Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://jcmasi.com/jc/s/cn

Overview

General Information

Sample URL:https://jcmasi.com/jc/s/cn
Analysis ID:1630424
Infos:

Detection

HTMLPhisher
Score:72
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Suricata IDS alerts for network traffic
Yara detected HtmlPhish54
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1772,i,3486654463866698697,6723300841478514283,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6596 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jcmasi.com/jc/s/cn" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
0.15.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    2.19.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-05T21:27:40.905627+010028570901Successful Credential Theft Detected164.92.191.209443192.168.2.1649775TCP

      Joe Sandbox Signatures

      • Phishing
      • Compliance
      • Networking
      • System Summary
      • Boot Survival

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Source: https://jcmasi.com/jc/s/cnJoe Sandbox AI: Score: 9 Reasons: The brand 'AdobeDoc' suggests an association with Adobe, a well-known brand., The URL 'jcmasi.com' does not match the legitimate domain 'adobe.com'., The domain 'jcmasi.com' does not have any apparent connection to Adobe., The presence of an input field for 'Enter email' could be used for phishing purposes., The URL does not contain any recognizable elements related to Adobe, increasing suspicion. DOM: 1.0.pages.csv
      Source: Yara matchFile source: 0.15.id.script.csv, type: HTML
      Source: Yara matchFile source: 2.19.pages.csv, type: HTML
      Source: https://jcmasi.com/jc/s/cnJoe Sandbox AI: Page contains button: 'Submit' Source: '1.1.pages.csv'
      Source: 0.0.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://jcmasi.com/jc/s/cn... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script listens for user interactions, collects user input, and then redirects the user to a potentially malicious URL constructed from an obfuscated base URL and the user's input. This behavior is highly suspicious and indicates a potential phishing or malware distribution attempt.
      Source: https://jcmasi.com/jc/s/cnHTTP Parser: Number of links: 0
      Source: https://cns.covaelectric.com/?username=fuckyyou@fuckyou.comHTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]
      Source: https://jcmasi.com/jc/s/cnHTTP Parser: Title: ***Turnstile*** does not match URL
      Source: https://jcmasi.com/jc/s/cnHTTP Parser: No favicon
      Source: https://jcmasi.com/jc/s/cnHTTP Parser: No favicon
      Source: https://jcmasi.com/jc/s/cnHTTP Parser: No favicon
      Source: https://cns.covaelectric.com/?username=fuckyyou@fuckyou.comHTTP Parser: No favicon
      Source: https://cns.covaelectric.com/?username=fuckyyou@fuckyou.comHTTP Parser: No favicon
      Source: https://cns.covaelectric.com/?username=fuckyyou@fuckyou.comHTTP Parser: No favicon
      Source: https://cns.covaelectric.com/?username=fuckyyou@fuckyou.comHTTP Parser: No favicon
      Source: https://cns.covaelectric.com/?username=fuckyyou@fuckyou.comHTTP Parser: No favicon
      Source: https://cns.covaelectric.com/?username=fuckyyou@fuckyou.comHTTP Parser: No favicon
      Source: https://cns.covaelectric.com/?username=fuckyyou@fuckyou.comHTTP Parser: No favicon
      Source: https://cns.covaelectric.com/?username=fuckyyou@fuckyou.comHTTP Parser: No favicon
      Source: https://cns.covaelectric.com/?username=fuckyyou@fuckyou.comHTTP Parser: No favicon
      Source: https://cns.covaelectric.com/?username=fuckyyou@fuckyou.comHTTP Parser: No favicon
      Source: https://jcmasi.com/jc/s/cnHTTP Parser: No <meta name="author".. found
      Source: https://jcmasi.com/jc/s/cnHTTP Parser: No <meta name="author".. found
      Source: https://jcmasi.com/jc/s/cnHTTP Parser: No <meta name="copyright".. found
      Source: https://jcmasi.com/jc/s/cnHTTP Parser: No <meta name="copyright".. found
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries

      Networking

      barindex
      Source: Network trafficSuricata IDS: 2857090 - Severity 1 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound : 164.92.191.209:443 -> 192.168.2.16:49775
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
      Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
      Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
      Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /jc/s/cn HTTP/1.1Host: jcmasi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jcmasi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jcmasi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/nx2h6/0x4AAAAAAA_nNSPDhYW31DJG/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://jcmasi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91bc5a382cb8200f&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/nx2h6/0x4AAAAAAA_nNSPDhYW31DJG/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/nx2h6/0x4AAAAAAA_nNSPDhYW31DJG/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91bc5a382cb8200f&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: jcmasi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jcmasi.com/jc/s/cnAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1896116270:1741205407:Zey_VrJKUyI5AbLsL7OfrqyyTBSqNkVTFWaklCso7sk/91bc5a382cb8200f/h2Y7pc7lS59KCvpG0bXBQYh7OZS44nEqjssM.sfZBvs-1741206429-1.1.1.1-r9haGuqiyZ0IrBytHZru_4VNI.Jj22LfV2AkK8Y_DMUhcE0IKbTO1FX2ErI1XXpH HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1Host: jcmasi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jcmasi.com/jc/s/cnAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/91bc5a382cb8200f/1741206434343/c805745e45ae79b76d0e649a30e4fa2b95e305593f0870565f8c8b9de2d4a26e/9PoXie9jGAXWDtG HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/nx2h6/0x4AAAAAAA_nNSPDhYW31DJG/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1Host: jcmasi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/91bc5a382cb8200f/1741206434345/HBMW71chDwjVeUL HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/nx2h6/0x4AAAAAAA_nNSPDhYW31DJG/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/91bc5a382cb8200f/1741206434345/HBMW71chDwjVeUL HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1896116270:1741205407:Zey_VrJKUyI5AbLsL7OfrqyyTBSqNkVTFWaklCso7sk/91bc5a382cb8200f/h2Y7pc7lS59KCvpG0bXBQYh7OZS44nEqjssM.sfZBvs-1741206429-1.1.1.1-r9haGuqiyZ0IrBytHZru_4VNI.Jj22LfV2AkK8Y_DMUhcE0IKbTO1FX2ErI1XXpH HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1896116270:1741205407:Zey_VrJKUyI5AbLsL7OfrqyyTBSqNkVTFWaklCso7sk/91bc5a382cb8200f/h2Y7pc7lS59KCvpG0bXBQYh7OZS44nEqjssM.sfZBvs-1741206429-1.1.1.1-r9haGuqiyZ0IrBytHZru_4VNI.Jj22LfV2AkK8Y_DMUhcE0IKbTO1FX2ErI1XXpH HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /?username=fuckyyou@fuckyou.com HTTP/1.1Host: cns.covaelectric.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://jcmasi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /?username=fuckyyou@fuckyou.com HTTP/1.1Host: cns.covaelectric.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://jcmasi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cns.covaelectric.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK&co=aHR0cHM6Ly9jbnMuY292YWVsZWN0cmljLmNvbTo0NDM.&hl=en&v=EGO3I7Q26cZ-jBw3BEtzIx7-&size=normal&cb=6d1bpusxaa1c HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://cns.covaelectric.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=EGO3I7Q26cZ-jBw3BEtzIx7- HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK&co=aHR0cHM6Ly9jbnMuY292YWVsZWN0cmljLmNvbTo0NDM.&hl=en&v=EGO3I7Q26cZ-jBw3BEtzIx7-&size=normal&cb=6d1bpusxaa1cAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=EGO3I7Q26cZ-jBw3BEtzIx7- HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=EGO3I7Q26cZ-jBw3BEtzIx7-&k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://cns.covaelectric.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /recaptcha/api2/reload?k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mO9vsxJPFgsbbMrBQkg_tKZS1-E8ej8R_r2EypirOkmulH_H_UL40h0Fs242JldvJYS2adr8dot5F0Fbk0
      Source: global trafficHTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA6GInBCZMg4Y2ePMjZcDldxnGlZetZfh4AhjPN04skD9gJKkWvRIJk9lvA1-pdnKzI2kG7oDezPii2Yi6fXgnsGAjnefQYV6fOmz69-eebnbTuJaCuGdG7nwf-epuZcKcGkgqgoUUNjfLed6kSJI_S8mCGOZ2Vhv40T8J-5PGXnJMSi6w-PjJhTeDqiuo2XLGqq2aSN&k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=EGO3I7Q26cZ-jBw3BEtzIx7-&k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJKAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mO9vsxJPFgsbbMrBQkg_tKZS1-E8ej8R_r2EypirOkmulH_H_UL40h0Fs242JldvJYS2adr8dot5F0Fbk0
      Source: global trafficHTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA6GInBCZMg4Y2ePMjZcDldxnGlZetZfh4AhjPN04skD9gJKkWvRIJk9lvA1-pdnKzI2kG7oDezPii2Yi6fXgnsGAjnefQYV6fOmz69-eebnbTuJaCuGdG7nwf-epuZcKcGkgqgoUUNjfLed6kSJI_S8mCGOZ2Vhv40T8J-5PGXnJMSi6w-PjJhTeDqiuo2XLGqq2aSN&k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mO9vsxJPFgsbbMrBQkg_tKZS1-E8ej8R_r2EypirOkmulH_H_UL40h0Fs242JldvJYS2adr8dot5F0Fbk0
      Source: global trafficHTTP traffic detected: GET /recaptcha/api2/userverify?k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mO9vsxJPFgsbbMrBQkg_tKZS1-E8ej8R_r2EypirOkmulH_H_UL40h0Fs242JldvJYS2adr8dot5F0Fbk0
      Source: global trafficHTTP traffic detected: GET /?username=fuckyyou@fuckyou.com HTTP/1.1Host: cns.covaelectric.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://cns.covaelectric.com/?username=fuckyyou@fuckyou.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: kCTBnt="MGJiMzYyYjUtN2M3NS00YjJkLWFhMDktNDY1OWY4NDhkODEwOjkyMDlkNzVhLTU1OWEtNDY0MS04ZDI0LTYyYzg3Mzg5NTNmMA=="
      Source: global trafficHTTP traffic detected: GET /recaptcha/api2/clr?k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mO9vsxJPFgsbbMrBQkg_tKZS1-E8ej8R_r2EypirOkmulH_H_UL40h0Fs242JldvJYS2adr8dot5F0Fbk0
      Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/1.1Host: db374075-0bb362b5.covaelectric.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cns.covaelectric.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cns.covaelectric.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/1.1Host: db374075-0bb362b5.covaelectric.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: kCTBnt="MGJiMzYyYjUtN2M3NS00YjJkLWFhMDktNDY1OWY4NDhkODEwOjkyMDlkNzVhLTU1OWEtNDY0MS04ZDI0LTYyYzg3Mzg5NTNmMA=="
      Source: global trafficHTTP traffic detected: GET /?username=fuckyyou@fuckyou.com&sso_reload=true HTTP/1.1Host: cns.covaelectric.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://cns.covaelectric.com/?username=fuckyyou@fuckyou.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: kCTBnt="MGJiMzYyYjUtN2M3NS00YjJkLWFhMDktNDY1OWY4NDhkODEwOjkyMDlkNzVhLTU1OWEtNDY0MS04ZDI0LTYyYzg3Mzg5NTNmMA=="; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cns.covaelectric.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cns.covaelectric.com/?username=fuckyyou@fuckyou.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: kCTBnt="MGJiMzYyYjUtN2M3NS00YjJkLWFhMDktNDY1OWY4NDhkODEwOjkyMDlkNzVhLTU1OWEtNDY0MS04ZDI0LTYyYzg3Mzg5NTNmMA=="; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
      Source: global trafficHTTP traffic detected: GET /0bb362b57c754b2daa094659f848d810/ HTTP/1.1Host: cns.covaelectric.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://cns.covaelectric.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: kCTBnt="MGJiMzYyYjUtN2M3NS00YjJkLWFhMDktNDY1OWY4NDhkODEwOjkyMDlkNzVhLTU1OWEtNDY0MS04ZDI0LTYyYzg3Mzg5NTNmMA=="Sec-WebSocket-Key: xwkN4fDMeq0y4tw75iYaMw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
      Source: global trafficDNS traffic detected: DNS query: jcmasi.com
      Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: cns.covaelectric.com
      Source: global trafficDNS traffic detected: DNS query: db374075-0bb362b5.covaelectric.com
      Source: global trafficDNS traffic detected: DNS query: bef83f37-0bb362b5.covaelectric.com
      Source: unknownHTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1896116270:1741205407:Zey_VrJKUyI5AbLsL7OfrqyyTBSqNkVTFWaklCso7sk/91bc5a382cb8200f/h2Y7pc7lS59KCvpG0bXBQYh7OZS44nEqjssM.sfZBvs-1741206429-1.1.1.1-r9haGuqiyZ0IrBytHZru_4VNI.Jj22LfV2AkK8Y_DMUhcE0IKbTO1FX2ErI1XXpH HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3305sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-Type: text/plain;charset=UTF-8cf-chl: h2Y7pc7lS59KCvpG0bXBQYh7OZS44nEqjssM.sfZBvs-1741206429-1.1.1.1-r9haGuqiyZ0IrBytHZru_4VNI.Jj22LfV2AkK8Y_DMUhcE0IKbTO1FX2ErI1XXpHcf-chl-ra: 0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/nx2h6/0x4AAAAAAA_nNSPDhYW31DJG/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 05 Mar 2025 20:28:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: d0ed5605-6e70-4e08-8baf-5fae9e872f00x-ms-ests-server: 2.1.20139.6 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bef83f37-0bb362b5.covaelectric.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: *access-control-allow-headers: *
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 05 Mar 2025 20:28:58 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: c8cdbb51-7e3d-4900-9bb2-336217d93300x-ms-ests-server: 2.1.20203.5 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bef83f37-0bb362b5.covaelectric.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: *access-control-allow-headers: *
      Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
      Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
      Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
      Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
      Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
      Source: classification engineClassification label: mal72.phis.win@22/28@26/192
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1772,i,3486654463866698697,6723300841478514283,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jcmasi.com/jc/s/cn"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1772,i,3486654463866698697,6723300841478514283,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
      Browser Extensions      		1
      Process Injection      		3
      Masquerading      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      Registry Run Keys / Startup Folder      		1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Ingress Tool Transfer      		Traffic DuplicationData Destruction

      Screenshots

      Download Video

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      https://jcmasi.com/jc/s/cn0%Avira URL Cloudsafe

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/nx2h6/0x4AAAAAAA_nNSPDhYW31DJG/auto/fbE/new/normal/auto/0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91bc5a382cb8200f&lang=auto0%Avira URL Cloudsafe
      https://jcmasi.com/favicon.ico0%Avira URL Cloudsafe
      https://cns.covaelectric.com/?username=fuckyyou@fuckyou.com0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/91bc5a382cb8200f/1741206434345/HBMW71chDwjVeUL0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/91bc5a382cb8200f/1741206434343/c805745e45ae79b76d0e649a30e4fa2b95e305593f0870565f8c8b9de2d4a26e/9PoXie9jGAXWDtG0%Avira URL Cloudsafe
      https://jcmasi.com/wp-includes/images/w-logo-blue-white-bg.png0%Avira URL Cloudsafe
      https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK&co=aHR0cHM6Ly9jbnMuY292YWVsZWN0cmljLmNvbTo0NDM.&hl=en&v=EGO3I7Q26cZ-jBw3BEtzIx7-&size=normal&cb=6d1bpusxaa1c0%Avira URL Cloudsafe
      https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=EGO3I7Q26cZ-jBw3BEtzIx7-0%Avira URL Cloudsafe
      https://www.google.com/recaptcha/api2/reload?k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK0%Avira URL Cloudsafe
      https://www.google.com/recaptcha/api2/payload?p=06AFcWeA6GInBCZMg4Y2ePMjZcDldxnGlZetZfh4AhjPN04skD9gJKkWvRIJk9lvA1-pdnKzI2kG7oDezPii2Yi6fXgnsGAjnefQYV6fOmz69-eebnbTuJaCuGdG7nwf-epuZcKcGkgqgoUUNjfLed6kSJI_S8mCGOZ2Vhv40T8J-5PGXnJMSi6w-PjJhTeDqiuo2XLGqq2aSN&k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK0%Avira URL Cloudsafe
      https://www.google.com/recaptcha/api2/bframe?hl=en&v=EGO3I7Q26cZ-jBw3BEtzIx7-&k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK0%Avira URL Cloudsafe
      https://www.google.com/recaptcha/api2/clr?k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK0%Avira URL Cloudsafe
      https://cns.covaelectric.com/?0%Avira URL Cloudsafe
      https://www.google.com/recaptcha/api2/userverify?k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK0%Avira URL Cloudsafe
      https://db374075-0bb362b5.covaelectric.com/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js0%Avira URL Cloudsafe
      https://cns.covaelectric.com/0bb362b57c754b2daa094659f848d810/0%Avira URL Cloudsafe
      https://cns.covaelectric.com/favicon.ico0%Avira URL Cloudsafe
      https://cns.covaelectric.com/?username=fuckyyou@fuckyou.com&sso_reload=true0%Avira URL Cloudsafe
      https://cns.covaelectric.com/common/instrumentation/reportbssotelemetry?hpgid=6&hpgact=2101&client-request-id=ebb634b9-622d-46c2-b1d3-418f1e6a1886&hpgrequestid=8352c8ba-df6a-410c-a0fb-c0fa958c13000%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      cns.covaelectric.com
      		164.92.191.209
      		truetrue
        		unknown
        jcmasi.com
        		68.66.248.7
        		truetrue
          		unknown
          bef83f37-0bb362b5.covaelectric.com
          		164.92.191.209
          		truetrue
            		unknown
            challenges.cloudflare.com
            		104.18.95.41
            		truefalse
              		high
              www.google.com
              		172.217.18.4
              		truefalse
                		high
                db374075-0bb362b5.covaelectric.com
                		164.92.191.209
                		truetrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91bc5a382cb8200f&lang=autofalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://jcmasi.com/wp-includes/images/w-logo-blue-white-bg.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://cns.covaelectric.com/?true
                  • Avira URL Cloud: safe
                  		unknown
                  https://challenges.cloudflare.com/turnstile/v0/api.jsfalse
                    		high
                    https://jcmasi.com/jc/s/cntrue
                      		unknown
                      https://cns.covaelectric.com/0bb362b57c754b2daa094659f848d810/true
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK&co=aHR0cHM6Ly9jbnMuY292YWVsZWN0cmljLmNvbTo0NDM.&hl=en&v=EGO3I7Q26cZ-jBw3BEtzIx7-&size=normal&cb=6d1bpusxaa1cfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=EGO3I7Q26cZ-jBw3BEtzIx7-false
                      • Avira URL Cloud: safe
                      		unknown
                      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/nx2h6/0x4AAAAAAA_nNSPDhYW31DJG/auto/fbE/new/normal/auto/false
                      • Avira URL Cloud: safe
                      		unknown
                      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/91bc5a382cb8200f/1741206434345/HBMW71chDwjVeULfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.google.com/recaptcha/api2/reload?k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJKfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.google.com/recaptcha/api.jsfalse
                        		high
                        https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.jsfalse
                          		high
                          https://www.google.com/recaptcha/api2/bframe?hl=en&v=EGO3I7Q26cZ-jBw3BEtzIx7-&k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJKfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/recaptcha/api2/userverify?k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJKfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://cns.covaelectric.com/?username=fuckyyou@fuckyou.com&sso_reload=truetrue
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/recaptcha/api2/payload?p=06AFcWeA6GInBCZMg4Y2ePMjZcDldxnGlZetZfh4AhjPN04skD9gJKkWvRIJk9lvA1-pdnKzI2kG7oDezPii2Yi6fXgnsGAjnefQYV6fOmz69-eebnbTuJaCuGdG7nwf-epuZcKcGkgqgoUUNjfLed6kSJI_S8mCGOZ2Vhv40T8J-5PGXnJMSi6w-PjJhTeDqiuo2XLGqq2aSN&k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJKfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1false
                            		high
                            https://cns.covaelectric.com/favicon.icotrue
                            • Avira URL Cloud: safe
                            		unknown
                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/91bc5a382cb8200f/1741206434343/c805745e45ae79b76d0e649a30e4fa2b95e305593f0870565f8c8b9de2d4a26e/9PoXie9jGAXWDtGfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://jcmasi.com/favicon.icofalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://cns.covaelectric.com/common/instrumentation/reportbssotelemetry?hpgid=6&hpgact=2101&client-request-id=ebb634b9-622d-46c2-b1d3-418f1e6a1886&hpgrequestid=8352c8ba-df6a-410c-a0fb-c0fa958c1300true
                            • Avira URL Cloud: safe
                            		unknown
                            https://db374075-0bb362b5.covaelectric.com/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.jstrue
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.google.com/recaptcha/api2/clr?k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJKfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://cns.covaelectric.com/?username=fuckyyou@fuckyou.comtrue
                            • Avira URL Cloud: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            142.250.186.67
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            1.1.1.1
                            		unknownAustralia
                            		13335CLOUDFLARENETUSfalse
                            172.217.18.4
                            		www.google.comUnited States
                            		15169GOOGLEUSfalse
                            104.18.94.41
                            		unknownUnited States
                            		13335CLOUDFLARENETUSfalse
                            216.58.206.67
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            74.125.71.84
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.250.185.110
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            104.18.95.41
                            		challenges.cloudflare.comUnited States
                            		13335CLOUDFLARENETUSfalse
                            142.250.185.106
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            216.58.206.35
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            164.92.191.209
                            		cns.covaelectric.comUnited States
                            		46930ASN-DPSDUStrue
                            142.250.181.227
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            239.255.255.250
                            		unknownReserved
                            		unknownunknownfalse
                            142.250.181.228
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.250.186.131
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.250.186.132
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            172.217.16.196
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            68.66.248.7
                            		jcmasi.comUnited States
                            		55293A2HOSTINGUStrue
                            172.217.16.131
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.250.184.202
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            172.217.16.142
                            		unknownUnited States
                            		15169GOOGLEUSfalse

                            Private

                            IP
                            192.168.2.16

                            General Information

                            Joe Sandbox version:42.0.0 Malachite
                            Analysis ID:1630424
                            Start date and time:2025-03-05 21:26:25 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                            Sample URL:https://jcmasi.com/jc/s/cn
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:13
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • EGA enabled
                            Analysis Mode:stream
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal72.phis.win@22/28@26/192
                            • Exclude process from analysis (whitelisted): svchost.exe
                            • Excluded IPs from analysis (whitelisted): 172.217.16.131, 142.250.185.110, 74.125.71.84, 172.217.18.14
                            • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • VT rate limit hit for: https://jcmasi.com/jc/s/cn

                            Created / dropped Files

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Mar 5 19:26:59 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2673
                            Entropy (8bit):3.986840974942619
                            Encrypted:false
                            SSDEEP:
                            MD5:993CBB7E85DBE28CB44561ECB070207E
                            SHA1:4DEA42BC1CAE4F996A07CC741C0FD66D0DCDBE73
                            SHA-256:DB3547B14A8DDDD493D73B52AF734BE4AB83E06198916C641B6C07EF4203BA9F
                            SHA-512:497B6DF0466FD158547E7FC54D0AB2BD0FB6FEFD2D73296E44B06FA6B561AD9C7656453B216563FD367E03E5989103232870913ADFB17F9361205407060E7987
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,....;.^.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IeZS.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeZ].....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VeZ].....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VeZ]............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VeZ`............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Mar 5 19:26:59 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2675
                            Entropy (8bit):4.0030209887563775
                            Encrypted:false
                            SSDEEP:
                            MD5:6C08CF5D556DEFF4FBAB21A74AF39599
                            SHA1:B1DB02CA988C9D5A5340DDE7BE511B650051A7A1
                            SHA-256:2E0E49E4D19C23ECB59A2EE1BC69CC40AF30BC0C1768EF8FB9C32182F2986302
                            SHA-512:6A6EE17F83A203F290FC8B92F8C78786D527C36B4A923B545EC0A971EFCDB8D45CACA97916129C7A62EB861EE3B9A2A2BD1FF6EB11358AC8F2ED5F1229591C3D
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,......T.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IeZS.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeZ].....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VeZ].....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VeZ]............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VeZ`............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2689
                            Entropy (8bit):4.009966492533512
                            Encrypted:false
                            SSDEEP:
                            MD5:5002E17099E31A9AE7181FBF4D0C1527
                            SHA1:59B6D7DC88C243125356D45AE1A4CADD7A7D509F
                            SHA-256:07554C91B8E7E82B7F1D9633A3BA4E7F3E8359B887BCD8D7F230FD568527D78E
                            SHA-512:9C68134B3E1343ED02EC521B94DE81A5F8B31AF58C77E9E60A8732A58A7A59EA2266EAEC868F7759CFCD66D08937972882E309F7A75568497EF79F2AD4EA677B
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IeZS.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeZ].....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VeZ].....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VeZ]............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Mar 5 19:26:59 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2677
                            Entropy (8bit):3.998961854468816
                            Encrypted:false
                            SSDEEP:
                            MD5:8AB5C89285465B2EEF255BA116650F59
                            SHA1:5856042C7430CC955E4BDC254AEC323E3D7467C2
                            SHA-256:F072FB7B53003719EFB51C8E8592A10768238E91A571EEFFC7BA29EF849C70D6
                            SHA-512:95908729338F5BCA787A577C547F2371E915140950992EC23ABF414A3695DEDAB015A9BB733DEEA4752F0F091EA80DBA0231BACD6F9A06192FA43C01E8191E5E
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,....\.N.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IeZS.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeZ].....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VeZ].....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VeZ]............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VeZ`............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Mar 5 19:26:59 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2677
                            Entropy (8bit):3.9894061936370004
                            Encrypted:false
                            SSDEEP:
                            MD5:E38B763D14133FC522A03AAA8D5A9C18
                            SHA1:A45B7BF45909F6445AD3BE3A1E0F71DC0C90ED7F
                            SHA-256:E4F59BE00C1C1D60D0E51C0FD0B591E0D4957C17E22BAF33613F64CA69CF01E9
                            SHA-512:07057B44E1D0AC09634496E3ADEE17935DE544FD05C39E48CB9F685810F71C0A201E4CE91CAAFDFA0F22736A059B6C77506B6B00A714F5A12AA25D4B06980BAA
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,....).Y.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IeZS.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeZ].....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VeZ].....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VeZ]............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VeZ`............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Mar 5 19:26:59 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2679
                            Entropy (8bit):3.9991271386731366
                            Encrypted:false
                            SSDEEP:
                            MD5:AE908B0B0E2B6193422D58EB2BDC581C
                            SHA1:DFC64FF46E2DE49F1FFA3943492A0CB3E1314A5E
                            SHA-256:078B29854D8CE6F989468A30FE83C2A0EE91C0F76B71AADF34A5B0D814B15980
                            SHA-512:6F7ADB51C6ECADA14A160A1FED4A6DD147069BE9DFB8EBED5348984098A8A49BBE8DA3AF735C9EBBABE53436FD061FDECB953B8B4ECDC99E8A71DBD38E9C64CC
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,......C.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IeZS.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VeZ].....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VeZ].....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VeZ]............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VeZ`............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            Chrome Cache Entry: 103

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with no line terminators
                            Category:downloaded
                            Size (bytes):16
                            Entropy (8bit):3.75
                            Encrypted:false
                            SSDEEP:
                            MD5:AFB69DF47958EB78B4E941270772BD6A
                            SHA1:D9FE9A625E906FF25C1F165E7872B1D9C731E78E
                            SHA-256:874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
                            SHA-512:FD92B98859FFCCFD12AD57830887259F03C7396DA6569C0629B64604CD964E0DF15D695F1A770D2E7F8DF238140F0E6DA7E7D176B54E31C3BB75DDE9B9127C45
                            Malicious:false
                            Reputation:unknown
                            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmcVjKYTCHAYxIFDVNaR8U=?alt=proto
                            Preview:CgkKBw1TWkfFGgA=

                            Chrome Cache Entry: 104

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                            Category:downloaded
                            Size (bytes):13098
                            Entropy (8bit):7.9662320028475095
                            Encrypted:false
                            SSDEEP:
                            MD5:7544C38CB6668D3E19ACE8189F70176B
                            SHA1:F40E056D36FC320AA5042EA18A8B7ACB763AAF68
                            SHA-256:9D760244CFF138C1B28B592766F9D28505E39085822FA656BA6E3FC9B7524E77
                            SHA-512:042BB73BC7A79B9C3C688EED8740D59632C721289947CD23C17221916C9C0E0E6F1A23F8923449A2AD46BFA16B955E76943D4460DEC20F1A8D5089019278C0FC
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.gstatic.com/recaptcha/api2/canonical_bridge.png
                            Preview:.PNG........IHDR...d...d...........2.IDATx.....C.uE..F.f...03....1..U.q......G.._D`..Aa..<b0..0o.j.-.....c...w7Cb...F.h>.>.0n..s.U..P..}...9........s.S.j.s<.b...gZ..T1.+...lP?...*.........^R...@.~.....GU.T.....@y.u:.*...V...G.R.-J}._}.....Q.(TU.^.TD.?...ee.*?B.A`.M.......S...#>~."U......{.TO.m.f.X........*Tw...o...+W............x.Cz..$..._)....+T......^..i.....{QU.R....S .NWQ"..Uu.~xR.\.*.;.....BuT......#.%..`.3..SVE..^^DK../~/..Q)V.".E..S.(UET.UUW.=.x..P.....E....;.JE........[Q...u.Ue2.z..o.~......U...T...(..T...B)..(..J....@.QU....J.BU.(I..*..S.R.x..o.A..;..T.PU."*.`.R.*)R.....UQW.*..*|.......R.H..R;.....{a.....x..z....j......w....O.P.._vo.J.....;.J...L........5.*l_.*.Q.'.U.b`....G....n.\ L.\..9.&jc....K>6Tm*.......*..@UJ.....R... U.TT.......*.V.u.U).R..Z...'XUX.J)=.J.RVC.=._..?HKU......EA.WjHYM-.+J..Q..g#.v..:E.;..t+....JI@.j...+.].h...../..[.1.b..Km.6....4 ..D...e..*..P.Y.^.m.B9..IVf..?.=.33s...]..13.....Z.B.v.j..JU..R.|W.@.....

                            Chrome Cache Entry: 107

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, from Unix, original size modulo 2^32 142540
                            Category:dropped
                            Size (bytes):49984
                            Entropy (8bit):7.995600536023676
                            Encrypted:true
                            SSDEEP:
                            MD5:6C191E13AA305C03F56793B6ACEC0285
                            SHA1:E4BC54977D839A6FB644583372EBFE159DD641EA
                            SHA-256:664B4E3CEADBF0A56FCD69E6C39AA8A94B0488E6D3A134874520C7F387299F45
                            SHA-512:803BBA75D092D8502D30890E82B54267E338A7A8C6A34892C501CE2A36FF84C573F99D6770D74A22F1D2946851E81FC886BBDCD340C2A32CF1B1CAB9D78A398D
                            Malicious:false
                            Reputation:unknown
                            Preview:...........m[.8.0........OL....;w.....a.L...\N.......h.r~........=........,..JU.......T~.l..?..y..2.X9.|xvP9...TN.......?.....qe.OE.~Gn,.J.T....0......r..#.V&Qx_I.De....q.W.~.@......*T.y.S7J.*..f...P....Pz.......a.E..<.m./A,*...Q.....U..q...$.Db,...H<...'....J,..$..;nG.2DHYkL../......=.pB....A?.&...i,......2lo...$.<.s...?~p[......L..&x.qR.u3...6q:....U.Y1.."... .>Un#7@.........."H,@.......?..P....p6.S.[...E].A..G.....q..j4w6......YwI2....[?........S..........o.n......z.?..'...\...gWN.#hN. .w.@}.T....P.....P(...(.,.....U.W6.&.`.....Y=W.j.oaT}p.J`E..$..k....;.k.\^w.w~}*.....jf....5.!....0y........@.L.e..@.......2.^_..g..../..........@.....*]+.*..2.v\.cR....1t.3W-5....$U.j.d....:.M...X......]&.f$.y.T..4.L.w...I.o'..^kZ2.~^,:...B..@...+{.Mx.:k.,m.Q.B.......j....}.2b.KkE.G.a..5......E ...X9..~....uV6....ek.=.<.ADUF!0/."gc...T.&!*q.9L...y:..&`>.....v....6aT\.U.S.q"+!.......Xi.@D2......y0.R.....Vb..)Y!.(..'.iZ.....-waZ^8.v...9......V$.)....{{....@....<%J

                            Chrome Cache Entry: 108

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                            Category:downloaded
                            Size (bytes):530
                            Entropy (8bit):7.2576396280117494
                            Encrypted:false
                            SSDEEP:
                            MD5:88E0F42C9FA4F94AA8BCD54D1685C180
                            SHA1:5AD9D47A49B82718BAA3BE88550A0B3350270C42
                            SHA-256:89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
                            SHA-512:FAFF842E9FF4CC838EC3C724E95EEE6D36B2F8C768DC23E48669E28FC5C19AA24B1B34CF1DBCBE877B3537D6A325B4C35AF440C2B6D58F6A77A04A208D9296F8
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.gstatic.com/recaptcha/api2/audio_2x.png
                            Preview:.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX...JBA.....E-R... (#..-*$.}.%.Kt.A..Dx.I...AF.Q.4.......-.6..?.m:.,.......Q..D.L..e4..2.D..8)j4:......&>.s......p?......9.o5>.][H.}...&L.%.xh{~K.J|.b..N..HMp....f.}dd..S..4%...$dK..!..Z..NNs.W&g..Fn....p...w..Ut...E\.e.......6......M.F...X.L......em.....R#'..%....j$/..-......@.l."..M.|....OtW.H.,.-.~W`Z.s8..W...B...C-.8"H....6......9...A..aO.1`.M..A..eA.{...-...U.,.W........IEND.B`.

                            Chrome Cache Entry: 109

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text, with very long lines (663)
                            Category:downloaded
                            Size (bytes):558808
                            Entropy (8bit):5.68706025962721
                            Encrypted:false
                            SSDEEP:
                            MD5:D45286B720CD1D4A234FC6C650228C3D
                            SHA1:F26E63C8A85EC2D865AAF9AB82D5F0757154F2B6
                            SHA-256:C3EC2D5DC7790C6A7657AE02C6F491140D87D327D15103F76E7D489685E63FBB
                            SHA-512:D47889A62DE23E80CBE711C8AFD2D05938852D9980AB415253BB3D73DBC2428AA80557B6722B6E7051C99CE2F9E92ADEBF2BDBCDC05CD111E30ECA4615EA61C7
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.gstatic.com/recaptcha/releases/EGO3I7Q26cZ-jBw3BEtzIx7-/recaptcha__en.js
                            Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT.*/.var p=function(){return[function(Y,C,l,Z,E,q,v,x,g,e,w,R){if((Y<<(w=[43,9,3],1)&7)==2)a:{for(E=Z.split((q=l,".")),v=jB;q<E.length;q++)if(v=v[E[q]],v==C){R=C;break a}R=v}return(((Y-w[1]&w[2])==2&&(x=Z.Ee,E=E===void 0?0:E,e=x[Ab]|C,v=A[8](88,l,e,q,x),g=M[33](19,l,v),g!=l&&g!==v&&U[37](1,g,x,q,e),R=g!=l?g:E),Y)&59)==Y&&(v=A[16](39,this),q=F[w[0]](w[1],this),C=F[w[0]](w[1],this),l=F[w[0]](8,this),Z=F[w[0]](12,this),E=M[36](w[0],M[36](42,q,C)+C,C),this.VS[v]=function(t){return t+(E=M[36](41,l*E+Z,C),E)}),.R},function(Y,C,l,Z,E,q,v){if((Y<<1&((Y&((q=[61,21,11],Y-6^q[2])<Y&&(Y-8^23)>=Y&&(C=['"><div class="',"rc-doscaptch

                            Chrome Cache Entry: 111

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (48238)
                            Category:dropped
                            Size (bytes):48239
                            Entropy (8bit):5.343270713163753
                            Encrypted:false
                            SSDEEP:
                            MD5:184E29DE57C67BC329C650F294847C16
                            SHA1:961208535893142386BA3EFE1444B4F8A90282C3
                            SHA-256:DD03BA1DD6D73643A8ED55F4CEBC059D673046975D106D26D245326178C2EB9D
                            SHA-512:AF3D62053148D139837CA895457BEEF7620AA52614B9A08FD0D5BEF8163F4C3B9E8D7B2A74D29079DB3DACC51D98AE4A5DC19C788928E5A854D7803EBB9DED9C
                            Malicious:false
                            Reputation:unknown
                            Preview:"use strict";(function(){function Ht(e,t,a,o,c,l,v){try{var h=e[l](v),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function qt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);function v(s){Ht(l,o,c,v,h,"next",s)}function h(s){Ht(l,o,c,v,h,"throw",s)}v(void 0)})}}function V(e,t){return t!=null&&typeof Symbol!="undefined"&&t[Symbol.hasInstance]?!!t[Symbol.hasInstance](e):V(e,t)}function De(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function Ve(e){for(var t=1;t<arguments.length;t++){var a=arguments[t]!=null?arguments[t]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){De(e,c,a[c])})}return e}function Ir(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                            Chrome Cache Entry: 112

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                            Category:downloaded
                            Size (bytes):600
                            Entropy (8bit):7.391634169810707
                            Encrypted:false
                            SSDEEP:
                            MD5:0F2A4639B8A4CB30C76E8333C00D30A6
                            SHA1:57E273A270BB864970D747C74B3F0A7C8E515B13
                            SHA-256:44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
                            SHA-512:3EA72C7E8702D2E9D94B0FAA6FA095A33AB8BC6EC2891F8B3165CE29A9CCF2114FAEF424FA03FD4B9D06785326284C1BB2087CE05E249CCAC65418361BFA7C51
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.gstatic.com/recaptcha/api2/refresh_2x.png
                            Preview:.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..M+.Q.....&/....&......6...|.I..).o.I.X..#.@.bb.D.'5....m...=..y........{....<.P..;.H......f...3l...M.I...j2.....3..1x..S......9..<m...E.'F'.. ...M.j...C..c.5.-..F..3H./F!.."V.e.i.}.Y....../.rw...@...].rp...`CQo(.....J...u.".!E...$.^$...k....b...*.@.^.;.u5.*.......H/Q{..$..'..........w...r.+xS.uR..J.......GD.O./.. G7..l...J.t.3.S...N.7...e..s.-Jlj)..5E....E.;8w4.k..=.li.G...1.c....p,T6;....1.oW.%.2,..Z..a...*m.s}T1F....Hr.1......<x0.....-.i......IEND.B`.

                            Chrome Cache Entry: 113

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
                            Category:downloaded
                            Size (bytes):15552
                            Entropy (8bit):7.983966851275127
                            Encrypted:false
                            SSDEEP:
                            MD5:285467176F7FE6BB6A9C6873B3DAD2CC
                            SHA1:EA04E4FF5142DDD69307C183DEF721A160E0A64E
                            SHA-256:5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
                            SHA-512:5F9BB763406EA8CE978EC675BD51A0263E9547021EA71188DBD62F0212EB00C1421B750D3B94550B50425BEBFF5F881C41299F6A33BBFA12FB1FF18C12BC7FF1
                            Malicious:false
                            Reputation:unknown
                            URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
                            Preview:wOF2......<...........<Z.........................d..z..J.`..L.\..<.....<.....^...x.6.$..6. .... ..S..}%.......|....x..[j.E...d..-A...]=sjf$X.o.5......V....i?}.\...;...V......5..mO=,[.B..d'..=..M...q...8..U'..N..G...[..8....Jp..xP...'.?....}.-.1F.C.....%z..#...Q...~.~..3.............r.Xk..v.*.7t.+bw...f..b...q.W..'E.....O..a..HI.....Y.B..i.K.0.:.d.E.Lw....Q..~.6.}B...bT.F.,<./....Qu....|...H....Fk.*-..H..p4.$......{.2.....".T'..........Va.6+.9uv....RW..U$8...p...........H5...B..N..V...{.1....5}p.q6..T...U.P.N...U...!.w..?..mI..8q.}.... >.Z.K.....tq..}.><Ok..w.. ..v....W...{....o...."+#+,..vdt...p.WKK:.p1...3`. 3.......Q.].V.$}.......:.S..bb!I...c.of.2uq.n.MaJ..Cf.......w.$.9C...sj.=...=.Z7...h.w M.D..A.t.....]..GVpL...U(.+.)m..e)..H.}i.o.L...S.r..m..Ko....i..M..J..84.=............S..@......Z.V.E..b...0.....@h>...."$.?....../..?.....?.J.a,..|..d...|`.m5..b..LWc...L...?.G.].i...Q..1.:..LJV.J...bU.2.:\.kt.......t.....k....B..i.z+...........A.....

                            Chrome Cache Entry: 115

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 34 x 85, 8-bit/color RGB, non-interlaced
                            Category:dropped
                            Size (bytes):61
                            Entropy (8bit):4.035372245524405
                            Encrypted:false
                            SSDEEP:
                            MD5:FE1908D3B81B75369FAFA430313D6C91
                            SHA1:AB4BEB87B21C496F96822E74DC7BFC988E7607CE
                            SHA-256:2C921B65FFF5517767D24CEB61186E84819A57980357B8249DC5B26D78DA204A
                            SHA-512:58D1C8733467E5999720F485460F818C9D7E39BC98426169CB1BA6DCEB47A1D10D25D6FDE725904DDBEB21AC835A2F42406DCD5D2A670BBE48F19154BA918D2D
                            Malicious:false
                            Reputation:unknown
                            Preview:.PNG........IHDR..."...U.............IDAT.....$.....IEND.B`.

                            Chrome Cache Entry: 81

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with no line terminators
                            Category:downloaded
                            Size (bytes):102
                            Entropy (8bit):4.887598199955295
                            Encrypted:false
                            SSDEEP:
                            MD5:1F01AF3B844DF0C0C064DD24ACB447D5
                            SHA1:93AABD7E2186CDD997B79CD04BAD2773DE7D4235
                            SHA-256:2A17444AC5E573828C100120643C9EB6A1A17910049467DAA79BA39719594EDB
                            SHA-512:4C9E00AA4E1AA229A97ABED2E306034CE5E86285D7870B7DF16D4BF25874C1CC05789050490D353EACD901D875A6D021DFD59CC00F9A6F84996ECCF600D9FFE8
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=EGO3I7Q26cZ-jBw3BEtzIx7-
                            Preview:importScripts('https://www.gstatic.com/recaptcha/releases/EGO3I7Q26cZ-jBw3BEtzIx7-/recaptcha__en.js');

                            Chrome Cache Entry: 82

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3
                            Category:downloaded
                            Size (bytes):29154
                            Entropy (8bit):7.972475787918253
                            Encrypted:false
                            SSDEEP:
                            MD5:4640C6BDE1DBD8D8A38C021F901BABF3
                            SHA1:0CC74DA0F5EEB01FA02F884E71DEA1A20EAD0575
                            SHA-256:B06A884BC2D0F9EAE4339547E7CCD411C5FB28BDFAC87007874214D22EE2431E
                            SHA-512:529F1A41E2597A5C842AF4A88AA348DF6F7CF7084C8F7369FCDEFCB5677CCE0DB9579EA09B55590AA568ABDDE169EE16A273C88722B45F88F96BC3C0ABE7CBC2
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.google.com/recaptcha/api2/payload?p=06AFcWeA6GInBCZMg4Y2ePMjZcDldxnGlZetZfh4AhjPN04skD9gJKkWvRIJk9lvA1-pdnKzI2kG7oDezPii2Yi6fXgnsGAjnefQYV6fOmz69-eebnbTuJaCuGdG7nwf-epuZcKcGkgqgoUUNjfLed6kSJI_S8mCGOZ2Vhv40T8J-5PGXnJMSi6w-PjJhTeDqiuo2XLGqq2aSN&k=6LdOauoqAAAAABVxOR0uaryp33qM7FbAsehxyzJK
                            Preview:......JFIF.............C..............................................!........."$".$.......C.......................................................................,.,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....*9..(.p\t...S..dj...6...D .*..0...g..+.%\x..^....%..Q......{...zv.R..%...Kg.X.D..L.,.........f...F..QKyf...i...2..>e...s.w.C..S..K.X...._a$..@..(.....T.!.e.hs...r:..J....w.FXmC.....!.._Z.k..LWW6VQ..(.U}.s....)F.+.6h.u{5.w#..[.*...gn6n.....b....g`.}.ZD;.# w......%..q..2....8..._l`.Y/w.../>..%8.r..8..}x.\qvn..m..".)w|....HO(...z...*D..x.M..&*.. ..Br.#...

                            Chrome Cache Entry: 84

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                            Category:downloaded
                            Size (bytes):2228
                            Entropy (8bit):7.82817506159911
                            Encrypted:false
                            SSDEEP:
                            MD5:EF9941290C50CD3866E2BA6B793F010D
                            SHA1:4736508C795667DCEA21F8D864233031223B7832
                            SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                            SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.gstatic.com/recaptcha/api2/logo_48.png
                            Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                            Chrome Cache Entry: 87

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Web Open Font Format (Version 2), TrueType, length 15340, version 1.0
                            Category:downloaded
                            Size (bytes):15340
                            Entropy (8bit):7.983406336508752
                            Encrypted:false
                            SSDEEP:
                            MD5:19B7A0ADFDD4F808B53AF7E2CE2AD4E5
                            SHA1:81D5D4C7B5035AD10CCE63CF7100295E0C51FDDA
                            SHA-256:C912A9CE0C3122D4B2B29AD26BFE06B0390D1A5BDAA5D6128692C0BEFD1DFBBD
                            SHA-512:49DA16000687AC81FC4CA9E9112BDCA850BB9F32E0AF2FE751ABC57A8E9C3382451B50998CEB9DE56FC4196F1DC7EF46BBA47933FC47EB4538124870B7630036
                            Malicious:false
                            Reputation:unknown
                            URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
                            Preview:wOF2......;........d..;..........................d..z..J.`..L.Z..<.....\..`..^...x.6.$..6. ..|. ..8..z%......Q.{..q...FF.kd .8.(..d..).!C...Y.JA...r. ..GH8F......nW...".2&....2<..+C...p...b..SC.......J......z.-..Q..#6&1zUe../\...l.....<.....9s...E~.]B-..B.wY..o......Q..*A.F..1j.......-.`P% .. ,..@1.0..~.....WWW.d.u<c{..^.R.+..w....&.........A......+C....(.N.....0.~..0.J.;.Nu..7....]..m.H.....[h.GL3....?)....c.H...2.3.}y........SXI|..iVN'%E.D.W....r..<`....i....6;E$.....U.$j.@...._.......R2....WS...k.vz.R.'a9!^..*.N....h.._.....c.%."..S.2.16B...o.2}.pmU[.|.LI....2.....OWQLO1-....s..8.(...".|6...6R.. ..M-.zO.}w)..v..mXxX...c..3*#.+.v....F`.Z;.zQ.......r,....Yo.....g.h....+.....O.3Y..)Y.8.!....elX......._.3.}k~u.{ C..H.z..FP........@...d..)T.R...L.H.J.j.@..............$...E......y...3.b...I.h u.+%.HA.\..9..8..X.!....gx...].:..V..C...._..X..!....6..)...GM:E.....O.Z.*}k.;.T.k..D.k.O..D5.r..."......?..T.Q.A...CF...3g.5.Dn<.QPy..G..1.9..Q..0..

                            Chrome Cache Entry: 88

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
                            Category:dropped
                            Size (bytes):4119
                            Entropy (8bit):7.949120703870044
                            Encrypted:false
                            SSDEEP:
                            MD5:000BF649CC8F6BF27CFB04D1BCDCD3C7
                            SHA1:D73D2F6D74EC6CDCBAE07955592962E77D8AE814
                            SHA-256:6BDB369337AC2496761C6F063BFFEA0AA6A91D4662279C399071A468251F51F0
                            SHA-512:73D2EA5FFC572C1AE73F37F8F0FF25E945AFEE8E077B6EE42CE969E575CDC2D8444F90848EA1CB4D1C9EE4BD725AEE2B4576AFC25F17D7295A90E1CBFE6EDFD5
                            Malicious:false
                            Reputation:unknown
                            Preview:.PNG........IHDR...P...P............IDATx..].xU...[..V..*).Kk...V.k..J]jKEl?...t...!.{.,...E........@....F.%.....B...N.y..w.....I{.o...;.s..3...WH......./.zBp.o,XW.......#Z.f...|mvD..9..F........y..o....1^.743l.......v..#.c.E&.e..hU1.{..........._cZ..We.v.....f.w....(..6|.Y.. I:x..-.&.......D........<.6.6.l....T..)...|....#..$g...VN.......!'/6.w..B.h.}....EV.......k.7" f.}.G.~#..M..+....G....iB......]..?+......'.j.GB..P%......\........../..%...&.8E...".........44.J...1.........S...........d.j..]ni%._..9.{.O?.H..6T.|A.GC..g...U.oDEt,?.0....~....q=.y.~.9.Z......c...v.._....$.0.2...F.9a.L..)..l...2...w...I..&....Vg......H.I..r......./....z.`..+...Z.^U.=..5aBpb..0< ../>.9.c....".I..0.3N,}}....|]Fb...Q.......W.....OQ..y;.....|.37..}.....(c.....X..`xX).;......<5S....>.9..G.:..=..0^.......l_<G......H....C.O.*.....Hk{..{....]Nc..B.8..}%>..w....Z...).....\..>....c..2...&..0'.DZJ.'~{Y....I....?........fR.a......;.<..lRG..n.....Q......Nf.6.

                            Chrome Cache Entry: 89

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (65536), with no line terminators
                            Category:downloaded
                            Size (bytes):78627
                            Entropy (8bit):6.021140023424978
                            Encrypted:false
                            SSDEEP:
                            MD5:7752B3CF328FD16C188F7D072DCECD53
                            SHA1:42FA93B2ECF55E8FAB3AA9B753518373DD00A9E7
                            SHA-256:ECCA1DC726F50200230C28D5AB42E622A203E5ED457A8ECF63C1F1D2FDC34C6B
                            SHA-512:40083646054F49E56DC7F669C1F363E951CCC5D983FD0EFEF61F055A51A8C9C4F6CADA7D7AD9BE1A470C251914AFA4CECEB48D3B6F00E2DF0C66BEB033256ED5
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.gstatic.com/recaptcha/releases/EGO3I7Q26cZ-jBw3BEtzIx7-/styles__ltr.css
                            Preview:.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.recaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom}.recaptcha-checkbox-border{-webkit-border-radius:2px;-moz-border-radius:2px;border-radius:2px;background-color:#fff;border:2px solid #444746;font-size:1px;height:24px;position:absolute;width:24px;z-index:1}.recaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAAIGNIUk0AAHomAACAhAAA+gAAAIDoAAB1MAAA6mAAADqYAAAXcJy6UTwAAAAGYktHRAD/AP8A/6C9p5MAAHq9SURBVHja7Z15fFTl9f/fd9ZM9n1PgCyEXSSRNYKCgAuiIipuVSuudavV1tq6W/WrtnWrrZbWDZUqUqUoCoIEQhBI2JesELKvM9mTWe7c3x83d5xAlkky8fv92ft5vfKC19znOWfuZ571POc5B1SoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKHifwGCRqsTNFrdj6VPq9XqtNofT9+wvutQyEyad8t9IaPPntFUd

                            Chrome Cache Entry: 90

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
                            Category:downloaded
                            Size (bytes):15344
                            Entropy (8bit):7.984625225844861
                            Encrypted:false
                            SSDEEP:
                            MD5:5D4AEB4E5F5EF754E307D7FFAEF688BD
                            SHA1:06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
                            SHA-256:3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
                            SHA-512:7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
                            Malicious:false
                            Reputation:unknown
                            URL:https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
                            Preview:wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h|.l....A....b6........(......@e.]...*:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#*e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.*UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...*$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf*.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed.*.'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

                            Chrome Cache Entry: 91

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text, with very long lines (64865), with CRLF line terminators
                            Category:downloaded
                            Size (bytes):344588
                            Entropy (8bit):6.03406244024624
                            Encrypted:false
                            SSDEEP:
                            MD5:78259C173F4636CAFCC02C552DEC641E
                            SHA1:958B6F0A17360974F7210F92110DC00B21B077C8
                            SHA-256:F3BF5F0AF79C13646A23934BD3AEF18F7E7F0F6650519A6D0A69DBB2A3099E4E
                            SHA-512:EDEF1F2C56182E019A60E1EE8148C902F88A77287995790B796BFF21F1F4FB72DEF80E688E76B5BF2979C5A3CCFE95AA37155B1CC2214944D43027140AA6AE52
                            Malicious:false
                            Reputation:unknown
                            URL:https://jcmasi.com/jc/s/cn
                            Preview:..<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>.. <title>***Turnstile***</title>.. <style>.. body {.. font-family: "Segoe UI", "Segoe UI Web (West European)", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif;.. background-color: #f4f4f4;.. margin: 0;.. display: flex;.. justify-content: center;.. align-items: center;.. height: 100vh;.. color: #333;.. background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABioAAALkCAYAAACRC231AAAgAElEQVR4Xuy9S8ttzbImdNa3T/0WL4ggNgQbNuzYsWPHI0qBKIJYIGhDBBvasKEdQbCj5aVU1EIoCrRQERVRwQIvUKKoICL+Dc/e25kZ8UQ8T2RkjjHnu9ba33rXfPf+1hwjR17iHpER4/Llr/t7//zv/+jw92Vcm//kQTnNy6Prl7g6x9GZz7A2Sp864ATc6VqDVYdot7a17fEwFL9YD+9mx972Ksw+

                            Chrome Cache Entry: 93

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (1475), with no line terminators
                            Category:downloaded
                            Size (bytes):1475
                            Entropy (8bit):5.789220866944941
                            Encrypted:false
                            SSDEEP:
                            MD5:313861AF09DE3A0988B4985FC6A4CD8C
                            SHA1:7595C98A19C985DDF3570549D2A95F693A8A8CA7
                            SHA-256:CF412F0F86E1E228CAFDB73B227424F302A5212BB7271D75CB28B2B99B62062C
                            SHA-512:8E73C0AB968AE2E38EFFDF6BCCBD9053B00F896318F03796384BC99552E278BD3597E22FB0962BDC814B7315D97A9FD04F9497C8AF0C140B9E6CCFBA2D3B8FFE
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.google.com/recaptcha/api.js
                            Preview:/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']||[]).push('onload');(cfg['clr']=cfg['clr']||[]).push('true');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true; po.charset='utf-8';var v=w.navigator,m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A/kargTFyk8MR5ueravczef/wIlTkbVk1qXQesp39nV+xNECPdLBVeYffxrM8TmZT6RArWGQVCJ0LRivD7glcAUAAACQeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZzIiLCJleHBpcnkiOjE3NDIzNDIzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9';if(v&&v.cookieDeprecationLabel){v.cookieDeprecationLabel.getValue().then(function(l){if(l!=='treatment_1.1'&&l!=='treatment_1

                            Chrome Cache Entry: 94

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                            Category:dropped
                            Size (bytes):665
                            Entropy (8bit):7.42832670119013
                            Encrypted:false
                            SSDEEP:
                            MD5:07BF314AAB04047B9E9A959EE6F63DA3
                            SHA1:17BEF6602672E2FD9956381E01356245144003E5
                            SHA-256:55EAF62CB05DA20088DC12B39D7D254D046CB1FD61DDF3AE641F1439EFD0A5EE
                            SHA-512:2A1D4EBC7FBA6951881FD1DDA745480B504E14E3ADAC3B27EC5CF4045DE14FF030D45DDA99DC056285C7980446BA0FC37F489B7534BE46107B21BD43CEE87BA0
                            Malicious:false
                            Reputation:unknown
                            Preview:.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..W..DA.=.6O...H.,E.............b.....C.1...1..EbLPI.W......H..s.z5.:..._.d.0.u.......j.x.R..._.v..R...1..ir..`.yn..R..j.h./y..l......(`..5....l.E..0......B^......F.....F....Y|p..._,p.............(3^.r.P.O......;<....z.,..yF....N..x.MS...Q.C%......D8G.+......oOk...)T..}|..e...G.....'.R..G.Z.T}7(...&..@...G....$PGYv...A.c.]d....N..'.4b...R.%..)2Yd..b.M..^@.M....^.:h.N(dP*t..RQ%.o...{.vGH..S._".@./...g.....]...?..h..E.,r.m.%."."W.6G..t...->....q\.Kc.t"^......Kj~{l..C..).y..><@|yB....=c.............!...<....IEND.B`.

                            Chrome Cache Entry: 95

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with no line terminators
                            Category:downloaded
                            Size (bytes):16
                            Entropy (8bit):3.625
                            Encrypted:false
                            SSDEEP:
                            MD5:68EE0CA88151319684A1D3BC3CA51A20
                            SHA1:CEC912822CF758360BEA2E2FA621705FAB337235
                            SHA-256:79D73E2873A429B272AA7393AF7127CD85C97C1149BFC776EECFD00F71057E34
                            SHA-512:44C05732875E6FBE3BDCE245F4B9A7782F846820618A87089505BB69CF673E83136FC7C65742E8EC72797A3395C193691A1721A06ED376AA454ECD4718234406
                            Malicious:false
                            Reputation:unknown
                            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAntBF_qVOLlqRIFDSZ2RuY=?alt=proto
                            Preview:CgkKBw0mdkbmGgA=

                            Chrome Cache Entry: 98

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                            Category:downloaded
                            Size (bytes):61
                            Entropy (8bit):3.990210155325004
                            Encrypted:false
                            SSDEEP:
                            MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                            SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                            SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                            SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                            Malicious:false
                            Reputation:unknown
                            URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1
                            Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                            Chrome Cache Entry: 99

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (1475), with no line terminators
                            Category:dropped
                            Size (bytes):1475
                            Entropy (8bit):5.759762807020156
                            Encrypted:false
                            SSDEEP:
                            MD5:6E1E2925D654A4EAA70394A45CA2FC59
                            SHA1:47DE8EF0FB9C3B557633F892154336FCD02C4DF4
                            SHA-256:F223FE6ED8F764C7D076FADA7828F9CDE23654EF6F87F4D5FFAFEC6413F5F30D
                            SHA-512:5CA7F953E6B5D9F82F0FD1088428B791F7804B5CF73F936AB39751B297BAE335BF634CC9333490E318C339FA70E7FA65AC69D42E0FEF1771810A87EE722C94D1
                            Malicious:false
                            Reputation:unknown
                            Preview:/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']||[]).push('onload');(cfg['clr']=cfg['clr']||[]).push('true');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true; po.charset='utf-8';var v=w.navigator,m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A/kargTFyk8MR5ueravczef/wIlTkbVk1qXQesp39nV+xNECPdLBVeYffxrM8TmZT6RArWGQVCJ0LRivD7glcAUAAACQeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZzIiLCJleHBpcnkiOjE3NDIzNDIzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9';if(v&&v.cookieDeprecationLabel){v.cookieDeprecationLabel.getValue().then(function(l){if(l!=='treatment_1.1'&&l!=='treatment_1

                            Static File Info

                            No static file info