Edit tour

Windows Analysis Report
http://desifoodcorner.wb4.xyz/

Overview

General Information

Sample URL:	http://desifoodcorner.wb4.xyz/
Analysis ID:	687983
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Performs DNS queries to domains with low reputation

Classification

Process Tree

System is start

chrome.exe (PID: 1292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://desifoodcorner.wb4.xyz/ MD5: 74859601FB4BEEA84B40D874CCB56CAB)

chrome.exe (PID: 5544 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,6616886311852825079,2018395220983599958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:8 MD5: 74859601FB4BEEA84B40D874CCB56CAB)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\42c7bae3-1554-4810-bb25-8f52b8aa9890.tmp

Jump to behavior

Source: classification engine

Classification label: mal52.troj.win@35/130@62/38

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://desifoodcorner.wb4.xyz/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,6616886311852825079,2018395220983599958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,6616886311852825079,2018395220983599958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6303E107-50C.pma

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	5 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	6 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	4 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://desifoodcorner.wb4.xyz/	0%	Virustotal		Browse
http://desifoodcorner.wb4.xyz/	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Link
prhzxq.com	0%	Virustotal	Browse
tls13.taboola.map.fastly.net	0%	Virustotal	Browse
screenshotfactory.com	0%	Virustotal	Browse
platform.twitter.map.fastly.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
http://adcalm.com/serve/validate.php?id=6904&size=300x250&ref=&wid=1280&hig=984&t=1661166204&d=0&h=dbdebfaf&y=1&z=1	0%	Avira URL Cloud	safe
https://sc-static.net/scevent.min.js	0%	URL Reputation	safe
http://acdcdn.com/prod/redirect.html?lu=https%3A%2F%2Fgoosebomb.com%2Fgogate%2Fetoro%2F45%2Findex.html%3Faction%3D166116620610000TCHTV414104136184Vff	0%	Avira URL Cloud	safe
http://afarkas.github.io/lazysizes/lazysizes.min.js	0%	Avira URL Cloud	safe
https://claimtokens.net/serve.js	0%	Avira URL Cloud	safe
http://claimtokens.net/serve.js	0%	Avira URL Cloud	safe
https://prhzxq.com/wnload?a=1&e=aeyJwaWQiOjEwNTEyMDUsInNpZCI6MTE0OTQ4Nywid2lkIjozNTY3MDMsImQiOiJkZXNpZm9vZGNvcm5lci53YjQueHl6IiwibGkiOjF9&tz=-7&if=0&u=aHR0cDovL2Rlc2lmb29kY29ybmVyLndiNC54eXov	0%	Avira URL Cloud	safe
https://claimtokens.net/yep.js	0%	Avira URL Cloud	safe
http://wednesdaynaked.com/568ad909faf47275cc38dc4d574600f8/invoke.js	0%	Avira URL Cloud	safe
http://desifoodcorner.wb4.xyz/js/cookienotice.js	0%	Avira URL Cloud	safe
http://desifoodcorner.wb4.xyz/favicon.ico	0%	Avira URL Cloud	safe
https://zero.pointlessplay.com/i/3c2d8da22b7aa416fab4696fbd547cc9.js	0%	Avira URL Cloud	safe
http://screenshotfactory.com/marketing2/monosnap/55a9e51463bdac29dc503163da955861.png_2019-02-26_14-45-26.png	0%	Avira URL Cloud	safe
https://static.ads-twitter.com/uwt.js	0%	URL Reputation	safe
http://adcalm.com/ads.php?id=6904&size=300x250	0%	Avira URL Cloud	safe
http://desifoodcorner.wb4.xyz/2	0%	Avira URL Cloud	safe
https://claimtokens.net	0%	Avira URL Cloud	safe
http://acdcdn.com/script/ut.js?cb=1661198606003	0%	Avira URL Cloud	safe
https://kiynew.com/admc?a=2&pid=1051205&sid=1149487&wid=356703&fp=7dec63b56fc8ea043e6256a1ecef931f&tz=-7	0%	Avira URL Cloud	safe
http://yqmxfz.com/pw/waWQiOjEwNTEyMDUsInNpZCI6MTE0OTQ4Nywid2lkIjozNTY3MDMsInNyYyI6Mn0=eyJ.js	100%	Avira URL Cloud	malware
http://claimtokens.net/yep.js	0%	Avira URL Cloud	safe
http://contehos.com/apu.php?zoneid=3172840	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
gstaticadssl.l.google.com	172.217.23.99	true	false		high
prhzxq.com	185.162.85.3	true	false	0%, Virustotal, Browse	unknown
dart.l.doubleclick.net	142.250.186.166	true	false		high
tls13.taboola.map.fastly.net	151.101.193.44	true	false	0%, Virustotal, Browse	unknown
screenshotfactory.com	104.21.87.241	true	false	0%, Virustotal, Browse	unknown
dg2iu7dxxehbo.cloudfront.net	108.138.15.119	true	false		high
platform.twitter.map.fastly.net	199.232.136.157	true	false	0%, Virustotal, Browse	unknown
claimtokens.net	188.114.97.3	true	false		unknown
scontent.xx.fbcdn.net	157.240.236.1	true	false		high
adcalm.com	172.67.195.157	true	false		unknown
youradexchange.com	35.190.41.116	true	false		high
s4.histats.com	158.69.248.123	true	false		high
dx.steelhousemedia.com	54.69.84.146	true	false		high
photos-ugc.l.googleusercontent.com	142.250.186.97	true	false		high
afarkas.github.io	185.199.108.153	true	false		unknown
windowsupdatebg.s.llnwi.net	95.140.236.0	true	false		unknown
a.nel.cloudflare.com	35.190.80.1	true	false		high
zero.pointlessplay.com	52.222.236.86	true	false		unknown
accounts.google.com	142.250.184.237	true	false		high
kiynew.com	185.162.85.2	true	false		unknown
dual-a-0001.a-msedge.net	13.107.21.200	true	false		unknown
www-googletagmanager.l.google.com	216.58.212.168	true	false		high
sc-static.net	18.66.120.247	true	false		unknown
maxcdn.bootstrapcdn.com	104.18.10.207	true	false		high
desifoodcorner.wb4.xyz	172.67.135.38	true	true		unknown
adpays.net	172.67.193.115	true	false		high
goosebomb.com	188.114.97.3	true	false		unknown
acdcdn.com	188.114.97.3	true	false		unknown
contehos.com	139.45.197.236	true	false		unknown
wednesdaynaked.com	192.243.61.227	true	false		unknown
cdn1.wb4.xyz	172.67.135.38	true	true		unknown
46-105-201-240.any.cdn.anycast.me	46.105.201.240	true	false		unknown
punt-476338545.eu-west-1.elb.amazonaws.com	99.81.87.141	true	false		high
yqmxfz.com	104.21.233.138	true	false		unknown
r3adyt0download.com	188.72.236.136	true	false		unknown
clients.l.google.com	142.250.185.110	true	false		high
blogger.l.google.com	172.217.16.201	true	false		high
edge.gycpi.b.yahoodns.net	87.248.119.251	true	false		unknown
static.ads-twitter.com	unknown	unknown	false		unknown
amplify.outbrain.com	unknown	unknown	false		high
cdn.jsdelivr.net	unknown	unknown	false		high
go.etoro.com	unknown	unknown	false		high
etoro-cdn.etorostatic.com	unknown	unknown	false		high
9944765.fls.doubleclick.net	unknown	unknown	false		high
2.bp.blogspot.com	unknown	unknown	false		high
resources.blogblog.com	unknown	unknown	false		high
clients2.google.com	unknown	unknown	false		high
3.bp.blogspot.com	unknown	unknown	false		high
s10.histats.com	unknown	unknown	false		high
js.adsrvr.org	unknown	unknown	false		high
marketing.etorostatic.com	unknown	unknown	false		high
connect.facebook.net	unknown	unknown	false		high
c0.adalyser.com	unknown	unknown	false		high
s.yimg.com	unknown	unknown	false		high
med.etoro.com	unknown	unknown	false		high
snap.licdn.com	unknown	unknown	false		high
1.bp.blogspot.com	unknown	unknown	false		high
4.bp.blogspot.com	unknown	unknown	false		high
cdn.taboola.com	unknown	unknown	false		high
dc.services.visualstudio.com	unknown	unknown	false		high
www.blogger.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://desifoodcorner.wb4.xyz/	true		unknown
http://adcalm.com/serve/validate.php?id=6904&size=300x250&ref=&wid=1280&hig=984&t=1661166204&d=0&h=dbdebfaf&y=1&z=1	false	Avira URL Cloud: safe	unknown
http://www.blogger.com/static/v1/widgets/2791757188-widgets.js	false		high
https://sc-static.net/scevent.min.js	false	URL Reputation: safe	unknown
https://9944765.fls.doubleclick.net/activityi;src=9944765;type=visit0;cat=visit0;ord=1;num=2801067085190;gtm=2wg8h0;auiddc=1754778661.1661198682;u8=undefined;u1=undefined;~oref=https%3A%2F%2Fgo.etoro.com%2Fde%2Fstocks-copy-like-a-sloth%3Fgc%3Deu%26utm_medium%3DNetworks%26utm_source%3D89099%26utm_content%3D15359%26utm_serial%3D166116620610000TCHTV414104136184Vff%26utm_campaign%3D166116620610000TCHTV414104136184Vff%26utm_term%3D?	false		high
http://acdcdn.com/prod/redirect.html?lu=https%3A%2F%2Fgoosebomb.com%2Fgogate%2Fetoro%2F45%2Findex.html%3Faction%3D166116620610000TCHTV414104136184Vff	false	Avira URL Cloud: safe	unknown
https://s.yimg.com/wi/ytc.js	false		high
http://afarkas.github.io/lazysizes/lazysizes.min.js	false	Avira URL Cloud: safe	unknown
http://adpays.net/serve/ads.js	false		high
http://1.bp.blogspot.com/-xn4suToqM7o/XOQ65Rgqm7I/AAAAAAAABAM/uOyCOYyX20kEC9Mnb1xrevyjCW1I0dnrACLcBGAs/w400-h150/DSC_2676.jpg	false		high
https://claimtokens.net/serve.js	false	Avira URL Cloud: safe	unknown
http://claimtokens.net/serve.js	false	Avira URL Cloud: safe	unknown
https://prhzxq.com/wnload?a=1&e=aeyJwaWQiOjEwNTEyMDUsInNpZCI6MTE0OTQ4Nywid2lkIjozNTY3MDMsImQiOiJkZXNpZm9vZGNvcm5lci53YjQueHl6IiwibGkiOjF9&tz=-7&if=0&u=aHR0cDovL2Rlc2lmb29kY29ybmVyLndiNC54eXov	false	Avira URL Cloud: safe	unknown
http://adcalm.com/serve/ads.php?id=6904&size=300x250&w=1280&h=984&random=61741987&ref=	true		unknown
http://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css	false		high
https://c0.adalyser.com/adalyser.js?cid=etoro	false		high
http://3.bp.blogspot.com/-UxinoJcBhic/XOBC19kFPLI/AAAAAAAAA_c/0ZJlmXMX_4IySXK_a71eW9vUcmvRcyDFACLcBGAs/w72-h72-p-k-no-nu/DSC_2605.jpg	false		high
https://claimtokens.net/yep.js	false	Avira URL Cloud: safe	unknown
https://connect.facebook.net/en_US/fbevents.js	false		high
http://wednesdaynaked.com/568ad909faf47275cc38dc4d574600f8/invoke.js	false	Avira URL Cloud: safe	unknown
http://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0	false		high
http://1.bp.blogspot.com/-GFbRHVp5Rxo/XOmBDLzm8GI/AAAAAAAABB8/Q1_4OC7lK5sruIw2Gh63DjdT3ltejN4yACLcBGAs/w400-h150/DSC_2708.jpg	false		high
http://4.bp.blogspot.com/-SB_s2oe9-wE/XNtBU5X3iSI/AAAAAAAAA8g/u8HSsFtB-swABGITZHC_Al7iZA0HkhjWgCLcBGAs/s100-c/DSC_2561.JPG	false		high
https://js.adsrvr.org/up_loader.1.1.0.js	false		high
http://1.bp.blogspot.com/-f2w7e2rHYek/XOg0wfM8xTI/AAAAAAAABA4/_RFTA2r66ZY6OotrxoTdaFNl2uHkSFyewCLcBGAs/w72-h72-p-k-no-nu/DSC_2698.jpg	false		high
http://desifoodcorner.wb4.xyz/js/cookienotice.js	false	Avira URL Cloud: safe	unknown
http://desifoodcorner.wb4.xyz/favicon.ico	false	Avira URL Cloud: safe	unknown
http://www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css	false		high
https://s4.histats.com/stats/e.php?4129615&@Ab&@R65989&@w	false		high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=92.0.4515.107&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://zero.pointlessplay.com/i/3c2d8da22b7aa416fab4696fbd547cc9.js	false	Avira URL Cloud: safe	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://goosebomb.com/gogate/etoro/45/index.html?action=166116620610000TCHTV414104136184Vff	true		unknown
http://4.bp.blogspot.com/-SB_s2oe9-wE/XNtBU5X3iSI/AAAAAAAAA8g/u8HSsFtB-swABGITZHC_Al7iZA0HkhjWgCLcBGAs/w72-h72-p-k-no-nu/DSC_2561.JPG	false		high
http://1.bp.blogspot.com/-f2w7e2rHYek/XOg0wfM8xTI/AAAAAAAABA4/_RFTA2r66ZY6OotrxoTdaFNl2uHkSFyewCLcBGAs/s100-c/DSC_2698.jpg	false		high
https://s4.histats.com/stats/0.php?4129615&@f16&@g1&@h1&@i1&@j1661198605575&@k0&@l1&@mDesi%20Food%20Corner&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:92570698&@b3:1661198606&@b4:js15_as.js&@b5:-420&@a-_0.2.1&@vhttp%3A%2F%2Fdesifoodcorner.wb4.xyz%2F&@w	false		high
http://2.bp.blogspot.com/-epvEIl0qS3o/XLiH28H0FcI/AAAAAAAACIs/k5JVwougLMAdAODSrlS6DjlYITex_g81wCK4BGAYYCw/s1600/Screenshot_1.png	false		high
http://1.bp.blogspot.com/-f2w7e2rHYek/XOg0wfM8xTI/AAAAAAAABA4/_RFTA2r66ZY6OotrxoTdaFNl2uHkSFyewCLcBGAs/w400-h150/DSC_2698.jpg	false		high
http://screenshotfactory.com/marketing2/monosnap/55a9e51463bdac29dc503163da955861.png_2019-02-26_14-45-26.png	false	Avira URL Cloud: safe	unknown
http://3.bp.blogspot.com/-UxinoJcBhic/XOBC19kFPLI/AAAAAAAAA_c/0ZJlmXMX_4IySXK_a71eW9vUcmvRcyDFACLcBGAs/s100-c/DSC_2605.jpg	false		high
https://static.ads-twitter.com/uwt.js	false	URL Reputation: safe	unknown
https://a.nel.cloudflare.com/report/v3?s=fIPokCm8JHLOxa5BkajOXtD2GhC5izqde4X58EBdZFOUqJ9rEyEBHIcKv177eZpr1GsTUb5UeSMQ92tHlP1QwO1PXfUEBnZhJtWDVZvYj4XduHG%2FkgeWYiBhwnXrGopL	false		high
https://cdn.taboola.com/libtrc/unip/1005612/tfa.js	false		high
http://resources.blogblog.com/img/icon18_edit_allbkg.gif	false		high
http://4.bp.blogspot.com/-R2WTW6O9E1o/VX7dqIGT1eI/AAAAAAAACc4/pyvQDMMLX3E/s1600/repeat-bg.png	false		high
http://2.bp.blogspot.com/-IO-XEI1LgEs/VmPNKFp0BhI/AAAAAAAACOg/_JrYHMBXV5w/s260/nothumb.jpg	false		high
https://9944765.fls.doubleclick.net/activityi;src=9944765;type=visit0;cat=pagev0;match_id=undefined;u1=undefined;u8=undefined;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=undefinedundefined	false		high
http://www.blogger.com/dyn-css/authorization.css?targetBlogID=5565250722470946621&zx=c81f205c-3598-4fb8-b91e-5a840882b120	false		high
http://adcalm.com/ads.php?id=6904&size=300x250	false	Avira URL Cloud: safe	unknown
https://dx.steelhousemedia.com/spx?dxver=4.0.0&shaid=31950&tdr=&plh=https%3A%2F%2Fgo.etoro.com%2Fde%2Fstocks-copy-like-a-sloth%3Fgc%3Deu%26utm_medium%3DNetworks%26utm_source%3D89099%26utm_content%3D15359%26utm_serial%3D166116620610000TCHTV414104136184Vff%26utm_campaign%3D166116620610000TCHTV414104136184Vff%26utm_term%3D&cb=6349764671409353term=value	false		high
http://desifoodcorner.wb4.xyz/	false		unknown
http://acdcdn.com/script/ut.js?cb=1661198606003	false	Avira URL Cloud: safe	unknown
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5565250722470946621&zx=c81f205c-3598-4fb8-b91e-5a840882b120	false		high
https://kiynew.com/admc?a=2&pid=1051205&sid=1149487&wid=356703&fp=7dec63b56fc8ea043e6256a1ecef931f&tz=-7	false	Avira URL Cloud: safe	unknown
http://adcalm.com/serve/ads.php?id=6904&size=300x250&w=1280&h=984&random=61741987&ref=	false		unknown
https://go.etoro.com/de/stocks-copy-like-a-sloth?gc=eu&utm_medium=Networks&utm_source=89099&utm_content=15359&utm_serial=166116620610000TCHTV414104136184Vff&utm_campaign=166116620610000TCHTV414104136184Vff&utm_term=	false		high
http://yqmxfz.com/pw/waWQiOjEwNTEyMDUsInNpZCI6MTE0OTQ4Nywid2lkIjozNTY3MDMsInNyYyI6Mn0=eyJ.js	true	Avira URL Cloud: malware	unknown
http://claimtokens.net/yep.js	false	Avira URL Cloud: safe	unknown
http://contehos.com/apu.php?zoneid=3172840	true	Avira URL Cloud: malware	unknown
http://s10.histats.com/js15_as.js	false		high
http://www.blogger.com/img/share_buttons_20_3.png	false		high
https://goosebomb.com/gogate/etoro/45/index.html?action=166116620610000TCHTV414104136184Vff	false		unknown
http://youradexchange.com/script/suurl4.php?r=5907498&cbur=0.24222667514929852&cbiframe=0&cbWidth=1280&cbHeight=913&cbtitle=Desi%20Food%20Corner&cbpage=http%3A%2F%2Fdesifoodcorner.wb4.xyz%2F&cbref=&cbdescription=Learn%20About%20Desi%20Food%20and%20Delicious%20Recipes%20of%20Desi%20Foods.%20Learn%20the%20Desi%20Culture%20and%20Easy%20food%20recipes%20for%20Cooking%20at%20home.&cbkeywords=YOUR%20KEYWORDS%20HERE&cbcdn=acdcdn.com&aggr=0	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.blogger.com	e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr	false		high
https://www.google.com/images/cleardot.gif	craw_window.js.1.dr	false		high
https://sandbox.google.com/payments/v4/js/integrator.js	manifest.json.1.dr, craw_window.js.1.dr	false		high
https://accounts.google.com/MergeSession	craw_window.js.1.dr	false		high
https://www.google.com	e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	false		high
https://accounts.google.com	e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	false		high
https://apis.google.com	e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	false		high
https://www.google.com/accounts/OAuthLogin?issueuberauth=1	craw_window.js.1.dr	false		high
https://www-googleapis-staging.sandbox.google.com	craw_background.js.1.dr, craw_window.js.1.dr	false		high
https://clients2.google.com	e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	false		high
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p	craw_background.js.1.dr, craw_window.js.1.dr	false		high
https://www.google.com/intl/en-US/chrome/blank.html	craw_background.js.1.dr	false		high
https://ogs.google.com	e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	manifest.json.1.dr, craw_window.js.1.dr	false		high
https://www.google.com/images/x2.gif	craw_window.js.1.dr	false		high
https://cdn.jsdelivr.net	e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr	false		high
https://adpays.net	e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr	false		high
https://www.google.com/images/dot2.gif	craw_window.js.1.dr	false		high
http://desifoodcorner.wb4.xyz/2	History Provider Cache.1.dr	false	Avira URL Cloud: safe	unknown
https://claimtokens.net	e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr	false	Avira URL Cloud: safe	unknown
https://clients2.googleusercontent.com	e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	false		high
https://www.google.com/	manifest.json.1.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.162.85.2	kiynew.com	Netherlands	39572	ADVANCEDHOSTERS-ASNL	false
172.67.195.157	adcalm.com	United States	13335	CLOUDFLARENETUS	false
185.162.85.3	prhzxq.com	Netherlands	39572	ADVANCEDHOSTERS-ASNL	false
99.81.87.141	punt-476338545.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
108.138.15.119	dg2iu7dxxehbo.cloudfront.net	United States	16509	AMAZON-02US	false
104.21.233.138	yqmxfz.com	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.21.87.241	screenshotfactory.com	United States	13335	CLOUDFLARENETUS	false
54.69.84.146	dx.steelhousemedia.com	United States	16509	AMAZON-02US	false
151.101.193.44	tls13.taboola.map.fastly.net	United States	54113	FASTLYUS	false
172.67.193.115	adpays.net	United States	13335	CLOUDFLARENETUS	false
142.250.185.110	clients.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	claimtokens.net	European Union	13335	CLOUDFLARENETUS	false
35.190.41.116	youradexchange.com	United States	15169	GOOGLEUS	false
142.250.184.237	accounts.google.com	United States	15169	GOOGLEUS	false
185.199.108.153	afarkas.github.io	Netherlands	54113	FASTLYUS	false
142.250.186.105	unknown	United States	15169	GOOGLEUS	false
216.58.212.168	www-googletagmanager.l.google.com	United States	15169	GOOGLEUS	false
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
172.67.135.38	desifoodcorner.wb4.xyz	United States	13335	CLOUDFLARENETUS	true
13.107.21.200	dual-a-0001.a-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.222.236.86	zero.pointlessplay.com	United States	16509	AMAZON-02US	false
87.248.119.251	edge.gycpi.b.yahoodns.net	United Kingdom	203220	YAHOO-DEBDE	false
192.243.61.227	wednesdaynaked.com	Dominica	39572	ADVANCEDHOSTERS-ASNL	false
142.250.186.97	photos-ugc.l.googleusercontent.com	United States	15169	GOOGLEUS	false
172.217.16.201	blogger.l.google.com	United States	15169	GOOGLEUS	false
18.66.120.247	sc-static.net	United States	3	MIT-GATEWAYSUS	false
157.240.236.1	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
139.45.197.236	contehos.com	Netherlands	9002	RETN-ASEU	false
188.114.96.3	unknown	European Union	13335	CLOUDFLARENETUS	false
142.250.186.166	dart.l.doubleclick.net	United States	15169	GOOGLEUS	false
142.250.185.97	unknown	United States	15169	GOOGLEUS	false
158.69.248.123	s4.histats.com	Canada	16276	OVHFR	false
46.105.201.240	46-105-201-240.any.cdn.anycast.me	France	16276	OVHFR	false
199.232.136.157	platform.twitter.map.fastly.net	United States	54113	FASTLYUS	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	687983
Start date and time:	2022-08-22 13:02:48 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://desifoodcorner.wb4.xyz/
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.troj.win@35/130@62/38
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, CompPkgSrv.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.23.99, 172.217.16.138, 34.104.35.123, 104.16.86.20, 104.16.87.20, 104.16.85.20, 104.16.89.20, 104.16.88.20, 142.250.185.234, 142.250.185.163, 142.250.185.195, 216.239.32.36, 216.239.34.36, 23.203.70.148, 88.221.169.112, 8.248.139.254, 67.27.159.254, 8.253.207.121, 8.241.122.254, 8.248.115.254, 142.250.185.238, 88.221.169.78, 13.69.106.211, 92.123.195.106, 92.123.195.57
Excluded domains from analysis (whitelisted): cdn.jsdelivr.net.cdn.cloudflare.net, fg.download.windowsupdate.com.c.footprint.net, slscr.update.microsoft.com, etoro-cdn.etoro.akadns.net, clientservices.googleapis.com, arc.msn.com, region1.google-analytics.com, go.etoro.com.edgekey.net, weu08-breeziest-in.cloudapp.net, login.live.com, www.googletagmanager.com, update.googleapis.com, bat.bing.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.gstatic.com, wildcard.etorostatic.com.edgekey.net, www.google-analytics.com, www.bing.com, affiliates.etoro.com.edgekey.net, client.wns.windows.com, fonts.googleapis.com, fs.microsoft.com, ajax.googleapis.com, fonts.gstatic.com, e11746.g.akamaiedge.net, e1660.d.akamaiedge.net, ctldl.windowsupdate.com, od.linkedin.edgesuite.net, wu-bg-shim.trafficmanager.net, wildcard.outbrain.com.edgekey.net, ris.api.iris.microsoft.com, licensing.mp.microsoft.com, edgedl.me.gvt1.com, translate.googleapis.com, marketing.etoro.akadns.net, dc.trafficmanager.net, e10883.g.akamaiedge.net, dc.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Microsoft Cabinet archive data, 61712 bytes, 1 file
Category:	dropped
Size (bytes):	61712
Entropy (8bit):	7.995044632446497
Encrypted:	true
SSDEEP:	1536:gzjJiDImMsrjCtGLaexX/zL09mX/lZHIxs:gPJiDI/sr0Hexv/0S/zx
MD5:	589C442FC7A0C70DCA927115A700D41E
SHA1:	66A07DACE3AFBFD1AA07A47E6875BEAB62C4BB31
SHA-256:	2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A
SHA-512:	1B5FA79E52BE495C42CF49618441FB7012E28C02E7A08A91DA9213DB3AB810F0E83485BC1DD5F625A47D0BA7CFCDD5EA50ACC9A8DCEBB39F048C40F01E94155B
Malicious:	false
Reputation:	low
Preview:	MSCF............,...................I........y.........Tf. .authroot.stl..W.`.4..CK..8U[...q.yL'sf!d.D..."2.2g.<dVI.!.....$).\...!2s..(...[.T7..{}...g....g.....w.km$.&\|..qe.n.8+..&...O...`...+..C......`h!0.I.(C..1Q*L.p..".s..B.....H......fUP@..5...(X#.t.2lX.>.y\|D.0Z0...M....I(.#.-... ...(.J....2..`.hO..{l+.bd7y.j..u.....3....<......3....s.T...._.'...%{v...s..............KgV.0..X=.A.9w9.Ea.x..........\.=.e.C2......9.......`.o... .......@pm.. a.....-M.....{...s.mW.....;.+...A......0.g..L9#.v.&O>./xSH.S.....GH.6.j...`2.(0g..... Lt........h4.iQ?....[.K.....uI......}.....d....M.....6q.Q~.0.\.'U^)`..u.....-........d..7...2.-.2+3.....A./.%Q...k...Q.,...H.B.%..O..x..5\...Hk.......B.';"Ym.'....X.l.E.6..a8.6..nq..x.r4..1t.....,..u.O..O.L...Uf...X.u.F .(.(.....".q...n{%U.-u....l6!....Z....~o0.}Q'.s.i....7...>4x...A.h.Mk].O.z.].6...53...b^;..>e..x.'1..\p.O.k..B1w..\|..K.R.....2.e0..X.^...I...w..!.v5B]x..z.6.G^uF..].b.W...'..I.;..p..@L{.E..@W..3.&...

Source: http://yqmxfz.com/pw/waWQiOjEwNTEyMDUsInNpZCI6MTE0OTQ4Nywid2lkIjozNTY3MDMsInNyYyI6Mn0=eyJ.js	Avira URL Cloud: Label: malware
Source: http://contehos.com/apu.php?zoneid=3172840	Avira URL Cloud: Label: malware

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: desifoodcorner.wb4.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: cdn1.wb4.xyz
Source:	DNS query: desifoodcorner.wb4.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: desifoodcorner.wb4.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: cdn1.wb4.xyz

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipCross-Origin-Resource-Policy: cross-originCross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}Content-Length: 7776X-Content-Type-Options: nosniffServer: sffeX-XSS-Protection: 0Date: Thu, 18 Aug 2022 17:59:59 GMTExpires: Fri, 18 Aug 2023 17:59:59 GMTCache-Control: public, max-age=31536000Last-Modified: Thu, 18 Aug 2022 10:58:04 GMTContent-Type: text/cssAge: 320604Data Raw: 1f 8b 08 00 00 00 00 00 02 ff d4 7d 79 73 db 38 f2 e8 ff ef 53 f0 29 2f 95 78 86 a4 a9 d3 b2 54 d9 7a b2 e3 39 33 67 36 b3 57 cd 73 41 24 24 61 4c 12 7c 24 64 cb 51 e9 bb ff 0a 17 89 8b 94 ec 64 67 6b a3 1d af 44 74 37 1a 40 a3 d1 68 34 9a 4b 9c 3c ee 33 50 ae 51 3e 8b e6 05 48 12 94 af 67 91 17 79 fd 62 77 08 63 9c 13 98 93 00 6f 09 2c fd 70 03 41 02 4b f9 8b 80 65 25 bf 67 00 e5 da 77 94 e7 f4 fb 0a 63 d2 60 14 b8 22 7e 18 e3 2c 83 39 a9 fc f0 01 25 6b 48 fc 30 01 04 06 9c b8 1f a2 3c 45 39 0c 40 b2 2f 70 85 08 c2 f9 ac 84 29 20 e8 1e ce 33 94 07 1b 88 d6 1b 32 8b e6 b7 75 79 45 00 41 f1 fc 56 14 f5 5f 1e b4 8a 45 03 83 25 26 04 67 b3 40 6b 1a 63 74 2f 5b de 8f 68 19 6b 99 5e 10 79 fd 31 2d 6a 1a 57 17 0d a3 62 e7 45 6a 91 17 c6 38 dd 66 79 10 c3 9c 72 21 3a c3 01 90 c2 15 e9 28 2e 69 7b 5a 38 11 2d 74 f0 c2 cb 2b 18 d3 ce a9 47 57 3c e6 7d 2e 9f 72 de e7 b7 35 50 e4 f1 2e 10 d8 b3 15 2a 2b 12 c4 1b 94 26 9e c0 55 9f c9 ae 25 b8 98 45 6e ac 17 db a4 0a 2a 08 ca 78 73 8d 73 52 e2 f4 4b 9d 09 13 39 05 56 8d cd 23 63 2c 23 3e 58 2e 36 2d 48 2a eb 5e 98 83 fb 25 28 f7 42 54 68 fb 1b b1 9f cb 6e d0 60 bd f0 47 8e 53 cb 1b 58 56 38 dd 12 38 ff 18 a0 3c 81 bb 59 3f 9a d3 91 9c 45 f3 07 94 90 cd ac 1f 45 2f e7 f6 b4 9a 2f 41 7c b7 2e f1 36 4f 66 39 ce e1 7c 89 cb 04 96 ec fb 41 ce 2e 21 01 e6 f0 99 e5 7a 23 59 ed ac 31 e2 41 59 37 cf 44 fc 86 fd 6a a5 cb 8b bd 17 ea d3 3d be 87 e5 2a c5 0f b3 0d 4a 12 98 b7 e0 84 04 91 14 3e 94 a0 28 14 91 1c 0c 8a 9d 27 e7 88 1b 2f 81 55 5c a2 82 b6 d7 c4 8e 3c b5 55 62 2c 07 4c 92 05 f6 a6 6f 8c 34 17 60 07 6d d9 e6 70 0c 33 21 e8 8a ca 1b 14 bb 03 f0 50 b6 de 2b a3 32 b7 74 d0 61 d3 f7 37 03 7f 33 f4 37 23 45 73 3a c0 3c 30 db d0 8e db 13 b8 23 41 02 63 5c 02 06 c3 86 7b 33 ec 2e 67 72 2d 87 d9 db 0c f6 09 aa 8a 14 3c ba 4a b7 a9 6f 3e 70 28 f5 b9 31 8a f3 14 55 24 a8 c8 63 0a 5d 44 53 e4 9b 0f 5c 44 57 29 06 64 46 e5 cf c2 3f d2 40 21 c1 4c db 4b cd 1d 8e 0e 4a 1b d4 f5 28 f2 fa e1 60 0c b3 66 5a e9 88 83 43 78 95 e2 f5 3b 54 e9 a8 ca e3 14 79 e1 32 c5 eb 40 e8 7e 7b 81 39 a8 8d a7 78 8b 32 de a0 7b e8 bd 10 5f 04 f9 70 95 02 d6 21 b2 1a c6 Data Ascii: }ys8S)/xTz93g6WsA$$aL\|$dQdgkDt7@h4K<3PQ>Hgybwco,pAKe%gwc`"~,9%kH0<E9@/p) 32uyEAV_E%&g@kct/[hk^y1-
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipCross-Origin-Resource-Policy: cross-originCross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}Content-Length: 57296X-Content-Type-Options: nosniffServer: sffeX-XSS-Protection: 0Date: Sat, 20 Aug 2022 11:34:51 GMTExpires: Sun, 20 Aug 2023 11:34:51 GMTCache-Control: public, max-age=31536000Last-Modified: Tue, 07 Jun 2022 01:53:28 GMTContent-Type: text/javascriptAge: 170912Data Raw: 1f 8b 08 00 00 00 00 00 02 ff b4 bd 79 77 d3 c8 b6 28 fe 3f 9f c2 ae e6 18 15 ae 28 36 f4 3d f7 b4 44 b5 5f 70 06 02 19 e8 24 34 d0 8e 9b 55 93 64 61 5b 72 4b 72 06 22 ff 3e fb 6f d5 20 a9 64 3b 34 fd ee 7d 6b 41 ac 9a a7 5d 7b aa 5d bb 9c 60 19 b3 3c 4a 62 07 3e dc 90 b4 45 08 06 1d a2 62 30 40 94 60 e0 de 46 d3 68 21 78 44 dc 24 0d 01 62 04 83 e1 e5 e5 65 7e 3f 13 fb 82 cd 48 4a 64 6e 80 b8 4c 98 25 94 8a 34 8a c3 16 17 b9 60 b9 e0 00 09 82 c1 01 0f 05 40 81 fc 9a 89 b9 88 73 80 26 04 83 a3 83 2b 80 22 82 c1 59 c2 05 40 5f 09 06 97 ef f7 ce 00 9a ca af ab cf 27 07 00 cd e4 e7 c7 2f 17 07 7b fb 07 17 5f 4e 8e 2f af be 00 34 df 8c 1c 9e 9c 5f 1e ec 7f 01 28 96 69 13 92 8a 56 3e 89 b2 d6 22 c9 72 80 12 19 79 3f a7 c9 cc 8d 72 91 92 3c 49 01 5a 10 0c be d0 19 89 a7 00 fd 45 30 20 34 59 e6 5e 14 df 90 59 c4 7f fa 36 9c 25 d9 32 15 df 00 4a 37 13 2f 93 fb 6f 00 65 32 21 cf d3 88 2e 73 91 01 94 13 0c e8 2c 61 53 80 96 04 03 36 8b e4 e7 8d fc 4c 66 33 b2 c8 e4 84 dc d6 c1 88 ce 04 40 77 2a 62 2e e7 65 47 f0 48 f5 ed be 8e 3b e6 00 7d d3 c1 c5 4c e4 02 a0 3d 15 8a 73 c2 f2 9d 20 49 e7 3b 62 4e a2 19 40 af b7 c6 ef cc 45 96 11 b9 00 c3 8d f4 34 4d d2 3a fd c9 fe 77 33 ec dc 46 f9 64 87 26 29 17 29 40 07 eb 79 63 32 17 00 1d ae 47 67 4b 3a 8f 72 80 8e 36 13 18 13 59 56 37 ff e6 6f 72 34 db 3f 26 18 70 92 93 9d 89 88 c2 49 0e d0 db 32 22 23 71 94 47 df 44 ba 03 d0 bb 32 f2 26 12 b7 cb 74 06 d0 89 8c 89 b2 c5 8c dc 9f 26 5c 1c 2e 67 33 80 4e 9b 91 27 e4 3e 59 e6 00 9d 35 a3 cf 92 58 00 34 93 71 37 00 9d cb c4 34 59 f0 e4 36 de c9 93 30 94 6b f9 9e 60 a0 26 0d a0 df e4 e7 dd 82 c4 5c ae fa 05 c1 20 48 66 b3 e4 56 a4 d9 4e 98 46 1c a0 39 06 e5 06 04 e8 92 60 10 8a 7c af 04 27 80 ae 74 8c d9 32 d9 eb fb 2b 12 9e a9 49 fe a0 53 de a7 c9 42 a4 f9 fd ef 64 b6 14 00 fd 4e 30 98 90 cc aa e1 a3 8c 89 38 17 31 40 9f 08 06 33 35 ae 9d db 88 87 22 df e1 22 63 69 b4 d0 cd 3f f9 bc 91 9e 47 b9 1c d2 1f 04 83 39 b9 33 f3 ec b5 7a 3e 40 4f 65 5c 76 4a 72 36 11 d9 a5 98 09 a6 a0 96 50 0c 24 18 64 0b c2 c4 87 8b 63 80 16 18 c4 6a d6 a8 4c 5a ce a9 5c ba bf 30 48 e8 57 c1 72 80 Data Ascii: yw(?(6=D_p$4Uda[rKr">o d;4}kA]{]`<Jb>Eb0@`Fh!xD$be~?HJdnL%4`@s&+"Y@_'/{_N/4_(iV>"ry?r<I
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: GitHub.comContent-Type: application/javascript; charset=utf-8permissions-policy: interest-cohort=()Last-Modified: Mon, 17 May 2021 09:28:46 GMTAccess-Control-Allow-Origin: ETag: W/"60a2374e-1ed1"expires: Mon, 22 Aug 2022 11:12:30 GMTCache-Control: max-age=600Content-Encoding: gzipx-proxy-cache: HITX-GitHub-Request-Id: 40AE:6481:1A9114D:1BE403C:6303627CContent-Length: 3497Accept-Ranges: bytesDate: Mon, 22 Aug 2022 11:03:24 GMTVia: 1.1 varnishAge: 0Connection: keep-aliveX-Served-By: cache-mxp6970-MXPX-Cache: MISSX-Cache-Hits: 0X-Timer: S1661166204.308818,VS0,VE109Vary: Accept-EncodingX-Fastly-Request-ID: 19866a1d5b9699c4f010b2a276a7ceb483b7bb56Data Raw: 1f 8b 08 00 00 00 00 00 00 03 9d 59 6d 57 db 38 16 fe 3e bf 82 f8 f4 e4 58 45 18 28 ed ee 60 47 f4 50 68 07 66 80 32 a5 9d ce 0c 4b 39 c2 51 12 15 47 4e 65 19 4a 63 ff f7 bd 57 92 13 27 81 dd 3d fb 81 20 eb c5 ba af cf 7d f1 e6 f3 ce 5a c6 7f 3c 14 f2 87 28 d6 36 d6 ee 5e 45 3b d1 8b b5 e7 9b 3f fd d4 19 94 2a 35 32 57 a1 20 d3 3b ae d7 0c 9b cd 94 f4 90 0e c8 34 28 0b b1 56 18 2d 53 13 24 b8 e5 96 1e 25 72 10 ce f6 b9 83 22 71 c7 a7 78 d3 41 c6 8b 22 0e 70 98 e5 bc 1f 50 fc 15 fd a5 69 e1 17 a4 1a 2e ad c0 4c 40 27 5a e0 b8 b5 e4 67 02 2a b4 ce 75 6b c1 3e 07 94 97 26 b7 4c b6 96 66 73 01 1d f0 c2 9c 2c 10 52 6c c8 62 23 e5 e9 08 49 91 03 cd c7 02 37 9c e6 7d 11 6f d1 42 a7 fb c6 e8 38 e8 73 c3 37 e0 29 c0 a9 42 98 c5 59 98 80 05 bc a2 3d ef ae 1c 4b 75 01 a3 f8 e5 16 4d cb c2 e4 e3 53 d1 97 3c 9e d6 54 2a 69 62 a3 4b 41 c5 f7 c9 3b 9e 9a 5c c7 db d1 2b 3a 82 71 1c fd 6c 05 63 e9 78 61 87 47 b2 df 17 ca 1d 00 55 7c 94 63 91 97 06 88 34 23 9d 1b 93 89 43 91 f1 87 78 fb c5 ab 3a 39 62 65 84 ac 5f 58 51 e4 6a 20 87 55 e5 a6 8a f6 d4 b4 4e 06 b9 0e c5 9a 54 6b 86 4c 41 a7 1d f7 70 44 c8 f4 e8 52 5c 31 03 3f 75 5d 87 84 76 0e ab aa 73 18 0d 85 79 9b 89 b1 50 a6 78 e3 b4 7c 06 32 23 53 2d 4c a9 d5 d4 32 d5 32 8c 9a a6 83 61 7c 44 55 7e 51 4e 26 b9 76 1c d7 35 9a ca 7b 76 18 f5 f3 b4 c4 97 f9 77 52 09 94 1f 7d 3c 3d 39 07 63 2b b5 68 a6 cf 59 c0 fb fd b7 77 30 3e 91 85 11 4a 80 b2 9f b1 60 e8 54 21 6f 4a 23 02 fa 8d 95 97 e7 57 d1 8d 54 fd b0 24 f4 18 de 05 aa f1 92 a2 9f e0 51 8b 6f a5 28 cc be 92 63 8e 14 be 43 85 57 d5 31 cd e7 8b c7 fd 4c 1c f0 2c bb e1 e9 2d fd ca 36 bf 4c 1c 2d cf 36 25 d5 ec 32 70 06 18 78 8b b3 26 26 55 9a 95 d6 9a 83 eb 96 6d 5f 51 ce 40 02 bf b0 7d ad f9 43 34 01 3d e5 e6 61 22 22 10 fa 5b b0 39 fa eb dc d7 04 f5 0a e0 97 e6 8a 4c f1 97 29 71 bf f6 41 0c df 7e 9f 84 41 f8 af 7f 15 d5 17 12 Data Ascii: YmW8>XE(`GPhf2K9QGNeJcW'= }Z<(6^E;?52W ;4(V-S$%r"qxA"pPi.L@'Zguk>&Lfs,Rlb#I7}oB8s7)BY=KuMS<TibKA;\+:qlcxaGU\|c4#Cx:9be_XQj UNTkLApDR\1?u]vsyPx\|2#S-L22
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKdate: Mon, 22 Aug 2022 11:00:55 GMTetag: "-375139978"last-modified: Thu, 16 Apr 2020 10:44:16 GMTx-request-id: 643533069content-type: text/javascriptcontent-length: 4547content-encoding: gzipvary: Accept-Encodingx-cdn-pop: sbgx-cdn-pop-ip: 137.74.120.0/27x-cacheable: Matched cacheaccept-ranges: bytesx-iplb-request-id: 54113432:FAE5_2E69C9F0:0050_6303627C_12193:120BDx-iplb-instance: 42477Data Raw: 1f 8b 08 00 00 00 00 00 00 00 9d 1a 0d 7b da 36 f3 af 10 6d 2f b5 6b d5 c1 4d da 77 83 28 59 3e db 74 69 b2 25 64 5f 8c f9 71 8c 00 27 20 53 5b 90 d0 e0 ff fe de 49 b2 31 e0 bc db b3 3e 7d 82 74 3a 9d 4e ba d3 7d c9 56 7f 2a 42 19 c5 c2 b2 9f 67 41 52 13 8c 4c 45 8f f7 23 c1 7b 84 4a 56 0c 4b fb 39 e1 72 9a 88 9a 9c 4f 78 dc af c9 2d c6 44 46 39 23 f7 a9 f7 ce 0f 52 f7 3e 25 34 61 84 d0 88 6d 79 34 c6 3f 01 fe 49 f1 4f c8 48 c3 7d eb 7a 84 4e d9 db 77 d4 67 e4 0d a1 7d 46 fc 8f e7 37 ed c3 f6 8d 7f 73 7e 42 68 8f 91 61 94 ca 40 a6 7e 38 4d 65 3c f6 7b 3c 95 27 d1 ec a7 24 ee 4d 43 9e 10 3a 59 f2 24 ec 67 df 01 12 c4 11 59 6b 62 85 76 0b b7 30 63 a5 3d 45 f5 7a 18 8b 34 1e 71 77 14 0f dc 60 32 19 cd 2d 09 6b d0 20 19 4c c7 5c c8 d4 ce e8 a8 44 93 26 fa 24 22 26 16 8b e7 ac 25 93 b9 ea c7 2c 71 7b 71 a8 e6 c0 be 12 57 04 b3 68 10 c8 38 81 0d 26 6e 1a 26 9c 0b d8 66 e2 9e 04 92 c3 d6 12 f7 73 20 87 b0 a5 12 3b e6 08 e3 ac bc 8d 02 dc b3 6c 77 c0 e5 e9 88 2b c6 8e e6 ed 60 70 19 8c b9 45 ee e2 de 9c d8 9d 46 77 b1 78 19 69 c8 83 9e 42 5a dd 50 4e 9e e4 20 c2 98 91 21 c8 6f 58 81 59 93 d0 ae d7 45 2d 12 20 0b 11 22 ea 61 92 04 f3 8c 8e 5f 46 df da 5a 65 ed 68 7e de 83 81 8c ce 57 e6 e0 59 72 d0 88 56 d4 b7 70 22 c8 a8 6f 91 cb e0 12 d8 9a 04 49 ca cf 85 02 6b da 80 c7 cb e0 fd 46 66 16 e5 19 1d 54 31 33 87 f6 41 69 46 b3 91 d1 c7 aa e3 48 65 12 89 01 d9 2a 0e 63 b1 10 ee 88 8b 81 1c ee 79 07 a2 29 dc 84 4f 46 41 c8 ad ed bf 3a af 48 f7 c0 72 5f db d8 f8 76 9b 92 6f 3d 02 3b 6b 33 69 3d 46 a2 17 3f 76 88 7f 72 7a 74 fb a1 50 e7 c3 9b df 2f 8f af fd 93 2b ff f2 aa ed 1f de b6 af 00 7e dd 26 5d 9b 9e 57 88 be 60 d8 e3 bb af fb 6e 12 00 d1 b1 65 db 8e 97 d1 8f 15 f8 a8 5a 6e 7f 14 c7 89 b5 cb bf 7b ad ba c5 a4 37 6f f9 77 19 3d 66 e7 96 4d 4f 4b 37 2a 9e 0a 89 57 e8 8e 7d 84 91 9b b2 d2 73 54 7b 10 c4 56 e9 ec 41 ae 09 c8 35 01 08 9d c5 51 af d6 68 f5 61 3d 75 39 40 35 6a c2 16 ee 30 48 af 1e 05 dc ce 09 4f e4 dc 8a 00 9f 5b 11 15 9d a8 4b 51 f6 d7 ac 41 af ca fc 5f 3b 4e 46 0f ff 8f 3c ca ca 79 52 ad 39 2b 6a 77 a8 fe 5a 9c 59 c2 21 c4 36 12 dc 6f d8 14 34 e4 92 11 af d1 68 10 7a 0b e6 87 d0 23 34 42 93 e1 e4 80 b4 22 37 f6 23 60 2e 72 67 3c 61 de 7b 68 f0 19 67 3b f0 1b 22 04 47 52 3f ea 99 c6 44 37 7a 7e 3c 51 8d c8 87 a3 66 bb aa 65 90 22 ff d1 fc 0e cd ef 9d 32 86 30 bb 97 37 a6 79 63 a4 f8 c1 96 d4 a0 9e 9f 9a 15 fa 01 6b 28 43 76 0f 80 33 68 23 50 f6 cd a8 98 31 4f 35 c6 53 03 09 67 79 23 a7 10 4e 4c 63 72 75 69 68 7d 60 bb ef f8 0e 7d 32 e4 26 22 c7 90 aa d1 f7 27 33 b3 53 19 68 86 02 7f 16 b0 4e 57 c3 22 03 4b

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52637
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65272
Source: unknown	Network traffic detected: HTTP traffic on port 52114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57643
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55820
Source: unknown	Network traffic detected: HTTP traffic on port 59984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52637 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55071
Source: unknown	Network traffic detected: HTTP traffic on port 56986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56527
Source: unknown	Network traffic detected: HTTP traffic on port 58013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50660
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58988
Source: unknown	Network traffic detected: HTTP traffic on port 57643 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58595
Source: unknown	Network traffic detected: HTTP traffic on port 62691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61395
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60621
Source: unknown	Network traffic detected: HTTP traffic on port 53728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53828
Source: unknown	Network traffic detected: HTTP traffic on port 58595 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64870
Source: unknown	Network traffic detected: HTTP traffic on port 51460 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50660 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56527 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53318
Source: unknown	Network traffic detected: HTTP traffic on port 52952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59984
Source: unknown	Network traffic detected: HTTP traffic on port 64244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51460
Source: unknown	Network traffic detected: HTTP traffic on port 53828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61891
Source: unknown	Network traffic detected: HTTP traffic on port 60621 -> 443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.22.0Date: Mon, 22 Aug 2022 11:03:25 GMTContent-Type: application/javascriptContent-Length: 0Connection: keep-aliveP3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"Access-Control-Allow-Origin: *Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 22 Aug 2022 11:03:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Powered-By: PHP/7.4.29X-Robots-Tag: noindex, nofollowCache-Control: max-age=14400CF-Cache-Status: HITAge: 83Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mk7%2FF5I1iEeXfDQ9nDFInSKgql70AbYRrQSlNAF9wL9EnCZQxrS3BwySJ9IMKEHfO4bInwP2Y2lOmv%2FOniNsVqW5AXFKQbzxED5NRgPDGpucPEyXvnkkRRfdweS9b4AkYO%2FDj6ihHZ1v"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 73eb1f3ec9e38862-LHRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 63 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 8e 3d 0f 82 40 10 44 fb fb 15 2b bd ac 18 cb cd 15 0a 46 12 fc 88 39 0b 4b 84 25 47 82 77 7a ac 1a ff bd 01 4a eb 99 37 6f 68 96 1e 37 e6 7a ca 60 67 f6 05 9c 2e eb 22 df 40 34 47 cc 33 b3 45 4c 4d 3a 25 cb 78 81 98 1d 22 ad c8 ca bd d3 64 b9 ac b5 22 69 a5 63 bd 4a 16 90 72 c7 c2 50 79 27 ec 84 70 4a 14 e1 d8 a4 9b af bf 03 9c e8 83 17 d8 fa 97 ab c1 87 3f ca 26 5a d1 43 1b cb 10 f8 f9 e2 5e b8 86 cb b9 00 6c ca 77 5b 79 17 b7 95 87 4f d9 83 f3 02 cd 34 e3 40 6c db 43 cf e1 cd 21 26 7c 0c a2 30 b8 47 2b e1 78 59 a9 1f 31 d4 0f b7 ee 00 00 00 0d 0a Data Ascii: c2e=@D+F9K%GwzJ7oh7z`g."@4G3ELM:%x"d"icJrPy'pJ?&ZC^lw[yO4@lC!&\|0G+xY1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 22 Aug 2022 11:03:29 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Powered-By: PHP/7.4.29X-Robots-Tag: noindex, nofollowCache-Control: max-age=14400CF-Cache-Status: HITAge: 85Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zrTeUpnL%2BwcLSbKldpRR%2Flpw3kKslsO%2B%2Bde8YPCQKsirT%2FlStBvZy5b7FzxDUJ%2F3zzlLkgvfF9MNnzC%2F1VbJSZXQESg724TlrNfqktb1D%2Fa5PynFHOJ59Ejs0%2FMOXddFew%2BfBWDr9tbG"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 73eb1f468e3b886b-LHRalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 65 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 31 30 20 44 65 6c 65 74 65 20 63 6f 6e 74 65 6e 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 20 6f 72 20 44 65 6c 65 74 65 20 63 6f 6e 74 65 6e 74 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0a 0d 0a Data Ascii: ee<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>410 Delete content</title></head><body><h1>Not Found or Delete content</h1><p>The requested URL /favicon.ico was not found on this server.</p><hr></body></html>

Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: History Provider Cache.1.dr	String found in binary or memory: http://desifoodcorner.wb4.xyz/2
Source: e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.1.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr	String found in binary or memory: https://adpays.net
Source: e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	String found in binary or memory: https://apis.google.com
Source: e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr	String found in binary or memory: https://cdn.jsdelivr.net
Source: e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr	String found in binary or memory: https://claimtokens.net
Source: e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: craw_background.js.1.dr, craw_window.js.1.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr, craw_window.js.1.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: manifest.json.1.dr, craw_window.js.1.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	String found in binary or memory: https://update.googleapis.com
Source: craw_background.js.1.dr, craw_window.js.1.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr	String found in binary or memory: https://www.blogger.com
Source: e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.1.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: craw_background.js.1.dr, craw_window.js.1.dr, e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: e0f48069-4efd-4901-91a7-0f10a38b5d06.tmp.2.dr, 5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp.2.dr	String found in binary or memory: https://www.gstatic.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	94804
Entropy (8bit):	3.75487893488971
Encrypted:	false
SSDEEP:	384:JUnqM1LZrYIhuuM9Lm/PXMkTyuacN9LDIn8kmws/j82/vPdM/I+CeFU/X5aGkw/I:JwWDA/3/UxHT9qRWKuC5/a
MD5:	49772534E87B3704BACD283D71B38B9C
SHA1:	042CB3D2892C67B53FA460EDDFDB2FF2368CE328
SHA-256:	13438B8B6BBDC1CC8B5F5BE7BF0426CE63FDEE21C12558483B48C0C5F96D6376
SHA-512:	77E02FEA58C34AD63B5A4522C70BBD499553149D08079DEC420423846347031C1BD80DBAB1DDE955CF782E4643D837E3ABD67C0DA34E0F8E83C2DC9A495A752C
Malicious:	false
Reputation:	low
Preview:	Pr..............T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.......puA...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.n.e.d.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.......f.i.l.e.s.y.n.c.s.h.e.l.l.6.4...d.l.l.......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e."...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.....2.1...0.8.3...0.4.2.5...0.0.0.3.....T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....e8. ...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.7.-.Z.i.p.\.7.-.z.i.p...d.l.l.......n\....%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.7.-.z.i.p.\.......7.-.z.i.p...d.l.l.......7.-.Z.i.p.......7.-.Z.i.p. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.......1.9...0.0................e8.....

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	96852
Entropy (8bit):	3.7557953890887044
Encrypted:	false
SSDEEP:	384:ObUnqM1LZrYTEhBYBpuM9Lm/PXMkTyuacN9LDIn8kmws/j82/vPdM/I+CeFU/X5T:D6wWDA/3/UxHT9qRWKuC5/T
MD5:	45C92740E2EBE297E5E13DE677F18667
SHA1:	AEF7C5F2DA2D4FD39189AD3E1690EC4E60C62896
SHA-256:	B9E176C9B1951871C6A8FD49B24960D536EBD29710EB557C705B1F57DB68F655
SHA-512:	7C6E946456A1F604200D01E812465A7C77DF7031504CDA78ABE74ECC5B57266A3BBAA5D8DACFA3302DC0084545C49CFB4B5F7BC3F0B7A34E372E17261FAAAB57
Malicious:	false
Reputation:	low
Preview:	Pz..............T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.......puA...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.n.e.d.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.......f.i.l.e.s.y.n.c.s.h.e.l.l.6.4...d.l.l.......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e."...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.....2.1...0.8.3...0.4.2.5...0.0.0.3.....T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....e8. ...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.7.-.Z.i.p.\.7.-.z.i.p...d.l.l.......n\....%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.7.-.z.i.p.\.......7.-.z.i.p...d.l.l.......7.-.Z.i.p.......7.-.Z.i.p. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.......1.9...0.0................e8.....

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://desifoodcorner.wb4.xyz/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Google\Chrome\User Data\37ca32df-1e2b-4fba-b1ec-fa8bbdc92dc1.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\49f4d765-d6d5-42d9-830d-41bd23475ff1.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\61b0ab5d-84e4-4ce5-ae66-71c0b9fa78b6.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\634ddcc9-ee20-409c-b8c8-25faa961a86e.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\699d61d6-0a7d-4d93-864f-255df386570a.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\7c769bc8-ae6a-46e1-83c6-82fb7242807e.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\891847eb-630e-469a-b275-29f576cbc24d.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1916e70f-ce10-4a75-b242-93f21c9b3740.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1bf7cec1-de59-489d-9d1a-20cf5fce34e6.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\373c92d3-4685-4fd7-9987-785b535c02b9.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\37916634-8c1d-47bb-b039-a2bf0af411a8.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\485bcc51-7cb0-46a8-8388-abc8f115703f.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4f9f09d5-3e79-4bc6-9e3d-bb464418691d.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5016bf32-f03d-4e09-b9a1-68817aaa4cf6.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5bd60ca4-e261-44f9-87a8-ee1dfbd93189.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8438d7aa-c6a4-42df-a294-7930c871d359.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000001.dbtmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\CURRENT (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\MANIFEST-000001

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\a7b3b5c5-f94e-4b97-bebd-1c6ba30696ec.tmp

Windows Analysis Report
http://desifoodcorner.wb4.xyz/