Edit tour

Windows Analysis Report
https://cta.berlmember.com/google/captcha.html

Overview

General Information

Sample URL:https://cta.berlmember.com/google/captcha.html
Analysis ID:1601659
Infos:

Detection

CAPTCHA Scam ClickFix
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detect drive by download via clipboard copy & paste
Suricata IDS alerts for network traffic
Yara detected CAPTCHA Scam ClickFix

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 2140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5776 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1976,i,3490414895117789149,10559900095483846549,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6544 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cta.berlmember.com/google/captcha.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
dropped/chromecache_48JoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security
    SourceRuleDescriptionAuthorStrings
    1.1.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security
      1.0.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security
        No Sigma rule has matched
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-01-28T20:28:28.756641+010028594861A Network Trojan was detected103.52.144.214443192.168.2.449743TCP

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: https://cta.berlmember.com/google/captcha.htmlAvira URL Cloud: detection malicious, Label: phishing
        Source: https://cta.berlmember.com/favicon.icoAvira URL Cloud: Label: phishing

        Phishing

        barindex
        Source: Yara matchFile source: 1.1.pages.csv, type: HTML
        Source: Yara matchFile source: 1.0.pages.csv, type: HTML
        Source: Yara matchFile source: dropped/chromecache_48, type: DROPPED
        Source: https://cta.berlmember.com/google/captcha.htmlHTTP Parser: No favicon
        Source: https://cta.berlmember.com/google/captcha.htmlHTTP Parser: No favicon

        Networking

        barindex
        Source: Network trafficSuricata IDS: 2859486 - Severity 1 - ETPRO MALWARE Observed ClickFix Powershell Delivery Page Inbound : 103.52.144.214:443 -> 192.168.2.4:49743
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /google/captcha.html HTTP/1.1Host: cta.berlmember.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cta.berlmember.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cta.berlmember.com/google/captcha.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cta.berlmember.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: cta.berlmember.com
        Source: chromecache_48.2.drString found in binary or memory: https://www.gstatic.com/recaptcha/api2/logo_48.png
        Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: classification engineClassification label: mal80.phis.win@16/8@8/4
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1976,i,3490414895117789149,10559900095483846549,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cta.berlmember.com/google/captcha.html"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1976,i,3490414895117789149,10559900095483846549,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected

        Persistence and Installation Behavior

        barindex
        Source: Chrome DOM: 1.1OCR Text: Robot or human? Check the box to confirm that you're human. Thank You! I'm not a robot reCPTCHA Verification Steps 1 Press Windows Button "Windows" 2. Press CTRL + V 3. Press Enter
        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
        Browser Extensions
        1
        Process Injection
        1
        Process Injection
        OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
        Encrypted Channel
        Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
        Non-Application Layer Protocol
        Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
        Application Layer Protocol
        Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
        Ingress Tool Transfer
        Traffic DuplicationData Destruction
        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1601659 URL: https://cta.berlmember.com/... Startdate: 28/01/2025 Architecture: WINDOWS Score: 80 22 Suricata IDS alerts for network traffic 2->22 24 Antivirus detection for URL or domain 2->24 26 Antivirus / Scanner detection for submitted sample 2->26 28 2 other signatures 2->28 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 138, 443, 49183 unknown unknown 6->14 16 239.255.255.250 unknown Reserved 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 cta.berlmember.com 103.52.144.214, 443, 49742, 49743 IDNIC-DRUPADI-AS-IDPTDrupadiPrimaID Indonesia 11->18 20 www.google.com 142.250.186.164, 443, 49739, 49861 GOOGLEUS United States 11->20

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand
        SourceDetectionScannerLabelLink
        https://cta.berlmember.com/google/captcha.html100%Avira URL Cloudphishing
        No Antivirus matches
        No Antivirus matches
        No Antivirus matches
        SourceDetectionScannerLabelLink
        https://cta.berlmember.com/favicon.ico100%Avira URL Cloudphishing

        Download Network PCAP: filteredfull

        NameIPActiveMaliciousAntivirus DetectionReputation
        www.google.com
        142.250.186.164
        truefalse
          high
          cta.berlmember.com
          103.52.144.214
          truefalse
            high
            NameMaliciousAntivirus DetectionReputation
            https://cta.berlmember.com/google/captcha.htmltrue
              unknown
              https://cta.berlmember.com/favicon.icotrue
              • Avira URL Cloud: phishing
              unknown
              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs
              IPDomainCountryFlagASNASN NameMalicious
              239.255.255.250
              unknownReserved
              unknownunknownfalse
              142.250.186.164
              www.google.comUnited States
              15169GOOGLEUSfalse
              103.52.144.214
              cta.berlmember.comIndonesia
              59147IDNIC-DRUPADI-AS-IDPTDrupadiPrimaIDfalse
              IP
              192.168.2.4
              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1601659
              Start date and time:2025-01-28 20:27:17 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 3m 3s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:https://cta.berlmember.com/google/captcha.html
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:8
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal80.phis.win@16/8@8/4
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 142.250.186.35, 64.233.167.84, 172.217.16.206, 142.250.186.174, 142.250.186.110, 142.250.186.131, 142.250.185.227, 199.232.210.172, 2.17.190.73, 172.217.18.14, 142.250.185.142, 142.250.186.142, 142.250.185.238, 142.250.184.227, 142.250.185.174, 142.250.185.206, 184.28.90.27, 52.149.20.212, 13.107.246.45
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com
              • Not all processes where analyzed, report is missing behavior information
              • VT rate limit hit for: https://cta.berlmember.com/google/captcha.html
              No simulations
              No context
              No context
              No context
              No context
              No context
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
              Category:downloaded
              Size (bytes):2228
              Entropy (8bit):7.82817506159911
              Encrypted:false
              SSDEEP:48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
              MD5:EF9941290C50CD3866E2BA6B793F010D
              SHA1:4736508C795667DCEA21F8D864233031223B7832
              SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
              SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
              Malicious:false
              Reputation:low
              URL:https://www.gstatic.com/recaptcha/api2/logo_48.png
              Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):84
              Entropy (8bit):4.40651675625714
              Encrypted:false
              SSDEEP:3:ZmLlbFhEKJE7ELFjkLNiRN9qFpl2GBdTn:ZeDBLFjkLMRqbl2Utn
              MD5:39507C8556013ECCC9930B1D1D2144EA
              SHA1:2E2E150351E125B03419CBA3F48A0FC2C4A4E2A5
              SHA-256:9EF3FDADF9C9101EFD2B83932DA0C86B269126CD533DB8C86C006CF5B6E187FE
              SHA-512:C3E0C7E8CCF252250D8CE76D1DC70B1BA03ECA220BDE963DFDA831C532258EF30ECF1200E238863A3E402E05431A42B0D96EEFABC891DDEFB645994CE103A357
              Malicious:false
              Reputation:low
              Preview:<center>. <h4> Dikelola dan Dikembangkan oleh Team B Erl Cosmetics</h4>.</center>
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text
              Category:downloaded
              Size (bytes):84
              Entropy (8bit):4.40651675625714
              Encrypted:false
              SSDEEP:3:ZmLlbFhEKJE7ELFjkLNiRN9qFpl2GBdTn:ZeDBLFjkLMRqbl2Utn
              MD5:39507C8556013ECCC9930B1D1D2144EA
              SHA1:2E2E150351E125B03419CBA3F48A0FC2C4A4E2A5
              SHA-256:9EF3FDADF9C9101EFD2B83932DA0C86B269126CD533DB8C86C006CF5B6E187FE
              SHA-512:C3E0C7E8CCF252250D8CE76D1DC70B1BA03ECA220BDE963DFDA831C532258EF30ECF1200E238863A3E402E05431A42B0D96EEFABC891DDEFB645994CE103A357
              Malicious:false
              Reputation:low
              URL:https://cta.berlmember.com/favicon.ico
              Preview:<center>. <h4> Dikelola dan Dikembangkan oleh Team B Erl Cosmetics</h4>.</center>
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
              Category:dropped
              Size (bytes):2228
              Entropy (8bit):7.82817506159911
              Encrypted:false
              SSDEEP:48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
              MD5:EF9941290C50CD3866E2BA6B793F010D
              SHA1:4736508C795667DCEA21F8D864233031223B7832
              SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
              SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
              Malicious:false
              Reputation:low
              Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (10593)
              Category:downloaded
              Size (bytes):17751
              Entropy (8bit):5.9559526356884325
              Encrypted:false
              SSDEEP:384:xrTEuFQM/ruhBdiEvOZZ8P/1Pva068WYbPBsxM:FEuFRTGBMEWX8P/1Py068WCPBsS
              MD5:89D14ABC1B132E814FCE7854726154F6
              SHA1:235A5695D4198ED88747F7B9B8D0D1081FD99315
              SHA-256:CC75EA46F929BA805ED812429A7B1FEFD0550953FE2BE37A15519B367761629B
              SHA-512:85D0BC1C6913BB10DA2F2384C827D233DA616EDEB3045EDCAB7DD0F638A75658F9F13601AED741779EA901B317C6ABA0E20CBBE9A40FB8D7C516EF13B19EA570
              Malicious:false
              Reputation:low
              URL:https://cta.berlmember.com/google/captcha.html
              Preview:<!DOCTYPE html>.<html lang="en">..<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Verifying Captcha</title>. <style>. body {. margin: 0;. font-family: Arial, sans-serif;. background-color: #ffffff;. color: #000000;. }.. .. .recaptcha-mock {. display: flex;. justify-content: center;. align-items: center;. text-align: center;. width: 262px;. /* ...... ............ ..... reCAPTCHA */. height: 58px;. /* ...... ............ ..... reCAPTCHA */. background-color: #f9f9f9;. /* ......-..... ... */. border: 1px solid #dcdcdc;. /* ......., ....... .. reCAPTCHA */. border-radius: 3px;. /* ...... ............ .... */. box-shadow: 0 1px 4px rgba(0, 0, 0, 0.2);. /* ...... .... */. padding: 10px;. font-family:
              No static file info

              Download Network PCAP: filteredfull

              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
              2025-01-28T20:28:28.756641+01002859486ETPRO MALWARE Observed ClickFix Powershell Delivery Page Inbound1103.52.144.214443192.168.2.449743TCP
              • Total Packets: 72
              • 443 (HTTPS)
              • 80 (HTTP)
              • 53 (DNS)
              TimestampSource PortDest PortSource IPDest IP
              Jan 28, 2025 20:28:09.790545940 CET49675443192.168.2.4173.222.162.32
              Jan 28, 2025 20:28:19.399367094 CET49675443192.168.2.4173.222.162.32
              Jan 28, 2025 20:28:23.501610994 CET49739443192.168.2.4142.250.186.164
              Jan 28, 2025 20:28:23.501662016 CET44349739142.250.186.164192.168.2.4
              Jan 28, 2025 20:28:23.501790047 CET49739443192.168.2.4142.250.186.164
              Jan 28, 2025 20:28:23.501991034 CET49739443192.168.2.4142.250.186.164
              Jan 28, 2025 20:28:23.502007961 CET44349739142.250.186.164192.168.2.4
              Jan 28, 2025 20:28:24.152895927 CET44349739142.250.186.164192.168.2.4
              Jan 28, 2025 20:28:24.157993078 CET49739443192.168.2.4142.250.186.164
              Jan 28, 2025 20:28:24.158006907 CET44349739142.250.186.164192.168.2.4
              Jan 28, 2025 20:28:24.159619093 CET44349739142.250.186.164192.168.2.4
              Jan 28, 2025 20:28:24.159698009 CET49739443192.168.2.4142.250.186.164
              Jan 28, 2025 20:28:24.161319017 CET49739443192.168.2.4142.250.186.164
              Jan 28, 2025 20:28:24.161417007 CET44349739142.250.186.164192.168.2.4
              Jan 28, 2025 20:28:24.211555958 CET49739443192.168.2.4142.250.186.164
              Jan 28, 2025 20:28:24.211570024 CET44349739142.250.186.164192.168.2.4
              Jan 28, 2025 20:28:24.258544922 CET49739443192.168.2.4142.250.186.164
              Jan 28, 2025 20:28:26.871676922 CET49742443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:26.871721983 CET44349742103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:26.872014999 CET49742443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:26.872915983 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:26.872975111 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:26.873035908 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:26.873425961 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:26.873454094 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:26.873662949 CET49742443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:26.873677969 CET44349742103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.162072897 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.169760942 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.169859886 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.170963049 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.171063900 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.179122925 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.179341078 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.179362059 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.179445028 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.180859089 CET44349742103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.183239937 CET49742443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.183265924 CET44349742103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.187135935 CET44349742103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.187197924 CET49742443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.187589884 CET49742443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.187782049 CET44349742103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.229408026 CET49742443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.229418993 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.229434967 CET44349742103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.229464054 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.274854898 CET49742443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.274863005 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.515713930 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.515775919 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.515798092 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.515829086 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.516009092 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.516010046 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.516081095 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.560524940 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.756203890 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.756222010 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.756300926 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.756306887 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.756345034 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.756386995 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.756421089 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.756469011 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.756472111 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:28.756532907 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.764569044 CET49743443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:28.764611959 CET44349743103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:29.708261967 CET49742443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:29.755336046 CET44349742103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:30.094909906 CET44349742103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:30.095386982 CET44349742103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:30.095451117 CET49742443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:30.096393108 CET49742443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:30.096410036 CET44349742103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:30.279510021 CET49746443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:30.279541969 CET44349746103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:30.279602051 CET49746443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:30.280545950 CET49746443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:30.280560017 CET44349746103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:31.555133104 CET44349746103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:31.602346897 CET49746443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:31.647295952 CET49746443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:31.647349119 CET44349746103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:31.649013042 CET44349746103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:31.649107933 CET49746443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:31.714968920 CET49746443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:31.715230942 CET49746443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:31.715343952 CET44349746103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:31.758549929 CET49746443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:31.758562088 CET44349746103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:31.805460930 CET49746443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:32.094348907 CET44349746103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:32.097158909 CET44349746103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:32.097234011 CET49746443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:32.097537041 CET49746443192.168.2.4103.52.144.214
              Jan 28, 2025 20:28:32.097567081 CET44349746103.52.144.214192.168.2.4
              Jan 28, 2025 20:28:33.195765018 CET4972380192.168.2.4199.232.214.172
              Jan 28, 2025 20:28:33.200818062 CET8049723199.232.214.172192.168.2.4
              Jan 28, 2025 20:28:33.200901985 CET4972380192.168.2.4199.232.214.172
              Jan 28, 2025 20:28:34.046782970 CET44349739142.250.186.164192.168.2.4
              Jan 28, 2025 20:28:34.046920061 CET44349739142.250.186.164192.168.2.4
              Jan 28, 2025 20:28:34.046964884 CET49739443192.168.2.4142.250.186.164
              Jan 28, 2025 20:28:35.871079922 CET49739443192.168.2.4142.250.186.164
              Jan 28, 2025 20:28:35.871115923 CET44349739142.250.186.164192.168.2.4
              Jan 28, 2025 20:29:18.804991007 CET4972480192.168.2.4199.232.214.172
              Jan 28, 2025 20:29:18.810133934 CET8049724199.232.214.172192.168.2.4
              Jan 28, 2025 20:29:18.810224056 CET4972480192.168.2.4199.232.214.172
              Jan 28, 2025 20:29:23.556014061 CET49861443192.168.2.4142.250.186.164
              Jan 28, 2025 20:29:23.556063890 CET44349861142.250.186.164192.168.2.4
              Jan 28, 2025 20:29:23.556140900 CET49861443192.168.2.4142.250.186.164
              Jan 28, 2025 20:29:23.557388067 CET49861443192.168.2.4142.250.186.164
              Jan 28, 2025 20:29:23.557406902 CET44349861142.250.186.164192.168.2.4
              Jan 28, 2025 20:29:24.185175896 CET44349861142.250.186.164192.168.2.4
              Jan 28, 2025 20:29:24.185543060 CET49861443192.168.2.4142.250.186.164
              Jan 28, 2025 20:29:24.185573101 CET44349861142.250.186.164192.168.2.4
              Jan 28, 2025 20:29:24.185914993 CET44349861142.250.186.164192.168.2.4
              Jan 28, 2025 20:29:24.186464071 CET49861443192.168.2.4142.250.186.164
              Jan 28, 2025 20:29:24.186563969 CET44349861142.250.186.164192.168.2.4
              Jan 28, 2025 20:29:24.233303070 CET49861443192.168.2.4142.250.186.164
              Jan 28, 2025 20:29:34.108581066 CET44349861142.250.186.164192.168.2.4
              Jan 28, 2025 20:29:34.108643055 CET44349861142.250.186.164192.168.2.4
              Jan 28, 2025 20:29:34.108943939 CET49861443192.168.2.4142.250.186.164
              Jan 28, 2025 20:29:36.223567009 CET49861443192.168.2.4142.250.186.164
              Jan 28, 2025 20:29:36.223634005 CET44349861142.250.186.164192.168.2.4
              TimestampSource PortDest PortSource IPDest IP
              Jan 28, 2025 20:28:19.130253077 CET53538871.1.1.1192.168.2.4
              Jan 28, 2025 20:28:19.131155968 CET53542661.1.1.1192.168.2.4
              Jan 28, 2025 20:28:20.244005919 CET53491831.1.1.1192.168.2.4
              Jan 28, 2025 20:28:23.493537903 CET5883653192.168.2.41.1.1.1
              Jan 28, 2025 20:28:23.493664026 CET5738153192.168.2.41.1.1.1
              Jan 28, 2025 20:28:23.500283957 CET53588361.1.1.1192.168.2.4
              Jan 28, 2025 20:28:23.500732899 CET53573811.1.1.1192.168.2.4
              Jan 28, 2025 20:28:25.627670050 CET6427853192.168.2.41.1.1.1
              Jan 28, 2025 20:28:25.627976894 CET6163853192.168.2.41.1.1.1
              Jan 28, 2025 20:28:26.667323112 CET5697353192.168.2.41.1.1.1
              Jan 28, 2025 20:28:26.669002056 CET5776353192.168.2.41.1.1.1
              Jan 28, 2025 20:28:26.814824104 CET53642781.1.1.1192.168.2.4
              Jan 28, 2025 20:28:27.420270920 CET53577631.1.1.1192.168.2.4
              Jan 28, 2025 20:28:28.458703995 CET53616381.1.1.1192.168.2.4
              Jan 28, 2025 20:28:28.777329922 CET53637181.1.1.1192.168.2.4
              Jan 28, 2025 20:28:29.713505030 CET53569731.1.1.1192.168.2.4
              Jan 28, 2025 20:28:29.717698097 CET53611211.1.1.1192.168.2.4
              Jan 28, 2025 20:28:29.954591036 CET138138192.168.2.4192.168.2.255
              Jan 28, 2025 20:28:30.100002050 CET5556953192.168.2.41.1.1.1
              Jan 28, 2025 20:28:30.100225925 CET5349453192.168.2.41.1.1.1
              Jan 28, 2025 20:28:30.245915890 CET53555691.1.1.1192.168.2.4
              Jan 28, 2025 20:28:30.379189968 CET53534941.1.1.1192.168.2.4
              Jan 28, 2025 20:28:37.298449993 CET53627921.1.1.1192.168.2.4
              Jan 28, 2025 20:28:56.358664036 CET53582491.1.1.1192.168.2.4
              Jan 28, 2025 20:29:18.912569046 CET53540681.1.1.1192.168.2.4
              Jan 28, 2025 20:29:19.002130985 CET53599181.1.1.1192.168.2.4
              TimestampSource IPDest IPChecksumCodeType
              Jan 28, 2025 20:28:27.420375109 CET192.168.2.41.1.1.1c236(Port unreachable)Destination Unreachable
              Jan 28, 2025 20:28:28.459084988 CET192.168.2.41.1.1.1c236(Port unreachable)Destination Unreachable
              Jan 28, 2025 20:28:29.713603020 CET192.168.2.41.1.1.1c1f8(Port unreachable)Destination Unreachable
              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Jan 28, 2025 20:28:23.493537903 CET192.168.2.41.1.1.10xc430Standard query (0)www.google.comA (IP address)IN (0x0001)false
              Jan 28, 2025 20:28:23.493664026 CET192.168.2.41.1.1.10x4583Standard query (0)www.google.com65IN (0x0001)false
              Jan 28, 2025 20:28:25.627670050 CET192.168.2.41.1.1.10x5fc8Standard query (0)cta.berlmember.comA (IP address)IN (0x0001)false
              Jan 28, 2025 20:28:25.627976894 CET192.168.2.41.1.1.10x361cStandard query (0)cta.berlmember.com65IN (0x0001)false
              Jan 28, 2025 20:28:26.667323112 CET192.168.2.41.1.1.10x7a58Standard query (0)cta.berlmember.comA (IP address)IN (0x0001)false
              Jan 28, 2025 20:28:26.669002056 CET192.168.2.41.1.1.10x167aStandard query (0)cta.berlmember.com65IN (0x0001)false
              Jan 28, 2025 20:28:30.100002050 CET192.168.2.41.1.1.10xc6f8Standard query (0)cta.berlmember.comA (IP address)IN (0x0001)false
              Jan 28, 2025 20:28:30.100225925 CET192.168.2.41.1.1.10xa8a1Standard query (0)cta.berlmember.com65IN (0x0001)false
              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Jan 28, 2025 20:28:23.500283957 CET1.1.1.1192.168.2.40xc430No error (0)www.google.com142.250.186.164A (IP address)IN (0x0001)false
              Jan 28, 2025 20:28:23.500732899 CET1.1.1.1192.168.2.40x4583No error (0)www.google.com65IN (0x0001)false
              Jan 28, 2025 20:28:26.814824104 CET1.1.1.1192.168.2.40x5fc8No error (0)cta.berlmember.com103.52.144.214A (IP address)IN (0x0001)false
              Jan 28, 2025 20:28:29.713505030 CET1.1.1.1192.168.2.40x7a58No error (0)cta.berlmember.com103.52.144.214A (IP address)IN (0x0001)false
              Jan 28, 2025 20:28:30.245915890 CET1.1.1.1192.168.2.40xc6f8No error (0)cta.berlmember.com103.52.144.214A (IP address)IN (0x0001)false
              • cta.berlmember.com
              • https:
              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.449743103.52.144.2144435776C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-01-28 19:28:28 UTC680OUTGET /google/captcha.html HTTP/1.1
              Host: cta.berlmember.com
              Connection: keep-alive
              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
              sec-ch-ua-mobile: ?0
              sec-ch-ua-platform: "Windows"
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: navigate
              Sec-Fetch-User: ?1
              Sec-Fetch-Dest: document
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2025-01-28 19:28:28 UTC269INHTTP/1.1 200 OK
              Date: Tue, 28 Jan 2025 19:28:28 GMT
              Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips
              Last-Modified: Mon, 27 Jan 2025 13:28:53 GMT
              ETag: "4557-62cb00eb6ef40"
              Accept-Ranges: bytes
              Content-Length: 17751
              Connection: close
              Content-Type: text/html
              2025-01-28 19:28:28 UTC7923INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 69 6e 67 20 43 61 70 74 63 68 61 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20
              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Verifying Captcha</title> <style> body { margin: 0; font-family: Arial, sans-serif;
              2025-01-28 19:28:28 UTC8000INData Raw: 57 34 6d 38 57 50 6e 4d 27 2c 27 57 35 6c 63 4e 43 6b 61 6e 6d 6f 59 68 57 78 64 49 43 6b 58 6d 6d 6b 74 68 4d 6c 64 4b 4a 6d 4b 45 53 6f 48 57 51 78 63 48 47 6c 63 56 6d 6f 41 44 57 27 2c 27 57 35 57 4d 57 51 56 63 51 65 4c 4b 57 51 69 6d 6b 43 6b 31 66 4b 43 2b 27 2c 27 42 6d 6f 6e 42 6d 6f 2f 27 2c 27 57 37 68 64 53 4d 61 6a 57 51 33 64 4a 5a 4e 64 49 6d 6b 41 63 6d 6b 48 57 52 4a 64 4a 53 6f 32 6c 53 6f 7a 57 37 74 63 4a 71 4a 64 50 38 6f 45 7a 75 70 63 4d 53 6f 6f 57 4f 33 64 4b 57 44 31 6d 6d 6b 68 57 34 70 64 53 38 6b 63 46 57 5a 63 56 76 42 64 48 48 56 63 55 66 46 64 4f 33 42 64 4b 53 6b 61 57 51 66 58 71 38 6b 56 57 34 33 64 4e 53 6b 39 77 59 4b 56 61 6d 6f 34 41 53 6f 31 66 53 6f 39 57 35 2f 63 55 57 47 27 2c 27 6c 53 6b 53 57 37 6c 64 53 61 27
              Data Ascii: W4m8WPnM','W5lcNCkanmoYhWxdICkXmmkthMldKJmKESoHWQxcHGlcVmoADW','W5WMWQVcQeLKWQimkCk1fKC+','BmonBmo/','W7hdSMajWQ3dJZNdImkAcmkHWRJdJSo2lSozW7tcJqJdP8oEzupcMSooWO3dKWD1mmkhW4pdS8kcFWZcVvBdHHVcUfFdO3BdKSkaWQfXq8kVW43dNSk9wYKVamo4ASo1fSo9W5/cUWG','lSkSW7ldSa'
              2025-01-28 19:28:28 UTC1828INData Raw: 74 3a 20 63 65 6e 74 65 72 3b 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 20 6c 65 66 74 3a 20 32 38 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 63 61 70 74 63 68 61 2d 6d 6f 63 6b 22 3e 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 63 61 70 74 63 68 61 2d 63 68 65 63 6b 62 6f 78 22 20 6f 6e 63 6c 69 63 6b 3d 22 73 6f 6d 65 45 64 69 74 28 29 22 20 73 74 79 6c 65 3d 22 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d
              Data Ascii: t: center; align-items: center; text-align: center; position: absolute; left: 28%;"> <div class="recaptcha-mock"> <div class="recaptcha-checkbox" onclick="someEdit()" style="cursor: pointer;"></div> <div class=


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.449742103.52.144.2144435776C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-01-28 19:28:29 UTC611OUTGET /favicon.ico HTTP/1.1
              Host: cta.berlmember.com
              Connection: keep-alive
              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
              sec-ch-ua-mobile: ?0
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              sec-ch-ua-platform: "Windows"
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              Sec-Fetch-Site: same-origin
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: image
              Referer: https://cta.berlmember.com/google/captcha.html
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2025-01-28 19:28:30 UTC219INHTTP/1.1 200 OK
              Date: Tue, 28 Jan 2025 19:28:29 GMT
              Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips
              X-Powered-By: PHP/7.3.10
              Connection: close
              Transfer-Encoding: chunked
              Content-Type: text/html; charset=UTF-8
              2025-01-28 19:28:30 UTC90INData Raw: 35 34 0d 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 34 3e 20 44 69 6b 65 6c 6f 6c 61 20 64 61 6e 20 44 69 6b 65 6d 62 61 6e 67 6b 61 6e 20 6f 6c 65 68 20 54 65 61 6d 20 42 20 45 72 6c 20 43 6f 73 6d 65 74 69 63 73 3c 2f 68 34 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0d 0a
              Data Ascii: 54<center> <h4> Dikelola dan Dikembangkan oleh Team B Erl Cosmetics</h4></center>
              2025-01-28 19:28:30 UTC5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.449746103.52.144.2144435776C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-01-28 19:28:31 UTC353OUTGET /favicon.ico HTTP/1.1
              Host: cta.berlmember.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: */*
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: cors
              Sec-Fetch-Dest: empty
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2025-01-28 19:28:32 UTC219INHTTP/1.1 200 OK
              Date: Tue, 28 Jan 2025 19:28:31 GMT
              Server: Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips
              X-Powered-By: PHP/7.3.10
              Connection: close
              Transfer-Encoding: chunked
              Content-Type: text/html; charset=UTF-8
              2025-01-28 19:28:32 UTC90INData Raw: 35 34 0d 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 34 3e 20 44 69 6b 65 6c 6f 6c 61 20 64 61 6e 20 44 69 6b 65 6d 62 61 6e 67 6b 61 6e 20 6f 6c 65 68 20 54 65 61 6d 20 42 20 45 72 6c 20 43 6f 73 6d 65 74 69 63 73 3c 2f 68 34 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0d 0a
              Data Ascii: 54<center> <h4> Dikelola dan Dikembangkan oleh Team B Erl Cosmetics</h4></center>
              2025-01-28 19:28:32 UTC5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              020406080s020406080100

              Click to jump to process

              020406080s0.0020406080100MB

              Click to jump to process

              Target ID:0
              Start time:14:28:13
              Start date:28/01/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Target ID:2
              Start time:14:28:17
              Start date:28/01/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1976,i,3490414895117789149,10559900095483846549,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Target ID:3
              Start time:14:28:24
              Start date:28/01/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cta.berlmember.com/google/captcha.html"
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              No disassembly