Windows Analysis Report
http://corporativoentornomedico.com/natwes/natwest3/details.php

ID:	1448161
Product:	CloudBasic
Start time:	00:30:21
Start date:	28.05.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 43	SVG Scalable Vector Graphics image	782122F64412955AA1B565CBB2CE2D50	474BB905573BF237BAED9ABE6955A357B6FED6FA	43A780414DDF2B15E9B47811BBAA8CBFC6CF56D4DB65684ED114A1C2A13BC097
Chrome Cache Entry: 44	Web Open Font Format, TrueType, length 26144, version 1.0	0BCD56614CBE5BE77E10D4AAECA47399	F58D63363E0710CEBA1ECC8E5B950D19B7BA740A	CE87BF8A3058E5028A4B64DC0AA16E0614F7E47D87223594C6353450AADBF5AD
Chrome Cache Entry: 45	ASCII text, with no line terminators	EBD5EF2B981BE3718CD5105A08FFCB7E	A197C4BA3C026D31CCB457D8E15BDF13E9C9307B	B0927881B160CA116B63AD099C7A614A3554A493778D9A83065ED42BD7513720
Chrome Cache Entry: 46	PNG image data, 120 x 20, 8-bit/color RGBA, non-interlaced	2C481B8FEEBF44C63680AEFC647122F8	73613B8DA391E12443DCBC756C0FE48E31FE620A	917942589E5B140755EE83BB4720CA9C1BBF7705F44F51A78BA1FFA635420C50
Chrome Cache Entry: 47	SVG Scalable Vector Graphics image	782122F64412955AA1B565CBB2CE2D50	474BB905573BF237BAED9ABE6955A357B6FED6FA	43A780414DDF2B15E9B47811BBAA8CBFC6CF56D4DB65684ED114A1C2A13BC097
Chrome Cache Entry: 48	PNG image data, 22 x 19, 8-bit/color RGBA, non-interlaced	7D1121F873D0A62FFF8D1C68A0BE06A5	3A363598B4F6E2CF6154C59FA766064955983178	D4901081A59D75050D215C08D6FD5370CEA9AA1EAEA023A176C9B9C26760F221
Chrome Cache Entry: 49	gzip compressed data, from Unix, original size modulo 2^32 2384	C37DE7B83F084315D120F1C755A6A808	023645513067035A35CFCAF31534F1F22C6A3892	AF6EE5BF701420E6C1D802E746C4A6744CF3FDB085EC098B2E9CD1A72826C8A1
Chrome Cache Entry: 50	gzip compressed data, from Unix, original size modulo 2^32 47357	683A2B104224D3157C9DDE1A26CA836A	3103BC72ED73FD67F85C4A817C37F30E40B4AD5F	AA92B9AA04E657985E404CEDE65821857B8F49F46D2EA4A6C7C93CA0825095E6
Chrome Cache Entry: 51	MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel	D0AB1861F850D4514EDAA1696B3B5CE2	8FBDFEF1335CCF858072297CAEF21E1925A44D11	9BBF91204E8022D01C859C92C1D9218AC4859DE521548856534B48AC2E7849A8
Chrome Cache Entry: 52	gzip compressed data, from Unix, original size modulo 2^32 5612	818AC9FA39725207CA86B7909EAF1CF3	158EA62C4FF01204D2C2E30CB5F3CBA3AF9D2688	3A023EFFBE1CC627D510D27E7EF9259258B43CC8526C2A86E5F7068E3AF7171F
Chrome Cache Entry: 53	gzip compressed data, from Unix, original size modulo 2^32 1538	79A1446F6C582A30A112DD4599530F63	6C5E725262F35EFFF6AB15E046282F205E647C7C	1A9428B03C4F0475C8EA86D4764E32F643AB2759948D963F27A4A4B3ACA013C9
Chrome Cache Entry: 54	gzip compressed data, from Unix, original size modulo 2^32 135744	0EFA64FEE7FA1ABC88F5041F7191B0BA	B8C3B999CF0F3B89ED60A265AC6F51357B7D0CE6	715C8C63EF0DDE4C9DE5652E0F55CE6D65AC3A0933EC5415AD67FDE24D08D6DE
Chrome Cache Entry: 55	gzip compressed data, from Unix, original size modulo 2^32 32381	DABF7E4B5B3C1DB8C590CE84B08B52F1	794D7B008A56BD2108AAFA8032572AF4384A7C20	02F97C405BCEBF4274F5F0DBFA2DAD90A7CE6BF80EB8FAEF35BF1EDC6F516555
Chrome Cache Entry: 56	PNG image data, 22 x 19, 8-bit/color RGBA, non-interlaced	7D1121F873D0A62FFF8D1C68A0BE06A5	3A363598B4F6E2CF6154C59FA766064955983178	D4901081A59D75050D215C08D6FD5370CEA9AA1EAEA023A176C9B9C26760F221
Chrome Cache Entry: 57	MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel	D0AB1861F850D4514EDAA1696B3B5CE2	8FBDFEF1335CCF858072297CAEF21E1925A44D11	9BBF91204E8022D01C859C92C1D9218AC4859DE521548856534B48AC2E7849A8
Chrome Cache Entry: 58	gzip compressed data, from Unix, original size modulo 2^32 515	5FA5BFC38D0815AA76741BEFC1BA2BEB	0464DA98BA6424713EB9E124530E1C21613B67B4	74E547E44F7ED546900B1187357E57C31FFD0286D251A8E29B4E39979DA5FE33
Chrome Cache Entry: 59	gzip compressed data, from Unix, original size modulo 2^32 76	35BA1E11809CFD559908517D8CF99D0D	0B85D58F074187D74821ECCB3E5608055E7F12CB	1E5542F9ACDF49D81CB1DAB38E864CC5D2D18943E79924ED0D5F0B63E95BCA65
Chrome Cache Entry: 60	Web Open Font Format, TrueType, length 25612, version 1.0	D068A1B2F085C93AFB6D64215BB013FF	62E3A44BA4AD2141BB9BED2F3127F23CC7957764	37539C1B025B1580975CE7942FF711E4E92E6F549AF893E46E5A9A60E705C02C
Chrome Cache Entry: 61	gzip compressed data, from Unix, original size modulo 2^32 5204	13E5C572B84935265A29EE18213EE6C9	FEE5AF2D471E9AB58E4FC52490692E485B3F8D44	41687530E6B1B42DE2B92D65587142412059040CD090A4DB721304B2D4FF1CF9
Chrome Cache Entry: 62	PNG image data, 120 x 20, 8-bit/color RGBA, non-interlaced	2C481B8FEEBF44C63680AEFC647122F8	73613B8DA391E12443DCBC756C0FE48E31FE620A	917942589E5B140755EE83BB4720CA9C1BBF7705F44F51A78BA1FFA635420C50

AV Detection

Source: http://corporativoentornomedico.com/natwes/natwest3/details.php

Avira URL Cloud: detection malicious, Label: phishing

Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/exit-icon-white.svg	Avira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/logo.png	Avira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/favicon.ico	Avira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/RNHouseSansW03-Bold.woff	Avira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/alert-icon.png	Avira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/overlayPrompt.css	Avira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/master.css	Avira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/datePicker.css	Avira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/npc.css	Avira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/jspostcode.js	Avira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/NPC_auralstyle.css	Avira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/master_print.css	Avira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/RNHouseSansW03-Regular.woff	Avira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/overlayPromptMaster.css	Avira URL Cloud: Label: phishing

Phishing

Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php

HTTP Parser: Number of links: 0

Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php	HTTP Parser: Invalid link: Legal Info
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php	HTTP Parser: Invalid link: Privacy & Cookies
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php	HTTP Parser: Invalid link: Accessibility

Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php

HTTP Parser: HTML title missing

Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php

HTTP Parser: Has password / email / username input fields

Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php	HTTP Parser: On click: logOutSession()
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php	HTTP Parser: On click: JavaScript: timeOutWarningClose(); __doPostBack('ctl00$timeoutWarningBox$ctl00$TimeoutLightBox$ctl00$StaySignedButton','')

Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php

HTTP Parser: Form action: ../complete.php?&sessionid=e4579bf7e153343f515ad6d0e7f9a486&securessl=true

Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php

HTTP Parser: No favicon

Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php

HTTP Parser: No <meta name="author".. found

Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php

HTTP Parser: No <meta name="copyright".. found

Compliance

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:55905 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:55908 version: TLS 1.2

Networking

Source: global traffic

TCP traffic: 192.168.2.6:55900 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:13 GMTServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34; path=/Upgrade: h2,h2cConnection: Upgrade, Keep-AliveVary: Accept-EncodingContent-Encoding: gzipAccept-Ranges: noneContent-Length: 529Keep-Alive: timeout=5, max=75Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 95 52 5d 6f d3 30 14 7d a6 bf e2 ce 0f d3 86 9a b8 d5 84 44 59 5d 09 da 55 20 0d 98 20 d3 d8 53 e5 26 6e 63 cd 89 83 7d d3 74 ff 9e 1b 27 9d 0a dd 0b 79 88 7c bf ce 39 f7 63 30 3d 5b 7c 9f 27 8f 77 37 90 63 61 e0 ee fe d3 ed 97 39 b0 88 f3 87 ab 39 e7 8b 64 01 bf 3e 27 5f 6f 61 1c 8f 60 e9 64 a1 bc 42 ce 6f be 31 60 39 62 f5 81 f3 a6 69 e2 e6 2a b6 6e cb 93 1f 7c df e2 8c db c2 fe 19 6d fa aa 38 c3 8c cd 06 83 69 60 da 17 a6 f4 e2 15 8c f1 64 32 e9 4a d9 6c 9a 2b 99 cd a6 85 42 09 6d 66 a4 7e d7 7a 27 d8 dc 96 a8 4a 8c 92 e7 4a 31 48 3b 4b 30 54 7b e4 6d e5 35 a4 b9 74 c4 29 ee 93 65 f4 3e b0 fa d4 e9 0a e9 85 b9 f6 31 da 2a 36 36 95 a8 6d 09 67 42 40 f0 be 78 ce cf e1 e2 34 ef 9f ac cb 6b 82 e5 2f b8 40 df a9 d4 07 5d 66 b6 89 50 ba ad c2 23 ad 2b 42 26 5d a1 68 2d bd 82 dc a9 8d 60 31 83 2e f5 ef 0c d4 68 d4 8c da de 68 57 c0 a3 ad 1d 2c 88 49 1b 3f e5 5d ec 88 be a4 79 0b b6 d3 aa a9 ac 23 4e 9d 91 55 25 72 7b 44 df e8 0c 73 91 a9 9d 4e 55 14 8c 21 e8 52 a3 96 26 f2 a9 34 4a d0 c2 87 50 c8 bd 2e ea a2 77 bd 1b 42 ed 95 0b 96 5c b7 39 bd be 8e dc e8 f2 e9 d0 06 f7 2a ad 9d c6 e7 d5 46 1b e5 f9 46 12 93 2d 63 fa 31 70 ca 08 e6 73 12 97 d6 08 ad 9f ba a6 55 0a a6 0b b9 55 7c 1f 05 df 6c f0 e6 3f 31 4f a1 da 18 e1 d0 9e c2 29 d1 c2 0e e7 08 b6 34 56 d2 68 3c 0d 1c 97 6e 9e ab f4 c9 5f 5c 32 0a d4 7d 28 73 b6 fa 58 63 de 7a 53 6b e8 5e df 0e 47 ec b0 eb 80 14 a6 9b a2 19 8d 56 24 2f b8 48 41 bb 12 c1 7e f6 7a 61 d9 b9 43 74 6d 5d a6 9c 60 23 06 de a5 af b4 95 75 8b 8d ab fc b0 7e 52 7f 50 dd 76 10 4e 7c f6 07 3c a3 90 08 bb 03 00 00 Data Ascii: R]o0}DY]U S&nc}t'y|9c0=[|'w7ca99d>'_oa`dBo1`9bi*n|m8i`d2Jl+Bmf~z'JJ1H;K0T{m5t)e>1*66mgB@x4k/@]fP#+B&]h-`1.hhW,I?]y#NU%r{DsNU!R&4JP.wB\9*FF-c1psUU|l?1O)4Vh<n_\2}(sXczSk^GV$/HA~zaCtm]`#u~RPvN|<
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheVary: Accept-EncodingContent-Encoding: gzipAccept-Ranges: noneContent-Length: 8419Keep-Alive: timeout=5, max=74Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 72 ed 72 db 48 b2 e5 6f f1 29 72 d0 d3 6a b9 a3 f9 21 7f b6 f9 75 d7 a2 e8 b1 67 28 59 2b ab ed 3b b1 b1 c1 28 a0 92 60 8d 0a 55 70 55 41 24 3d dd 11 fb 34 1b b1 4f b0 ff ef a3 ec 93 6c 16 00 52 24 45 91 94 3f e6 c6 2e 22 44 a1 0a 99 27 cf 39 79 2a ed 3f 9d be eb 5d fd fd a2 0f 63 97 48 b8 f8 ed 64 f0 b6 07 41 b5 5e ff f8 a4 57 af 9f 5e 9d c2 bf bf b9 3a 1b c0 71 ad 01 57 86 29 2b 9c d0 8a c9 7a bd 7f 1e 40 30 76 2e 6d d6 eb 93 c9 a4 36 79 52 d3 26 ae 5f 5d d6 a7 1e eb d8 37 97 af 55 b7 d4 59 e3 8e 07 dd 4a a5 9d 4f 9c 26 52 d9 ce 06 9c e3 97 2f 5f 16 ed 01 70 e6 58 35 b3 68 58 8c ca 75 82 33 fd 59 48 c9 ea cf 88 d4 d1 47 a1 b8 9e 58 38 bf 82 e7 b5 e3 16 d0 f9 f9 d3 16 4c 9f 3f 7d 04 af d2 54 e2 47 0c ff 26 5c fd d9 93 17 b5 27 cf e1 e8 6f 5e cf 2f 20 c5 35 c2 5f 30 ba d6 8f a0 37 36 3a c1 fa f3 e7 b5 46 ed c9 93 67 2f 6b c7 4f 5e c2 7b 36 62 46 94 6d 41 b7 3d 46 c6 3d ed 04 1d 03 cf b7 8a 9f 32 71 d3 09 7a 5a 39 a2 55 bd 9a a5 18 40 54 9c 3a 81 c3 a9 ab 7b fe 2d 88 c6 cc 58 74 9d df ae 5e 57 7f cd b5 db c8 88 d4 75 2b a3 4c 45 de 16 c0 24 75 b3 a3 47 f0 cf 4a 05 e8 b9 61 06 a6 ad fc 75 0a 1d e0 3a ca 12 42 ad c5 e8 fa 12 fd eb c9 ec 2d 3f 0a 46 99 94 43 c5 12 0c 1e d5 6e 98 cc b0 e8 11 23 38 a2 be 0e 04 81 87 84 f2 d9 0b c6 ba 99 44 9a 19 84 da 70 34 d5 48 4b 6d 9a 06 79 d0 aa 1c 1c ec 86 18 a2 31 da 2c 03 71 61 53 c9 66 4d 08 a5 8e ae 83 d6 82 8f 41 97 19 05 23 26 6d 49 fc 8f ca 41 e5 60 5f f1 8c 73 83 d6 7e 9d f4 5b 90 2f 14 5e 02 fc eb 64 47 c2 cd be 4e 73 89 f0 85 82 7d f7 bf 4e 6d aa ad 8b 34 ff ca 80 2f a1 7c a1 ea 39 c2 b7 51 ae 70 72 41 80 3d 02 24 88 68 8c d1 f5 fc 7c 74 1f 85 9f e6 14 7e 2a ad 78 d4 f2 70 de 8a 25 38 6f c7 41 65 9b 19 77 70 88 c1 12 40 ab 6c ff a3 fc 8f c4 7e 81 f9 9d 4d 16 8a 08 09 3e fc b6 66 ef 13 b3 44 87 42 e2 50 65 49 88 e6 eb b2 b6 0e f5 85 5e ac c0 fc eb 8c c0 84 09 f9 75 06 cc 21 be 50 78 de fe 95 82 2b 7f 54 da 75 1b 19 91 ba 6e a5 d2 9e bf 8d 32 15 39 a1 15 44 63 a6 62 3c f2 72 0a 6b ca 4e dc 66 cd 28 93 72 a8 58 82 77 ed 41 f8 53 e1 cf 3f 2b 07 5b bd 59 c6 58 48 db ee c7 a2 65 8b 27 4a 2b f4 28 7f ec af 86 71 6e d0 da af d0 72 8b b0 a7 92 b2 e1 db ea 88 84 9b 7d 85 88 b2 7d 4f 05 be fa db d2 4f b5 75 91 e6 5f 93 a9 25 88 3d 65 cc 3b f6 97 a2 70 72 41 4d 3d 6a a2 b2 68 8c d1 f5 fc 7c 74 df 98 9f e6 63 7e 2a b5 3d 22 bc ca 81 d7 b6 04 f7 08 fe e9 6f b7 29 bc 03 44 14 96 10 0a cb be b1 45 42 d1 24 c1 87 0f b0 2a a7 f1 80 d5 27 3a 14 12 87 2a 4b 42 34 5f b1 ff 75 9c 3d 15 ae b4 7d db 50 63 c2 84 fc 0a 45 f3 fe 3d 95 e4 e5 fb 29 a8 fc 51 a9 b4 eb 36 32 22 75 5d 7a 2d de c0 9a a8 13 d4 ea ff b0 f3 75 d7 fe 61 83 ee 72 61 82 8e 81 e0 9d 20 72 b2 d1 18 de a4 57 2c 0e 40 b1 04 3b c1 8d c0 49 aa 8d 0b 20 d2 ca 11 ad 4e 30 11
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sat, 07 Jul 2018 04:46:44 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1879Keep-Alive: timeout=5, max=75Content-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 52 7f 4f 1b 49 12 fd 1f 89 ef 50 b2 22 61 07 b0 b1 4d b8 4d 38 74 32 4e 88 d8 db 0b 56 42 56 a7 04 56 6a cf d4 78 7a e9 e9 ee ed ee b1 f1 22 be fb 55 f7 fc b0 07 3b e1 72 a7 1d 84 3d ae ee 7a ef d5 ab d7 7b 79 f6 97 3f bb 3b bb 3b 23 ad 05 8f 98 e3 4a be 01 80 cf 8e 0b ee 96 70 91 cb c8 d7 e8 42 ee 52 65 fc 59 78 7e 56 a9 84 f7 cc c4 12 8d ef ff 15 8d 2d 7b fd f3 6b bf 7b b4 bb f3 96 39 ac 3b 00 fa 3f b9 14 3e a8 39 66 53 34 30 38 3a 1a d2 15 b4 91 e1 ba e6 b5 18 83 53 10 a5 18 dd 81 4b 11 e6 4c f0 d8 4b 51 09 30 f8 fc 4f d0 ca ba 48 c5 b8 8d 75 b0 85 d5 93 fe 8b 99 28 f5 8c af 36 18 cf 2f 26 57 35 a6 05 9e 69 81 19 4a 87 71 77 77 07 9a cf 35 e9 31 b9 a0 6b 91 92 11 1a c9 e5 0c 16 29 27 6c 26 74 ca a6 e8 78 44 da 99 61 91 23 69 c0 0c d2 89 50 0b 9a 8a cb f2 aa 66 c6 f9 69 fc 74 1b 14 95 12 58 20 f5 66 8a 3e ac 33 c4 43 92 c4 72 25 af 50 b7 e9 c0 f0 1b 0e 8c f2 59 6e dd 76 0b 3e e5 5a 2b d2 94 28 03 57 73 02 44 66 e1 1a 8d e1 4e 19 4e d3 b2 38 a6 01 9e 3e df 12 d0 df 10 30 18 9a 78 b5 83 9f 36 04 4c 8c 9a d2 58 e4 aa 31 48 ce c5 e4 14 8d 3f 5d 16 db 5f 99 22 95 03 83 2e 37 12 e3 03 60 32 86 bd f3 b7 83 21 bc fd f7 1e 2c 48 34 97 a1 81 8c da 30 d6 19 64 1e 99 6e f9 1e 18 fa 9e b6 4b 99 bc b3 30 41 5a 17 bc 37 6c 8e b6 f3 fd f9 8e b7 18 fc 37 32 f8 2a 72 aa 8c f5 eb 8d 01 c7 55 24 60 08 78 ef 50 c6 45 cc 43 36 60 4f 67 d2 cc ef 97 2b 3d 74 f4 33 8b 14 d0 c8 ef 8d 52 ae e3 95 6c d3 d2 df 98 d3 2f fb 13 6a 87 59 a1 a6 bf 79 65 7d df 23 39 cb b9 10 0c 54 b5 78 57 2e 7e b9 5a fb 06 c2 a6 94 57 df c8 dd 07 c2 ad 94 0c 36 95 68 8c 78 c2 23 b0 a5 a4 82 d2 0b 93 b8 80 f3 8b c9 55 bd 7c bb 11 bd 09 99 9a f9 cd d9 40 ea d4 38 c5 e8 0e 0e eb 16 b2 71 8a 10 f9 2a c6 dd 60 e1 75 ca 2d 24 b9 8c fc 6a 8a 23 1a 39 45 9f b4 1c 41 25 e1 87 ae 90 83 14 f6 34 86 54 cc 98 eb c2 35 5d b5 9a 45 48 34 6e 81 28 43 f3 ee 0e 97 0b 46 89 27 14 17 42 ea ab 2a 77 ab 22 69 50 21 1c 4c 50 8c 85 4b 55 3e 4b 7d 95 4b 8b c6 c7 94 27 21 ec d4 69 d0 67 96 87 a6 d0 5c 6a dc dd 51 09 59 c7 99 a8 85 75 fd 84 97 e5 08 95 58 3f af ca 65 c8 1b b9 c1 65 3d 4f 31 c6 41 b8 5e 5b 62 d0 e5 46 da 26 86 36 4a a3 11 4b 22 2d 9a bc c4 36 41 45 4c 73 c7 84 85 05 a7 65 af cf 19 fa aa e1 4b 43 42 cd a2 77 d7 03 4c 29 62 85 7f 5d b8 ac 86 5a d7 1d 23 66 b8 12 1e 29 63 30 72 85 fe 62 59 09 71 87 ab 85 6c da 72 11 8d 77 f7 2c d3 82 76 cf 84 78 53 94 c0 7b da 0e 1b 9f 10 c7 d8 73 b4 b3 65 f5 de e9 c0 43 91 4f 26 68 05 d0 6e 4d 2a 25 29 f9 df f4 ac d5 f1 57 1f 03 2a 7a 05 0f 5b 9b b8 6c 36 3d 9e 16 0c 4f 9f dd 9d c3 bf fc 79 d9 f3 e1 a8 d7 fc c4 07 a7 c6 be 10 3c f0 1a 7b 3d 98 a0 c9 78 58 b4 40 fa 32 7e 1d 1a 69 a1 b9 56 21 e8 dc f8 80 f0 00 c7 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheLast-Modified: Sat, 07 Jul 2018 04:46:44 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 85Keep-Alive: timeout=5, max=73Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 d3 0b f1 0f 08 d1 51 d0 f3 04 52 0a d5 0a 49 f9 45 29 a9 45 ba c9 f9 39 f9 45 56 0a ca 89 96 89 49 c9 29 d6 0a b5 bc 5c 7a 20 85 0a 19 46 7a 19 46 6e 39 89 c5 19 40 c5 30 55 86 6e 86 ae 66 86 d6 b5 00 ea eb 67 fb 4c 00 00 00 Data Ascii: QRIE)E9EVI)\z FzFn9@0UnfgL
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sat, 07 Jul 2018 04:46:46 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 623Keep-Alive: timeout=5, max=75Content-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 92 d1 4f db 30 10 c6 9f 87 c4 ff 70 13 9a d8 80 a4 69 ab 4e 5b f2 06 02 a9 4f 4c 82 f7 c9 49 ae b1 87 63 67 67 87 64 54 fd df 77 4e a1 45 a3 85 69 4f 6b 15 29 b1 ef fb fc dd f9 17 df 5e 7f bb 05 58 42 a7 4a 2f 53 98 26 93 a6 cf a0 11 65 a9 4c 95 c2 38 09 9f b5 a0 4a 99 14 12 ac 79 cf 3a e5 95 e5 4f 42 2d bc ba c7 0c 72 51 dc 55 64 5b 53 a6 70 b4 18 7e 19 ac 0e 0f e2 60 7f 78 b0 3c 3c 78 97 5b 2a 91 d8 b1 e9 c1 59 ad 4a c8 35 ab 32 de 8a 6a fb 10 e5 b6 8f 9c 14 a5 ed 38 05 d7 84 27 9c 0e 47 49 92 64 30 3a 81 2b 45 b8 b0 3d 9c 8c 82 a6 c3 fc 4e f9 bf 90 dd 88 85 20 05 c2 94 70 21 c9 d6 b8 36 78 5b 78 dd 20 09 5e 8b 67 a7 67 b0 68 7d 4b 08 39 d9 ce 21 b9 c1 6e 7e f9 f9 14 5a c7 83 e2 d7 e8 e2 e6 66 fa 98 6d dd 4f e8 37 22 51 aa d6 a5 30 0b 73 fc b3 89 4d 0f 3b 4b f7 06 df 59 fd 5a da b3 c1 c4 d8 0e 84 76 16 e6 c6 23 19 f4 70 d9 37 da 12 12 ec ec 23 fc df e5 28 c5 bd b2 7c 71 2d e9 8f e7 c4 46 6e f4 e3 e7 77 57 90 6a bc 1b 29 8c 0a e7 a6 b1 f4 c5 a7 21 c7 ad 54 0e 34 7a c7 5e 70 17 ce f4 16 0a a1 35 78 89 b0 96 81 35 10 56 50 63 8d 86 4b 3b a9 0a 09 15 47 0a 45 c7 7c 37 c7 50 68 e1 dc 10 64 15 92 0c 28 41 5c 58 0e 6f 3c 13 bb 61 74 1f 95 ab 17 22 55 57 b1 bd 47 d2 e2 d7 85 b6 0e cf 5b ef 39 ca f2 99 5a e4 0c 67 eb 99 69 52 95 f4 ec 1e e6 5b b4 e4 c2 0c 1a ab c2 ec b6 6c 83 9c c4 72 72 c5 51 25 db 2c f8 9c c8 a9 07 4c c7 f1 97 90 4a 2b 83 91 c4 b5 d3 38 ac 0c 25 dd e3 8a b1 54 0b 9d 41 2d a8 52 26 f2 b6 79 ec a6 53 a5 97 29 7c 9d 7d 78 76 54 9c 7b e3 b0 08 39 b7 ed 47 4f 31 b1 86 f7 aa 6e 2c 79 61 fc c6 72 cf 6e f0 9c 07 cf e5 ae c1 c1 1a b1 90 cf 60 b6 05 ba 8f 9c 14 a5 ed 52 98 36 fd f0 8c 79 3a 70 94 24 c9 4b b6 a3 0d dc 6f c9 f6 72 fe 96 f0 35 e4 07 bb f9 e5 1e b0 ff 0b ac 61 7b 0d ff 02 e6 2c 80 39 20 33 bc ad 42 5f 4f 26 57 24 78 8c 4b d8 ea b7 f2 87 48 99 12 fb 74 32 8c 71 f5 1b 99 66 b2 9e 02 06 00 00 Data Ascii: O0piN[OLIcggdTwNEiOk)^XBJ/S&eL8Jy:OB-rQUd[Sp~`x<<x[*YJ52j8'GId0:+E=N p!6x[x ^ggh}K9!n~ZfmO7"Q0sM;KYZv#p7#(|q-FnwWj)!T4z^p5x5VPcK;GE|7Phd(A\Xo<at"UWG[9ZgiR[lrrQ%,LJ+8%TA-R&yS)|}xvT{9GO1n,yarn`R6y:p$Kor5a{,9 3B_O&W$xKHt2qf
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sat, 07 Jul 2018 04:46:44 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 12814Keep-Alive: timeout=5, max=75Content-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 b2 6d 6f db 48 97 2d fa f9 04 c8 7f d8 6d a3 31 b1 c7 a4 5e 2c f9 85 c2 9c 33 b6 2c 25 b9 48 d2 86 95 7e 72 70 e7 0c 84 12 59 14 eb a4 58 c5 29 16 2d a9 85 fc f7 bb ab 48 4a 94 44 c9 ca 4b 3f 18 e0 52 89 2c 56 ed bd f6 da 6b ad c6 79 f1 c0 50 0a 9d 02 09 02 1a 40 28 15 fc f1 e1 1e 14 9d 28 22 82 a2 a4 f1 fa d5 eb 57 ff 1e 62 9d 13 12 9f c2 12 8a df 31 e3 0b 0f 4e 9e 3e bd 93 59 4a 47 44 a4 5f 9a 97 ce bd e4 c1 49 0f 5e bf 82 ea 93 2a df 03 c8 14 7f 73 e2 ba 0d 03 90 36 6a 1a 5d 2a f5 ff 3a 65 34 64 f3 93 33 c3 27 26 fa cd 09 1e 9e 9c 5d 6c 43 5a b0 3a 8c 99 0c c3 4a 77 fe 5a df 7e 90 8b d6 55 18 ad 32 aa 17 09 fd 21 a8 f4 79 5a 81 b2 6f 3d f8 f6 7d c2 3e d1 69 c6 89 da a3 ed 41 0e 45 eb 21 75 8f 10 b7 44 f9 05 fa 96 50 bf 46 e2 12 6d 9f ca 1b 48 af 5f 35 4c ee 1f c9 94 c2 03 0d 49 c6 35 8c f4 82 d3 14 4c d4 27 32 58 60 cd 32 ef da 30 a4 7e ea 85 26 91 8c c9 05 bc a5 82 3e e3 df 14 ef 9d 94 2a 16 f6 c0 97 5c 2a 0f 4e 2f 9b e6 d3 7b fd ca 7a ee 4e e4 7c 2c 33 f5 a8 64 90 f9 3a 85 34 21 02 96 65 71 a7 dd ea 74 5b 3d 5b 6a b8 9e af f8 8e 50 21 5f 67 8a c2 a3 4c 99 66 52 30 31 85 01 a7 31 45 59 a0 a8 c5 2d 02 f6 ec e2 59 86 99 9a 10 ff eb 54 c9 4c 04 4e 39 60 30 18 3c 0c 6e ad 34 2b fc 81 08 40 86 df 39 c6 f4 c3 07 26 be 96 4a e6 1a 12 1c 5b ce 22 41 eb f6 a6 dd 03 4d e7 da 09 a8 2f 15 31 80 18 58 11 50 c5 99 a0 96 87 45 8a 28 c1 33 2b 7a 6a 70 a2 d6 05 44 6d fc 7f 89 80 c7 58 01 07 bc b0 43 a2 96 51 44 2a 1c e3 4c a4 d6 32 f6 a0 99 cc 21 95 9c 05 70 7a df b9 bb bd 1d ae 6d b3 4e 0c 2d 41 37 98 b0 80 53 31 d5 51 c2 44 42 d2 14 69 5d 80 b5 f2 bf 32 e6 7f fd ac 70 56 88 f4 57 c7 55 87 cd 1a 6e 44 79 f2 19 75 c8 4b ee 7c 1f 5d d1 9f c9 84 d3 77 f9 e6 ef ca aa 2f 8a 24 89 3d 58 6e 93 b1 a6 41 d1 d0 47 51 94 e4 e0 54 23 7c 5a e8 b8 44 41 d9 34 d2 1e b4 9a b8 64 be 86 96 49 de 5b 8e 58 ae 03 e2 81 f1 83 28 67 aa 48 c0 d0 eb 37 5a 42 2e d3 05 9c 76 6f 5a dd ab 2b 68 fe 8e bf af fc d6 d5 95 6f 70 7f 3f 03 45 13 4a 34 a4 3e 32 e1 d0 c4 8f 9a 4e c8 9b e6 85 fd 9c f5 a0 3a c1 99 d1 c9 57 a6 9d ed 49 fb f1 7b 1b b4 9f cc 46 35 dc 9d ad c0 61 53 c0 9e dd 9c 7d de fa 81 86 eb ce 90 4b 82 ca 70 3c ab ab dd 1c 53 14 2b 73 58 56 8b 59 e1 c1 32 21 41 c0 c4 d4 41 8e 5e db 0a 5d 9e 18 74 0f da 1d 73 06 35 13 3f 3d dd d7 81 c0 91 28 10 13 35 65 c2 51 b9 cb 4e a7 74 f9 f5 ab 8c bb 53 2e 27 84 7f 96 89 20 cf 68 ac 9b 89 94 72 ea 6b 1a 60 32 38 4b b5 93 9a cc 38 7a 91 50 0f 84 14 b4 b7 89 5e cc f7 ac a5 f8 31 ac 77 71 81 20 5c c0 d2 84 93 85 37 e1 d2 ff 5a e9 6c b5 93 79 fe 75 53 fc d8 4c 43 4d de ec 32 3f 15 b7 32 09 a1 7d ac 20 35 72 ac c5 d8 a7 05 e3 9a aa f2 ad ca da 9c c0 69 a7 dd ea 74 87 78 23 15 3a 98 1b 87 1e 41 2a 39
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sat, 07 Jul 2018 04:46:42 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 791Keep-Alive: timeout=5, max=75Content-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 95 52 4d 73 da 30 10 3d 87 19 fe c3 76 72 e8 0c 8d c1 81 a4 0d f6 b1 33 99 de 7a ec 79 b1 d6 b6 1a 21 69 64 19 48 3a fd ef 95 fc 01 06 6c 27 bd 30 58 da f7 f4 3e 76 3a b1 b8 11 34 ff fd 1d 05 49 86 06 fe c0 46 19 46 26 82 7b 7d 80 42 09 ce 60 23 30 79 89 9b 8b 20 51 42 a0 2e 28 82 82 34 1a b4 74 bc 2a 34 26 5c 66 11 2c f5 21 86 bf d3 2b 76 9b bb 07 1c 81 72 fc b7 69 9a c6 90 2a 69 83 3d f1 2c b7 91 a3 11 2c 06 8d 8c 55 2c 2b a7 e0 b1 61 ea e1 62 27 ae 46 61 97 6c 88 cb d2 c1 06 28 78 26 23 48 48 5a 32 71 9f 50 36 57 36 77 96 b6 8e d2 8b de b8 07 32 a3 4a c9 22 d8 e7 dc 9b 6e 7d 34 8f f7 b3 58 c5 f0 f5 02 7f 1b 86 8f cf eb e7 f8 3c 89 7e 7c 41 82 12 4b 6c 2c b7 da 6a d3 5b 5d 99 2f af d6 35 4e 3b 67 3a c8 d5 8e cc 25 7f 3f ac 9d be eb b9 35 73 4c 2c df d1 2f a2 97 1f 15 a5 6f e8 a6 61 ad 32 83 4f 7c ab 95 b1 28 6d af 2e 73 d4 e5 49 ce 1a 1e 55 c5 0b 7f c8 ee 60 e4 b2 eb b4 a7 cc 01 ea 52 d6 8a fc 4d 9f e9 f3 89 68 30 9c f3 b9 21 2d cd 26 75 23 ab 3c 4f 27 8b 19 3c 2b c7 93 13 68 a5 4b 0d b3 c5 74 c2 f8 ce 33 d5 07 7f dc 45 c1 2d 57 6e af 0d 09 f4 55 c4 b0 45 93 71 19 08 4a 6d 04 f7 f3 25 6d 8f 67 56 e9 08 96 f5 51 4f 20 d5 82 15 fc 8d 22 08 e7 4f 7e 48 23 63 5c 66 0e a4 0f 31 ec 39 b3 b9 e3 7c fa ea bf a6 93 1b c1 25 05 79 bd 91 ed 53 03 3b e9 3d 39 f1 b7 bd e2 71 e3 c6 4b 2f e1 2d e0 92 d1 c1 b1 ad d7 15 66 06 b9 dd 0a b8 f0 5d 19 79 0a bd 8c da 67 f5 d7 8f 47 29 37 85 0d 92 9c 0b f6 65 10 ba 5c 39 40 77 35 1b 9a 87 cb e3 46 f6 89 20 5f 3a 8e 4e 50 f7 de b3 a5 83 0d 50 f0 cc 79 49 48 5a 32 f1 4d 1d 79 95 1c 84 9d 24 c3 b6 ec db 30 5c ad bf 85 95 6c f4 b9 24 42 15 e4 73 69 47 1f 6a 68 0f bb 33 55 68 81 af 7e 7f 54 93 ee 89 23 6a 17 ad 42 32 4a 94 c1 3a 68 d7 36 19 df 5a 7c 65 0c dd 7c b3 85 47 65 57 78 a9 3c f4 28 70 e5 04 36 fe 2e e9 9a 0f 89 bb 40 1b da 0d d4 5d 97 71 aa f1 a1 bb 66 61 5b ea 28 b1 d7 9d 0a 85 0e ed 39 2a c0 62 06 3f 35 19 04 49 c4 0a b0 39 81 29 05 b9 7f 0a 36 e4 be 79 01 85 a6 84 a7 3c 01 e5 ae cd 9e bb e8 b9 05 a6 a8 90 9f 2d 24 39 ca 8c 2a 64 52 9a 42 19 d8 b8 2d f6 78 ad b8 af 00 30 f5 bf af aa 84 1c 77 e4 0b c1 8d 20 06 28 19 18 0a 48 36 9f e0 e2 7e 81 d9 e2 3d 1b 77 30 74 2f 5d 0b 75 3d 95 92 a8 95 f0 81 6c e6 ad ac f7 d8 8f 83 9d 67 18 a5 58 0a 3b fa 4c 85 7e af 5b c3 b3 fc bf cb 3d ba 6e ca ad 48 7a d6 76 54 79 bb d0 88 78 0d b5 ec 23 99 5a 36 9e cd 3f 97 ef 78 ee 50 09 00 00 Data Ascii: RMs0=vr3zy!idH:l'0X>v:4IFF&{}B`#0y QB.(4t*4&\f,!+vri*i=,,U,+ab'Fal(x&#HHZ2qP6W6w2J"n}4X<~|AKl,j[]/5N;g:%?5sL,/oa2O|(m.sI
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheLast-Modified: Sat, 07 Jul 2018 04:46:44 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 291Keep-Alive: timeout=5, max=73Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 90 3d 4f c3 30 10 86 e7 46 ca 7f f0 5c 25 69 07 c4 90 8e 74 a9 84 40 02 04 f3 c5 be b4 56 ed b3 e5 d8 41 01 f1 df 71 62 22 19 89 81 c9 be f7 de 7b ee a3 33 62 aa 98 87 4e 61 7c 44 c5 84 1c 2b 36 58 a0 b2 f8 2c 8b cd 68 24 c7 ba 07 2d d5 d4 b2 1e 35 28 3c 44 7d b0 08 d7 da 06 e2 3e 80 97 86 5a 46 86 e6 d4 57 59 40 d7 b9 8a 01 77 86 26 9d 38 8b bf 8d 60 54 aa 36 c1 27 a3 24 1b fc 62 88 01 07 3b 83 d6 b0 2c 76 5b 26 c0 43 9a 6e 60 db 5d 59 34 27 8f fa 25 4d bb fc 8f e8 41 aa ac 47 7d 41 10 e8 5a 06 ea 1d a6 21 f5 b9 7b bc 6f ce 48 e8 40 b1 95 3f 6b 0f 41 a3 93 3c 2f a7 59 02 d5 c6 43 9c a5 cf ea 79 70 0e 89 c7 6b e5 51 a7 80 ae b2 ff 40 67 fe a4 70 43 5e 52 30 21 23 c5 a5 90 fd db fd e6 c0 e6 33 9f e6 9b 3d 81 90 66 55 9b 11 d4 73 d0 1a dc f4 43 f5 0e 87 a1 65 b7 fb c3 26 39 2e c2 bd 82 fa 9d bd d9 a7 26 df cc bb f3 e3 03 02 00 00 Data Ascii: =O0F\%it@VAqb"{3bNa|D+6X,h$-5(<D}>ZFWY@w&8`T6'$b;,v[&Cn`]Y4'%MAG}AZ!{oH@?kA</YCypkQ@gpC^R0!#3=fUsCe&9.&
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheLast-Modified: Sat, 07 Jul 2018 04:46:44 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 2012Keep-Alive: timeout=5, max=71Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 9d 52 d1 6e db b8 12 7d be 05 fa 0f 53 14 05 76 83 48 75 da 26 69 e5 a7 26 bb e8 06 e8 76 83 26 dd 3c 1a 94 48 59 bc a6 48 5d 92 b2 e3 1a fd f7 9d a1 24 5b 92 9d a4 7b e3 c4 91 86 c3 33 67 ce 39 a9 e1 eb 63 e0 72 19 73 91 b3 5a f9 63 78 99 31 bd 64 ae a9 56 99 be b3 ac aa 84 3d 86 78 25 bf 33 cb 67 2b c9 05 be 09 6d 8d 2a 85 f6 b3 a6 8e 25 bf 32 97 46 d5 a5 76 f0 b2 94 6d 65 96 75 a5 cc 68 8f fd 58 b6 82 4b 2b 32 3f ab d8 9c b0 6e 2f 4f fe 10 8c 87 29 f8 7c 89 8d 4c ea f0 5a 1a ce d4 1d b3 5a ea f9 c7 1b 2c 7c be 7a 7b 27 b9 2f 00 36 50 19 27 bd 34 3a 01 e7 99 97 19 bc 90 65 65 ac 67 da 4f c1 2c 85 cd 95 59 25 b0 94 4e a6 4a 0c 4e 57 84 91 c0 d9 db d3 ea 7e 70 f0 e3 f9 b3 23 84 c6 9b cc 27 a0 8d 16 e3 e3 56 21 6c 2a 84 9c 17 d8 75 32 99 bc 7a 01 a3 ae 55 23 5c af ed c3 7e 57 5c 84 bd 7b 4d ac f6 66 3c b1 38 a1 65 19 e7 28 42 94 1a ef 4d 99 c0 64 d0 d5 9d 7a 53 8d 8f 4a 66 e7 52 8f ab 44 d1 d2 c8 6b a6 85 3a 06 a9 ab 9a bc 51 52 2f a2 b4 c6 19 3a 0a e7 58 bb 41 75 05 79 fd a9 46 f3 b7 89 78 e9 16 b2 a2 7e d7 7f 86 8f 64 0d 97 ae 52 6c dd 28 88 d3 00 77 fd 0b 1d e1 96 e5 fe 56 dc fb 9d c6 61 ca 98 5b fc 31 cb 4c ad fd 2d 43 e7 9a 70 40 f1 66 77 49 89 dc 1f dc f2 3d fa 39 69 bf 0f 08 34 96 a1 cd 01 39 38 a6 80 24 b8 c8 59 ad fc 2c 9d a3 0a a9 b9 9f e5 b5 f5 85 b0 7f 55 14 3b d7 16 51 f3 c3 07 07 8a 7c 0d 9b 0b 96 2d e6 16 b7 e3 ad 3c cd b0 94 69 cc 3c 69 99 1b e3 83 c0 cd c3 a5 d1 9e 49 4d 95 18 5d a8 c9 11 cd a4 ba b5 f8 85 2f 46 a3 f0 e2 82 e9 05 2e 88 b7 46 ef 0f 13 e7 a2 34 e4 05 d9 6e e6 a6 f6 5b 6b 63 3a f2 a4 3d e2 fd af 96 d9 e2 73 e7 b3 c7 1e c2 c7 e7 52 6a 63 db 83 00 98 21 53 8c c9 b5 e1 b3 0f 67 67 58 44 69 1a f3 76 c8 73 65 52 a6 2e 42 8a bf b0 e5 ee a0 09 76 d3 fe 95 32 d1 3b f2 da 89 8c a8 1f 88 16 89 87 54 38 12 6a e7 e3 8d 95 fc ce 2c 9f 55 6c 2e 42 a8 9d 47 2d ba 57 5c 41 3b 16 f0 3e e3 c9 b6 8b 69 de eb 62 4d 02 6f ea 12 b3 b5 de 36 19 8c d9 5d 40 df ce 43 52 6d 8e 4e df 9f 62 f2 f6 73 19 51 5e 31 7b a3 c3 87 c2 6c 96 c2 e2 d9 2a 81 a5 74 12 5d 18 67 b3 dd 6f 7f 63 32 85 c3 26 53 82 d9 04 50 d2 a2 4d 97 f4 a2 6c 0d 8d 9d 43 b3 20 be c2 d2 6d 5b 6a 6f 0f 6a 4d db a6 5b ed 0c d9 bf 80 1e 8f ca 38 49 1a 26 ce 33 2f b3 a7 68 57 8c 93 bc ad 14 27 88 46 d4 ba 29 a9 b1 e8 7b 63 ea 60 0a f5 18 69 9f 6e 42 a0 27 9b b0 ad 34 9c a9 6b 53 d5 15 da b6 5d 01 9a 1d 06 84 db c5 59 ed cd 01 4b d1 4d 51 0e ea 18 f6 03 dd cd ba fb 20 18 8a 42 50 cc f7 63 11 b6 99 3b cc bd b9 9f ad 2c ab 2a 61 c9 0f 2a e5 c6 78 61 77 89 db 03 6e 2f df 5a 96 2d b0 31 ee 32 1a 13 91 4b a3 ea 52 37 58 fb 1d 96 e8 34 2d 38 a0 0d 27 c9 f8 53 b2 6c 59 77 78 9b 9f c8 71 b8 30 66 d6 2c de af 76 9d 3d 86 fd d6 3e f1 e7 cf fe b3 19 a8 2b 75 21 ac f4 83 d1 ff

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/details.php HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/details.php HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://corporativoentornomedico.com/natwes/natwest3/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/jspostcode.js HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/master.css HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/datePicker.css HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/npc.css HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/overlayPromptMaster.css HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/overlayPrompt.css HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/logo.png HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/alert-icon.png HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/NPC_auralstyle.css HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/master_print.css HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/logo.png HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/alert-icon.png HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/exit-icon-white.svg HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/master.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/RNHouseSansW03-Regular.woff HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveOrigin: http://corporativoentornomedico.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/npc.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/favicon.ico HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://corporativoentornomedico.com/natwes/natwest3/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/RNHouseSansW03-Bold.woff HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveOrigin: http://corporativoentornomedico.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/npc.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/exit-icon-white.svg HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global traffic	HTTP traffic detected: GET /natwes/natwest3/security_files/favicon.ico HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34

Source: global traffic	DNS traffic detected: DNS query: corporativoentornomedico.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55908
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55905
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 55907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 55905 -> 443

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:55905 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:55908 version: TLS 1.2

System Summary

Source: classification engine

Classification label: mal56.win@16/36@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2256,i,8095886379097499911,17251423474886775732,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://corporativoentornomedico.com/natwes/natwest3/details.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2256,i,8095886379097499911,17251423474886775732,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm

Source: Window Recorder

Window detected: More than 3 window changes detected