Windows Analysis Report
https://u48635528.ct.sendgrid.net/ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymi

Overview

General Information

Sample URL:	https://u48635528.ct.sendgrid.net/ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2
Analysis ID:	1580436
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected HtmlPhish44

AI detected suspicious Javascript

Detected suspicious crossdomain redirect

URL contains potential PII (phishing indication)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://u48635528.ct.sendgrid.net/ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymiQOzypjCqxHhzmXtY2EWHJMJBxjl-2FHlyEIekWjEdTpTsRC8R5LaI-2BXF4kV8UeUtXxyFJLbYiR3fqcWt2evvBBECu9MeQj8TLZrmfuTf-2BJQraijp8-2BcIdxf8rnVxjHoJK1lo9-2Bkao444JbRSinVA-2FoUxeuAtdlrITU1Z6gHAn7DLZstY4XJkhkT16-2F2TN4CFt2LQ-2BEh9GWg4EPlocPi8ljTs-2B9D9RVbWdc3s2Vk2VPHSj20oCO3-2FalihBzGJuaYie5tnYaz6wBF3EqNzMXmVqRnMZwSYuGRwSMVhkchytYzt3hUH-2F51IUfn7nuhHUcUbdS8nBYneAMuB2eSDRn8IZzUkExLUascCVn8T9ImEyo0qhVsBPdJjfT9L3qli9clY1N-2BhQXDZgQnsN1Bs9PujeLzem37C62BvWnqPnqvXh5vbcvseiZwTP35DEJysw-3D-3D#mlyon@wc.com

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://aor0uy31giayv7sv489le3qcmkvpqjcnzqqb1rlz1pffhpbr94sby.ygncsqvu.ru/598751268380591bUNXIIfJaIAHTIXSYQUJXLCQDGIOWNJQWJMTAUJIIGQ

Avira URL Cloud: Label: malware

Phishing

Yara detected HtmlPhish44

Source: Yara match

File source: dropped/chromecache_106, type: DROPPED

AI detected suspicious Javascript

Source: 0.2.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://o6rl.inexpartan.ru/0Fhb7R/?qrc=mlyon@wc.co... This script exhibits several high-risk behaviors, including detecting the presence of web automation tools, disabling common keyboard shortcuts, and triggering a redirect to an external domain. The script appears to be attempting to prevent analysis and interaction, which is a strong indicator of malicious intent.
Source: 0.1.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://o6rl.inexpartan.ru/0Fhb7R/?qrc=mlyon@wc.co... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated code and the presence of anti-debugging techniques further increase the risk. While the script may have some legitimate functionality, the overall behavior is highly suspicious and indicative of malicious intent.
Source: 0.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://petadolex.ca/Privacy/mwe.html#mlyon@wc.com... The script demonstrates several high-risk behaviors, including redirecting the user to an untrusted domain after a short delay and potentially exfiltrating user data (email address) via the URL. The use of obfuscation (Base64 encoding) and the immediate redirect without user interaction further increases the risk.
Source: 0.3.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://o6rl.inexpartan.ru/0Fhb7R/?qrc=mlyon@wc.co... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The script uses the `turnstile.render()` function to render a CAPTCHA widget, but it also includes a custom error callback function `mSSFAETVxE()` and a callback function `OYNQcTmCcB()` that perform potentially malicious actions. The `OYNQcTmCcB()` function prevents the form submission, sets a hardcoded value for the `pagelink` field, and then makes a GET request to a suspicious domain. Depending on the response, it either makes a POST request to another suspicious domain with the form data or redirects the user to `https://www.azure.com`. This script demonstrates clear intent to collect user data and redirect to potentially malicious domains, which is highly suspicious and poses a significant security risk.

URL contains potential PII (phishing indication)

Sample URL: PII: mlyon@wc.com

Source: https://o6rl.inexpartan.ru/0Fhb7R/?qrc=mlyon@wc.com	HTTP Parser: No favicon
Source: https://o6rl.inexpartan.ru/0Fhb7R/?qrc=mlyon@wc.com	HTTP Parser: No favicon
Source: https://azure.microsoft.com/en-us/	HTTP Parser: No favicon

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: u48635528.ct.sendgrid.net to http://petadolex.ca//privacy/mwe.html

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymiQOzypjCqxHhzmXtY2EWHJMJBxjl-2FHlyEIekWjEdTpTsRC8R5LaI-2BXF4kV8UeUtXxyFJLbYiR3fqcWt2evvBBECu9MeQj8TLZrmfuTf-2BJQraijp8-2BcIdxf8rnVxjHoJK1lo9-2Bkao444JbRSinVA-2FoUxeuAtdlrITU1Z6gHAn7DLZstY4XJkhkT16-2F2TN4CFt2LQ-2BEh9GWg4EPlocPi8ljTs-2B9D9RVbWdc3s2Vk2VPHSj20oCO3-2FalihBzGJuaYie5tnYaz6wBF3EqNzMXmVqRnMZwSYuGRwSMVhkchytYzt3hUH-2F51IUfn7nuhHUcUbdS8nBYneAMuB2eSDRn8IZzUkExLUascCVn8T9ImEyo0qhVsBPdJjfT9L3qli9clY1N-2BhQXDZgQnsN1Bs9PujeLzem37C62BvWnqPnqvXh5vbcvseiZwTP35DEJysw-3D-3D HTTP/1.1Host: u48635528.ct.sendgrid.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Privacy/mwe.html HTTP/1.1Host: petadolex.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0Fhb7R/?qrc=mlyon@wc.com HTTP/1.1Host: o6rl.inexpartan.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://petadolex.ca/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://o6rl.inexpartan.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://o6rl.inexpartan.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://o6rl.inexpartan.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/787bc399e22f/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://o6rl.inexpartan.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/787bc399e22f/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/o2okh/0x4AAAAAAA3SrXwIAdDnw3nH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://o6rl.inexpartan.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8f71270faa3f423a&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/o2okh/0x4AAAAAAA3SrXwIAdDnw3nH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/o2okh/0x4AAAAAAA3SrXwIAdDnw3nH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: o6rl.inexpartan.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://o6rl.inexpartan.ru/0Fhb7R/?qrc=mlyon@wc.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjZvckFzVzllQklsTDBiZEo4RkRKOXc9PSIsInZhbHVlIjoiNkdRdmlETkp0Y0VSNUtxZXZXdUc5MW9lVE9abHFwOXk2NTZuS0xjb2EyQzFlUTZTZHRrMFJMNUFTWStORWFwZURReUU1OUE5Z2d0SDJFVC9uNHlyc01RT3NDNjVObDkxZVBaV2QrUFBZaHBkaWdMdkU5Mlh3MFUvV2dKbU5TWW8iLCJtYWMiOiI1ZDJhMDA4MmM4YTA3NWRhOGQ1NjMwYWIxNGIzNzg5MzViYTNlNDMyZTAxN2Q0YmNlY2Y2MzVhNTU5YjMwODk0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFWK1U4dWluTmUxK3BjZW80YzJrMGc9PSIsInZhbHVlIjoiYStHeEtjYXp0TktSOGhKUVVnazZieEVudWxoVVVJMVNaZFJ1ZU5Tbzd5VGhnWkJ1SUFKRVZYVUpZR0VScmRrb1dia3Rkci90ZTRxRHhFTmFBamtGaEFFV044MWhtWFQ4Z1ZmTTJvd0JFckg4TjExRkhnTi9qQmRPMVRVeC9OOHYiLCJtYWMiOiIwZjFkODRlNjEyOTcxNmI1NzdlMzRhNWJhNDFlMWNjNDc1ZDQ1ZTgzM2UwNWUyM2VkNTAwODgzMjJlN2VhMGM5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8f71270faa3f423a&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1333725566:1735046060:ea7DtCrMPzRHKu6JjFqJvdNTHHkD3P6YuZW747PdR4Y/8f71270faa3f423a/qEnuJJ6hsd2nQpw8YmXDFEnYwgxQQgvbDsWJJCsuHBk-1735049192-1.1.1.1-uO8h3i.NDANY4hPZuNQYsijOqvbMG2iJ4kKaQ5gCVucf1LtqvyuODcuc2aYcszLF HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8f71270faa3f423a/1735049197089/RNQ7OOfTgli-F5R HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/o2okh/0x4AAAAAAA3SrXwIAdDnw3nH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8f71270faa3f423a/1735049197089/RNQ7OOfTgli-F5R HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8f71270faa3f423a/1735049197093/4d817d3c4d7367ea88d3e4c448db4fd7f0e9c1b3844763606733f21905384022/4-si6UbIXrCDaOH HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/o2okh/0x4AAAAAAA3SrXwIAdDnw3nH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1333725566:1735046060:ea7DtCrMPzRHKu6JjFqJvdNTHHkD3P6YuZW747PdR4Y/8f71270faa3f423a/qEnuJJ6hsd2nQpw8YmXDFEnYwgxQQgvbDsWJJCsuHBk-1735049192-1.1.1.1-uO8h3i.NDANY4hPZuNQYsijOqvbMG2iJ4kKaQ5gCVucf1LtqvyuODcuc2aYcszLF HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1333725566:1735046060:ea7DtCrMPzRHKu6JjFqJvdNTHHkD3P6YuZW747PdR4Y/8f71270faa3f423a/qEnuJJ6hsd2nQpw8YmXDFEnYwgxQQgvbDsWJJCsuHBk-1735049192-1.1.1.1-uO8h3i.NDANY4hPZuNQYsijOqvbMG2iJ4kKaQ5gCVucf1LtqvyuODcuc2aYcszLF HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /598751268380591bUNXIIfJaIAHTIXSYQUJXLCQDGIOWNJQWJMTAUJIIGQ HTTP/1.1Host: aor0uy31giayv7sv489le3qcmkvpqjcnzqqb1rlz1pffhpbr94sby.ygncsqvu.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://o6rl.inexpartan.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://o6rl.inexpartan.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /598751268380591bUNXIIfJaIAHTIXSYQUJXLCQDGIOWNJQWJMTAUJIIGQ HTTP/1.1Host: aor0uy31giayv7sv489le3qcmkvpqjcnzqqb1rlz1pffhpbr94sby.ygncsqvu.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET //Privacy/mwe.html HTTP/1.1Host: petadolex.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: </svg>`;function EW(a,s){return l=>{const p=AW(l).map(f=>CW(f));s.setValue({...s.value,shareOptions:p});function d(){s.setValue({...s.value,shareDialogOpened:!0})}function m(){var f,E,I,D,N,O;s.setValue({...s.value,shareDialogOpened:!1}),(O=(N=(D=(I=(E=(f=a.renderRoot)==null?void 0:f.querySelector("ump-controls"))==null?void 0:E.renderRoot.querySelector("ump-control-bar"))==null?void 0:I.renderRoot.querySelector("ump-more-menu"))==null?void 0:D.renderRoot.querySelector('[data-id="more-menu-button"]'))==null?void 0:N.focus)==null\|\|O.call(N)}const y=Hh(a);return y.addEventListener("share-button-clicked",d),y.addEventListener("share-dialog-closed",m),()=>{y.removeAllListeners()}}}function AW(a){return a.options.share?a.options.shareOptions.length===0?wM:a.options.shareOptions:[]}function CW(a){const s=new URL(window.location.href);s.searchParams.delete("jsapi");const l=s.toString();switch(a){case"facebook":return{id:"facebook",url:`https://www.facebook.com/share.php?u=${encodeURIComponent(l)}`,icon:SW};case"linkedin":return{id:"linkedin",url:`https://www.linkedin.com/shareArticle?mini=true&url=${encodeURIComponent(l)}&title=&summary=&source=`,icon:TW};case"twitter":return{id:"twitter",url:`https://x.com/share?url=${encodeURIComponent(l)}&text=`,icon:kW};case"mail":return{id:"mail",url:`mailto:?subject=Check out this great video&body=${encodeURIComponent(l)}`,icon:xW};default:return{id:"copy",url:l,icon:""}}}function IW(){return a=>{if(a.options.sources.length===0)return()=>{};a.addEventListener("loadsourcesrequest",s);async function s(){a.dispatchEvent(new jt.util.FakeEvent("playerloadmediastart"));const l=lg(a.options.sources);try{await a.load(l[0].src,a.options.startTime,l[0].type)}catch{a.dispatchShakaError(jt.util.Error.Severity.CRITICAL,jt.util.Error.Category.MEDIA,jt.util.Error.Code.MEDIA_SOURCE_OPERATION_FAILED);return}await a.loadCaptions(),a.dispatchEvent(new jt.util.FakeEvent("playerloadmediaend")),a.dispatchEvent(new jt.util.FakeEvent("loadsourcescomplete"))}return()=>{}}}function MW(){try{return crypto.randomUUID()}catch{return`10000000-1000-4000-8000-${1e11}`.replace(/[018]/g,a=>(a^crypto.getRandomValues(new Uint8Array(1))[0]&15>>a/4).toString(16))}}var _W=Object.defineProperty,PW=Object.getOwnPropertyDescriptor,cg=(a,s,l,p)=>{for(var d=p>1?void 0:p?PW(s,l):s,m=a.length-1,y;m>=0;m--)(y=a[m])&&(d=(p?y(s,l,d):y(d))\|\|d);return p&&d&&_W(s,l,d),d};jt.polyfill.installAll();const i3="options";function a3(a,s,l){const p=a instanceof $a?a:$a.getById(a);return l&&p.addEventListener("ready",l,{once:!0}),p.setAttribute("options",JSON.stringify(s)),p}Object.defineProperty(a3,"allowAutoplay",{get:PL,set:QX});let $a=class extends Cn{constructor(){super(...arguments),this.umpId=`ump-${MW()}`,this.ariaLabel=null,this.playerStateContext=new Rw(this,{context:mr,initialValue:xM}),this.onVideoEvent=a=>{this.dispatchEvent(new kt(a.type,a.target))}}render(){return ht` equals www.facebook.com (Facebook)
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: </svg>`;function EW(a,s){return l=>{const p=AW(l).map(f=>CW(f));s.setValue({...s.value,shareOptions:p});function d(){s.setValue({...s.value,shareDialogOpened:!0})}function m(){var f,E,I,D,N,O;s.setValue({...s.value,shareDialogOpened:!1}),(O=(N=(D=(I=(E=(f=a.renderRoot)==null?void 0:f.querySelector("ump-controls"))==null?void 0:E.renderRoot.querySelector("ump-control-bar"))==null?void 0:I.renderRoot.querySelector("ump-more-menu"))==null?void 0:D.renderRoot.querySelector('[data-id="more-menu-button"]'))==null?void 0:N.focus)==null\|\|O.call(N)}const y=Hh(a);return y.addEventListener("share-button-clicked",d),y.addEventListener("share-dialog-closed",m),()=>{y.removeAllListeners()}}}function AW(a){return a.options.share?a.options.shareOptions.length===0?wM:a.options.shareOptions:[]}function CW(a){const s=new URL(window.location.href);s.searchParams.delete("jsapi");const l=s.toString();switch(a){case"facebook":return{id:"facebook",url:`https://www.facebook.com/share.php?u=${encodeURIComponent(l)}`,icon:SW};case"linkedin":return{id:"linkedin",url:`https://www.linkedin.com/shareArticle?mini=true&url=${encodeURIComponent(l)}&title=&summary=&source=`,icon:TW};case"twitter":return{id:"twitter",url:`https://x.com/share?url=${encodeURIComponent(l)}&text=`,icon:kW};case"mail":return{id:"mail",url:`mailto:?subject=Check out this great video&body=${encodeURIComponent(l)}`,icon:xW};default:return{id:"copy",url:l,icon:""}}}function IW(){return a=>{if(a.options.sources.length===0)return()=>{};a.addEventListener("loadsourcesrequest",s);async function s(){a.dispatchEvent(new jt.util.FakeEvent("playerloadmediastart"));const l=lg(a.options.sources);try{await a.load(l[0].src,a.options.startTime,l[0].type)}catch{a.dispatchShakaError(jt.util.Error.Severity.CRITICAL,jt.util.Error.Category.MEDIA,jt.util.Error.Code.MEDIA_SOURCE_OPERATION_FAILED);return}await a.loadCaptions(),a.dispatchEvent(new jt.util.FakeEvent("playerloadmediaend")),a.dispatchEvent(new jt.util.FakeEvent("loadsourcescomplete"))}return()=>{}}}function MW(){try{return crypto.randomUUID()}catch{return`10000000-1000-4000-8000-${1e11}`.replace(/[018]/g,a=>(a^crypto.getRandomValues(new Uint8Array(1))[0]&15>>a/4).toString(16))}}var _W=Object.defineProperty,PW=Object.getOwnPropertyDescriptor,cg=(a,s,l,p)=>{for(var d=p>1?void 0:p?PW(s,l):s,m=a.length-1,y;m>=0;m--)(y=a[m])&&(d=(p?y(s,l,d):y(d))\|\|d);return p&&d&&_W(s,l,d),d};jt.polyfill.installAll();const i3="options";function a3(a,s,l){const p=a instanceof $a?a:$a.getById(a);return l&&p.addEventListener("ready",l,{once:!0}),p.setAttribute("options",JSON.stringify(s)),p}Object.defineProperty(a3,"allowAutoplay",{get:PL,set:QX});let $a=class extends Cn{constructor(){super(...arguments),this.umpId=`ump-${MW()}`,this.ariaLabel=null,this.playerStateContext=new Rw(this,{context:mr,initialValue:xM}),this.onVideoEvent=a=>{this.dispatchEvent(new kt(a.type,a.target))}}render(){return ht` equals www.linkedin.com (Linkedin)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: u48635528.ct.sendgrid.net
Source: global traffic	DNS traffic detected: DNS query: petadolex.ca
Source: global traffic	DNS traffic detected: DNS query: o6rl.inexpartan.ru
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: aor0uy31giayv7sv489le3qcmkvpqjcnzqqb1rlz1pffhpbr94sby.ygncsqvu.ru
Source: global traffic	DNS traffic detected: DNS query: www.azure.com
Source: global traffic	DNS traffic detected: DNS query: s.go-mpulse.net
Source: global traffic	DNS traffic detected: DNS query: cdn.botframework.com
Source: global traffic	DNS traffic detected: DNS query: play.vidyard.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=mE2ru3%2FloL1M4wGqzTMnZ9emURenUJcl7iXw3H2DbPreURfcPsPl96mKnx9D3mq6OzS%2FxlBwQ3LKUn900lsO69AmDyYB8ACps9jndZ2kUoJkB1bXail%2B9GrtGl3k4Oi5uKi1VPIX HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 452Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Dec 2024 14:06:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400Age: 9823Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZDUxCl9o5ILuNQ9LtJV5oDGSehkMgtpnrYG3dGjUe%2BkEJhR5Vd0N%2B0QiT4mUIWvAWOCt%2FonG9TjoVuWrq4fzPWKOxgCQk5dzZPG6Ez4syCDm8IZxaOOzwCQpM%2BFunQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1054&min_rtt=1041&rtt_var=417&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2152&delivery_rate=2482999&cwnd=251&unsent_bytes=0&cid=b42ffbadf2b4c84d&ts=19&x=0"CF-Cache-Status: HITServer: cloudflareCF-RAY: 8f7127207f75de99-EWRserver-timing: cfL4;desc="?proto=TCP&rtt=1607&min_rtt=1601&rtt_var=614&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1917&delivery_rate=1764350&cwnd=209&unsent_bytes=0&cid=15a5696da7853a0f&ts=9354&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Dec 2024 14:06:39 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: vvZdkSiP9pzj/fYmzS6lwu5nrrvt6bYPwLU=$gqYMT6G9TLglUlCKServer: cloudflareCF-RAY: 8f7127384ce20f85-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Dec 2024 14:06:46 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 4H9CfikJnfUs6rUbY27l2tvlPSspQc/SJ98=$aioFUWaSM4hlLMmecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8f7127652d4c42f5-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Dec 2024 14:06:56 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: JYuXyGaZ06v0hjxhMlHRBu83wjpPl9/OJi4=$OWBIcNQy8vlLc9PHServer: cloudflareCF-RAY: 8f7127a02bd38c51-EWRalt-svc: h3=":443"; ma=86400

Source: chromecache_124.2.dr, chromecache_92.2.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_121.2.dr	String found in binary or memory: http://scottjehl.github.io/picturefill
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=12006
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3334
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://bugzil.la/548397
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=277178
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=308064
Source: chromecache_154.2.dr	String found in binary or memory: https://dev.azure.com/mscomdev/Moray/_workitems/edit/4494
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/key/Key_Values
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://elad.medium.com/css-position-sticky-how-it-really-works-54cd01dc2d46
Source: chromecache_109.2.dr, chromecache_128.2.dr	String found in binary or memory: https://github.com/carhartl/jquery-cookie
Source: chromecache_143.2.dr	String found in binary or memory: https://github.com/microsoft/BotFramework-WebChat/issues/2119
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://github.com/mozilla/rhino/issues/346
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: https://github.com/nevware21/ts-async
Source: chromecache_121.2.dr	String found in binary or memory: https://github.com/scottjehl/picturefill/blob/master/Authors.txt;
Source: chromecache_121.2.dr	String found in binary or memory: https://github.com/scottjehl/picturefill/tree/3.0/src/plugins/gecko-picture
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://github.com/tc39/proposal-error-cause
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://github.com/w3c/aria-practices/pull/1757
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_154.2.dr, chromecache_122.2.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.25.0/LICENSE
Source: chromecache_108.2.dr, chromecache_122.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.30.1/LICENSE
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/86#issuecomment-115759028
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://javascript.info/size-and-scroll-window#width-height-of-the-document
Source: chromecache_99.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_99.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_99.2.dr	String found in binary or memory: https://js.foundation/
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://keycode.info/table-of-all-keycodes
Source: chromecache_160.2.dr	String found in binary or memory: https://login.live.com/Me.srf?wa
Source: chromecache_160.2.dr	String found in binary or memory: https://login.microsoftonline.com/forgetuser
Source: chromecache_160.2.dr	String found in binary or memory: https://login.microsoftonline.com/savedusers?appid
Source: chromecache_160.2.dr	String found in binary or memory: https://login.microsoftonline.com/uxlogout?appid
Source: chromecache_113.2.dr	String found in binary or memory: https://o6rl.inexpartan.ru/0Fhb7R/?qrc=
Source: chromecache_121.2.dr	String found in binary or memory: https://scottjehl.github.io/picturefill/
Source: chromecache_99.2.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot-aec
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.includes
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.indexof
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-getmethod
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-hasownproperty
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-iscallable
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-lengthofarraylike
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-math.trunc
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.defineproperty
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.getownpropertydescriptor
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.getownpropertynames
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.prototype.propertyisenumerable
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.setprototypeof
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-ordinarytoprimitive
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-requireobjectcoercible
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-tointegerorinfinity
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-tolength
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-toobject
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-toprimitive
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-topropertykey
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/proposal-error-cause/#sec-errorobjects-install-error-cause

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: classification engine

Classification label: mal68.phis.win@22/121@44/14

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2184,i,16216931406052077685,12258593512264580968,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u48635528.ct.sendgrid.net/ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymiQOzypjCqxHhzmXtY2EWHJMJBxjl-2FHlyEIekWjEdTpTsRC8R5LaI-2BXF4kV8UeUtXxyFJLbYiR3fqcWt2evvBBECu9MeQj8TLZrmfuTf-2BJQraijp8-2BcIdxf8rnVxjHoJK1lo9-2Bkao444JbRSinVA-2FoUxeuAtdlrITU1Z6gHAn7DLZstY4XJkhkT16-2F2TN4CFt2LQ-2BEh9GWg4EPlocPi8ljTs-2B9D9RVbWdc3s2Vk2VPHSj20oCO3-2FalihBzGJuaYie5tnYaz6wBF3EqNzMXmVqRnMZwSYuGRwSMVhkchytYzt3hUH-2F51IUfn7nuhHUcUbdS8nBYneAMuB2eSDRn8IZzUkExLUascCVn8T9ImEyo0qhVsBPdJjfT9L3qli9clY1N-2BhQXDZgQnsN1Bs9PujeLzem37C62BvWnqPnqvXh5vbcvseiZwTP35DEJysw-3D-3D#mlyon@wc.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2184,i,16216931406052077685,12258593512264580968,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
172.217.21.36	www.google.com	United States	15169	GOOGLEUS	false
104.21.91.204	o6rl.inexpartan.ru	United States	13335	CLOUDFLARENETUS	true
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
192.185.77.74	petadolex.ca	United States	46606	UNIFIEDLAYER-AS-1US	true
172.67.168.1	aor0uy31giayv7sv489le3qcmkvpqjcnzqqb1rlz1pffhpbr94sby.ygncsqvu.ru	United States	13335	CLOUDFLARENETUS	false
104.18.95.41	unknown	United States	13335	CLOUDFLARENETUS	false
167.89.118.23	u48635528.ct.sendgrid.net	United States	11377	SENDGRIDUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.17.25.14	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4
192.168.2.5

Contacted Domains

Name	IP	Active
u48635528.ct.sendgrid.net	167.89.118.23	true
a.nel.cloudflare.com	35.190.80.1	true
code.jquery.com	151.101.66.137	true
cdnjs.cloudflare.com	104.17.24.14	true
challenges.cloudflare.com	104.18.94.41	true
o6rl.inexpartan.ru	104.21.91.204	true
www.google.com	172.217.21.36	true
petadolex.ca	192.185.77.74	true
aor0uy31giayv7sv489le3qcmkvpqjcnzqqb1rlz1pffhpbr94sby.ygncsqvu.ru	172.67.168.1	true
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true
s.go-mpulse.net	unknown	unknown
www.azure.com	unknown	unknown
play.vidyard.com	unknown	unknown
cdn.botframework.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8f71270faa3f423a/1735049197093/4d817d3c4d7367ea88d3e4c448db4fd7f0e9c1b3844763606733f21905384022/4-si6UbIXrCDaOH	false		high
https://aor0uy31giayv7sv489le3qcmkvpqjcnzqqb1rlz1pffhpbr94sby.ygncsqvu.ru/598751268380591bUNXIIfJaIAHTIXSYQUJXLCQDGIOWNJQWJMTAUJIIGQ	false	Avira URL Cloud: malware	unknown
http://petadolex.ca//Privacy/mwe.html	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1333725566:1735046060:ea7DtCrMPzRHKu6JjFqJvdNTHHkD3P6YuZW747PdR4Y/8f71270faa3f423a/qEnuJJ6hsd2nQpw8YmXDFEnYwgxQQgvbDsWJJCsuHBk-1735049192-1.1.1.1-uO8h3i.NDANY4hPZuNQYsijOqvbMG2iJ4kKaQ5gCVucf1LtqvyuODcuc2aYcszLF	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1	false		high
https://challenges.cloudflare.com/turnstile/v0/b/787bc399e22f/api.js	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8f71270faa3f423a/1735049197089/RNQ7OOfTgli-F5R	false		high
https://petadolex.ca/Privacy/mwe.html	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/o2okh/0x4AAAAAAA3SrXwIAdDnw3nH/auto/fbE/normal/auto/	false		high
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	false		high
https://a.nel.cloudflare.com/report/v4?s=ZDUxCl9o5ILuNQ9LtJV5oDGSehkMgtpnrYG3dGjUe%2BkEJhR5Vd0N%2B0QiT4mUIWvAWOCt%2FonG9TjoVuWrq4fzPWKOxgCQk5dzZPG6Ez4syCDm8IZxaOOzwCQpM%2BFunQ%3D%3D	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8f71270faa3f423a&lang=auto	false		high
https://a.nel.cloudflare.com/report/v4?s=mE2ru3%2FloL1M4wGqzTMnZ9emURenUJcl7iXw3H2DbPreURfcPsPl96mKnx9D3mq6OzS%2FxlBwQ3LKUn900lsO69AmDyYB8ACps9jndZ2kUoJkB1bXail%2B9GrtGl3k4Oi5uKi1VPIX	false		high
https://u48635528.ct.sendgrid.net/ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymiQOzypjCqxHhzmXtY2EWHJMJBxjl-2FHlyEIekWjEdTpTsRC8R5LaI-2BXF4kV8UeUtXxyFJLbYiR3fqcWt2evvBBECu9MeQj8TLZrmfuTf-2BJQraijp8-2BcIdxf8rnVxjHoJK1lo9-2Bkao444JbRSinVA-2FoUxeuAtdlrITU1Z6gHAn7DLZstY4XJkhkT16-2F2TN4CFt2LQ-2BEh9GWg4EPlocPi8ljTs-2B9D9RVbWdc3s2Vk2VPHSj20oCO3-2FalihBzGJuaYie5tnYaz6wBF3EqNzMXmVqRnMZwSYuGRwSMVhkchytYzt3hUH-2F51IUfn7nuhHUcUbdS8nBYneAMuB2eSDRn8IZzUkExLUascCVn8T9ImEyo0qhVsBPdJjfT9L3qli9clY1N-2BhQXDZgQnsN1Bs9PujeLzem37C62BvWnqPnqvXh5vbcvseiZwTP35DEJysw-3D-3D	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 100	ASCII text	D54C23BA76BD8648119795790AE83779	D8D52ACAEB44EF8D5ED93D3EB65465AEFC8E8EA7	50F43ABADD35CC811C5C927FA149DD93E18707562D9961D82208B3261E2C1A34
Chrome Cache Entry: 101	ASCII text, with very long lines (64796)	009D84A1397E9783E36E83B82D8A82BD	B7D79A061F83BAF146F89E3D0E48DB9C6EFD357E	AB4482DFBF177924A2677875F356CC084F4B01EAC3554D0F03E1481FCC010BFC
Chrome Cache Entry: 102	SVG Scalable Vector Graphics image	5230258C62809AABCDF5F68BF091899C	6BA8AB8858FDB46C7FBBB9784890A141D25EC0EC	7EE3BF469607984A653D929CE069DB63FB7B1AABFB4053EF26D0245AF0ECC320
Chrome Cache Entry: 103	C source, ASCII text, with very long lines (65103)	FA4C76A7FDE62B18054CF7EB8E946012	B20150066A879D2B78DD3D4908F4ACD148EE66F8	09EBD7F407439990AAC227E70DA23E1A819E8E30282928E324370805F480BEC4
Chrome Cache Entry: 104	C++ source, ASCII text	1C7E214F5AF8CAA06F783A38D40127C6	61F88B722FAA7A7AE86D354DBCFC1D771FF23289	9EA42247944D18B77EB76FBCCAF1774559B6F312B1376002F553C4ECB827E4C5
Chrome Cache Entry: 105	ASCII text, with very long lines (47691)	9046FDD8B20F930F537279DEDE41E747	EBB905F60D71F45D056D42E6096736EA8C2D4BD9	5AAC9E52F80011983676C03AD8120E0369E651E6357D0B05054026A3BC8EC32D
Chrome Cache Entry: 106	HTML document, ASCII text, with very long lines (7461), with CRLF line terminators	5E0584265F1D20E0EE45ADD0A4C2F117	F01CF12D72C05432E19FDAF1233D4D09217F07C8	E8127C96588805677EBFC6185FA9036CA9D628C470EA16147B9B191F6EB82485
Chrome Cache Entry: 107	C++ source, ASCII text	D2F3218A374A1305FE262FC4BAEEDDD1	103721E516DC86A8EC433C6EA7C227BF7D954A55	F76208F59F7E18EFB405361893B45B9DD7D0759BB5329AC664F39C02384982CD
Chrome Cache Entry: 108	ASCII text, with very long lines (655)	763C942B927FE0F5D20F673EAEA8CA64	1702988FC64DC26072BDCA99D237F9C8AEF5DC75	0625AEA907B132E21DDA7CFE12C3AFFE07EAA45E9900CB5BDB602469F89C2E0D
Chrome Cache Entry: 109	ASCII text, with very long lines (505)	20AAFDF6904D3DC5DB0E0E33ABBFC1A4	CC1A639FF69FE0D8A8F1EFEE7FCB04941E7B57C8	EE4E620F350907CE3867454B2BD45984BE949EB46B113183D4B8B403032DA14D
Chrome Cache Entry: 110	ASCII text	2B143BED0FF34BC70BC0703346F70E08	7FB14A8842293FD041C7C138285AC2F822AC4B4C	C35BBDEE4A46BFBF552989E1126E1F09B454EB3DC2523376C38964BF6128BE86
Chrome Cache Entry: 111	ASCII text, with very long lines (52717), with no line terminators	413FCC759CC19821B61B6941808B29B5	1AD23B8A202043539C20681B1B3E9F3BC5D55133	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
Chrome Cache Entry: 112	ASCII text, with very long lines (510)	81B1EF0C4A6B80454291234FCD6E45B0	1353F3119D378FFB222149AE19755423EF5347BE	B05D865A37D5EFC60E028BC9FBC6B63459C78D21B0B70B3797AC97C1AD9BA88D
Chrome Cache Entry: 113	HTML document, ASCII text, with CRLF line terminators	7D3A09172E119C48BF7CA0ECD225B6F9	3F6ADC7A70D6EF7BF4625CA57A3C96198EBB6BCC	8E7B7427A321273EB57BDE49F2326D8E9C00A0F26E93B379C13048E3443D4E1A
Chrome Cache Entry: 114	ASCII text, with very long lines (52717), with no line terminators	413FCC759CC19821B61B6941808B29B5	1AD23B8A202043539C20681B1B3E9F3BC5D55133	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
Chrome Cache Entry: 115	ASCII text	2ADD065651AFB45E8C80967DD7B86A41	32A99770B83F754338EDF886571A91CEDD404F70	3ECC4A2E8123EAD290D257F820C1CDAFB484A990B5D71AF3F6406CC85978B21B
Chrome Cache Entry: 116	SVG Scalable Vector Graphics image	5230258C62809AABCDF5F68BF091899C	6BA8AB8858FDB46C7FBBB9784890A141D25EC0EC	7EE3BF469607984A653D929CE069DB63FB7B1AABFB4053EF26D0245AF0ECC320
Chrome Cache Entry: 117	ASCII text, with very long lines (48316), with no line terminators	2CA03AD87885AB983541092B87ADB299	1A17F60BF776A8C468A185C1E8E985C41A50DC27	8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
Chrome Cache Entry: 118	very short file (no magic)	C4CA4238A0B923820DCC509A6F75849B	356A192B7913B04C54574D18C28D46E6395428AB	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
Chrome Cache Entry: 119	ASCII text	BAFE79E0C43855F90798214635C94DFA	BC8397E35A82C03C8D9068A4747B4063EE30B23F	A56F528A55B6E44AF5C81B14BEEDBA9A607529DFEC60B238CB5A102E3F26BA8D
Chrome Cache Entry: 120	ASCII text, with very long lines (534)	7677F65C1626AB1BDE509437776D4291	E51C5E64E5ED9D95FFA2BB31B821229F4502BDA9	76607654EAFACC56092479AD570B118BE287CB2341711030CE47A88AAEC760D2
Chrome Cache Entry: 121	ASCII text, with very long lines (566)	F381D5147C85EE687EA8FBEF32C83D37	EB654ABAF1DF5CCB830763D5A40140B5C093C49F	2D0832B29F1B3347C4B5046C373A635884B76ABAF2DE3FF650EE74D8B46F001E
Chrome Cache Entry: 122	ASCII text, with very long lines (655)	763C942B927FE0F5D20F673EAEA8CA64	1702988FC64DC26072BDCA99D237F9C8AEF5DC75	0625AEA907B132E21DDA7CFE12C3AFFE07EAA45E9900CB5BDB602469F89C2E0D
Chrome Cache Entry: 123	ASCII text	884BD098ECB71645787C430F99C6D7B6	1F8B450E1D71D2F2242D6959A8C0EC50974EE448	B4530D1B6EE9EAF575D6758D140613A368341C087BF22EF3E9475C477E798733
Chrome Cache Entry: 124	ASCII text, with very long lines (42133)	5B85413B96AF340238B93068CDB641FB	D949C985DF4F80FAB0CF036A1DD86C63CA342F1F	1B448C19C6DF1F2D15399A710A73BB3EC0C5233B571CDFAE9CCA315E6E13FB85
Chrome Cache Entry: 125	Unicode text, UTF-8 text, with very long lines (65302)	561C834597FB9BC5AAC4021E21E006BE	C535802C0C6171B4BE1A776034C330418B36983D	D8BAB22B1506E8444C64D92431F521964F658C380F5D32738AFEA85C15F03013
Chrome Cache Entry: 126	ASCII text, with very long lines (26038)	40E19CF8ACC7DA8B412D9DC7AEC9CADF	1C8C41E5539DF84A456E7489337232CD39B935D6	8FFC6D2FF1CFE373AA978197626007D737D245DE335B028DC832C53D4EAD3A94
Chrome Cache Entry: 127	ASCII text	F25FEC6821F63D701A6B6291A4011894	1260AC884282372B86F3A600BA8903AD75983E67	DD8619BE444CCE5F8DB053215BB018C0BBC09AF7BAA9E66618BDF041B0A2E09C
Chrome Cache Entry: 128	ASCII text, with very long lines (505)	20AAFDF6904D3DC5DB0E0E33ABBFC1A4	CC1A639FF69FE0D8A8F1EFEE7FCB04941E7B57C8	EE4E620F350907CE3867454B2BD45984BE949EB46B113183D4B8B403032DA14D
Chrome Cache Entry: 129	ASCII text, with very long lines (47691)	9046FDD8B20F930F537279DEDE41E747	EBB905F60D71F45D056D42E6096736EA8C2D4BD9	5AAC9E52F80011983676C03AD8120E0369E651E6357D0B05054026A3BC8EC32D
Chrome Cache Entry: 130	ASCII text	F9F2395C582FA601707B7A5DFAE9F05F	27B15AECD0BFDD3B25556AC00755856D4D331E0D	D7D6D06624D4BDF6935B848DF342CE322D02B58D12BF12149DF92D557E5E9BC4
Chrome Cache Entry: 131	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 132	ASCII text, with very long lines (26038)	40E19CF8ACC7DA8B412D9DC7AEC9CADF	1C8C41E5539DF84A456E7489337232CD39B935D6	8FFC6D2FF1CFE373AA978197626007D737D245DE335B028DC832C53D4EAD3A94
Chrome Cache Entry: 133	C source, ASCII text, with very long lines (65103)	FA4C76A7FDE62B18054CF7EB8E946012	B20150066A879D2B78DD3D4908F4ACD148EE66F8	09EBD7F407439990AAC227E70DA23E1A819E8E30282928E324370805F480BEC4
Chrome Cache Entry: 134	ASCII text, with very long lines (590)	4CFFC2C9B55F8BDE649E0D2535A1EEBD	2AAF4DF1E02ED4F5BB48F00A7423F748BF544E0C	7BB50A050792F761855CC330E0248D037B37DD68FD23FBB7DB8A7E8694F50A94
Chrome Cache Entry: 135	C++ source, ASCII text	1C7E214F5AF8CAA06F783A38D40127C6	61F88B722FAA7A7AE86D354DBCFC1D771FF23289	9EA42247944D18B77EB76FBCCAF1774559B6F312B1376002F553C4ECB827E4C5
Chrome Cache Entry: 136	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 137	ASCII text	106A6A519DAD38A935C4D5AA2786D6FB	3340ADF8A3220D92786A423BEED46092103C5D7D	C0F462098BFAC577C182C3A983C6A35A5016A5EE96655CF7B57A46F70EAB83EF
Chrome Cache Entry: 138	ASCII text, with very long lines (510)	81B1EF0C4A6B80454291234FCD6E45B0	1353F3119D378FFB222149AE19755423EF5347BE	B05D865A37D5EFC60E028BC9FBC6B63459C78D21B0B70B3797AC97C1AD9BA88D
Chrome Cache Entry: 139	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced	D596565EC1F100A507CC0D5F663B6D57	6B688AA0541E5758B9A54C1848C6A52886E081BA	4C8A06620DD3AADE66AEB759A5FC2BCEC1B51B66EA9C456B5DC3F511CB783258
Chrome Cache Entry: 140	very short file (no magic)	C4CA4238A0B923820DCC509A6F75849B	356A192B7913B04C54574D18C28D46E6395428AB	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
Chrome Cache Entry: 141	ASCII text, with very long lines (309), with no line terminators	D7106DB242C2B41F88A1B02418BEC7E2	7A445118F0B5712744AA4AED6889B28C1E7779F7	044527A735B287BD84D2AE6D2D3B89C85B52C9750BB07E5AEF19FB8F28F0442B
Chrome Cache Entry: 142	ASCII text, with no line terminators	96F0C5B1219E39B8788028F5C17A5AD9	D6DCE0DE065B0D13905EAEDA0BA5C0DEA3D8F67C	1FC2BCE2D46DF4565B8C488B22225CFE7ADB7C37CC9A542D4F85B61995B306CB
Chrome Cache Entry: 143	ASCII text, with very long lines (65471)	B43015D52D9B94E96ED0014BEEC60073	4FF02D873DE449E83D0BD2E8CA0AEE0CCCEC2A5C	74F25E06CA7E129830D80CE20633807EE402C2163B758A9642A1845C59CADB14
Chrome Cache Entry: 144	ASCII text	44700D76F3F63FA33F30039BB9C74B39	F68B158102C2575081CB4308E4FEA483E1B9D604	FD73C7131FEA30896A95BC1D0E9F08F383FEFB03730DB9A433F43B319EFF33AC
Chrome Cache Entry: 145	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced	D596565EC1F100A507CC0D5F663B6D57	6B688AA0541E5758B9A54C1848C6A52886E081BA	4C8A06620DD3AADE66AEB759A5FC2BCEC1B51B66EA9C456B5DC3F511CB783258
Chrome Cache Entry: 146	C++ source, ASCII text	B884EF4864D6867BD00AA4A7A5CFB368	D45D8BD33632588A913575910B3D0EABD5AD3828	177F6B14CEB87D301946D00124195EBB755A452BA40ABCA5CF6A4E77E52222F5
Chrome Cache Entry: 148	Unicode text, UTF-8 text, with very long lines (1999)	3CB55A1B7E29CABDED7D23377524B55E	5731994750E31D9CD11085570630EAC99DC65845	0953ECFC1629CBBB80658EEC92D00BA89058F6862E5CD742A419412207088D3C
Chrome Cache Entry: 149	ASCII text	08C5F9CB4220E78FF920DAE3A7A8ED53	06063CC0DE00B0F698B07DEB66DDEDE5C60940E7	E8B12100E50470AE78CA039D5662394A89E01C61FE8D4682DFE606E906E677ED
Chrome Cache Entry: 150	ASCII text	9EEA5F80FED74A300CCBBAA4DC41DF2A	08568A33ED8E994237DB997AFABF85723AD7E92D	32E9B0F50257F381F3F1F3002B7DFD3AF138916429D53FAAC58FD9D0D1550CF4
Chrome Cache Entry: 151	PNG image data, 85 x 84, 8-bit/color RGB, non-interlaced	ED17E12478F780A8E014D3BA74BD5D3F	2D7F569F04439A702A08289A0962552259DFD726	FFB6E8D207D201679BDB76B02AE310A0E9A7F915F9F65BCD06297DFF61057622
Chrome Cache Entry: 152	ASCII text	131D95CF2EC0E511B73B264FA0C84059	10A0E2E7C996B7C482B64B953F0A443672A55CF7	44A041D41D7F1E7C09AFBCF26471F2370C7182C915633049DDD27229DDBE2C33
Chrome Cache Entry: 153	RIFF (little-endian) data, Web/P image	BECC0A85B305AE2D75C8F70104DEF41C	14B9ECC6A61370E5EDCDE0F36A57E7F86CF278B0	842A2675D9AFBDDAE9F338E8868F7CAC0B9B96E575BEE2085BFA06DE691D98DB
Chrome Cache Entry: 154	Unicode text, UTF-8 text, with very long lines (1999)	3CB55A1B7E29CABDED7D23377524B55E	5731994750E31D9CD11085570630EAC99DC65845	0953ECFC1629CBBB80658EEC92D00BA89058F6862E5CD742A419412207088D3C
Chrome Cache Entry: 155	ASCII text, with no line terminators	D66C468F4CA17E83CCD97A4518B3E814	2E657440F653DA65E699AC9230D82FAEE414D8A5	8E1CE663720F6AFB2DEE29B587D3F7559EA89BC622F966120C9F108172A5C866
Chrome Cache Entry: 156	SVG Scalable Vector Graphics image	71466B34E5515A90219D78F8E13B609B	AD1A515D373D08A66A5121FE248BE5648C07E534	52EFB7BE976E0A4B617C597927120CBB6C58E8E7ED4C866A947D879D17433D69
Chrome Cache Entry: 157	ISO Media, AVIF Image	1BB082999BE6B451D19A2717F2FB5B82	2FCAA707B756AD62856F7934BA041AAF1EC4A37A	1D51D4019523058E1AF970AD8F4DD327CE056C949C9F18D0985BADF40E17D8D9
Chrome Cache Entry: 158	ASCII text, with very long lines (584)	2954890B89E77EADECA4558085241308	EE0E88A398434019AAA6EA8A38867494C585B31A	06E35DF1A5074DA424B0FFB0BE44F5DAE4209C8C52F1F9C2FC53572509031831
Chrome Cache Entry: 159	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 160	ASCII text, with very long lines (584)	1DABD5CC3F7B68C178B59EA74DC62947	B8DF9D8FD267B8B74325667DC97278CCC90A1464	E49EFB0A75AF4995902362EA679A0FC4EB120A881A090CB8424D5CBD183436A2
Chrome Cache Entry: 90	ASCII text, with very long lines (48316), with no line terminators	2CA03AD87885AB983541092B87ADB299	1A17F60BF776A8C468A185C1E8E985C41A50DC27	8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
Chrome Cache Entry: 91	ASCII text, with no line terminators	A8A3710424DC6E0DFF393C6964441BDB	E4978066791DD394BDDD174F2687A7CDD43442B2	46CD047CC0D3D10776E2F50D4C9D55DB58BD97D7A95B7D691F53D4937C71CF00
Chrome Cache Entry: 92	ASCII text, with very long lines (42133)	5B85413B96AF340238B93068CDB641FB	D949C985DF4F80FAB0CF036A1DD86C63CA342F1F	1B448C19C6DF1F2D15399A710A73BB3EC0C5233B571CDFAE9CCA315E6E13FB85
Chrome Cache Entry: 93	ASCII text, with very long lines (534)	7677F65C1626AB1BDE509437776D4291	E51C5E64E5ED9D95FFA2BB31B821229F4502BDA9	76607654EAFACC56092479AD570B118BE287CB2341711030CE47A88AAEC760D2
Chrome Cache Entry: 94	C++ source, ASCII text	D2F3218A374A1305FE262FC4BAEEDDD1	103721E516DC86A8EC433C6EA7C227BF7D954A55	F76208F59F7E18EFB405361893B45B9DD7D0759BB5329AC664F39C02384982CD
Chrome Cache Entry: 95	Unicode text, UTF-8 text, with very long lines (64241)	8F186BBA557DC6140841C682AF4D60EE	CE2F96E57EE3D9ED15B8A2DD3EBDC7E54439AF98	CDA4813A965CCD1AAA50550D08B928AAF4C7F50B6F77823213FE3A97E806C2F1
Chrome Cache Entry: 96	ASCII text	381C7C29564E2BDCFB644BC9E89E18A4	01A8255EA6F3A030FC83C343252D8A88FCDB5B52	3F209A8E721FFD91D7CA9B746FC928F35BC6AA6E19D43E9B02F29293174033E7
Chrome Cache Entry: 97	PNG image data, 85 x 84, 8-bit/color RGB, non-interlaced	ED17E12478F780A8E014D3BA74BD5D3F	2D7F569F04439A702A08289A0962552259DFD726	FFB6E8D207D201679BDB76B02AE310A0E9A7F915F9F65BCD06297DFF61057622
Chrome Cache Entry: 98	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 99	ASCII text, with very long lines (889)	35986A813756F39AB6B922979FFEDB03	C8E2213BBAFAF535DA9C6676F3DBA43449E4D15A	E2D92BDAAD925C6D355331A338384EE3FF82492352975DD4EFDA791AEF4AB3F5

AV Detection

Antivirus / Scanner detection for submitted sample

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://aor0uy31giayv7sv489le3qcmkvpqjcnzqqb1rlz1pffhpbr94sby.ygncsqvu.ru/598751268380591bUNXIIfJaIAHTIXSYQUJXLCQDGIOWNJQWJMTAUJIIGQ

Avira URL Cloud: Label: malware

Phishing

Yara detected HtmlPhish44

Source: Yara match

File source: dropped/chromecache_106, type: DROPPED

AI detected suspicious Javascript

Source: 0.2.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://o6rl.inexpartan.ru/0Fhb7R/?qrc=mlyon@wc.co... This script exhibits several high-risk behaviors, including detecting the presence of web automation tools, disabling common keyboard shortcuts, and triggering a redirect to an external domain. The script appears to be attempting to prevent analysis and interaction, which is a strong indicator of malicious intent.
Source: 0.1.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://o6rl.inexpartan.ru/0Fhb7R/?qrc=mlyon@wc.co... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated code and the presence of anti-debugging techniques further increase the risk. While the script may have some legitimate functionality, the overall behavior is highly suspicious and indicative of malicious intent.
Source: 0.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://petadolex.ca/Privacy/mwe.html#mlyon@wc.com... The script demonstrates several high-risk behaviors, including redirecting the user to an untrusted domain after a short delay and potentially exfiltrating user data (email address) via the URL. The use of obfuscation (Base64 encoding) and the immediate redirect without user interaction further increases the risk.
Source: 0.3.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://o6rl.inexpartan.ru/0Fhb7R/?qrc=mlyon@wc.co... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The script uses the `turnstile.render()` function to render a CAPTCHA widget, but it also includes a custom error callback function `mSSFAETVxE()` and a callback function `OYNQcTmCcB()` that perform potentially malicious actions. The `OYNQcTmCcB()` function prevents the form submission, sets a hardcoded value for the `pagelink` field, and then makes a GET request to a suspicious domain. Depending on the response, it either makes a POST request to another suspicious domain with the form data or redirects the user to `https://www.azure.com`. This script demonstrates clear intent to collect user data and redirect to potentially malicious domains, which is highly suspicious and poses a significant security risk.

URL contains potential PII (phishing indication)

Sample URL: PII: mlyon@wc.com

Source: https://o6rl.inexpartan.ru/0Fhb7R/?qrc=mlyon@wc.com	HTTP Parser: No favicon
Source: https://o6rl.inexpartan.ru/0Fhb7R/?qrc=mlyon@wc.com	HTTP Parser: No favicon
Source: https://azure.microsoft.com/en-us/	HTTP Parser: No favicon

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: u48635528.ct.sendgrid.net to http://petadolex.ca//privacy/mwe.html

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymiQOzypjCqxHhzmXtY2EWHJMJBxjl-2FHlyEIekWjEdTpTsRC8R5LaI-2BXF4kV8UeUtXxyFJLbYiR3fqcWt2evvBBECu9MeQj8TLZrmfuTf-2BJQraijp8-2BcIdxf8rnVxjHoJK1lo9-2Bkao444JbRSinVA-2FoUxeuAtdlrITU1Z6gHAn7DLZstY4XJkhkT16-2F2TN4CFt2LQ-2BEh9GWg4EPlocPi8ljTs-2B9D9RVbWdc3s2Vk2VPHSj20oCO3-2FalihBzGJuaYie5tnYaz6wBF3EqNzMXmVqRnMZwSYuGRwSMVhkchytYzt3hUH-2F51IUfn7nuhHUcUbdS8nBYneAMuB2eSDRn8IZzUkExLUascCVn8T9ImEyo0qhVsBPdJjfT9L3qli9clY1N-2BhQXDZgQnsN1Bs9PujeLzem37C62BvWnqPnqvXh5vbcvseiZwTP35DEJysw-3D-3D HTTP/1.1Host: u48635528.ct.sendgrid.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Privacy/mwe.html HTTP/1.1Host: petadolex.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0Fhb7R/?qrc=mlyon@wc.com HTTP/1.1Host: o6rl.inexpartan.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://petadolex.ca/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://o6rl.inexpartan.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://o6rl.inexpartan.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://o6rl.inexpartan.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/787bc399e22f/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://o6rl.inexpartan.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/787bc399e22f/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/o2okh/0x4AAAAAAA3SrXwIAdDnw3nH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://o6rl.inexpartan.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8f71270faa3f423a&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/o2okh/0x4AAAAAAA3SrXwIAdDnw3nH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/o2okh/0x4AAAAAAA3SrXwIAdDnw3nH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: o6rl.inexpartan.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://o6rl.inexpartan.ru/0Fhb7R/?qrc=mlyon@wc.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjZvckFzVzllQklsTDBiZEo4RkRKOXc9PSIsInZhbHVlIjoiNkdRdmlETkp0Y0VSNUtxZXZXdUc5MW9lVE9abHFwOXk2NTZuS0xjb2EyQzFlUTZTZHRrMFJMNUFTWStORWFwZURReUU1OUE5Z2d0SDJFVC9uNHlyc01RT3NDNjVObDkxZVBaV2QrUFBZaHBkaWdMdkU5Mlh3MFUvV2dKbU5TWW8iLCJtYWMiOiI1ZDJhMDA4MmM4YTA3NWRhOGQ1NjMwYWIxNGIzNzg5MzViYTNlNDMyZTAxN2Q0YmNlY2Y2MzVhNTU5YjMwODk0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFWK1U4dWluTmUxK3BjZW80YzJrMGc9PSIsInZhbHVlIjoiYStHeEtjYXp0TktSOGhKUVVnazZieEVudWxoVVVJMVNaZFJ1ZU5Tbzd5VGhnWkJ1SUFKRVZYVUpZR0VScmRrb1dia3Rkci90ZTRxRHhFTmFBamtGaEFFV044MWhtWFQ4Z1ZmTTJvd0JFckg4TjExRkhnTi9qQmRPMVRVeC9OOHYiLCJtYWMiOiIwZjFkODRlNjEyOTcxNmI1NzdlMzRhNWJhNDFlMWNjNDc1ZDQ1ZTgzM2UwNWUyM2VkNTAwODgzMjJlN2VhMGM5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8f71270faa3f423a&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1333725566:1735046060:ea7DtCrMPzRHKu6JjFqJvdNTHHkD3P6YuZW747PdR4Y/8f71270faa3f423a/qEnuJJ6hsd2nQpw8YmXDFEnYwgxQQgvbDsWJJCsuHBk-1735049192-1.1.1.1-uO8h3i.NDANY4hPZuNQYsijOqvbMG2iJ4kKaQ5gCVucf1LtqvyuODcuc2aYcszLF HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8f71270faa3f423a/1735049197089/RNQ7OOfTgli-F5R HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/o2okh/0x4AAAAAAA3SrXwIAdDnw3nH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8f71270faa3f423a/1735049197089/RNQ7OOfTgli-F5R HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8f71270faa3f423a/1735049197093/4d817d3c4d7367ea88d3e4c448db4fd7f0e9c1b3844763606733f21905384022/4-si6UbIXrCDaOH HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/o2okh/0x4AAAAAAA3SrXwIAdDnw3nH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1333725566:1735046060:ea7DtCrMPzRHKu6JjFqJvdNTHHkD3P6YuZW747PdR4Y/8f71270faa3f423a/qEnuJJ6hsd2nQpw8YmXDFEnYwgxQQgvbDsWJJCsuHBk-1735049192-1.1.1.1-uO8h3i.NDANY4hPZuNQYsijOqvbMG2iJ4kKaQ5gCVucf1LtqvyuODcuc2aYcszLF HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1333725566:1735046060:ea7DtCrMPzRHKu6JjFqJvdNTHHkD3P6YuZW747PdR4Y/8f71270faa3f423a/qEnuJJ6hsd2nQpw8YmXDFEnYwgxQQgvbDsWJJCsuHBk-1735049192-1.1.1.1-uO8h3i.NDANY4hPZuNQYsijOqvbMG2iJ4kKaQ5gCVucf1LtqvyuODcuc2aYcszLF HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /598751268380591bUNXIIfJaIAHTIXSYQUJXLCQDGIOWNJQWJMTAUJIIGQ HTTP/1.1Host: aor0uy31giayv7sv489le3qcmkvpqjcnzqqb1rlz1pffhpbr94sby.ygncsqvu.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://o6rl.inexpartan.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://o6rl.inexpartan.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /598751268380591bUNXIIfJaIAHTIXSYQUJXLCQDGIOWNJQWJMTAUJIIGQ HTTP/1.1Host: aor0uy31giayv7sv489le3qcmkvpqjcnzqqb1rlz1pffhpbr94sby.ygncsqvu.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET //Privacy/mwe.html HTTP/1.1Host: petadolex.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: </svg>`;function EW(a,s){return l=>{const p=AW(l).map(f=>CW(f));s.setValue({...s.value,shareOptions:p});function d(){s.setValue({...s.value,shareDialogOpened:!0})}function m(){var f,E,I,D,N,O;s.setValue({...s.value,shareDialogOpened:!1}),(O=(N=(D=(I=(E=(f=a.renderRoot)==null?void 0:f.querySelector("ump-controls"))==null?void 0:E.renderRoot.querySelector("ump-control-bar"))==null?void 0:I.renderRoot.querySelector("ump-more-menu"))==null?void 0:D.renderRoot.querySelector('[data-id="more-menu-button"]'))==null?void 0:N.focus)==null\|\|O.call(N)}const y=Hh(a);return y.addEventListener("share-button-clicked",d),y.addEventListener("share-dialog-closed",m),()=>{y.removeAllListeners()}}}function AW(a){return a.options.share?a.options.shareOptions.length===0?wM:a.options.shareOptions:[]}function CW(a){const s=new URL(window.location.href);s.searchParams.delete("jsapi");const l=s.toString();switch(a){case"facebook":return{id:"facebook",url:`https://www.facebook.com/share.php?u=${encodeURIComponent(l)}`,icon:SW};case"linkedin":return{id:"linkedin",url:`https://www.linkedin.com/shareArticle?mini=true&url=${encodeURIComponent(l)}&title=&summary=&source=`,icon:TW};case"twitter":return{id:"twitter",url:`https://x.com/share?url=${encodeURIComponent(l)}&text=`,icon:kW};case"mail":return{id:"mail",url:`mailto:?subject=Check out this great video&body=${encodeURIComponent(l)}`,icon:xW};default:return{id:"copy",url:l,icon:""}}}function IW(){return a=>{if(a.options.sources.length===0)return()=>{};a.addEventListener("loadsourcesrequest",s);async function s(){a.dispatchEvent(new jt.util.FakeEvent("playerloadmediastart"));const l=lg(a.options.sources);try{await a.load(l[0].src,a.options.startTime,l[0].type)}catch{a.dispatchShakaError(jt.util.Error.Severity.CRITICAL,jt.util.Error.Category.MEDIA,jt.util.Error.Code.MEDIA_SOURCE_OPERATION_FAILED);return}await a.loadCaptions(),a.dispatchEvent(new jt.util.FakeEvent("playerloadmediaend")),a.dispatchEvent(new jt.util.FakeEvent("loadsourcescomplete"))}return()=>{}}}function MW(){try{return crypto.randomUUID()}catch{return`10000000-1000-4000-8000-${1e11}`.replace(/[018]/g,a=>(a^crypto.getRandomValues(new Uint8Array(1))[0]&15>>a/4).toString(16))}}var _W=Object.defineProperty,PW=Object.getOwnPropertyDescriptor,cg=(a,s,l,p)=>{for(var d=p>1?void 0:p?PW(s,l):s,m=a.length-1,y;m>=0;m--)(y=a[m])&&(d=(p?y(s,l,d):y(d))\|\|d);return p&&d&&_W(s,l,d),d};jt.polyfill.installAll();const i3="options";function a3(a,s,l){const p=a instanceof $a?a:$a.getById(a);return l&&p.addEventListener("ready",l,{once:!0}),p.setAttribute("options",JSON.stringify(s)),p}Object.defineProperty(a3,"allowAutoplay",{get:PL,set:QX});let $a=class extends Cn{constructor(){super(...arguments),this.umpId=`ump-${MW()}`,this.ariaLabel=null,this.playerStateContext=new Rw(this,{context:mr,initialValue:xM}),this.onVideoEvent=a=>{this.dispatchEvent(new kt(a.type,a.target))}}render(){return ht` equals www.facebook.com (Facebook)
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: </svg>`;function EW(a,s){return l=>{const p=AW(l).map(f=>CW(f));s.setValue({...s.value,shareOptions:p});function d(){s.setValue({...s.value,shareDialogOpened:!0})}function m(){var f,E,I,D,N,O;s.setValue({...s.value,shareDialogOpened:!1}),(O=(N=(D=(I=(E=(f=a.renderRoot)==null?void 0:f.querySelector("ump-controls"))==null?void 0:E.renderRoot.querySelector("ump-control-bar"))==null?void 0:I.renderRoot.querySelector("ump-more-menu"))==null?void 0:D.renderRoot.querySelector('[data-id="more-menu-button"]'))==null?void 0:N.focus)==null\|\|O.call(N)}const y=Hh(a);return y.addEventListener("share-button-clicked",d),y.addEventListener("share-dialog-closed",m),()=>{y.removeAllListeners()}}}function AW(a){return a.options.share?a.options.shareOptions.length===0?wM:a.options.shareOptions:[]}function CW(a){const s=new URL(window.location.href);s.searchParams.delete("jsapi");const l=s.toString();switch(a){case"facebook":return{id:"facebook",url:`https://www.facebook.com/share.php?u=${encodeURIComponent(l)}`,icon:SW};case"linkedin":return{id:"linkedin",url:`https://www.linkedin.com/shareArticle?mini=true&url=${encodeURIComponent(l)}&title=&summary=&source=`,icon:TW};case"twitter":return{id:"twitter",url:`https://x.com/share?url=${encodeURIComponent(l)}&text=`,icon:kW};case"mail":return{id:"mail",url:`mailto:?subject=Check out this great video&body=${encodeURIComponent(l)}`,icon:xW};default:return{id:"copy",url:l,icon:""}}}function IW(){return a=>{if(a.options.sources.length===0)return()=>{};a.addEventListener("loadsourcesrequest",s);async function s(){a.dispatchEvent(new jt.util.FakeEvent("playerloadmediastart"));const l=lg(a.options.sources);try{await a.load(l[0].src,a.options.startTime,l[0].type)}catch{a.dispatchShakaError(jt.util.Error.Severity.CRITICAL,jt.util.Error.Category.MEDIA,jt.util.Error.Code.MEDIA_SOURCE_OPERATION_FAILED);return}await a.loadCaptions(),a.dispatchEvent(new jt.util.FakeEvent("playerloadmediaend")),a.dispatchEvent(new jt.util.FakeEvent("loadsourcescomplete"))}return()=>{}}}function MW(){try{return crypto.randomUUID()}catch{return`10000000-1000-4000-8000-${1e11}`.replace(/[018]/g,a=>(a^crypto.getRandomValues(new Uint8Array(1))[0]&15>>a/4).toString(16))}}var _W=Object.defineProperty,PW=Object.getOwnPropertyDescriptor,cg=(a,s,l,p)=>{for(var d=p>1?void 0:p?PW(s,l):s,m=a.length-1,y;m>=0;m--)(y=a[m])&&(d=(p?y(s,l,d):y(d))\|\|d);return p&&d&&_W(s,l,d),d};jt.polyfill.installAll();const i3="options";function a3(a,s,l){const p=a instanceof $a?a:$a.getById(a);return l&&p.addEventListener("ready",l,{once:!0}),p.setAttribute("options",JSON.stringify(s)),p}Object.defineProperty(a3,"allowAutoplay",{get:PL,set:QX});let $a=class extends Cn{constructor(){super(...arguments),this.umpId=`ump-${MW()}`,this.ariaLabel=null,this.playerStateContext=new Rw(this,{context:mr,initialValue:xM}),this.onVideoEvent=a=>{this.dispatchEvent(new kt(a.type,a.target))}}render(){return ht` equals www.linkedin.com (Linkedin)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: u48635528.ct.sendgrid.net
Source: global traffic	DNS traffic detected: DNS query: petadolex.ca
Source: global traffic	DNS traffic detected: DNS query: o6rl.inexpartan.ru
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: aor0uy31giayv7sv489le3qcmkvpqjcnzqqb1rlz1pffhpbr94sby.ygncsqvu.ru
Source: global traffic	DNS traffic detected: DNS query: www.azure.com
Source: global traffic	DNS traffic detected: DNS query: s.go-mpulse.net
Source: global traffic	DNS traffic detected: DNS query: cdn.botframework.com
Source: global traffic	DNS traffic detected: DNS query: play.vidyard.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Dec 2024 14:06:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400Age: 9823Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZDUxCl9o5ILuNQ9LtJV5oDGSehkMgtpnrYG3dGjUe%2BkEJhR5Vd0N%2B0QiT4mUIWvAWOCt%2FonG9TjoVuWrq4fzPWKOxgCQk5dzZPG6Ez4syCDm8IZxaOOzwCQpM%2BFunQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1054&min_rtt=1041&rtt_var=417&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2152&delivery_rate=2482999&cwnd=251&unsent_bytes=0&cid=b42ffbadf2b4c84d&ts=19&x=0"CF-Cache-Status: HITServer: cloudflareCF-RAY: 8f7127207f75de99-EWRserver-timing: cfL4;desc="?proto=TCP&rtt=1607&min_rtt=1601&rtt_var=614&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1917&delivery_rate=1764350&cwnd=209&unsent_bytes=0&cid=15a5696da7853a0f&ts=9354&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Dec 2024 14:06:39 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: vvZdkSiP9pzj/fYmzS6lwu5nrrvt6bYPwLU=$gqYMT6G9TLglUlCKServer: cloudflareCF-RAY: 8f7127384ce20f85-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Dec 2024 14:06:46 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 4H9CfikJnfUs6rUbY27l2tvlPSspQc/SJ98=$aioFUWaSM4hlLMmecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8f7127652d4c42f5-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Dec 2024 14:06:56 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: JYuXyGaZ06v0hjxhMlHRBu83wjpPl9/OJi4=$OWBIcNQy8vlLc9PHServer: cloudflareCF-RAY: 8f7127a02bd38c51-EWRalt-svc: h3=":443"; ma=86400

Source: chromecache_124.2.dr, chromecache_92.2.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_121.2.dr	String found in binary or memory: http://scottjehl.github.io/picturefill
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=12006
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3334
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://bugzil.la/548397
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=277178
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=308064
Source: chromecache_154.2.dr	String found in binary or memory: https://dev.azure.com/mscomdev/Moray/_workitems/edit/4494
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/key/Key_Values
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://elad.medium.com/css-position-sticky-how-it-really-works-54cd01dc2d46
Source: chromecache_109.2.dr, chromecache_128.2.dr	String found in binary or memory: https://github.com/carhartl/jquery-cookie
Source: chromecache_143.2.dr	String found in binary or memory: https://github.com/microsoft/BotFramework-WebChat/issues/2119
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://github.com/mozilla/rhino/issues/346
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: https://github.com/nevware21/ts-async
Source: chromecache_121.2.dr	String found in binary or memory: https://github.com/scottjehl/picturefill/blob/master/Authors.txt;
Source: chromecache_121.2.dr	String found in binary or memory: https://github.com/scottjehl/picturefill/tree/3.0/src/plugins/gecko-picture
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://github.com/tc39/proposal-error-cause
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://github.com/w3c/aria-practices/pull/1757
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_154.2.dr, chromecache_122.2.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.25.0/LICENSE
Source: chromecache_108.2.dr, chromecache_122.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.30.1/LICENSE
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/86#issuecomment-115759028
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://javascript.info/size-and-scroll-window#width-height-of-the-document
Source: chromecache_99.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_99.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_99.2.dr	String found in binary or memory: https://js.foundation/
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://keycode.info/table-of-all-keycodes
Source: chromecache_160.2.dr	String found in binary or memory: https://login.live.com/Me.srf?wa
Source: chromecache_160.2.dr	String found in binary or memory: https://login.microsoftonline.com/forgetuser
Source: chromecache_160.2.dr	String found in binary or memory: https://login.microsoftonline.com/savedusers?appid
Source: chromecache_160.2.dr	String found in binary or memory: https://login.microsoftonline.com/uxlogout?appid
Source: chromecache_113.2.dr	String found in binary or memory: https://o6rl.inexpartan.ru/0Fhb7R/?qrc=
Source: chromecache_121.2.dr	String found in binary or memory: https://scottjehl.github.io/picturefill/
Source: chromecache_99.2.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot-aec
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.includes
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.indexof
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-getmethod
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-hasownproperty
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-iscallable
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-lengthofarraylike
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-math.trunc
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.defineproperty
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.getownpropertydescriptor
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.getownpropertynames
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.prototype.propertyisenumerable
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.setprototypeof
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-ordinarytoprimitive
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-requireobjectcoercible
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-tointegerorinfinity
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-tolength
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-toobject
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-toprimitive
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-topropertykey
Source: chromecache_148.2.dr, chromecache_154.2.dr	String found in binary or memory: https://tc39.es/proposal-error-cause/#sec-errorobjects-install-error-cause

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: classification engine

Classification label: mal68.phis.win@22/121@44/14

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2184,i,16216931406052077685,12258593512264580968,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u48635528.ct.sendgrid.net/ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymiQOzypjCqxHhzmXtY2EWHJMJBxjl-2FHlyEIekWjEdTpTsRC8R5LaI-2BXF4kV8UeUtXxyFJLbYiR3fqcWt2evvBBECu9MeQj8TLZrmfuTf-2BJQraijp8-2BcIdxf8rnVxjHoJK1lo9-2Bkao444JbRSinVA-2FoUxeuAtdlrITU1Z6gHAn7DLZstY4XJkhkT16-2F2TN4CFt2LQ-2BEh9GWg4EPlocPi8ljTs-2B9D9RVbWdc3s2Vk2VPHSj20oCO3-2FalihBzGJuaYie5tnYaz6wBF3EqNzMXmVqRnMZwSYuGRwSMVhkchytYzt3hUH-2F51IUfn7nuhHUcUbdS8nBYneAMuB2eSDRn8IZzUkExLUascCVn8T9ImEyo0qhVsBPdJjfT9L3qli9clY1N-2BhQXDZgQnsN1Bs9PujeLzem37C62BvWnqPnqvXh5vbcvseiZwTP35DEJysw-3D-3D#mlyon@wc.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2184,i,16216931406052077685,12258593512264580968,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1580436
Product:	CloudBasic
Start time:	15:05:13
Start date:	24.12.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs