Click to jump to signature section
| Source: http://cl4ycra.hgzcbqsqumhkfshql.com/kxosbfkve | Avira URL Cloud: detection malicious, Label: malware |
| Source: Email | Joe Sandbox AI: AI detected Typosquatting in URL: http://cl4ycra.hgzcbqsqumhkfshql.com |
| Source: https://www.google.com/ | HTTP Parser: No favicon |
| Source: https://www.google.com/ | HTTP Parser: No favicon |
| Source: https://www.google.com/ | HTTP Parser: No favicon |
| Source: https://www.google.com/ | HTTP Parser: No favicon |
| Source: https://store.google.com/collection/offers?utm_source=search&utm_medium=google_oo&utm_campaign=GS108088&utm_term=ms&utm_content=hpp&hl=en-US | HTTP Parser: No favicon |
| Source: unknown | HTTPS traffic detected: 2.23.161.164:443 -> 192.168.2.5:49716 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 2.23.161.164:443 -> 192.168.2.5:49717 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49728 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49733 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49951 version: TLS 1.2 |
| Source: | Binary string: _.hN=function(a,b){_.rK(a.Rr,{message:b,cca:!0,dK:"ERROR"})};_.reb=function(a){const b=[];b.push(_.qeb(a));const c=_.N(a,3);a.Np().forEach(d=>{b.push(_.qeb(d,c))});return b};_.seb=function(a,b,c){_.K(a,_.Yx,30,_.J()).forEach(d=>{d=_.WL(_.VL(_.UL(_.TL(new _.XL,_.N(d,2)),_.N(d,5)),b),_.cI(d.ha()));_.pdb(c,d)})};_.iN=function({hw:a,Gq:b}){const c=_.dM(_.bM(_.aM(_.$L(_.fM(new _.lM,1),_.N(b,1)),_.N(b,12)),_.N(b,1)),b.getTitle());(b=_.H(b,_.qr,11))&&_.kM(_.eM(c,_.cI(b)),b.kd());a&&_.O(c,16,a);return c}; source: chromecache_244.2.dr, chromecache_175.2.dr |
| Source: | Binary string: _.fM=function(a,b){return _.ui(a,3,b)};_.pdb=function(a,b){_.Xh(a,12,_.XL,b)};_.gM=function(a,b){return _.ri(a,13,b)};_.hM=function(a,b){return _.ui(a,14,b)};_.iM=function(a,b){return _.ui(a,15,b)};_.qdb=function(a,b){return _.ri(a,17,b)};_.jM=function(a,b){_.L(a,_.ZL,20,b)};_.kM=function(a,b){return _.O(a,21,b)};_.lM=class extends _.B{constructor(a){super(a)}};_.rdb=function(a,b){return _.O(a,2,b)};_.mM=function(a,b){return _.ui(a,3,b)};_.sdb=function(a,b){return _.ui(a,4,b)}; source: chromecache_244.2.dr, chromecache_175.2.dr |
| Source: | Binary string: for(const f of _.K(a,_.Ls,36,_.J()))_.pdb(c,_.UL(_.TL(new _.XL,f.getTitle()),_.F(f,1)));return c}; source: chromecache_244.2.dr, chromecache_175.2.dr |
| Source: | Binary string: _.pdb=function(){var a=_.Jqa();return _.G(a,1)};_.qdb=function(a,b){return(a=_.kl(a,b))?a:null};_.rdb=function(a){return a.lastElementChild!==void 0?a.lastElementChild:_.Qza(a.lastChild,!1)};_.Kr=function(a){return _.$l(a).x};_.sdb=function(a){if(!a.getBoundingClientRect)return null;a=_.zAa(_.sAa,a);return new _.dl(a.right-a.left,a.bottom-a.top)};_.tdb=function(a){var b=a;return function(){if(b){var c=b;b=null;c()}}}; source: chromecache_303.2.dr, chromecache_213.2.dr |
| Source: | Binary string: var Z5c=function(a){if(!a.Ha){var b=a.root||_.Kf();a.Ha=_.Me(b,"scroll",function(){return a.Ka()});a.Aa.pdb&&_.sa()&&(a.Na=_.Me(b,"touchstart",function(){return X5c(a,!0)}))}!a.Ba&&a.Aa.uxa&&(a.Ba=_.Me(_.Kf(),"resize",function(){return a.Ka()}));!a.wa&&a.Aa.sxa&&"MutationObserver"in window&&(b=document,a.wa=new MutationObserver(function(){return a.Ka()}),a.wa.observe(b,{attributes:!0,childList:!0,characterData:!0,subtree:!0}))},$5c=function(a){a.Ha&&(_.Cm(a.Ha),a.Ha=null);a.Na&&(_.Cm(a.Na),a.Na=null); source: chromecache_280.2.dr, chromecache_245.2.dr |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.161.164 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.246.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.246.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.246.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.246.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.246.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.246.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.12.23.50 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.246.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.246.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.246.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.246.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.246.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.246.63 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.246.63 |
| Source: global traffic | HTTP traffic detected: GET /kxosbfkve HTTP/1.1Host: cl4ycra.hgzcbqsqumhkfshql.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
| Source: global traffic | HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd._PAYUcHVsZY.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAACNgJAAAGANgFCBAAAAAAgAEAAAAEQAAAAAAAAYAKAAAAAACAAACgACAAoAAAABAYBQAAAjIAKAFIAAAEQEEAAAIAAoABZNAQiApAFAAAAAAAAACAAAAAgCEABAIAdAAEgAEgEgAA0QMBAAAAAAQBAMwEwBAwAAEAAAAAAABkAAAAAAAAAAAAAAAAAAAAAAAAAAAABAABAAU/d=1/ed=1/br=1/rs=ACT90oH6j8vzt1SAHGK71qaBfn5dL1-pbw/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-XNphEVTYJ0jA5oZ5KEzrR3oPn3Rqujv45X9uH9ZGyCAJMWQHspK8s; NID=519=QlcASPXBGoKRtV7RavnqgcPzAdu-MLAb-DDKeIACl-KpNCf12Q5U5P2TmNlv0rFihlxRXPi6Br5XP5mvz-TUjKtHVCZ7QZ3aBRDWUUPlmNtAz6Ouc4XZDk2BGATKK5rvuRkWF3txFOfkarvjUpgj92offYq35FnmhQHGtyuwHXjWJcKDLyMHhN3i3oe_EsJR9qyAyfpQIg |
| Source: global traffic | HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-XNphEVTYJ0jA5oZ5KEzrR3oPn3Rqujv45X9uH9ZGyCAJMWQHspK8s; NID=519=QlcASPXBGoKRtV7RavnqgcPzAdu-MLAb-DDKeIACl-KpNCf12Q5U5P2TmNlv0rFihlxRXPi6Br5XP5mvz-TUjKtHVCZ7QZ3aBRDWUUPlmNtAz6Ouc4XZDk2BGATKK5rvuRkWF3txFOfkarvjUpgj92offYq35FnmhQHGtyuwHXjWJcKDLyMHhN3i3oe_EsJR9qyAyfpQIg |
| Source: global traffic | HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.CKE7rGkZJbo.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAYAAAAgAAAAABAAAAAAAAAACAIEQQAAEAAAAMACAADBAAAIAACCAAAAAQA8yhQABIgAAAAAAAEABAAEAAAEAAAAAgAAAAAAAAoAAAAAAAQAAAAAAAAAgAABAAAAAAAAAAAAAgAA0AMAAAAAAAAAAgIAwBAwAAEAAAAAAAB9ABA8AEMKCwAAAAAAAAAAAAAAAAESBHMhAQUBCAAAAAAAAAAAAAAAAAAg0sSFDQ/d=1/ed=1/dg=3/br=1/rs=ACT90oFCj671TflzyVDidEzOUUm3npkBeQ/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lbfkyf:MqGdUd;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;oVHXxc:HODIOb;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;ropkZ:UT1DG;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9; |
Edit tour
chrome.exe (PID: 2848 cmdline: 
