-2c07da713d66.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)	7F0FCE2F184F63FED8E9929FB106C282	0582EB5BFC7FCCCC1C77A860F00E351E61F5DC67	7C33F333216849E50AFC9550DA7DA4450D221B837340716ACCEE3766FFD4A62B
C:\Users\user\AppData\Local\Temp\b8724d3c-a4d1-4bd6-b081-537cfbebc815.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)	2A37AD0EC191D53104BB46953AC6C43C	FD23FFC5B7E4A6B45FBD88A486D15FAA51DC07AE	51F075EB69486CB23B32A0776782B4A1B2AF204429AB94510469E02B115E56CC
C:\Users\user\AppData\Local\Temp\db51accb-af0b-4ca2-b5f5-32b7f2cf8aa1.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	82719BD3999AD66193A9B0BB525F97CD	41194D511F1ACC16C1CA828AC81C18C8C6B47287	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B2583D8D1C147E36A69A88009CBEBC7	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	CFF6CB76EC724B17C1BC920726CB35A7	14ED068251D65A840F00C05409D705259D329FFC	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	3A01FEE829445C482D1721FF63153D16	F3EAAADDC03F943FC88B30B67F534AA13E3336DD	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	57AF5B654270A945BDA8053A83353A06	EEEF7A4F869F97CF471A05D345E74F982D15E167	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8D11C90F44A6585B57B933AB38D1FFF8	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	E376D757C8FD66AC70A7D2D49760B94E	1525C5B1312D409604F097768503298EC440CC4D	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8185D0490C86363602A137F9A261CC50	5BD933B874441CEACB9201CCC941FF67BAED6DC0	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	85609CF8623582A8376C206556ED2131	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\id\messages.json	ASCII text, with CRLF line terminators	EAB2B946D1232AB98137E760954003AA	60BDC2937905B311D2C9844DF2D639D7AC9F7F67	C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with CRLF line terminators	A328EEF5E841E0C72D3CD7366899C5C8	2851ED658385804E87911643F5A4200B1FB26E13	CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with CRLF line terminators	9B3A5D473C3F2BBFAEECE94A07A940B8	61BACA342CF766BBA15C7B4D892A0E7DAC9405AA	706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	9F6B4D82A70C74CA751E2EAE70FAB5CF	0534F125FFCE8222277CF2BE3401C59DAF9217F8	D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with CRLF line terminators	4CA644F875606986A9898D04BDAE3EA5	722A10569E93975129D67FBDB75B537D9D622AD1	7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with CRLF line terminators	C5CE2C51391EAFD3DA9E4C71549A3C28	1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D	1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\nb\messages.json	ASCII text, with very long lines	8F0168B9A546D5A99FD8A262C975C80E	B0718071BD0B7251D4459E9C87DF50C14622FBD6	F03FA7384DF79EBA6E0274D570996030F595A3BF6B781929DD9DB6593262E41F
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with CRLF line terminators	7A8F9D0249C680F64DEC7650A432BD57	53477198AEE389F6580921B4876719B400A23CA1	92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with CRLF line terminators	0E6194126AFCCD1E3098D276A7400175	E8127B905A640B1C46362FA6E1127BE172F4A40F	E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\pt_BR\messages.json	UTF-8 Unicode text, with CRLF line terminators	86A2B91FA18B867209024C522ED665D5	63DEC245637818C76655E01FCB6D59784BC7184E	6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\pt_PT\messages.json	UTF-8 Unicode text, with CRLF line terminators	750A4800EDB93FBE56495963F9FB3B94	8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61	C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with CRLF line terminators	98D43E4B1054A65DF3FA3CC40AB6FB6D	46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2	113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	DB2EDF1465946C06BD95C71A1E13AE64	FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811	FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	8DF215D1EFBDABB175CCDD68ED8DCB0A	2B374462137A38589A73FDD00A84CBDC7E50F9F4	7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	3943FA2A647AECEDFD685408B27139EE	0129DD19D28373359530B3B477FE8A9279DABB7D	18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	D485DF17F085B6A37125694F85646FD0	24D51D8642CDC6EFD5D8D7A4430232D8CDE25108	7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	D372B8204EB743E16F45C7CBD3CAAF37	C96C57219D292B01016B37DCF82E7C79AD0DD1E8	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	83E2D1E97791A4B2C5C69926EFB629C9	429600425CB0F196DDD717F940E94DBD8BFF2837	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	2CEAE0567B6BB1D240BBAD690A98CA3B	5944346FBD4A0797B13223895995CAB58E9ECD23	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	AB0B56120E6B38C42CC3612BE948EF50	8B3F520E5713D9F116D68E71DAEED1F6E8D74629	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	7EBB677FEAD8557D3676505225A7249A	F161B4B6001AEAEAB246FF8987F4D992B48D47BE	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	BB73BF561BB79F89D9BF7C67C5AE5C65	2FADD3A1959B29C44830033A35C637D0311A8C9C	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FF50C673CC0C661D615F0CFD0E6DCA0	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	0834821960CB5C6E9D477AEF649CB2E4	7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588	52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\craw_background.js	ASCII text, with very long lines	6EEBED29E6A6301E92A9B8B347807F5F	65DFB69B650560551110B33DCBA50B25E5B876DE	04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\craw_window.js	ASCII text, with very long lines	1709B6F00A136241185161AA3DF46A06	33DA7D262FFED1A5C2D85B7390E9DBC830CBE494	5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\css\craw_window.css	ASCII text	67BF9AABE17541852F9DDFF8245096CD	A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB	10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\html\craw_window.html	HTML document, ASCII text	34A839BC40DEBC746BBD181D9EF9310C	8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46	BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\images\flapper.gif	GIF image data, version 89a, 30 x 30	398ABB308EEBC355DA70BCE907B22E29	CFFB77B8A1724B8F81D98C6D6AD0071D10162252	2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\images\topbar_floating_button.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	8803665A6328D23CC1014A7B0E9BE295	9DA6EE729D5A6E9F30658B8EC954710F107A641F	D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\images\topbar_floating_button_close.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	0599DFD9107C7647F27E69331B0A7D75	3198C0A5F34DB67F91A0035DBC297354CBC95525	131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\images\topbar_floating_button_hover.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	7CB6B9DC1A30F63B8BD976924B75AD96	0C40B0C496D2F2B5F2021C117EC8610AC03AB469	721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\images\topbar_floating_button_maximize.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	232CE72808B60CBE0F4FA788A76523DF	721A9C98C835D2CD734153BBE07833C6637ECD68	AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\images\topbar_floating_button_pressed.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	E0862317407F2D54C85E12945799413B	FA557F8F761A04C41C9A4BA81994E43C6C275DBB	5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
C:\Users\user\AppData\Local\Temp\scoped_dir7668_510292319\db51accb-af0b-4ca2-b5f5-32b7f2cf8aa1.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.acl	Little-endian UTF-16 Unicode text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.dic	Little-endian UTF-16 Unicode text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.exc	Little-endian UTF-16 Unicode text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://document--1111011111.company.com/

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected HtmlPhish20

Source: Yara match

File source: 25855.0.pages.csv, type: HTML

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 May 2022 12:31:06 GMTServer: ApacheSet-Cookie: is_mobile=0; path=/; domain=document--1111011111.company.comVary: X-W-SSL,Accept-Encoding,User-AgentSet-Cookie: language=en; expires=Fri, 10-Jun-2022 12:31:06 GMT; Max-Age=1209600; path=/Cache-Control: privateETag: W/"9c914c4469a59d58104fecad7951b405-gzip"Content-Encoding: gzipX-Host: blu105.sf2p.intern.weebly.netX-UA-Compatible: IE=edge,chrome=1Content-Length: 5871Keep-Alive: timeout=10, max=72Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 3c fd 77 db 46 8e 3f 5b ef ed ff 30 65 bb a5 dc 88 a2 64 4b fe d0 57 cf 71 dc 6e fa da c4 1b 3b d7 db 8b b3 7a 23 72 24 31 a6 48 86 a4 2c eb 5c fd ef 07 60 86 5f 12 e5 8f a6 e9 de de 8b db 48 e4 0c 80 c1 60 00 0c 06 04 d5 fb ea c5 eb d3 cb 7f 9c 9f b1 69 3c 73 07 95 1e 7e 31 97 7b 93 be 26 3c 6d 50 d9 e9 4d 05 b7 e1 7b a7 17 3b b1 2b 06 cf a1 f3 9a 5d e2 35 33 d8 df fc 99 e8 99 b2 a7 37 13 31 67 41 e8 07 22 8c 97 7d cd 9f 74 22 27 16 43 8f cf 84 c6 2c df 8b 85 17 f7 b5 1c 01 8d 99 30 e4 26 5a 2c 3b 9f 82 62 8b c8 0a 9d 20 76 7c ef 69 88 ce 8c 4f f2 63 4d e3 38 e8 98 a6 ed 5b f3 19 34 18 46 13 fe 1a f8 d1 ac 5b fe 2c e0 de 12 bf cd 79 e0 fa dc 8e cc a6 d9 82 7f 47 66 b3 d5 3c 6a 35 9a 47 07 66 13 38 11 c2 8b a6 7e 6c ec 35 f6 9a 46 a3 65 ec 1d 18 3c 36 9a c7 46 fb 18 da 0c 3f 74 26 d9 c7 10 3f ea 81 37 f9 f3 78 14 b6 13 fb a1 b9 f7 00 ab cd bd 8c 4b 64 f0 fb e6 41 7b af 75 d0 38 6a ec ff 79 bc ee 07 76 f0 04 61 cd 43 f7 77 0c 4f d4 2a 3d d7 01 7d 09 85 db d7 1c 0b 35 29 5e 06 02 ae 71 4e 26 8d 39 0d c5 b8 af 99 e6 62 b1 a8 2f 84 18 b9 45 ee 43 11 09 d7 15 a1 c9 a3 48 c4 91 b9 df 3e 38 3c 68 1d 1d b7 8d 31 bf 41 92 75 f8 90 63 55 14 f3 c8 a1 21 3e ce 9d 9b be 76 2a d9 36 2e 61 d8 dc 24 62 71 1b 9b 68 99 5d 66 4d 79 08 94 fb f3 78 6c 1c 11 21 c6 24 1d 34 b3 be 76 e3 88 45 e0 87 71 0e 7b e1 d8 f1 b4 6f 0b 18 5f 18 74 53 63 8e e7 c4 0e 77 8d c8 e2 ae e8 37 eb 0d c9 d3 ce 0e 1a 3a 09 c1 b1 01 13 ed d7 18 f1 48 18 51 bc 44 1b 22 d1 d0 75 34 15 22 4e 04 44 0c 5a 51 94 c9 c7 b2 bd bd 3a 6a d9 6c 89 44 48 48 00 60 e2 4d 54 87 ab ef 47 73 c7 b5 2f 1d 60 1a 94 0a d6 f9 e0 e8 48 29 55 b6 08 9f 32 92 ef da e6 98 7b d6 72 e4 df d2 80 9f 67 98 c8 b7 50 90 b8 b6 b9 79 c5 eb f3 9a 01 2a 87 91 c8 de 6a a0 b0 1f 84 25 9d d5 93 59 19 3b 00 61 ce b8 e3 0d 09 3a 99 1c 18 66 f3 a0 d1 02 3c f4 77 c9 ea c5 53 31 13 06 e1 a7 23 11 21 dd 34 c7 a0 22 51 7d e2 fb 13 57 f0 c0 89 92 49 7d 3f e6 33 c7 5d f6 7f c1 7e 11 86 3c ee b4 1a 8d da 61 a3 f1 6d 34 1f a1 fa b9 3c 76 bc 1a 7d 1a c0 9f 4e cc eb 19 f3 ba 64 5e 4f 98 d7 a5 79 11 c0 7a d7 Data Ascii: <wF?[0edKWqn;z#r$1H,\`_H`i<s~1{&<mPM{;+]5371gA"}t"'C,0&Z,;b v\|iOcM8[4F[,yGf<j5Gf8~l5Fe<6F?t&?7xKdA{u8jyvaCwO*=}
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxContent-Type: text/cssLast-Modified: Thu, 19 May 2022 17:44:26 GMTETag: W/"628681fa-347ac"Expires: Fri, 03 Jun 2022 19:57:18 GMTCache-Control: max-age=1209600X-Host: grn89.sf2p.intern.weebly.netContent-Encoding: gzipVia: 1.1 varnish, 1.1 varnishContent-Length: 29746Accept-Ranges: bytesDate: Fri, 27 May 2022 12:31:06 GMTAge: 578029Connection: keep-aliveX-Served-By: cache-sjc10034-SJC, cache-mxp6924-MXPX-Cache: HIT, HITX-Cache-Hits: 1, 75X-Timer: S1653654667.651470,VS0,VE0Vary: Accept-EncodingAccess-Control-Allow-Origin: Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ec bd 8b 92 e3 b8 91 28 fa 2b 3c 55 d1 31 5d b3 a2 9a e2 43 8f 52 78 8e 3d 63 cf ae 23 76 6d c7 f1 9e bd 27 ee b1 a3 83 92 a8 2a ba 29 51 4b 4a f5 b0 a2 fe fd e2 49 26 5e 24 48 51 35 33 77 ba 35 3d 2d 91 40 22 91 48 20 13 89 44 e6 6f bf 24 af db 22 de 25 a5 53 1e d2 fd d9 fb 70 3e 16 f1 be dc e6 c5 ee be c8 8f f1 31 f9 e8 6d 92 87 bb b7 89 a7 7b 17 4c e9 db b7 4f df fe 0f e7 7f 25 db 2c 79 71 9e 26 e3 68 ec 39 ae f3 78 3c 1e ca fb 4f 9f 1e d2 e3 e3 69 35 5e e7 bb 4f 59 92 fc 23 2f 36 f1 fe 53 41 0b 7f fb 69 fc 50 a4 9b f3 26 2d 0f 59 fc 7a 9f ee b3 74 9f b8 ab 2c 5f 7f 59 f2 87 ee ae 74 71 e9 55 fe 52 3d c3 bf 97 df 8a d5 96 ff cc f3 dd fd 64 c9 cb bb cf 45 7c b8 c7 ff 5b 4a 3f 0f f1 66 93 ee 1f ee bd e5 2e 2e 1e d2 3d fa 72 c8 cb f4 98 e6 fb fb 22 c9 e2 63 fa 94 2c 9f d3 cd f1 f1 1e 77 1c 95 42 b5 eb 9f 59 72 3c 26 85 5b 1e e2 35 86 e2 7a e3 60 92 ec 9c ff 91 ee 0e 79 71 8c f7 c7 e5 b7 52 91 3d 22 5a 9c c1 12 cf 88 0e 10 42 18 88 10 b2 b4 3c ba e5 f1 35 4b dc e3 eb 21 41 10 f6 c9 1b 21 d6 fd 2a 41 63 90 8c e8 8f 78 8b da 39 6b 9b 13 db e0 cf 1e d3 63 42 1e 26 fc 91 d8 3b da 88 f3 ad d0 0c fa 79 79 43 0c 32 1d 71 3e 48 f7 13 67 e2 c4 a7 63 be 14 7e 71 2c ce 68 d0 dd 32 fd 27 06 bc 42 ad a0 b6 d1 93 66 1c f5 55 fe ef 3a 8b cb f2 db df dc e0 b2 9f 3f af f3 cc bd f9 fb 95 18 6f 93 16 c9 9a 70 13 6a e6 b4 db 2f f5 4f 2f 1a b5 46 86 7d 4a 8a 63 ba 8e 33 37 ce d2 87 fd fd 31 af 79 7e e2 1d 18 fd 10 11 92 2c 3b ab 80 78 ef 28 35 da 46 8a 92 e9 94 65 e5 ba 48 92 bd 03 60 8f d0 42 91 1f e1 93 b3 cc 68 74 24 26 3e 78 b1 fc 96 7e 5f 2c c6 0b b1 d4 84 95 5a 4c c6 53 f4 67 56 17 45 8b 0e 79 20 14 f7 58 f1 79 30 0e f0 9f aa 38 7a e0 93 07 b0 f8 82 95 9e 45 55 b9 59 28 61 30 67 65 a6 53 09 01 f4 40 45 60 c6 4a 47 73 a9 7d f4 40 6d 7f ca 4b d7 14 08 65 0a 44 ac 4c 28 13 20 d4 11 20 64 a5 03 b9 ff 81 ae ff 01 2b ed d7 fd f7 e5 fe 57 c3 24 f7 7f a2 eb 3f 1f 2e b9 fb 55 ef 7f bb 4b 36 69 ec 7c dc a5 7b b6 02 39 e1 1c f1 e7 dd 19 40 79 29 2d d9 03 17 ec c6 21 b8 46 37 26 41 35 6c f8 04 15 eb c6 2a a8 42 37 6e 41 15 6c 18 06 15 eb c6 33 a8 42 37 b6 41 15 6c 38 07 15 eb c6 3c 78 6c da f8 47 cb 40 5e b2 13 f8 a7 dc 59 f2 0f 2e d8 8d 7f 70 8d 6e fc 83 6a d8 f0 0f 2a d6 8d 7f Data Ascii: (+<U1]CRx=c#vm')QKJI&^$HQ53w5=-@"H Do$"%Sp>1m{LO%,yq&h9x<O
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxContent-Type: text/cssLast-Modified: Thu, 19 May 2022 17:44:26 GMTETag: W/"628681fa-3319"Expires: Fri, 03 Jun 2022 19:57:20 GMTCache-Control: max-age=1209600X-Host: blu86.sf2p.intern.weebly.netContent-Encoding: gzipVia: 1.1 varnish, 1.1 varnishContent-Length: 1640Accept-Ranges: bytesDate: Fri, 27 May 2022 12:31:06 GMTAge: 578026Connection: keep-aliveX-Served-By: cache-sjc10031-SJC, cache-mxp6937-MXPX-Cache: HIT, HITX-Cache-Hits: 1, 1479X-Timer: S1653654667.652356,VS0,VE0Vary: Accept-EncodingAccess-Control-Allow-Origin: Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 5a cb 72 ea 38 10 dd cf 57 64 c8 e6 a6 2a 24 d8 10 02 a6 a6 66 fe 61 b6 b3 91 6d 01 2a 6c 8b b1 45 08 37 95 7f 1f c9 f2 83 47 4b 6a 1b d7 5d 4d 56 29 bb cf e9 a3 3e 46 ef bf d6 3c 13 e3 35 89 e8 57 f5 5f ca 92 53 30 3a 16 3c 62 24 19 ad 8a 3c 0a 0e 79 f2 e3 f5 35 8a 33 ff 85 c6 4c a4 a7 82 09 fa 12 f1 f4 55 61 8a d7 e3 df 65 f0 6b 05 7a a1 5c fc 29 8a 3f bc f9 9b bf 5c f8 fe 7c be 98 2f 9e 06 63 7a 64 74 cd 3e 9f 1e d6 3c 4f 89 f8 31 a2 69 48 e3 98 c6 63 be a7 99 38 ed e9 e8 e9 b9 6b 9e 23 5f af 6f 25 37 29 d4 eb 1e ac 42 d8 48 45 7e a0 3d e5 16 1f 9b db b2 54 2f db 04 32 6a f4 b4 2a 6d 3d 52 b6 d9 8a 20 53 6f 12 fd a8 10 a7 84 56 4f be 5f 8e 2a e3 58 33 8c e3 9c 85 61 28 df 86 54 72 d1 af 48 c6 cb d2 06 a3 7f e8 7c 12 8d ea 68 a9 6f bc cf 79 7c 88 44 47 64 15 1d f1 84 e7 0f 9d 72 af 4a 4c f0 b8 9e bc bf 93 c9 15 5f f1 ef 81 e4 d4 40 f8 0c c5 c2 a1 5f 21 89 76 9b 9c 1f b2 78 dc 3b 5f 40 d6 82 e6 1d b2 6a 80 b1 c1 e5 df 95 80 94 b0 04 2c d4 d4 66 12 02 65 31 c8 82 ae b5 4e e7 d3 70 4a 31 c5 52 64 88 12 a9 30 c0 94 6e 79 d0 86 b4 c1 a6 06 82 66 a8 4e 34 e4 7c 07 16 67 62 33 04 89 b4 98 e2 60 68 8c 09 df 96 cb 05 a6 60 35 21 a2 5c 75 28 64 50 e7 7c 68 93 2e 01 a6 06 c3 46 25 2c da e5 e3 84 ae 05 58 af d8 ea 15 1a 6c b3 cb 49 52 37 60 32 99 4f e3 08 55 c1 96 13 53 be 36 1a f0 ad 57 56 bc 75 d7 18 53 e3 6d ee e5 e5 80 06 15 8f 22 ec c3 a0 dd fe d9 58 da 36 4c 26 8b 59 87 52 96 a4 f8 2a 96 e1 d0 80 d5 2b 6f 57 0f cf 40 e6 02 18 4d 04 4b b7 70 db e7 c0 39 8d 33 e0 fb fe e6 d0 e5 1a e0 97 d6 d1 20 c8 9a 85 dd 9a 7d 72 28 c0 02 cd 6c c6 20 50 16 5b 2c e8 5a 6b 1c cf c2 e9 12 53 28 45 86 28 90 0a 03 0c e9 96 07 6d 47 1b 6c 6a 20 68 06 cb 0a 41 36 39 49 c1 ea bc db 1c c1 42 2d b6 b8 28 9a 69 c5 fa dd 5f 86 98 9a 35 8c 88 92 35 b1 d0 c4 a2 7b 46 b4 55 57 08 53 a3 41 bf 12 96 ed e4 0a 2e 03 0b e6 db ec 42 22 2d 6e 39 18 1a b3 16 0b 12 a2 26 cd 35 21 a2 66 75 28 64 55 e7 7c 68 a7 2e 01 a6 06 c3 bd 1c 93 b1 39 2d e0 e1 7b 69 ed ea 90 50 5b 7f e7 a0 a8 a5 47 91 ef f9 ef a8 ce a8 66 c4 f4 45 75 2c e0 56 8f 8c f8 3e f0 12 61 6a 34 e8 57 5e c0 03 c4 9b cd 29 37 c8 e2 91 19 dc 08 f5 e7 6f be 8f a9 95 e4 42 d4 47 46 41 13 b9 2e 59 d0 5e 34 b1 c6 c6 41 2e 88 43 1a 26 e0 Data Ascii: Zr8Wd$fam*lE7GKj]MV)>F<5W_S0:<b$<y53LUaekz\)?\\|/czdt><O1iH
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxContent-Type: application/javascriptLast-Modified: Thu, 19 May 2022 17:43:17 GMTETag: "628681b5-2c075"Expires: Fri, 03 Jun 2022 19:57:18 GMTCache-Control: max-age=1209600X-Host: grn87.sf2p.intern.weebly.netContent-Encoding: gzipVia: 1.1 varnish, 1.1 varnishContent-Length: 32604Accept-Ranges: bytesDate: Fri, 27 May 2022 12:31:06 GMTAge: 578028Connection: keep-aliveX-Served-By: cache-sjc10043-SJC, cache-mxp6932-MXPX-Cache: HIT, HITX-Cache-Hits: 1, 22X-Timer: S1653654667.652116,VS0,VE0Vary: Accept-EncodingAccess-Control-Allow-Origin: *Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cc bd db 76 1b 49 92 20 f8 dc fd 15 51 d5 d5 25 e5 94 88 14 25 e5 4d 95 95 35 bc 49 a2 44 52 4c 82 94 5a 39 9a c1 71 00 0e 20 c4 40 04 32 2e a4 90 6a 9d d3 2f fb 05 bb 2f f3 38 67 1f f6 cc 43 bf cd 1f e4 9f f4 97 ac dd dc c3 03 f0 40 04 40 68 67 cf 51 26 23 02 e6 e6 e6 ee e6 e6 66 e6 e6 e6 ff 78 1b c6 c3 e4 b6 d3 7b 1b fc 2d 90 e7 b7 5a f7 a3 f9 d2 fb bf fe 6b f0 e9 f3 5f ff b1 f7 b6 33 d6 79 37 cc f5 89 8a c7 85 1a eb ab 8b 13 00 1e 15 f1 20 0f 93 f8 7e 04 9f bf fa f4 8f ff 90 ea bc 48 e3 e0 de d7 5f ab 2c d3 79 b6 93 e5 6a 1c c6 e3 ce 2d e1 eb c4 3a ff fa 43 f6 35 82 7f fd cf f8 ff 7f fe 3a cb a3 ce 87 ec ef fd 22 8c 86 97 e1 54 ff 6d f7 d1 e3 27 7f be d7 49 f5 2c 52 03 7d ff 1e c3 dd 7b 10 50 25 7f fd c7 cf 48 4e 1e 85 7f b3 b5 67 5f 7d 92 8a b3 bf d2 af 99 50 0a 24 de d3 f1 3d 6a c0 28 8f fe 86 3f c1 9f fb b6 e4 57 01 10 7d a3 d2 60 e4 b6 26 a3 cf f4 3d 87 ef 79 94 fd 97 ec bf 62 5f 64 7f 95 cf 0a 3e ef a5 a9 9a 77 66 69 92 27 f9 7c a6 3b 59 14 0e 74 67 a0 a2 e8 be 4a c7 c5 54 c7 79 f6 20 d8 fd 0a cb 8c 92 34 b8 8f 05 43 28 f8 f0 af f0 e7 c7 40 75 22 1d 8f f3 09 bc fd e5 2f 5c e3 3f 50 75 9d 6c 16 85 f9 fd 7b 9f 3e dd fb 4b f8 97 7b 9f 3f df fb aa f3 21 09 e3 fb ea bf 84 ff 95 d0 7d 86 ff e0 9f 34 3a 0f fe 0e 85 4c 7f 7d fd df de bf cf fe d3 fd ce 5f fe fe 15 3e fc e9 eb 07 c1 bd 3f ed de fb 2a 78 4a e4 7f 7e f0 8f ff 00 0d 82 7a 5e 76 5f 9f 75 66 2a cd a0 8f 3f bd ff 63 3e d1 53 dd 19 ea 5c 85 51 f6 fe 8f 4f df ff f1 d0 3c 3f 30 bf 66 45 1f 1a ab 22 fa b9 6b 5f ec ef 83 89 1e 5c 27 45 4e bf 1f d8 17 fb 7b aa d5 f0 2c b9 a5 9f 2f e0 39 a0 17 fb 73 5f 0d ae 2f 93 fd 28 19 13 c4 3e bc 06 79 12 f0 87 92 88 89 4a 35 53 c0 4f 0f 4a e2 b3 41 1a ce 70 0c a5 01 ce bb 85 fa 35 9f d3 af 3f e3 5f fc aa a7 d0 73 b9 ce 3a 3a d2 34 6a 9d 41 92 5c 87 7a 27 99 e5 3b d0 80 ce 30 cc 06 91 02 de 4c a9 e0 e5 24 cc 82 5b dd 47 2e 0b 8a 4c 67 c1 54 a5 d7 3a 07 3e 0f 54 3c 0c f2 14 08 c7 97 5c 0f 26 71 02 d4 87 80 3c 78 3d 23 08 40 18 24 a3 20 27 24 61 14 05 50 4b 30 4f 0a f3 03 f0 4f c0 f5 03 f7 e8 8f 03 0d 3f 23 fb e4 93 24 d3 41 ac f5 50 0f b1 57 d2 02 46 7e a2 0d 21 1d e8 4b 20 27 9f a8 3c c8 92 a9 0e 80 31 87 c5 20 47 e2 e6 41 9c Data Ascii: vI Q%%M5IDRLZ9q @2.j//8gC@@hgQ&#fx{-Zk_3y7 ~H_,y
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxContent-Type: application/javascriptLast-Modified: Thu, 19 May 2022 17:44:49 GMTETag: "62868211-8250f"Expires: Fri, 03 Jun 2022 19:57:19 GMTCache-Control: max-age=1209600X-Host: blu94.sf2p.intern.weebly.netContent-Encoding: gzipVia: 1.1 varnish, 1.1 varnishContent-Length: 158975Accept-Ranges: bytesDate: Fri, 27 May 2022 12:31:07 GMTAge: 578028Connection: keep-aliveX-Served-By: cache-sjc10033-SJC, cache-mxp6962-MXPX-Cache: HIT, HITX-Cache-Hits: 1, 5X-Timer: S1653654667.045205,VS0,VE0Vary: Accept-EncodingAccess-Control-Allow-Origin: Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 7b 77 db 46 f2 28 f8 ff 7e 0a 09 e3 91 01 13 a2 44 d9 71 62 d0 08 af fc 4a 3c 63 c5 1e 4b 1e 27 a1 18 2e 44 36 25 d8 14 c0 00 a0 65 45 e4 7e f6 ad 47 3f 01 50 b6 e7 37 77 cf 3d 67 f3 10 81 46 3f aa bb ab eb d5 d5 d5 fe 6c 99 4d aa 34 cf 7c 11 dc 7c 4a 8a ad 2a be 59 f7 55 e2 56 e6 17 c1 4d 3a f3 ab 61 31 0a 0a 51 2d 8b 6c 0b 9f bb e2 f3 22 2f aa b2 8f 45 d2 18 93 e2 1b 99 16 dd ac c3 74 1a 15 e1 3c 4f a6 62 1a cd 92 79 29 d6 7d 81 c5 26 c9 7c ee a7 aa 74 98 86 e6 39 0b fa 69 97 8b c4 55 b1 14 7d d9 9c ce b1 ce ba 97 b1 e8 67 dd 49 5c c1 df 45 ec 5d 54 d5 a2 8c f6 f6 26 d3 ec a0 2b a6 69 75 79 5d a6 95 e8 4e f2 cb bd 0f e5 9e e7 e6 f2 3a 57 69 36 cd af ba 87 c7 c7 cf 4f 8e c7 4f 0e 8f 9f 77 3c ca b8 5a 41 4e d5 60 e6 ef 07 eb c0 1f 9a 91 09 2b 80 ee 46 28 40 e2 cc bf 7f d0 0b d6 61 3d 07 0e 46 d1 df f6 8b 58 7f a1 d1 93 ed be 17 e2 6c 7e bd 1d c7 cb 6c 2a 66 69 26 a6 3b 3b ce a7 ee 87 7f 2d 45 e1 e4 08 6e 24 54 6d 19 d7 ee 37 99 c8 83 0c 00 01 50 22 08 0b b7 41 df 74 a3 08 36 f5 21 4c a9 17 c3 cc ef 05 a3 30 8d 6d 24 71 00 89 e5 db f8 bd 79 5a ad 00 83 f4 5b 77 59 cd 63 e7 6d b5 6a a9 0e 3e cd 92 74 2e a6 27 f3 32 6e 49 5b ad 86 a3 7e 4b 7a 77 b1 2c 2f a0 1e 35 79 c2 6e 7a e6 34 3d fb 52 d3 2f aa 96 b6 31 b1 b5 71 fc 50 6b dd f3 fe 07 1d 7f d7 d6 fa bb 4d ad bf fb 52 eb a5 d3 7a f9 a5 d6 8f db 5a 3f de d4 fa f1 17 5b 17 d5 d3 3c ff 98 8a b8 15 bf e2 4c 5c 6d 3d 4b 2a 58 e4 98 f5 24 bd 14 7e d1 3d 97 4f 41 27 bb 77 f0 e0 de c3 7d fc af 27 ee 07 92 ca 78 80 b8 69 21 ca d8 eb 14 dd 2a 7f 77 f2 f4 b8 2a d2 ec dc 0f fa d3 7c b2 bc 14 59 05 4b 9f 5a 15 1d 0f 72 55 1d af bf e5 75 52 1b b2 c9 5c 24 45 03 36 7b 40 34 ec 00 b2 e7 85 bb b0 d2 ad f2 e7 2d 3d 53 94 93 5a 25 60 b3 b8 06 51 b7 5c cc d3 ca f7 fa 5e d0 9f e5 85 cf c3 b0 df 2f 1e 67 dd b9 c8 ce ab 8b 7e d1 e9 70 45 69 9c 01 ad ec 5f 5d c0 50 03 b1 9c 5c 24 c5 61 05 44 29 8e bd 2d 2f 48 e3 b4 5b 2e cf 4a ee 7a 0f a8 e6 0c 32 01 7c e2 f3 6b 20 d4 90 6b 3f d0 a4 d3 64 ac 64 33 40 71 f9 21 58 b7 4d 1c d3 10 20 b3 26 e9 ed f3 a7 87 6f 4e 9e fe 7c 38 7e f3 ee c9 ab 97 4f c7 ff 7c fe 9b 44 95 a1 d7 f6 d1 1b c5 de c3 57 b3 07 af 1f bd 3b 3e c4 7f 5e 1f 27 8f 26 2f 1e 1c Data Ascii: {wF(~DqbJ<cK'.D6%eE~G?P7w=gF?lM4\|\|JYUVM:a1Q-l"/Et<Oby)}&\|t9iU}
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxContent-Type: application/javascriptLast-Modified: Wed, 25 May 2022 14:22:37 GMTETag: "628e3bad-124fe"Expires: Thu, 09 Jun 2022 08:38:41 GMTCache-Control: max-age=1209600X-Host: blu11.sf2p.intern.weebly.netContent-Encoding: gzipVia: 1.1 varnish, 1.1 varnishContent-Length: 25752Accept-Ranges: bytesDate: Fri, 27 May 2022 12:31:07 GMTAge: 100346Connection: keep-aliveX-Served-By: cache-sjc10069-SJC, cache-mxp6962-MXPX-Cache: HIT, HITX-Cache-Hits: 1, 1953X-Timer: S1653654668.533048,VS0,VE0Vary: Accept-EncodingAccess-Control-Allow-Origin: *Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c4 7d 6b 7b da c8 92 f0 e7 33 bf c2 d6 d9 f5 48 43 1b 03 be 06 ac 78 6d 27 76 ee c9 24 76 9c 84 30 7e 1a 10 20 0c 08 24 71 b3 61 7f fb 5b 55 7d 51 4b e0 24 73 ce ee be e7 64 8c d4 97 ea ee ea ea ba 75 a9 db 6e 8d 07 8d d8 0f 06 1b 9e 5d 67 6d d6 74 1e 74 4a c3 1e b0 ae f3 e0 b7 ec cd 76 75 50 13 4f 75 7a 9a f0 70 c3 77 e3 f9 d0 0b 5a 1b a1 37 1a fb a1 e7 ba 96 aa 6a 6d 6d c9 c4 0a d6 e9 6e 6d f9 ce 43 e8 c5 e3 70 b0 e1 03 d4 cd 82 b3 84 0c ae 13 b9 4c 44 b8 7d 77 e0 4d 37 9e 87 61 10 da d6 39 1f 0c 82 78 a3 e5 0f 9a 1b fd a0 39 ee 79 1b bf 5b b9 41 ce fa dd 72 2a 71 27 0c a6 1b fd 7c 23 68 7a ae f5 f6 fd b3 eb 37 cf 6f df bd bf ba bd 78 7f fd ee 99 c5 fa 04 af e3 62 ef dd 07 6f 36 0c c2 38 2a 3f 2c 97 15 1c 45 b5 50 cb 37 78 af 67 77 f2 32 8b a9 fe db 3d 31 c4 c0 a5 82 c5 5a b5 57 ab c8 ae 36 ec e0 24 28 f7 9c 25 eb b0 a4 a6 c7 04 f6 96 b2 14 36 a9 32 a9 17 fc 97 b0 d5 82 31 63 e9 96 5b a8 b4 8e 9b f9 9e 37 68 c7 9d 4a 2b 97 73 1e 1a 76 b3 da aa e9 16 1a 4b c7 7e 28 96 ab ba cf 12 06 13 68 62 b2 71 31 90 57 9f de bf a3 a9 c0 07 e7 01 ff ba 80 07 5b 57 16 c5 da bd a0 ce 7b ee 85 4a b5 64 5b 71 c7 8f 2c c7 76 18 55 14 a5 f2 8f c0 d4 e4 d3 b2 07 7a 7e 07 c7 c5 c2 89 55 80 99 2b 0f 70 e6 25 2e 9e f1 d8 cb 0f c3 20 0e 30 21 1f 07 08 64 d3 44 8d f3 b0 b6 8c ab 3b 7e e7 cd 13 d2 8a 2e fc 81 1f 7b 36 f6 37 3f e1 bd b1 f7 be 65 3b ce 09 bd b7 bd f8 fa ea fc 62 dc eb 7d f5 78 68 3b 39 6b db ca b5 6c 23 ef 6d 30 88 3b 90 51 5c 93 87 dd 00 50 39 eb 2a 93 f1 22 18 87 11 e5 94 b3 e0 fc c1 38 f6 d6 e7 7d f2 1a c1 a0 29 f2 be 59 e5 01 f4 ea b7 65 e5 53 1c fa 83 f6 ea 68 df 8d fb 75 2f 5c 4d 3f 0b 82 9e c7 07 bf 88 9e 34 56 96 44 96 8d 99 bb 53 fd 3e 2e c0 ff f0 2f 6f c2 df 83 42 61 9b 7e f6 e0 ef 61 a1 f5 7d 5c 3c ac ef d1 df fd ef e3 52 a1 d0 d8 a6 9f 16 fe 2d 1d d1 4b 89 5e 0e 0a f4 72 00 2f 2d af 85 7f 5b 2d 4c 82 9f 56 6d a7 cd bc a8 c1 87 bc de f3 b0 d1 ef df ad ef 33 6c 6a 56 6c 7d 9f 1d b6 e0 e1 49 eb ff a0 13 6d 3e 64 c0 4e bc 41 cc fa 5e cc dd 07 eb 7b 1d e6 e7 3b fc 65 d6 f7 98 1e 63 7c 1c d0 e3 00 1f 5b f4 d8 c2 c7 90 1e 43 8b fd 6e fd 5e fe 1d 06 f1 3b 24 7e a7 44 f8 59 b2 d0 1b 56 f4 1a 18 8d 03 20 9b 88 a6 d5 79 Data Ascii: }k{3HCxm'v$v0~ $qa[U}QK$sdun]gmttJvuPOuzpwZ7jmmnmCpLD}wM7a9x9

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54599
Source: unknown	Network traffic detected: HTTP traffic on port 54599 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57477 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57477

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js?_=1653687066398 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/main_style.css?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/css,/;q=0.1Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /css/sites.css?buildTime=1651866883 HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/css,/;q=0.1Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/old/fancybox.css?1651866883 HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/css,/;q=0.1Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/social-icons.css?buildtime=1651866883 HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/css,/;q=0.1Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/lang/en/stl.js?buildTime=1651866883& HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/site/main.js?buildTime=1651866883 HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/theme/plugins.js?1565969634 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /files/theme/custom.js?1565969634 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /js/site/main-customer-accounts-site.js?buildTime=1651866883 HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uploads/1/4/1/8/141840186/1screenshot-2021-04-26-at-19-59-20-orig-orig-orig_orig.png HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /uploads/1/4/1/8/141840186/editor/2screenshot-2021-04-26-at-19-59-12-orig-orig.png?1652460803 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /uploads/1/4/1/8/141840186/3pdp-orig-orig_orig.png HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/627fbb5a-3bae-4cd9-b617-2f923e29d55e.woff2?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/2cd55546-ec00-4af9-aeca-4a3cd186da53.woff2?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/2e3f5cb9-101f-46cf-a7b3-dfaa58261e03.woff2?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en
Source: global traffic	HTTP traffic detected: GET /js/wsnbn/snowday262.js HTTP/1.1Host: cdn2.editmysite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/f26faddb-86cc-4477-a253-1e1287684336.woff?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; _snow_id.8a80=cdee608d-345c-4729-a8ec-f49d163ae349.1653687067.1.1653687067.1653687067.284b84f9-1721-4504-87d0-8d672f14f019; _snow_ses.8a80=*
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/1e9892c0-6927-4412-9874-1b82801ba47a.woff?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; _snow_id.8a80=cdee608d-345c-4729-a8ec-f49d163ae349.1653687067.1.1653687067.1653687067.284b84f9-1721-4504-87d0-8d672f14f019; _snow_ses.8a80=*
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/fa19948e-5e38-4909-b31e-41acd170d6f2.woff?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; _snow_id.8a80=cdee608d-345c-4729-a8ec-f49d163ae349.1653687067.1.1653687067.1653687067.284b84f9-1721-4504-87d0-8d672f14f019; _snow_ses.8a80=*
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/63a74598-733c-4d0c-bd91-b01bffcd6e69.ttf?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; _snow_id.8a80=cdee608d-345c-4729-a8ec-f49d163ae349.1653687067.1.1653687067.1653687067.284b84f9-1721-4504-87d0-8d672f14f019; _snow_ses.8a80=*
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/46cf1067-688d-4aab-b0f7-bd942af6efd8.ttf?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; _snow_id.8a80=cdee608d-345c-4729-a8ec-f49d163ae349.1653687067.1.1653687067.1653687067.284b84f9-1721-4504-87d0-8d672f14f019; _snow_ses.8a80=*
Source: global traffic	HTTP traffic detected: GET /files/theme/fonts/6de0ce4d-9278-467b-b96f-c1f5f0a4c375.ttf?1652461604 HTTP/1.1Host: document--1111011111.company.comConnection: keep-aliveOrigin: http://document--1111011111.company.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Referer: http://document--1111011111.company.com/files/main_style.css?1652461604Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: is_mobile=0; language=en; _snow_id.8a80=cdee608d-345c-4729-a8ec-f49d163ae349.1653687067.1.1653687067.1653687067.284b84f9-1721-4504-87d0-8d672f14f019; _snow_ses.8a80=*
Source: global traffic	HTTP traffic detected: GET /uploads/reseller/assets/356764895-favicon.ico HTTP/1.1Host: www.weebly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://document--1111011111.company.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uploads/1/4/1/8/141840186/1screenshot-2021-04-26-at-19-59-20-orig-orig-orig_orig.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: document--1111011111.company.com
Source: global traffic	HTTP traffic detected: GET /uploads/1/4/1/8/141840186/editor/2screenshot-2021-04-26-at-19-59-12-orig-orig.png?1652460803 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: document--1111011111.company.com
Source: global traffic	HTTP traffic detected: GET /uploads/1/4/1/8/141840186/3pdp-orig-orig_orig.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: document--1111011111.company.com

Source: global traffic

Source: History Provider Cache.1.dr	String found in binary or memory: http://document--1111011111.company.com/2
Source: 67268b83-2658-4083-928c-f181c95a7676.tmp.1.dr, a2acd1b4-60a6-4573-adf6-b0849a814490.tmp.1.dr	String found in binary or memory: http://document--1111011111.company.com:80
Source: pnacl_public_x86_64_pnacl_sz_nexe.1.dr, pnacl_public_x86_64_pnacl_llc_nexe.1.dr	String found in binary or memory: http://llvm.org/):
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.1.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://ajax.googleapis.com
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://apis.google.com
Source: pnacl_public_x86_64_libcrt_platform_a.1.dr, pnacl_public_x86_64_ld_nexe.1.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libcrt_platform_a.1.dr, pnacl_public_x86_64_ld_nexe.1.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.1.dr, manifest.json0.1.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: pnacl_public_x86_64_ld_nexe.1.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.1.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://content-autofill.googleapis.com
Source: craw_background.js.1.dr, craw_window.js.1.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr, craw_window.js.1.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: manifest.json.1.dr, craw_window.js.1.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://ssl.gstatic.com
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://update.googleapis.com
Source: craw_background.js.1.dr, craw_window.js.1.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.1.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, craw_background.js.1.dr, craw_window.js.1.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 326a7714-6c2f-4802-b696-f5cb4eb8e13f.tmp.3.dr, 2cea7aa6-e8dc-403b-8fb0-13dc2cb9b77c.tmp.3.dr	String found in binary or memory: https://www.gstatic.com

Source: unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\5ae4c494-9b98-4270-8ec8-e8c7e50b1839.tmp

Jump to behavior

Source: classification engine

Classification label: mal56.phis.win@26/127@10/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument http://document--1111011111.company.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,10588110985535776619,16488514565616499681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,10588110985535776619,16488514565616499681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62914314-1DF4.pma

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	635117
Product:	CloudBasic
Start time:	14:30:25
Start date:	27.05.2022
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:
Architecture:	WINDOWS

Windows Analysis Report
http://document--1111011111.company.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://document--1111011111.company.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://document--1111011111.company.com/