Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://165.225.115.136

Overview

General Information

Sample URL:http://165.225.115.136
Analysis ID:1465768
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML title does not match URL

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,5178333540329376978,1349667219038160641,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://165.225.115.136" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://gateway.zscloud.net/auT?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4WrHTTP Parser: Number of links: 0
Source: https://gateway.zscloud.net/auT?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4WrHTTP Parser: Title: Welcome To Zscaler Directory Authentication does not match URL
Source: https://gateway.zscloud.net/auT?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4WrHTTP Parser: No favicon
Source: https://gateway.zscloud.net/auT?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4WrHTTP Parser: No <meta name="author".. found
Source: https://gateway.zscloud.net/auT?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4WrHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.4:57057 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.4:64078 -> 162.159.36.2:53
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 165.225.115.136
Source: unknownTCP traffic detected without corresponding DNS query: 165.225.115.136
Source: unknownTCP traffic detected without corresponding DNS query: 165.225.115.136
Source: unknownTCP traffic detected without corresponding DNS query: 165.225.115.136
Source: unknownTCP traffic detected without corresponding DNS query: 165.225.115.136
Source: unknownTCP traffic detected without corresponding DNS query: 165.225.115.136
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 165.225.115.136
Source: unknownTCP traffic detected without corresponding DNS query: 165.225.115.136
Source: unknownTCP traffic detected without corresponding DNS query: 165.225.115.136
Source: unknownTCP traffic detected without corresponding DNS query: 165.225.115.136
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /auD?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4Wr HTTP/1.1Host: gateway.zscloud.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /auT?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4Wr HTTP/1.1Host: gateway.zscloud.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _sm_au_d=1
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gateway.zscloud.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gateway.zscloud.net/auT?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4WrAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _sm_au_d=1
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 165.225.115.136Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: gateway.zscloud.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: 198.187.3.20.in-addr.arpa
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlServer: Zscaler/6.2Cache-Control: no-cacheAccess-Control-Allow-Origin: *Content-length: 13679<!--# bq6ZFW7rpStTMbq6ZFW7rpStTMbq6ZFW7rpStTMd--><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"><html><head><meta name="description" content="Zscaler makes the internet safe for businesses by protecting their employees from malware, viruses, and other security threats."><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>Internet Security by Zscaler</title><script language="JavaScript">var defLang = 'en_US'</script><!--<img alt="Zscaler" src="https://login.zscloud.net/img_logo_new1.png">--><style type="text/css">body {background-color:#e3e3e3;font-family:Arial, sans-serif;font-size:12px;color:#4B4F54;}a {cursor:pointer;text-decoration:none;color:#009dd0;}table {margin-top:10px;}td table {margin-top:0;text-align:center;}img {max-height:75px;max-width:430px;}.pg {position:absolute;top:0;bottom:0;left:0;right:0;overflow-x:hidden;white-space:nowrap;}.pg:before {content:"";display:inline-block;height:100%;vertical-align:middle;}.pg_cont {display:inline-block;vertical-align:middle;width:100%;position:relative;}.a_i {width:19px;height:19px;margin-right:10px;background-size: 19px 19px;display:inline-block;}.m_tbl {width:100%;max-width:758px;background:#e3e3e3;min-width:600px;}.pg.red .eu_h {color:#fd4239;border-top:3px solid #fd4239;}.pg.red .eu_h .a_i {background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAABoElEQVR4nK3Uz2vIYRzA8dcMzWGJdjSZKZLCDphfB7XVHBAXF2XFpJxd+BvUbtY20m4KxVExtbWkUYQLByU3OVhpy8zh+Tzr2dN3t30un1/P834+z/N8noc1lBZYPNVbx3twDQPYFuN+4RUm8ARL5YTWFzPWVZA2jGIWQ+jMC2ILzuERZrCjrmB9YW/CcxwLfwFTAf6J3TiPzTiMNziJz02wkQL0DpfwsVp8OCAb0IFnOIA5LG/zeEwWgN4GUBeeBihLN25mJ8NuhF7CIOYbQJPYHv59fAv7OlpL2OnQH2IbpexsAF3BePgdOFTC2kO/bQC9LED3AvTPymPoYuUFkHqprqizAF0NECwWY9vKynJi1yqg8QoEBwv7ewmbCt2HIw2goQrUgv6wF6QmXoY9KMqdLkBjDSDSueU3+Bi/S9gE3oedY2PS+6xBF3En7Hnczol8AX9xAa+xNWJHpXOajXwPzuBsAR7E1xoGX3BC6vJu7MVdzfIHl/GwDNa/xifsxy1xQ5XMSS2ypwax+n+Wc/ukr2YjfkhNXT81pP9sTeU/6YpejkX0NUMAAAAASUVORK5CYII=');}.pg.red .eu_h, .pg.red .eu_co, .pg.red .hr {border-left:3px solid #fd4239;border-right:3px solid #fd4239;}.pg.red .fo {border-bottom-color:#fd4239;}.pg.red .eu_co.st{border:0;}.pg.yl .eu_h .a_i {background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAYAAABw4pVUAAAFgUlEQVR4nO2dOWxcVRSGP0+wWWKSiC1WMAV7SAI0bBLBLBI0bEUSyiSAFCOgYLMpEBA3JCEUCISQEBIIKtIgpaCho6KhAglkCQlRRBAhKBIQW4Di5iHH+M28c+85955h7leO5y6eb972v/PuQKVSqQwNY5+8V3oKYi4C3gXuaPn7x8Bu4Eim+agxsxN6pSch5GrgM9plANx58j0bs8xImWESsho4BJzf4b1TwAfAGaYzMmCYhDyH7Ft/DTBvNBczhkXINPBkRLs54ALluZgyLEIWiNv9TAIvKM/FlGEQsoVw1hTLLHCFzlTsGQYh+0mb52nAS0pzMce7kNuBuxX62QbcpNCPOZ6F9ICXFfs7CI
Source: chromecache_115.2.drString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: sets.json.0.drString found in binary or memory: https://24.hu
Source: sets.json.0.drString found in binary or memory: https://aajtak.in
Source: sets.json.0.drString found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.drString found in binary or memory: https://alice.tw
Source: sets.json.0.drString found in binary or memory: https://ambitionbox.com
Source: sets.json.0.drString found in binary or memory: https://autobild.de
Source: sets.json.0.drString found in binary or memory: https://baomoi.com
Source: sets.json.0.drString found in binary or memory: https://bild.de
Source: sets.json.0.drString found in binary or memory: https://blackrock.com
Source: sets.json.0.drString found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.drString found in binary or memory: https://bluradio.com
Source: sets.json.0.drString found in binary or memory: https://bolasport.com
Source: sets.json.0.drString found in binary or memory: https://bonvivir.com
Source: sets.json.0.drString found in binary or memory: https://bumbox.com
Source: sets.json.0.drString found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.drString found in binary or memory: https://businesstoday.in
Source: sets.json.0.drString found in binary or memory: https://cachematrix.com
Source: sets.json.0.drString found in binary or memory: https://cafemedia.com
Source: sets.json.0.drString found in binary or memory: https://caracoltv.com
Source: sets.json.0.drString found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.drString found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.drString found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.drString found in binary or memory: https://cardsayings.net
Source: sets.json.0.drString found in binary or memory: https://chatbot.com
Source: sets.json.0.drString found in binary or memory: https://chennien.com
Source: sets.json.0.drString found in binary or memory: https://citybibleforum.org
Source: sets.json.0.drString found in binary or memory: https://clarosports.com
Source: sets.json.0.drString found in binary or memory: https://clmbtech.com
Source: sets.json.0.drString found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.drString found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.drString found in binary or memory: https://cognitive-ai.ru
Source: sets.json.0.drString found in binary or memory: https://cognitiveai.ru
Source: sets.json.0.drString found in binary or memory: https://commentcamarche.com
Source: sets.json.0.drString found in binary or memory: https://commentcamarche.net
Source: sets.json.0.drString found in binary or memory: https://computerbild.de
Source: sets.json.0.drString found in binary or memory: https://cookreactor.com
Source: sets.json.0.drString found in binary or memory: https://cricbuzz.com
Source: sets.json.0.drString found in binary or memory: https://deere.com
Source: sets.json.0.drString found in binary or memory: https://desimartini.com
Source: sets.json.0.drString found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.drString found in binary or memory: https://economictimes.com
Source: sets.json.0.drString found in binary or memory: https://een.be
Source: sets.json.0.drString found in binary or memory: https://efront.com
Source: sets.json.0.drString found in binary or memory: https://eleconomista.net
Source: sets.json.0.drString found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.drString found in binary or memory: https://elgrafico.com
Source: sets.json.0.drString found in binary or memory: https://ella.sv
Source: sets.json.0.drString found in binary or memory: https://elpais.com.uy
Source: sets.json.0.drString found in binary or memory: https://elpais.uy
Source: sets.json.0.drString found in binary or memory: https://etfacademy.it
Source: sets.json.0.drString found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.drString found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.drString found in binary or memory: https://fakt.pl
Source: sets.json.0.drString found in binary or memory: https://finn.no
Source: sets.json.0.drString found in binary or memory: https://firstlook.biz
Source: sets.json.0.drString found in binary or memory: https://gallito.com.uy
Source: chromecache_115.2.drString found in binary or memory: https://gateway.zscloud.net/favicon.ico
Source: sets.json.0.drString found in binary or memory: https://geforcenow.com
Source: sets.json.0.drString found in binary or memory: https://gettalkdesk.com
Source: sets.json.0.drString found in binary or memory: https://gliadomain.com
Source: sets.json.0.drString found in binary or memory: https://gnttv.com
Source: sets.json.0.drString found in binary or memory: https://grid.id
Source: sets.json.0.drString found in binary or memory: https://gridgames.app
Source: sets.json.0.drString found in binary or memory: https://growthrx.in
Source: sets.json.0.drString found in binary or memory: https://grupolpg.sv
Source: sets.json.0.drString found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.drString found in binary or memory: https://hapara.com
Source: sets.json.0.drString found in binary or memory: https://hazipatika.com
Source: sets.json.0.drString found in binary or memory: https://hc1.com
Source: sets.json.0.drString found in binary or memory: https://hc1.global
Source: sets.json.0.drString found in binary or memory: https://hc1cas.com
Source: sets.json.0.drString found in binary or memory: https://hc1cas.global
Source: sets.json.0.drString found in binary or memory: https://healthshots.com
Source: sets.json.0.drString found in binary or memory: https://hearty.app
Source: sets.json.0.drString found in binary or memory: https://hearty.gift
Source: sets.json.0.drString found in binary or memory: https://hearty.me
Source: sets.json.0.drString found in binary or memory: https://heartymail.com
Source: sets.json.0.drString found in binary or memory: https://helpdesk.com
Source: sets.json.0.drString found in binary or memory: https://hindustantimes.com
Source: sets.json.0.drString found in binary or memory: https://hj.rs
Source: sets.json.0.drString found in binary or memory: https://hjck.com
Source: sets.json.0.drString found in binary or memory: https://human-talk.org
Source: sets.json.0.drString found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.drString found in binary or memory: https://idbs-dev.com
Source: sets.json.0.drString found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.drString found in binary or memory: https://idbs-staging.com
Source: sets.json.0.drString found in binary or memory: https://indiatimes.com
Source: sets.json.0.drString found in binary or memory: https://indiatoday.in
Source: sets.json.0.drString found in binary or memory: https://indiatodayne.in
Source: sets.json.0.drString found in binary or memory: https://infoedgeindia.com
Source: sets.json.0.drString found in binary or memory: https://intoday.in
Source: sets.json.0.drString found in binary or memory: https://iolam.it
Source: sets.json.0.drString found in binary or memory: https://ishares.com
Source: sets.json.0.drString found in binary or memory: https://jagran.com
Source: sets.json.0.drString found in binary or memory: https://johndeere.com
Source: sets.json.0.drString found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.drString found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.drString found in binary or memory: https://journaldunet.com
Source: sets.json.0.drString found in binary or memory: https://journaldunet.fr
Source: sets.json.0.drString found in binary or memory: https://joyreactor.cc
Source: sets.json.0.drString found in binary or memory: https://joyreactor.com
Source: sets.json.0.drString found in binary or memory: https://kaksya.in
Source: sets.json.0.drString found in binary or memory: https://knowledgebase.com
Source: sets.json.0.drString found in binary or memory: https://kompas.com
Source: sets.json.0.drString found in binary or memory: https://kompas.tv
Source: sets.json.0.drString found in binary or memory: https://kompasiana.com
Source: sets.json.0.drString found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.drString found in binary or memory: https://landyrev.com
Source: sets.json.0.drString found in binary or memory: https://landyrev.ru
Source: sets.json.0.drString found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.drString found in binary or memory: https://lateja.cr
Source: sets.json.0.drString found in binary or memory: https://libero.it
Source: sets.json.0.drString found in binary or memory: https://linternaute.com
Source: sets.json.0.drString found in binary or memory: https://linternaute.fr
Source: sets.json.0.drString found in binary or memory: https://livechat.com
Source: sets.json.0.drString found in binary or memory: https://livechatinc.com
Source: sets.json.0.drString found in binary or memory: https://livehindustan.com
Source: sets.json.0.drString found in binary or memory: https://livemint.com
Source: chromecache_115.2.drString found in binary or memory: https://login.zscloud.net/img_logo_new1.png
Source: sets.json.0.drString found in binary or memory: https://max.auto
Source: sets.json.0.drString found in binary or memory: https://medonet.pl
Source: sets.json.0.drString found in binary or memory: https://meo.pt
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.drString found in binary or memory: https://mercadolivre.com
Source: sets.json.0.drString found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.drString found in binary or memory: https://mercadopago.cl
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.drString found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.drString found in binary or memory: https://mightytext.net
Source: sets.json.0.drString found in binary or memory: https://mittanbud.no
Source: sets.json.0.drString found in binary or memory: https://money.pl
Source: sets.json.0.drString found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.drString found in binary or memory: https://nacion.com
Source: sets.json.0.drString found in binary or memory: https://naukri.com
Source: sets.json.0.drString found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.drString found in binary or memory: https://nien.co
Source: sets.json.0.drString found in binary or memory: https://nien.com
Source: sets.json.0.drString found in binary or memory: https://nien.org
Source: sets.json.0.drString found in binary or memory: https://nlc.hu
Source: sets.json.0.drString found in binary or memory: https://nosalty.hu
Source: sets.json.0.drString found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.drString found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.drString found in binary or memory: https://nvidia.com
Source: sets.json.0.drString found in binary or memory: https://o2.pl
Source: sets.json.0.drString found in binary or memory: https://ocdn.eu
Source: sets.json.0.drString found in binary or memory: https://onet.pl
Source: sets.json.0.drString found in binary or memory: https://ottplay.com
Source: sets.json.0.drString found in binary or memory: https://p106.net
Source: sets.json.0.drString found in binary or memory: https://p24.hu
Source: sets.json.0.drString found in binary or memory: https://paula.com.uy
Source: sets.json.0.drString found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.drString found in binary or memory: https://phonandroid.com
Source: sets.json.0.drString found in binary or memory: https://player.pl
Source: sets.json.0.drString found in binary or memory: https://plejada.pl
Source: sets.json.0.drString found in binary or memory: https://poalim.site
Source: sets.json.0.drString found in binary or memory: https://poalim.xyz
Source: sets.json.0.drString found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.drString found in binary or memory: https://prisjakt.no
Source: sets.json.0.drString found in binary or memory: https://pudelek.pl
Source: sets.json.0.drString found in binary or memory: https://punjabijagran.com
Source: sets.json.0.drString found in binary or memory: https://radio1.be
Source: sets.json.0.drString found in binary or memory: https://radio2.be
Source: sets.json.0.drString found in binary or memory: https://reactor.cc
Source: sets.json.0.drString found in binary or memory: https://repid.org
Source: sets.json.0.drString found in binary or memory: https://reshim.org
Source: sets.json.0.drString found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.drString found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.drString found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.drString found in binary or memory: https://sackrace.ai
Source: sets.json.0.drString found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.drString found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.drString found in binary or memory: https://salemovetravel.com
Source: sets.json.0.drString found in binary or memory: https://samayam.com
Source: sets.json.0.drString found in binary or memory: https://sapo.io
Source: sets.json.0.drString found in binary or memory: https://sapo.pt
Source: sets.json.0.drString found in binary or memory: https://shock.co
Source: sets.json.0.drString found in binary or memory: https://smoney.vn
Source: sets.json.0.drString found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.0.drString found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.drString found in binary or memory: https://songshare.com
Source: sets.json.0.drString found in binary or memory: https://songstats.com
Source: sets.json.0.drString found in binary or memory: https://sporza.be
Source: sets.json.0.drString found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.drString found in binary or memory: https://startlap.hu
Source: sets.json.0.drString found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.drString found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.drString found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.drString found in binary or memory: https://stripe.com
Source: sets.json.0.drString found in binary or memory: https://stripe.network
Source: sets.json.0.drString found in binary or memory: https://stripecdn.com
Source: sets.json.0.drString found in binary or memory: https://supereva.it
Source: sets.json.0.drString found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.drString found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.drString found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.drString found in binary or memory: https://technology-revealed.com
Source: sets.json.0.drString found in binary or memory: https://text.com
Source: sets.json.0.drString found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.drString found in binary or memory: https://thirdspace.org.au
Source: sets.json.0.drString found in binary or memory: https://timesinternet.in
Source: sets.json.0.drString found in binary or memory: https://timesofindia.com
Source: sets.json.0.drString found in binary or memory: https://tolteck.app
Source: sets.json.0.drString found in binary or memory: https://tolteck.com
Source: sets.json.0.drString found in binary or memory: https://tribunnews.com
Source: sets.json.0.drString found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.drString found in binary or memory: https://tucarro.com
Source: sets.json.0.drString found in binary or memory: https://tucarro.com.co
Source: sets.json.0.drString found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.drString found in binary or memory: https://tvid.in
Source: sets.json.0.drString found in binary or memory: https://tvn.pl
Source: sets.json.0.drString found in binary or memory: https://tvn24.pl
Source: sets.json.0.drString found in binary or memory: https://unotv.com
Source: sets.json.0.drString found in binary or memory: https://victorymedium.com
Source: sets.json.0.drString found in binary or memory: https://vrt.be
Source: sets.json.0.drString found in binary or memory: https://vwo.com
Source: sets.json.0.drString found in binary or memory: https://welt.de
Source: sets.json.0.drString found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.drString found in binary or memory: https://wildix.com
Source: sets.json.0.drString found in binary or memory: https://wildixin.com
Source: sets.json.0.drString found in binary or memory: https://wingify.com
Source: sets.json.0.drString found in binary or memory: https://wordle.at
Source: sets.json.0.drString found in binary or memory: https://wp.pl
Source: sets.json.0.drString found in binary or memory: https://wpext.pl
Source: sets.json.0.drString found in binary or memory: https://www.asadcdn.com
Source: sets.json.0.drString found in binary or memory: https://ya.ru
Source: sets.json.0.drString found in binary or memory: https://zalo.me
Source: sets.json.0.drString found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.drString found in binary or memory: https://zingmp3.vn
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 57061 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57061
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5088_188502063Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5088_188502063\sets.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5088_188502063\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5088_188502063\LICENSEJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5088_188502063\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5088_188502063\_metadata\verified_contents.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5088_188502063\manifest.fingerprintJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\chrome_BITS_5088_1884990069Jump to behavior
Source: classification engineClassification label: clean2.win@23/11@6/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,5178333540329376978,1349667219038160641,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://165.225.115.136"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,5178333540329376978,1349667219038160641,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://165.225.115.1360%Avira URL Cloudsafe
http://165.225.115.1360%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://wieistmeineip.de0%URL Reputationsafe
https://wieistmeineip.de0%URL Reputationsafe
https://mercadoshops.com.co0%URL Reputationsafe
https://gliadomain.com0%URL Reputationsafe
https://poalim.xyz0%URL Reputationsafe
https://mercadolivre.com0%URL Reputationsafe
https://reshim.org0%URL Reputationsafe
https://nourishingpursuits.com0%URL Reputationsafe
https://medonet.pl0%URL Reputationsafe
https://unotv.com0%URL Reputationsafe
https://mercadoshops.com.br0%URL Reputationsafe
https://zdrowietvn.pl0%URL Reputationsafe
https://songstats.com0%URL Reputationsafe
https://baomoi.com0%URL Reputationsafe
https://supereva.it0%URL Reputationsafe
https://elfinancierocr.com0%URL Reputationsafe
https://bolasport.com0%URL Reputationsafe
https://rws1nvtvt.com0%URL Reputationsafe
https://desimartini.com0%URL Reputationsafe
https://hearty.app0%URL Reputationsafe
https://hearty.gift0%URL Reputationsafe
https://mercadoshops.com0%URL Reputationsafe
https://heartymail.com0%URL Reputationsafe
https://p106.net0%URL Reputationsafe
https://p106.net0%URL Reputationsafe
https://radio2.be0%URL Reputationsafe
https://finn.no0%URL Reputationsafe
https://hc1.com0%URL Reputationsafe
https://kompas.tv0%URL Reputationsafe
https://mystudentdashboard.com0%URL Reputationsafe
https://songshare.com0%URL Reputationsafe
https://mercadopago.com.mx0%URL Reputationsafe
https://p24.hu0%URL Reputationsafe
https://talkdeskqaid.com0%URL Reputationsafe
https://mercadopago.com.pe0%URL Reputationsafe
https://cardsayings.net0%URL Reputationsafe
https://mightytext.net0%URL Reputationsafe
https://pudelek.pl0%URL Reputationsafe
https://hazipatika.com0%URL Reputationsafe
https://joyreactor.com0%URL Reputationsafe
https://cookreactor.com0%URL Reputationsafe
https://wildixin.com0%URL Reputationsafe
https://eworkbookcloud.com0%URL Reputationsafe
https://cognitiveai.ru0%URL Reputationsafe
https://nacion.com0%URL Reputationsafe
https://chennien.com0%URL Reputationsafe
https://mercadopago.cl0%URL Reputationsafe
https://talkdeskstgid.com0%URL Reputationsafe
https://bonvivir.com0%URL Reputationsafe
https://carcostadvisor.be0%URL Reputationsafe
https://salemovetravel.com0%URL Reputationsafe
https://sapo.io0%URL Reputationsafe
https://wpext.pl0%URL Reputationsafe
https://welt.de0%URL Reputationsafe
https://poalim.site0%URL Reputationsafe
https://blackrockadvisorelite.it0%URL Reputationsafe
https://cognitive-ai.ru0%URL Reputationsafe
https://cafemedia.com0%URL Reputationsafe
https://thirdspace.org.au0%URL Reputationsafe
https://mercadoshops.com.ar0%URL Reputationsafe
https://gateway.zscloud.net/auD?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4Wr0%Avira URL Cloudsafe
https://smpn106jkt.sch.id0%URL Reputationsafe
https://elpais.uy0%URL Reputationsafe
https://landyrev.com0%URL Reputationsafe
https://commentcamarche.com0%URL Reputationsafe
https://tucarro.com.ve0%URL Reputationsafe
https://joyreactor.cc0%Avira URL Cloudsafe
https://johndeere.com0%Avira URL Cloudsafe
https://rws3nvtvt.com0%URL Reputationsafe
https://eleconomista.net0%URL Reputationsafe
https://clmbtech.com0%URL Reputationsafe
https://standardsandpraiserepurpose.com0%URL Reputationsafe
https://salemovefinancial.com0%URL Reputationsafe
https://mercadopago.com.br0%URL Reputationsafe
https://commentcamarche.net0%URL Reputationsafe
https://nlc.hu0%Avira URL Cloudsafe
https://etfacademy.it0%URL Reputationsafe
https://mighty-app.appspot.com0%URL Reputationsafe
https://hj.rs0%URL Reputationsafe
https://hearty.me0%URL Reputationsafe
https://24.hu0%Avira URL Cloudsafe
https://mercadolibre.com.gt0%URL Reputationsafe
https://timesinternet.in0%URL Reputationsafe
https://indiatodayne.in0%URL Reputationsafe
https://idbs-staging.com0%URL Reputationsafe
https://blackrock.com0%URL Reputationsafe
https://idbs-eworkbook.com0%URL Reputationsafe
https://mercadolibre.co.cr0%URL Reputationsafe
https://hjck.com0%URL Reputationsafe
https://vrt.be0%URL Reputationsafe
https://prisjakt.no0%URL Reputationsafe
https://kompas.com0%URL Reputationsafe
https://idbs-dev.com0%URL Reputationsafe
https://wingify.com0%URL Reputationsafe
https://mercadolibre.cl0%URL Reputationsafe
https://player.pl0%URL Reputationsafe
https://text.com0%Avira URL Cloudsafe
https://naukri.com0%Avira URL Cloudsafe
https://infoedgeindia.com0%Avira URL Cloudsafe
https://joyreactor.cc1%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		unknown
    www.google.com
    		142.250.185.100
    		truefalse
      		unknown
      fp2e7a.wpc.phicdn.net
      		192.229.221.95
      		truefalse
        		unknown
        gateway.zscloud.net
        		165.225.26.40
        		truefalse
          		unknown
          198.187.3.20.in-addr.arpa
          		unknown
          		unknownfalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://gateway.zscloud.net/auD?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4Wrfalse
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://wieistmeineip.desets.json.0.drfalse
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            https://mercadoshops.com.cosets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://gliadomain.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://poalim.xyzsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://mercadolivre.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://reshim.orgsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://nourishingpursuits.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://medonet.plsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://unotv.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://mercadoshops.com.brsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://joyreactor.ccsets.json.0.drfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://zdrowietvn.plsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://johndeere.comsets.json.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://songstats.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://baomoi.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://supereva.itsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://elfinancierocr.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://bolasport.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://rws1nvtvt.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://desimartini.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://hearty.appsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://hearty.giftsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://mercadoshops.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://heartymail.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://nlc.husets.json.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://p106.netsets.json.0.drfalse
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            https://radio2.besets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://finn.nosets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://hc1.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://kompas.tvsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://mystudentdashboard.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://songshare.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://mercadopago.com.mxsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://p24.husets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://talkdeskqaid.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://24.husets.json.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://mercadopago.com.pesets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://cardsayings.netsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://text.comsets.json.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://mightytext.netsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://pudelek.plsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://hazipatika.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://joyreactor.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://cookreactor.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://wildixin.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://eworkbookcloud.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://cognitiveai.rusets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://nacion.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://chennien.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://mercadopago.clsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://talkdeskstgid.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://naukri.comsets.json.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://bonvivir.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://carcostadvisor.besets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://salemovetravel.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://sapo.iosets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://wpext.plsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://welt.desets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://poalim.sitesets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://infoedgeindia.comsets.json.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://blackrockadvisorelite.itsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://cognitive-ai.rusets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://cafemedia.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://thirdspace.org.ausets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://mercadoshops.com.arsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://smpn106jkt.sch.idsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://elpais.uysets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://landyrev.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://commentcamarche.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://tucarro.com.vesets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://rws3nvtvt.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://eleconomista.netsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://helpdesk.comsets.json.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://mercadolivre.com.brsets.json.0.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://clmbtech.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://standardsandpraiserepurpose.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://salemovefinancial.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://mercadopago.com.brsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://commentcamarche.netsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://etfacademy.itsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://mighty-app.appspot.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://hj.rssets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://hearty.mesets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://mercadolibre.com.gtsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://timesinternet.insets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://indiatodayne.insets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://idbs-staging.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://blackrock.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://idbs-eworkbook.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://login.zscloud.net/img_logo_new1.pngchromecache_115.2.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://mercadolibre.co.crsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://hjck.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://vrt.besets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://prisjakt.nosets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://kompas.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://idbs-dev.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://wingify.comsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://mercadolibre.clsets.json.0.drfalse
            • URL Reputation: safe
            		unknown
            https://player.plsets.json.0.drfalse
            • URL Reputation: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            165.225.115.136
            		unknownUnited States
            		53813ZSCALER-INCUSfalse
            142.250.185.100
            		www.google.comUnited States
            		15169GOOGLEUSfalse
            239.255.255.250
            		unknownReserved
            		unknownunknownfalse
            165.225.26.40
            		gateway.zscloud.netUnited States
            		62044ZSCALER-EMEACHfalse
            172.217.16.196
            		unknownUnited States
            		15169GOOGLEUSfalse

            Private

            IP
            192.168.2.4

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1465768
            Start date and time:2024-07-02 02:54:40 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 3m 3s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:browseurl.jbs
            Sample URL:http://165.225.115.136
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:8
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:CLEAN
            Classification:clean2.win@23/11@6/6
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.186.46, 108.177.15.84, 34.104.35.123, 216.58.212.170, 142.250.186.106, 172.217.23.106, 142.250.184.234, 142.250.185.74, 216.58.212.138, 142.250.186.138, 142.250.186.42, 142.250.186.74, 216.58.206.42, 142.250.184.202, 172.217.18.10, 216.58.206.74, 142.250.181.234, 172.217.16.202, 172.217.18.106, 13.85.23.86, 199.232.210.172, 192.229.221.95, 52.165.164.15, 13.85.23.206, 20.3.187.198, 20.12.23.50, 142.250.185.131
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtSetInformationFile calls found.

            Simulations

            Behavior and APIs

            No simulations

            LLM Input / Output

            InputOutput
            URL: https://gateway.zscloud.net/auT?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4Wr Model: Perplexity: mixtral-8x7b-instruct
            {"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage contains a 'Sign In' button and an input field for 'User Name', which are indicative of a login form.","There is no text that creates a sense of urgency, such as 'To view secured document click here'.","There is no CAPTCHA or any other anti-robot detection mechanism present on the webpage."]}
            Title: Welcome To Zscaler Directory Authentication OCR: a Sign In To keep you safe from internet threats, please sign in to your company's security service. User Name Enter your User Name... Sign In Need help? Contact your IT support
            URL: https://gateway.zscloud.net Model: gpt-4o
            ```json{  "phishing_score": 2,  "brands": null,  "phishing": false,  "suspicious_domain": false,  "has_prominent_loginform": true,  "has_captcha": false,  "setechniques": false,  "has_suspicious_link": false,  "legitmate_domain": "zscloud.net",  "reasons": "The URL 'https://gateway.zscloud.net' appears to be legitimate and is associated with Zscaler, a known cloud security company. The login form is prominent, which is typical for security service portals. There are no obvious social engineering techniques, suspicious links, or captchas present. The domain name 'zscloud.net' matches the legitimate domain for Zscaler services."}

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5088_188502063\LICENSE

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):1558
            Entropy (8bit):5.11458514637545
            Encrypted:false
            SSDEEP:48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
            MD5:EE002CB9E51BB8DFA89640A406A1090A
            SHA1:49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
            SHA-256:3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
            SHA-512:D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
            Malicious:false
            Reputation:low
            Preview:// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5088_188502063\_metadata\verified_contents.json

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1864
            Entropy (8bit):6.0157277397082884
            Encrypted:false
            SSDEEP:48:p/hUI15ul1AdIj7ak+wsdrtra1cuUX0eYDAA98gkXhVdEXeXF:RnQQIj7aL11ayjgDzUSXYF
            MD5:4CBD807685B88243CC9EA3E4B60FE8FD
            SHA1:B02FB2A85ECBEA61424F9F14A32590FA2041C068
            SHA-256:8E9B53C9DCD85F58E64164CEAF4E327B52B88C98946EF1067B112B3C9BDC5FEE
            SHA-512:61B4E345BB2AE6BD8907C1D23582709D21089504B23497EC0906D489C096CE981F31CE0D2A2FB5B97E3E5B8D71B36ECC1B0393F55AE9007D36D790FA0B7C4161
            Malicious:false
            Reputation:low
            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJ4UlFLT0lkOFU5ZzZhTTNZdnlieVpyUVcwUnRvM3JWeXpwaXQ3RjB4YUZnIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiQ1k5VzJMb3NsRkxMQmR3VFhVVFJNYnBxdnVSd2g1SVByT1ZsdG9BSUlFNCJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC42LjI2LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"JwsfiQnUWfcg0_PuT83D82ftcuaZ7vEsE_gMNDBSQyf3yMBDUgfqYwvvVFJbiHScUgP70t-BqLn6UQvY0bPu6W8oxy6WzuhegflPkarNrUr5BrTQ6T6GUQS5rb5hsCNYhNq2yDXc6JRw2fVbWfO5BsQ7VSpW8gO0oN3x3Ju-4Lr72tesPWvv_g2rkIXZLJHw4z1oZoKx1T2xY6ncKsFBbLnmD1gUSN3iAPPZ9zHg41a62wpcpb9uWRD

            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5088_188502063\manifest.fingerprint

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):66
            Entropy (8bit):3.760377931718998
            Encrypted:false
            SSDEEP:3:SURcG3XcDLSHH33BU9DcWTNnn:SUj2SHHBCcWpnn
            MD5:C18D2397B5F0CFF55132B016467CA189
            SHA1:B60B8ADF7CABF73855BB17212831736FB0CB9F74
            SHA-256:5C3233CF05E64742B923685C31E5347CABA89B198FD4A1BBA59A9500C3C16082
            SHA-512:5EF20571951238C960107E0F16ABC3C5FDEAFC6CED038220835B5341C18CEB7C144FB2B2CCA1094C98C5900A15A1B1B1FA3357E011C492805567AE56DE57A1B6
            Malicious:false
            Reputation:low
            Preview:1.1848d9cb81709d6bb8a9612e1cba9fc97bb669c7ef81e2d11c0f937896df8e27

            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5088_188502063\manifest.json

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):85
            Entropy (8bit):4.424014792499492
            Encrypted:false
            SSDEEP:3:rR6TAulhFphifFCmMARWHJqS1jvhg:F6VlM8aRWpqS16
            MD5:2C221BDCF91C9C07551499EE4CD15A6F
            SHA1:CBC3CE0947A3D61A7673A7729CA25DB7DB023336
            SHA-256:C5140A38877C53D83A68CDD8BF26F266B416D11B68DEB572CE98ADEC5D316858
            SHA-512:B77656D3D8598FB946F988906FBE4399B30C4B1DB284FA187C617ECAADA0C98EB913572D4361E43058A68D175E95451B05F875372669ACF98DD1BAAE59F8D9BE
            Malicious:false
            Reputation:low
            Preview:{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.6.26.0".}

            C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5088_188502063\sets.json

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):9068
            Entropy (8bit):4.624080015119112
            Encrypted:false
            SSDEEP:96:Mon4mvCSqX1gs9/BNKLcxbdmf56MFJtRTGXvcxNnuP+8qJq:v5CSqlTBkIVmtRTGXvcx0sq
            MD5:1D67EF4C7F90E1C8A620ADF17C6B6B13
            SHA1:E90E51A4A2305BCBD5016A3CA02CD14F77FDCBBA
            SHA-256:578DF0513FF5FA4080BDFC0B7094DCB444E09CD3AB3DCBC60165D1369681E2C1
            SHA-512:59B80B6A767EA95254CC64A5CDC17DF3ACC2F0B0E52416D86477109A1EDAB7479E0B1AEAB1FF793F8DC1807AAFAB38915A8267D4F31F618E99DF1AB07C095EE9
            Malicious:false
            Reputation:low
            Preview:{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://elpais.com.uy","

            Chrome Cache Entry: 115

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, ASCII text, with very long lines (2391)
            Category:downloaded
            Size (bytes):13679
            Entropy (8bit):6.097036182846172
            Encrypted:false
            SSDEEP:384:DEH/lcYokdVDfchV495iu5j0A8VDjkh1QB6Efac:DoNcYoUchVnCj0Ao4SB6c
            MD5:B3F2A6538DFB4BBAF28F7B5E36901C05
            SHA1:436AE202F151B0E67AFBE8D7AF54537A842E6CA7
            SHA-256:97A388725C6B58AC99D1233F8443E51DE854D4D21F76B2F063AEF4AAEDAABD56
            SHA-512:ADED8380B054A19C5026BFD70EA7D0C196AFA34CC9571A621ECB355C2A0AC877815C02EDDCCA997D72CCFE10AA5D696531C6EB933A600859E018683923237EF4
            Malicious:false
            Reputation:low
            URL:https://gateway.zscloud.net/favicon.ico
            Preview: # bq6ZFW7rpStTMbq6ZFW7rpStTMbq6ZFW7rpStTMd-->.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">.<html>.<head>.<meta name="description" content="Zscaler makes the internet safe for businesses by protecting their employees from malware, viruses, and other security threats.">.<meta http-equiv="Content-Type" content="text/html; charset=utf-8">.<meta name="viewport" content="width=device-width, initial-scale=1">.<title>Internet Security by Zscaler</title>.<script language="JavaScript">var defLang = 'en_US'</script>. <img alt="Zscaler" src="https://login.zscloud.net/img_logo_new1.png">-->.<style type="text/css">.body {.background-color:#e3e3e3;.font-family:Arial, sans-serif;.font-size:12px;.color:#4B4F54;.}.a {.cursor:pointer;.text-decoration:none;.color:#009dd0;.}.table {.margin-top:10px;.}.td table {.margin-top:0;.text-align:center;.}.img {.max-height:75px;.max-width:430px;.}..pg {.position:absolute;.top:0;.bo

            Chrome Cache Entry: 116

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text, with no line terminators
            Category:downloaded
            Size (bytes):20
            Entropy (8bit):3.5086949695628418
            Encrypted:false
            SSDEEP:3:cX3Pm:cX/m
            MD5:F3246E2E7C03B8102872CFD9AB4870A8
            SHA1:DD24ED1077C3ADBF4C396AC5D39AF394B14A7764
            SHA-256:2ED11ED8A93AD0818D20C853683FB4B11FFBB29245CC00E43C713433B69A734C
            SHA-512:38D39CA5E44CE88864F93D14EC0F2A45255153BDC6A17E369492BCB6D6D5684D3A4CECFF5569A84A529DCE90394B6B0842E0227DA4CC7ABB21A88083E56958BA
            Malicious:false
            Reputation:low
            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAknWClbi3s4yxIFDTQizjc=?alt=proto
            Preview:Cg0KCw00Is43GgQIZBgC

            Chrome Cache Entry: 117

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, ASCII text, with very long lines (22035), with no line terminators
            Category:downloaded
            Size (bytes):22035
            Entropy (8bit):5.419773102229506
            Encrypted:false
            SSDEEP:384:wlK5SIcZ2VDjkh1QCXMoiJaxbVe1i5qNiO3iYnQp9ul:SkGg4SCZlVd5q8Oy99ul
            MD5:093942CB6DDBC179C4A6DBAB76B81CE8
            SHA1:BAF37D222FB6988DEB652B86F878DFC0635C915C
            SHA-256:C1BF29210ACE6B65D7B0123C24AD80CC042058CA82EC12EFD6C5DC726CF84A52
            SHA-512:1216EA26D09ED9AA4B1BA59E9CEBE3A8033BBC4102DB7CB37C12C6253987B13F0BF5B74244803E1C577ABEF4FDCBB7AC4061937CC0BF5A9D5A9141247A8ED05A
            Malicious:false
            Reputation:low
            URL:https://gateway.zscloud.net/auT?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4Wr
            Preview: username.html--><!DOCTYPE html><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>Welcome To Zscaler Directory Authentication</title><style type="text/css">body { background-color: #FFF; font-family: Arial, sans-serif; font-size: 12px; text-align: center; color: #4B4F54; overflow: hidden; margin: 0;}a { color: #009dd0; cursor: pointer; text-decoration: none;}form { width: 100%; height: 100%; margin: 0; padding: 0;}input { font-family: Arial; font-size: 100%; margin: 0; width: 100%; vertical-align: top; color: #424242; display: inline-block; border: none; padding: 0; text-align: left; height: 100%; width: calc(100% -35px);}table { margin-top: 10px; text-align: center; background-color: white;}table.table-company-logo { background-color: #e3e3e3;}table.table-upper { border-radius: 10px;}tab

            Static File Info

            No static file info

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 2, 2024 02:55:25.393812895 CEST49675443192.168.2.4173.222.162.32
            Jul 2, 2024 02:55:32.428229094 CEST4973580192.168.2.4165.225.115.136
            Jul 2, 2024 02:55:32.428467989 CEST4973680192.168.2.4165.225.115.136
            Jul 2, 2024 02:55:32.433233976 CEST8049735165.225.115.136192.168.2.4
            Jul 2, 2024 02:55:32.433306932 CEST4973580192.168.2.4165.225.115.136
            Jul 2, 2024 02:55:32.433770895 CEST8049736165.225.115.136192.168.2.4
            Jul 2, 2024 02:55:32.433829069 CEST4973680192.168.2.4165.225.115.136
            Jul 2, 2024 02:55:32.445430040 CEST4973580192.168.2.4165.225.115.136
            Jul 2, 2024 02:55:32.450288057 CEST8049735165.225.115.136192.168.2.4
            Jul 2, 2024 02:55:33.363259077 CEST8049735165.225.115.136192.168.2.4
            Jul 2, 2024 02:55:33.374773979 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:33.374808073 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:33.374871969 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:33.375133991 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:33.375148058 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:33.409034014 CEST4973580192.168.2.4165.225.115.136
            Jul 2, 2024 02:55:34.221317053 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:34.222688913 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:34.222701073 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:34.223537922 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:34.223599911 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:34.225032091 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:34.225084066 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:34.225411892 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:34.225419044 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:34.266542912 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:34.579982996 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:34.624958038 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:34.764077902 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:34.808506966 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:35.003386974 CEST49675443192.168.2.4173.222.162.32
            Jul 2, 2024 02:55:35.048451900 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:35.048460960 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:35.048511982 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:35.048516035 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:35.048527956 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:35.048541069 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:35.048547029 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:35.048562050 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:35.048576117 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:35.048602104 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:35.049304962 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:35.049362898 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:35.049370050 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:35.049417019 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:35.650116920 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:35.650141954 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:35.723268986 CEST49741443192.168.2.4142.250.185.100
            Jul 2, 2024 02:55:35.723297119 CEST44349741142.250.185.100192.168.2.4
            Jul 2, 2024 02:55:35.723376036 CEST49741443192.168.2.4142.250.185.100
            Jul 2, 2024 02:55:35.723717928 CEST49741443192.168.2.4142.250.185.100
            Jul 2, 2024 02:55:35.723726988 CEST44349741142.250.185.100192.168.2.4
            Jul 2, 2024 02:55:35.839170933 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:35.839181900 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:35.839222908 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:35.839246988 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:35.839253902 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:35.839286089 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:35.839323044 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:35.853332043 CEST49737443192.168.2.4165.225.26.40
            Jul 2, 2024 02:55:35.853348017 CEST44349737165.225.26.40192.168.2.4
            Jul 2, 2024 02:55:35.924369097 CEST49742443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:35.924453020 CEST443497422.19.104.72192.168.2.4
            Jul 2, 2024 02:55:35.924542904 CEST49742443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:35.926896095 CEST49742443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:35.926933050 CEST443497422.19.104.72192.168.2.4
            Jul 2, 2024 02:55:36.367324114 CEST44349741142.250.185.100192.168.2.4
            Jul 2, 2024 02:55:36.375871897 CEST49741443192.168.2.4142.250.185.100
            Jul 2, 2024 02:55:36.375885963 CEST44349741142.250.185.100192.168.2.4
            Jul 2, 2024 02:55:36.376730919 CEST44349741142.250.185.100192.168.2.4
            Jul 2, 2024 02:55:36.376800060 CEST49741443192.168.2.4142.250.185.100
            Jul 2, 2024 02:55:36.379405975 CEST49741443192.168.2.4142.250.185.100
            Jul 2, 2024 02:55:36.379448891 CEST44349741142.250.185.100192.168.2.4
            Jul 2, 2024 02:55:36.424134016 CEST49741443192.168.2.4142.250.185.100
            Jul 2, 2024 02:55:36.424144030 CEST44349741142.250.185.100192.168.2.4
            Jul 2, 2024 02:55:36.471004963 CEST49741443192.168.2.4142.250.185.100
            Jul 2, 2024 02:55:36.574223995 CEST443497422.19.104.72192.168.2.4
            Jul 2, 2024 02:55:36.574321985 CEST49742443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:36.580182076 CEST49742443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:36.580214024 CEST443497422.19.104.72192.168.2.4
            Jul 2, 2024 02:55:36.580461979 CEST443497422.19.104.72192.168.2.4
            Jul 2, 2024 02:55:36.618822098 CEST49742443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:36.660502911 CEST443497422.19.104.72192.168.2.4
            Jul 2, 2024 02:55:36.841612101 CEST443497422.19.104.72192.168.2.4
            Jul 2, 2024 02:55:36.841655016 CEST443497422.19.104.72192.168.2.4
            Jul 2, 2024 02:55:36.841749907 CEST49742443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:36.841948032 CEST49742443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:36.841981888 CEST443497422.19.104.72192.168.2.4
            Jul 2, 2024 02:55:36.900099039 CEST49743443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:36.900150061 CEST443497432.19.104.72192.168.2.4
            Jul 2, 2024 02:55:36.900227070 CEST49743443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:36.900515079 CEST49743443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:36.900532961 CEST443497432.19.104.72192.168.2.4
            Jul 2, 2024 02:55:37.545824051 CEST443497432.19.104.72192.168.2.4
            Jul 2, 2024 02:55:37.545893908 CEST49743443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:37.547888994 CEST49743443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:37.547905922 CEST443497432.19.104.72192.168.2.4
            Jul 2, 2024 02:55:37.548140049 CEST443497432.19.104.72192.168.2.4
            Jul 2, 2024 02:55:37.551331043 CEST49743443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:37.596499920 CEST443497432.19.104.72192.168.2.4
            Jul 2, 2024 02:55:37.815403938 CEST443497432.19.104.72192.168.2.4
            Jul 2, 2024 02:55:37.815453053 CEST443497432.19.104.72192.168.2.4
            Jul 2, 2024 02:55:37.815633059 CEST49743443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:37.819243908 CEST49743443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:37.819268942 CEST443497432.19.104.72192.168.2.4
            Jul 2, 2024 02:55:37.819274902 CEST49743443192.168.2.42.19.104.72
            Jul 2, 2024 02:55:37.819283962 CEST443497432.19.104.72192.168.2.4
            Jul 2, 2024 02:55:46.266108036 CEST44349741142.250.185.100192.168.2.4
            Jul 2, 2024 02:55:46.266168118 CEST44349741142.250.185.100192.168.2.4
            Jul 2, 2024 02:55:46.269150019 CEST49741443192.168.2.4142.250.185.100
            Jul 2, 2024 02:55:47.493199110 CEST49741443192.168.2.4142.250.185.100
            Jul 2, 2024 02:55:47.493228912 CEST44349741142.250.185.100192.168.2.4
            Jul 2, 2024 02:56:03.216607094 CEST6407853192.168.2.4162.159.36.2
            Jul 2, 2024 02:56:03.221487999 CEST5364078162.159.36.2192.168.2.4
            Jul 2, 2024 02:56:03.221560955 CEST6407853192.168.2.4162.159.36.2
            Jul 2, 2024 02:56:03.221740961 CEST6407853192.168.2.4162.159.36.2
            Jul 2, 2024 02:56:03.226600885 CEST5364078162.159.36.2192.168.2.4
            Jul 2, 2024 02:56:03.677522898 CEST5364078162.159.36.2192.168.2.4
            Jul 2, 2024 02:56:03.721149921 CEST6407853192.168.2.4162.159.36.2
            Jul 2, 2024 02:56:03.726614952 CEST5364078162.159.36.2192.168.2.4
            Jul 2, 2024 02:56:03.726716042 CEST6407853192.168.2.4162.159.36.2
            Jul 2, 2024 02:56:09.103873968 CEST5705753192.168.2.41.1.1.1
            Jul 2, 2024 02:56:09.108705997 CEST53570571.1.1.1192.168.2.4
            Jul 2, 2024 02:56:09.108783960 CEST5705753192.168.2.41.1.1.1
            Jul 2, 2024 02:56:09.108814955 CEST5705753192.168.2.41.1.1.1
            Jul 2, 2024 02:56:09.113965988 CEST53570571.1.1.1192.168.2.4
            Jul 2, 2024 02:56:09.591825962 CEST53570571.1.1.1192.168.2.4
            Jul 2, 2024 02:56:09.607461929 CEST5705753192.168.2.41.1.1.1
            Jul 2, 2024 02:56:09.614000082 CEST53570571.1.1.1192.168.2.4
            Jul 2, 2024 02:56:09.614073038 CEST5705753192.168.2.41.1.1.1
            Jul 2, 2024 02:56:17.434421062 CEST4973680192.168.2.4165.225.115.136
            Jul 2, 2024 02:56:17.439357996 CEST8049736165.225.115.136192.168.2.4
            Jul 2, 2024 02:56:18.371931076 CEST4973580192.168.2.4165.225.115.136
            Jul 2, 2024 02:56:18.376827002 CEST8049735165.225.115.136192.168.2.4
            Jul 2, 2024 02:56:33.459868908 CEST4973680192.168.2.4165.225.115.136
            Jul 2, 2024 02:56:33.465111017 CEST8049736165.225.115.136192.168.2.4
            Jul 2, 2024 02:56:33.465333939 CEST4973680192.168.2.4165.225.115.136
            Jul 2, 2024 02:56:35.990124941 CEST57061443192.168.2.4172.217.16.196
            Jul 2, 2024 02:56:35.990216017 CEST44357061172.217.16.196192.168.2.4
            Jul 2, 2024 02:56:35.990437031 CEST57061443192.168.2.4172.217.16.196
            Jul 2, 2024 02:56:35.990915060 CEST57061443192.168.2.4172.217.16.196
            Jul 2, 2024 02:56:35.990950108 CEST44357061172.217.16.196192.168.2.4
            Jul 2, 2024 02:56:36.635438919 CEST44357061172.217.16.196192.168.2.4
            Jul 2, 2024 02:56:36.635873079 CEST57061443192.168.2.4172.217.16.196
            Jul 2, 2024 02:56:36.635926008 CEST44357061172.217.16.196192.168.2.4
            Jul 2, 2024 02:56:36.636229992 CEST44357061172.217.16.196192.168.2.4
            Jul 2, 2024 02:56:36.637057066 CEST57061443192.168.2.4172.217.16.196
            Jul 2, 2024 02:56:36.637126923 CEST44357061172.217.16.196192.168.2.4
            Jul 2, 2024 02:56:36.690119982 CEST57061443192.168.2.4172.217.16.196
            Jul 2, 2024 02:56:42.174191952 CEST4972480192.168.2.493.184.221.240
            Jul 2, 2024 02:56:42.174194098 CEST4972380192.168.2.493.184.221.240
            Jul 2, 2024 02:56:42.179562092 CEST804972493.184.221.240192.168.2.4
            Jul 2, 2024 02:56:42.179600954 CEST804972393.184.221.240192.168.2.4
            Jul 2, 2024 02:56:42.179680109 CEST4972480192.168.2.493.184.221.240
            Jul 2, 2024 02:56:42.179681063 CEST4972380192.168.2.493.184.221.240
            Jul 2, 2024 02:56:46.538021088 CEST44357061172.217.16.196192.168.2.4
            Jul 2, 2024 02:56:46.538090944 CEST44357061172.217.16.196192.168.2.4
            Jul 2, 2024 02:56:46.538156033 CEST57061443192.168.2.4172.217.16.196
            Jul 2, 2024 02:56:47.457340002 CEST57061443192.168.2.4172.217.16.196
            Jul 2, 2024 02:56:47.457395077 CEST44357061172.217.16.196192.168.2.4

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 2, 2024 02:55:31.051676989 CEST53535191.1.1.1192.168.2.4
            Jul 2, 2024 02:55:31.059344053 CEST53607621.1.1.1192.168.2.4
            Jul 2, 2024 02:55:32.110955000 CEST53550291.1.1.1192.168.2.4
            Jul 2, 2024 02:55:33.366930008 CEST5289153192.168.2.41.1.1.1
            Jul 2, 2024 02:55:33.367068052 CEST5268453192.168.2.41.1.1.1
            Jul 2, 2024 02:55:33.374054909 CEST53528911.1.1.1192.168.2.4
            Jul 2, 2024 02:55:33.374353886 CEST53526841.1.1.1192.168.2.4
            Jul 2, 2024 02:55:35.656372070 CEST53537171.1.1.1192.168.2.4
            Jul 2, 2024 02:55:35.713865042 CEST5716653192.168.2.41.1.1.1
            Jul 2, 2024 02:55:35.714224100 CEST5372653192.168.2.41.1.1.1
            Jul 2, 2024 02:55:35.720927954 CEST53571661.1.1.1192.168.2.4
            Jul 2, 2024 02:55:35.720962048 CEST53537261.1.1.1192.168.2.4
            Jul 2, 2024 02:55:49.354079008 CEST53642321.1.1.1192.168.2.4
            Jul 2, 2024 02:55:53.742069960 CEST138138192.168.2.4192.168.2.255
            Jul 2, 2024 02:56:03.212925911 CEST5357796162.159.36.2192.168.2.4
            Jul 2, 2024 02:56:03.736200094 CEST5138753192.168.2.41.1.1.1
            Jul 2, 2024 02:56:03.743396044 CEST53513871.1.1.1192.168.2.4
            Jul 2, 2024 02:56:09.103251934 CEST53569551.1.1.1192.168.2.4
            Jul 2, 2024 02:56:35.979357958 CEST6397253192.168.2.41.1.1.1
            Jul 2, 2024 02:56:35.987971067 CEST53639721.1.1.1192.168.2.4

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Jul 2, 2024 02:55:33.366930008 CEST192.168.2.41.1.1.10xd322Standard query (0)gateway.zscloud.netA (IP address)IN (0x0001)false
            Jul 2, 2024 02:55:33.367068052 CEST192.168.2.41.1.1.10x8b2fStandard query (0)gateway.zscloud.net65IN (0x0001)false
            Jul 2, 2024 02:55:35.713865042 CEST192.168.2.41.1.1.10x268fStandard query (0)www.google.comA (IP address)IN (0x0001)false
            Jul 2, 2024 02:55:35.714224100 CEST192.168.2.41.1.1.10xd54cStandard query (0)www.google.com65IN (0x0001)false
            Jul 2, 2024 02:56:03.736200094 CEST192.168.2.41.1.1.10x2a6eStandard query (0)198.187.3.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false
            Jul 2, 2024 02:56:35.979357958 CEST192.168.2.41.1.1.10x86ddStandard query (0)www.google.comA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Jul 2, 2024 02:55:33.374054909 CEST1.1.1.1192.168.2.40xd322No error (0)gateway.zscloud.net165.225.26.40A (IP address)IN (0x0001)false
            Jul 2, 2024 02:55:35.720927954 CEST1.1.1.1192.168.2.40x268fNo error (0)www.google.com142.250.185.100A (IP address)IN (0x0001)false
            Jul 2, 2024 02:55:35.720962048 CEST1.1.1.1192.168.2.40xd54cNo error (0)www.google.com65IN (0x0001)false
            Jul 2, 2024 02:55:48.529011011 CEST1.1.1.1192.168.2.40x70fcNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
            Jul 2, 2024 02:55:48.529011011 CEST1.1.1.1192.168.2.40x70fcNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
            Jul 2, 2024 02:55:49.050348997 CEST1.1.1.1192.168.2.40xd346No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            Jul 2, 2024 02:55:49.050348997 CEST1.1.1.1192.168.2.40xd346No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
            Jul 2, 2024 02:56:02.214498043 CEST1.1.1.1192.168.2.40x27abNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            Jul 2, 2024 02:56:02.214498043 CEST1.1.1.1192.168.2.40x27abNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
            Jul 2, 2024 02:56:03.743396044 CEST1.1.1.1192.168.2.40x2a6eName error (3)198.187.3.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
            Jul 2, 2024 02:56:35.987971067 CEST1.1.1.1192.168.2.40x86ddNo error (0)www.google.com172.217.16.196A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • gateway.zscloud.net
            • https:
            • fs.microsoft.com
            • 165.225.115.136

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.449735165.225.115.136805820C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            Jul 2, 2024 02:55:32.445430040 CEST430OUTGET / HTTP/1.1
            Host: 165.225.115.136
            Connection: keep-alive
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            Jul 2, 2024 02:55:33.363259077 CEST362INHTTP/1.1 307 Temporary Redirect
            Content-Length: 0
            Access-Control-Allow-Origin: *
            Location: https://gateway.zscloud.net:443/auD?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4Wr
            Content-Type: text/html
            P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
            Set-Cookie: _sm_au_d=1;SameSite=LAX;path=/;domain=165.225.115.136
            Jul 2, 2024 02:56:18.371931076 CEST6OUTData Raw: 00
            Data Ascii:


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.449736165.225.115.136805820C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            Jul 2, 2024 02:56:17.434421062 CEST6OUTData Raw: 00
            Data Ascii:


            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.449737165.225.26.404435820C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-07-02 00:55:34 UTC746OUTGET /auD?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4Wr HTTP/1.1
            Host: gateway.zscloud.net
            Connection: keep-alive
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Sec-Fetch-Site: none
            Sec-Fetch-Mode: navigate
            Sec-Fetch-User: ?1
            Sec-Fetch-Dest: document
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            sec-ch-ua-platform: "Windows"
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-07-02 00:55:34 UTC377INHTTP/1.1 307 Temporary Redirect
            Content-Length: 0
            Access-Control-Allow-Origin: *
            Location: https://gateway.zscloud.net:443/auT?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4Wr
            Content-Type: text/html
            Set-Cookie: _sm_au_d=1;path=/;domain=.zscloud.net;SameSite=None;Secure;HttpOnly;
            P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
            2024-07-02 00:55:34 UTC766OUTGET /auT?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4Wr HTTP/1.1
            Host: gateway.zscloud.net
            Connection: keep-alive
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Sec-Fetch-Site: none
            Sec-Fetch-Mode: navigate
            Sec-Fetch-User: ?1
            Sec-Fetch-Dest: document
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            sec-ch-ua-platform: "Windows"
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            Cookie: _sm_au_d=1
            2024-07-02 00:55:35 UTC15360INHTTP/1.1 200 OK
            Content-Type: text/html
            Server: Zscaler/6.2
            Cache-Control: no-cache
            P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
            Content-length: 22035
            Set-Cookie: _sm__fch=1c53fkP5ZqFnr
            ... username.html--><!DOCTYPE html><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>Welcome To Zscaler Directory Authentication</title><style type="text/css">body { background-color: #FFF; font-family: Arial, sans-serif; font-size: 12px; text-align: center; color: #4B4F54; overflow: hidden; margin: 0;}a { color: #009dd0; cursor: pointer; text-decoration: none;}form { width: 100%; height: 100%; margin: 0; padding: 0;}input { font-family: Arial; font-size: 100%; margin: 0; width: 100%; vertical-align: top; color: #424242; display: inline-block; border: none; padding: 0; text-align: left; height: 100%; width: calc(100% -35px);}table { margin-top: 10px; text-align: center; background-color: white;}table.table-company-logo { background-color: #e3e3e3;}table.table-upper { border-radius: 10px;}table.table-lower { bord [TRUNCATED]
            2024-07-02 00:55:35 UTC6885INData Raw: 20 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 7d 2e 74 61 62 6c 65 2d 6c 65 66 74 2d 63 6f 6c 75 6d 6e 20 74 61 62 6c 65 2c 20 2e 74 61 62 6c 65 2d 72 69 67 68 74 2d 63 6f 6c 75 6d 6e 20 74 61 62 6c 65 20 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 7d 2e 61 72 72 6f 77 2d 62 6f 78 20 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 32 61 32 30 30 3b 77 69 64 74 68 3a 20 39 35 25 3b 7a 2d 69 6e 64 65 78 3a 20 31 30 30 3b 7d 2e 61 72 72 6f 77 2d 62 6f 78 2d 72 69 67 68 74 20 7b 74 6f 70 3a 20 2d 31 34 30 70 78 3b 6c 65 66 74 3a 20 2d 31 70 78 3b 7d 2e 61 72 72 6f 77 2d 62 6f 78 2d 6c 65 66 74 20 7b 74 6f 70 3a 20 2d
            Data Ascii: 100%;display: block;}.table-left-column table, .table-right-column table {padding-left: 0;padding-right: 0;}.arrow-box {background: white;border: 1px solid #c2a200;width: 95%;z-index: 100;}.arrow-box-right {top: -140px;left: -1px;}.arrow-box-left {top: -
            2024-07-02 00:55:35 UTC698OUTGET /favicon.ico HTTP/1.1
            Host: gateway.zscloud.net
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            sec-ch-ua-platform: "Windows"
            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
            Sec-Fetch-Site: same-origin
            Sec-Fetch-Mode: no-cors
            Sec-Fetch-Dest: image
            Referer: https://gateway.zscloud.net/auT?origurl=http%3A%2F%2F165%2e225%2e115%2e136%2f&_ordtok=DhW3WVZjVPKHH68rDF2QjpW4Wr
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            Cookie: _sm_au_d=1
            2024-07-02 00:55:35 UTC13831INHTTP/1.1 403 Forbidden
            Content-Type: text/html
            Server: Zscaler/6.2
            Cache-Control: no-cache
            Access-Control-Allow-Origin: *
            Content-length: 13679
            ...# bq6ZFW7rpStTMbq6ZFW7rpStTMbq6ZFW7rpStTMd-->
            <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
            <html>
            <head>
            <meta name="description" content="Zscaler makes the internet safe for businesses by protecting their employees from malware, viruses, and other security threats.">
            <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
            <meta name="viewport" content="width=device-width, initial-scale=1">
            <title>Internet Security by Zscaler</title>
            <script language="JavaScript">var defLang = 'en_US'</script>
            ...<img alt="Zscaler" src="https://login.zscloud.net/img_logo_new1.png">-->
            <style type="text/css">
            body {
            background-color:#e3e3e3;
            font-family:Arial, sans-serif;
            font-size:12px;
            color:#4B4F54;
            }
            a {
            cursor:pointer;
            text-decoration:none;
            color:#009dd0;
            }
            table {
            margin-top:10px;
            }
            td table {
            margin-top:0;
            text-align:center;
            }
            img {
            max-height:75px;
            max-width:430px;
            }
            .pg {
            position:absolute;
            top:0;
            bottom:0;
            left:0;
            right:0;
            overflow-x:hidden;
            white-space:nowrap;
            }
            .pg:before {
            content:"";
            display:inline-block;
            height:100%;
            vertical-align:middle;
            }
            .pg_cont {
            display:inline-block;
            vertical-align:middle;
            width:100%;
            position:relative;
            }
            .a_i {
            width:19px;
            height:19px;
            margin-right:10px;
            background-size: 19px 19px;
            display:inline-block;
            }
            .m_tbl {
            width:100%;
            max-width:758px;
            background:#e3e3e3;
            min-width:600px;
            }
            .pg.red .eu_h {
            color:#fd4239;
            border-top:3px solid #fd4239;
            }
            .pg.red .eu_h .a_i {
            background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAABoElEQVR4nK3Uz2vIYRzA8dcMzWGJdjSZKZLCDphfB7XVHBAXF2XFpJxd+BvUbtY20m4KxVExtbWkUYQLByU3OVhpy8zh+Tzr2dN3t30un1/P834+z/N8noc1lBZYPNVbx3twDQPYFuN+4RUm8ARL5YTWFzPWVZA2jGIWQ+jMC2ILzuERZrCjrmB9YW/CcxwLfwFTAf6J3TiPzTiMNziJz02wkQL0DpfwsVp8OCAb0IFnOIA5LG/zeEwWgN4GUBeeBihLN25mJ8NuhF7CIOYbQJPYHv59fAv7OlpL2OnQH2IbpexsAF3BePgdOFTC2kO/bQC9LED3AvTPymPoYuUFkHqprqizAF0NECwWY9vKynJi1yqg8QoEBwv7ewmbCt2HIw2goQrUgv6wF6QmXoY9KMqdLkBjDSDSueU3+Bi/S9gE3oedY2PS+6xBF3En7Hnczol8AX9xAa+xNWJHpXOajXwPzuBsAR7E1xoGX3BC6vJu7MVdzfIHl/GwDNa/xifsxy1xQ5XMSS2ypwax+n+Wc/ukr2YjfkhNXT81pP9sTeU/6YpejkX0NUMAAAAASUVORK5CYII=');
            }
            .pg.red .eu_h, .pg.red .eu_co, .pg.red .hr {
            border-left:3px solid #fd4239;
            border-right:3px solid #fd4239;
            }
            .pg.red .fo {
            border-bottom-color:#fd4239;
            }
            .pg.red .eu_co.st{
            border:0;
            }
            .pg.yl .eu_h .a_i {
            background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAYAAABw4pVUAAAFgUlEQVR4nO2dOWxcVRSGP0+wWWKSiC1WMAV7SAI0bBLBLBI0bEUSyiSAFCOgYLMpEBA3JCEUCISQEBIIKtIgpaCho6KhAglkCQlRRBAhKBIQW4Di5iHH+M28c+85955h7leO5y6eb972v/PuQKVSqQwNY5+8V3oKYi4C3gXuaPn7x8Bu4Eim+agxsxN6pSch5GrgM9plANx58j0bs8xImWESsho4BJzf4b1TwAfAGaYzMmCYhDyH7Ft/DTBvNBczhkXINPBkRLs54ALluZgyLEIWiNv9TAIvKM/FlGEQsoVw1hTLLHCFzlTsGQYh+0mb52nAS0pzMce7kNuBuxX62QbcpNCPOZ6F9ICXFfs7CIwp9meCZyE7gOsU+9sK3KfYnwlehUxgs9/fTzimuMWrkEeASwz63Qg8ZNCvGh6FrMX22mGBEMO4xKOQZ4FzDfufAp4y7D8Jb0KmgScyjDOP00jFm5AF4MwM47iNVDwJSY1IpLiMVDwJSY1IpLiMVLwIuQ2diESKu0jFgxDtiESKq0jFg5AdwPUFx3cVqZQWYhWRSHETqZQWYhWRSHETqZQUshZ4vuD4y3ERqZQUMg+cV3D85biIVEoJuZC4KhJrikcqpQ5kMRHJMeCosM16QkzSlSZSeVw4jholhGwGHhS2eR14Bvhd2O504BVkH/As8BqwKBxLhRK7LGlEcoI4GQC/AU8DfwvaFI1Ucgu5Fbgnol2MjIYTyK/Ei0UqOYWMEWIKKauA8YRxY+P8IpFKTiEpEclZCePGXltsBe5NGDeKXEJSI5KUm1YpMg+Q+cQnl5BZ4NKE9ikfakrb7JFKDiFrSL9dWkoIZI5UcgjRiEhK7bIgc6RiLWQDOv9MyS0EMkYq1kK0qkhKbiGQsUrFUshm9A6IJU57l5OlSsVSiGYVSektBDJFKlZCYiO [TRUNCATED]
            }
            .pg.yl .eu_h {
            color:#c2a200;
            border-top:3px solid #c2a200;
            }
            .pg.yl .eu_h, .pg.yl .eu_co, .pg.yl .hr {
            border-left:3px solid #c2a200;
            border-right:3px solid #c2a200;
            }
            .pg.yl .fo {
            border-bottom-color:#c2a200;
            }
            .pg.yl .eu_co.st{
            border:0;
            }
            .pg.or .eu_h {
            color:#e39e00;
            border-top:3px solid #e39e00;
            }
            .pg.or .eu_h .a_i {
            background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAASCAYAAAC5DOVpAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyhpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTExIDc5LjE1ODMyNSwgMjAxNS8wOS8xMC0wMToxMDoyMCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTUgKE1hY2ludG9zaCkiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6QjIzMTRDODNCQ0ExMTFFNUFBNTY5RTA4NDFEMEU0QTAiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6QjIzMTRDODRCQ0ExMTFFNUFBNTY5RTA4NDFEMEU0QTAiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDpCMjMxNEM [TRUNCATED]
            }
            .pg.or .eu_h, .pg.or .eu_co, .pg.or .hr {
            border-left:3px solid #e39e00;
            border-right:3px solid #e39e00;
            }
            .pg.or .fo {
            border-bottom-color:#e39e00;
            }
            .pg.or .eu_co.st{
            border:0;
            }
            .m_tbl table td {
            padding:0 20px 16px 20px;
            text-align:left;
            background-color:white;
            }
            .m_tbl table td.bh {
            text-align:center;
            background-color:#e3e3e3;
            z-index:100;
            }
            .m_tbl table td.eu_h {
            padding-top: 20px;
            }
            .eu_h {
            vertical-align:middle;
            font-weight:normal;
            white-space:normal;
            font-size: 24px;
            background-color:white;
            border-left:3px solid;
            border-right:3px solid;
            border-top-left-radius: 10px;
            border-top-right-radius: 10px;
            }
            .pg .eu_h.sm {
            font-size:16px;
            color:#929496;
            border-top-left-radius:0;
            border-top-right-radius:0;
            border-top:0;
            padding-top:0;
            }
            hr {
            margin:0;
            border-top:0.5px solid #cfd0d1;
            }
            .eu_co {
            font-size:16px;
            color:#2a2c30;
            border-left:3px solid;
            border-right:3px solid;
            white-space: normal;
            word-wrap: break-word;
            }
            .eu_co.rsn{
            color:#000000;
            }
            .eu_l {
            display:inline;
            padding-left:5px;
            }
            .bh {
            min-height:35px;
            display:block;
            max-height:75px;
            color:#0076A9;
            font-size:16px;
            overflow:hidden;
            padding-bottom:15px;
            padding-top:5px;
            background-color:#e3e3e3;
            text-align:center;
            max-width:758px;
            text-overflow: ellipsis;
            }
            .btn {
            background:#009dd0;
            color:#FFFFFF;
            border-radius:5px;
            border:2px solid #009dd0;
            cursor:pointer;
            display:inline-block;
            height:30px;
            margin:10px 0 15px;
            font-size:18px;
            line-height:26px;
            width:auto;
            padding:0 20px;
            }
            .btn:focus {
            outline:none;
            }
            .btn:hover {
            background:#fff;
            color:#0076A9;
            }
            .eu_co.fo {
            height:32px;
            color:#696A6D;
            background-color:#f3f3f3;
            line-height:32px;
            font-size:11px;
            padding-bottom:0px;
            border-bottom:3px solid;
            border-bottom-left-radius:10px;
            border-bottom-right-radius:10px;
            }
            .eu_co.fo.pb35 {
            background-color: white;
            color: #2a2c30;
            font-size: 16px;
            padding-bottom: 20px;
            }
            .eu_co.st {
            font-size: 12px;
            padding: 10px 0;
            line-height: 20px;
            position: relative;
            color: #939393;
            background:#e3e3e3;
            border:0;
            text-align: center;
            }
            .s_img {
            vertical-align:top;
            padding-right:5px;
            background:url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADoAAAAMCAYAAAAzmK6YAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyhpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTExIDc5LjE1ODMyNSwgMjAxNS8wOS8xMC0wMToxMDoyMCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTUgKE1hY2ludG9zaCkiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6MDg4M0FBNkZBODFFMTFFNUI3RkJGMDcxMjM1MjFGQjUiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6MDg4M0FBNzBBODFFMTFFNUI3RkJGMDcxMjM1MjFGQjUiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDowODgzQUE2REE4MU [TRUNCATED]
            width:55px;
            height:17px;
            position:relative;
            top:3px;
            display:inline-block;
            }
            .f_btn {
            display:inline-block;
            }
            .uq_cd {
            position:absolute;
            bottom:54px;
            right:25px;
            font-size:10px;
            color:#696A6D;
            }
            .s_l td {
            font-size: 13px;
            color: #77797c;
            text-align:right;
            }
            .s_l a {
            padding:4px;
            cursor:pointer;
            font-size:13px;
            }
            .s_l .sprt {
            margin-left: 6px;
            margin-right: 4px;
            padding-right: 0;
            cursor: default;
            height: 14px;
            border-left: 1px #cfd0d1 solid;
            }
            .langSelector{
            width:200px;
            }
            .langSelector td{
            text-align:right;
            }
            .logo_container{
            position:relative;
            max-width:758px;
            margin:0px auto;
            }
            .err_cd {
            font-size:16px;
            color:#2a2c30;
            text-align: left;
            background-color:white;
            padding-bottom:16px;
            }
            @media only screen and (max-width:700px) {
            td.bh{
            padding-bottom:35px;
            }
            .eu_h{
            font-size:18px;
            }
            .eu_h,.eu_co,.st{
            word-wrap:break-word;
            white-space:normal;
            }
            .sm{
            font-size:14px;
            }
            .fo{
            padding:2px 0;
            height:20px;
            line-height:20px;
            }
            .m_tbl {
            min-width: 300px;
            width: 95%;
            position:relative;
            left:-3px;
            }
            .uq_cd {
            bottom: 77px;
            }
            .a_i {
            position: relative;
            top: 4px;
            }
            .s_l {
            position: absolute;
            top:85px;
            width:100%;
            z-index:100;
            }
            .s_l a {
            padding: 0;
            }
            .m_tbl table .s_l td {
            text-align: center;
            }
            .pg{
            overflow-y:auto;
            }
            .langSelector{
            width:100%;
            }
            .langSelector td{
            text-align:center;
            }
            }
            </style>
            </head>
            <body>
            <div class="pg red">
            <div class="pg_cont">
            <div id="logo_container" class="logo_container">
            <table id="logo" width="50%" cellspacing="0" cellpadding="0" border="0" align="center">
            <tbody>
            <tr align="center">
            <td align="center" class="bh">
            <img alt="Zscaler" src="https://login.zscloud.net/img_logo_new1.png"></td></tr>
            </tbody></table></div>
            <table class="m_tbl" cellpadding="0" cellspacing="0" align="center">
            <tbody><tr>
            <td height="100" valign="top" style="position:relative;">
            <div class="uq_cd">D09</div>
            ...locale en_US-->
            <table id="en_US" width="100%" border="0" cellspacing="0" cellpadding="0">
            <tbody><tr><td class="eu_h">
            <i class="a_i"></i>
            Sorry, we couldn't load the page.
            </td></tr>
            <tr><td class="hr"><hr></td></tr>
            <tr><td class="eu_co rsn">
            </td></tr>
            <tr><td class="eu_co err_cd">
            Error Code: 081000
            </td></tr>
            <tr><td class="eu_co fo">
            </td></tr>
            <tr><td class="eu_co st red">
            <span class="s_img"></span>
            Your organization has selected Zscaler to protect you from internet threats.
            </td></tr>
            </tbody></table>
            .../locale en_US-->
            </td></tr>
            </tbody></table>
            </div>
            </div>
            </body></html>
            ... 0 0 0 0 1719881735 4 https://gateway.zscloud.net/favicon.ico -->


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.4497422.19.104.72443
            TimestampBytes transferredDirectionData
            2024-07-02 00:55:36 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-07-02 00:55:36 UTC467INHTTP/1.1 200 OK
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (lpl/EF06)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-neu-z1
            Cache-Control: public, max-age=227682
            Date: Tue, 02 Jul 2024 00:55:36 GMT
            Connection: close
            X-CID: 2


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.4497432.19.104.72443
            TimestampBytes transferredDirectionData
            2024-07-02 00:55:37 UTC239OUTGET /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
            Range: bytes=0-2147483646
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-07-02 00:55:37 UTC535INHTTP/1.1 200 OK
            Content-Type: application/octet-stream
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            ApiVersion: Distribute 1.1
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
            Cache-Control: public, max-age=227734
            Date: Tue, 02 Jul 2024 00:55:37 GMT
            Content-Length: 55
            Connection: close
            X-CID: 2
            2024-07-02 00:55:37 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:20:55:27
            Start date:01/07/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:2
            Start time:20:55:29
            Start date:01/07/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,5178333540329376978,1349667219038160641,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:3
            Start time:20:55:31
            Start date:01/07/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://165.225.115.136"
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            Disassembly

            No disassembly