Edit tour

Windows Analysis Report
https://teqaloki.site/gasnasalk/hagshaisn/xxx/ZXdlbi5jYWlybnNAZm9zdGVyLWdhbWtvLmNvbQ==

Overview

General Information

Sample URL:https://teqaloki.site/gasnasalk/hagshaisn/xxx/ZXdlbi5jYWlybnNAZm9zdGVyLWdhbWtvLmNvbQ==
Analysis ID:1647225
Infos:

Detection

HTMLPhisher, Mamba2FA
Score:76
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Suricata IDS alerts for network traffic
Yara detected HtmlPhish10
Yara detected Mamba 2FA PaaS
AI detected suspicious Javascript
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden javascript code
HTML title does not match URL
Invalid 'forgot password' link found
Invalid T&C link found
Suricata IDS alerts with low severity for network traffic

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w11x64_office
  • chrome.exe (PID: 6516 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
    • chrome.exe (PID: 6736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1888,i,3824071751807653076,17082837227517660433,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2204 /prefetch:11 MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
  • chrome.exe (PID: 5672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://teqaloki.site/gasnasalk/hagshaisn/xxx/ZXdlbi5jYWlybnNAZm9zdGVyLWdhbWtvLmNvbQ==" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
  • cleanup
SourceRuleDescriptionAuthorStrings
1.1.pages.csvJoeSecurity_Mamba2FAYara detected Mamba 2FA PaaSJoe Security
    1.1.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
      1.2.pages.csvJoeSecurity_Mamba2FAYara detected Mamba 2FA PaaSJoe Security
        1.2.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
          No Sigma rule has matched
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-24T16:15:37.078095+010020566432Possible Social Engineering Attempted192.168.2.2460855172.67.73.238443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-24T16:15:36.099398+010020573331Successful Credential Theft Detected192.168.2.2460850172.67.73.238443TCP

          Click to jump to signature section

          Show All Signature Results

          Phishing

          barindex
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comJoe Sandbox AI: Score: 7 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'www.applezein.net' does not match the legitimate domain for Microsoft., The domain 'applezein.net' does not have any known association with Microsoft., The URL contains 'apple', which is more commonly associated with the brand 'Apple', not Microsoft., The presence of a different brand name in the URL is a strong indicator of phishing. DOM: 1.2.pages.csv
          Source: Yara matchFile source: 1.1.pages.csv, type: HTML
          Source: Yara matchFile source: 1.2.pages.csv, type: HTML
          Source: Yara matchFile source: 1.1.pages.csv, type: HTML
          Source: Yara matchFile source: 1.2.pages.csv, type: HTML
          Source: 1.0..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyY... The script uses the 'Function' constructor to execute dynamically generated code, which is a high-risk indicator of potential malicious behavior. This allows for the execution of arbitrary JavaScript, which could lead to data exfiltration, system compromise, or other harmful actions.
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: Number of links: 0
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: <input type="password" .../> found but no <form action="...
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: Base64 decoded: https://portion.icu
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: Title: Authenticating ... does not match URL
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: Invalid link: Forgot password?
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: Invalid link: Terms of use
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: Invalid link: Privacy & cookies
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: Invalid link: Terms of use
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: Invalid link: Privacy & cookies
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: <input type="password" .../> found
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: No favicon
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: No favicon
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: No <meta name="author".. found
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: No <meta name="author".. found
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: No <meta name="copyright".. found
          Source: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comHTTP Parser: No <meta name="copyright".. found
          Source: unknownHTTPS traffic detected: 192.185.13.169:443 -> 192.168.2.24:60847 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 192.185.13.169:443 -> 192.168.2.24:60848 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.73.238:443 -> 192.168.2.24:60850 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.73.238:443 -> 192.168.2.24:60851 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.16.80.73:443 -> 192.168.2.24:60854 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.73.238:443 -> 192.168.2.24:60855 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.73.238:443 -> 192.168.2.24:60856 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 142.250.80.100:443 -> 192.168.2.24:60862 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.24:60861 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.33.44.236:443 -> 192.168.2.24:60865 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 3.168.73.40:443 -> 192.168.2.24:60867 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.24:60866 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.24:60876 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.24:60885 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.26.6.182:443 -> 192.168.2.24:60887 version: TLS 1.2
          Source: chrome.exeMemory has grown: Private usage: 6MB later: 35MB

          Networking

          barindex
          Source: Network trafficSuricata IDS: 2057333 - Severity 1 - ET PHISHING MAMBA Credential Phish Landing Page 2024-11-08 : 192.168.2.24:60850 -> 172.67.73.238:443
          Source: Network trafficSuricata IDS: 2056643 - Severity 2 - ET PHISHING Javascript Browser Fingerprinting POST Request : 192.168.2.24:60855 -> 172.67.73.238:443
          Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
          Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
          Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
          Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
          Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
          Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
          Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
          Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
          Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
          Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
          Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
          Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
          Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
          Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
          Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
          Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
          Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
          Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
          Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
          Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
          Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
          Source: unknownTCP traffic detected without corresponding DNS query: 23.44.136.163
          Source: unknownTCP traffic detected without corresponding DNS query: 23.44.136.163
          Source: unknownTCP traffic detected without corresponding DNS query: 23.44.136.163
          Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
          Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
          Source: unknownTCP traffic detected without corresponding DNS query: 23.44.136.163
          Source: global trafficHTTP traffic detected: GET /gasnasalk/hagshaisn/xxx/ZXdlbi5jYWlybnNAZm9zdGVyLWdhbWtvLmNvbQ== HTTP/1.1Host: teqaloki.siteConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: teqaloki.siteConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://teqaloki.site/gasnasalk/hagshaisn/xxx/ZXdlbi5jYWlybnNAZm9zdGVyLWdhbWtvLmNvbQ==Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.com HTTP/1.1Host: www.applezein.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://teqaloki.site/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /files/images/Logo.png HTTP/1.1Host: www.applezein.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1Host: static.cloudflareinsights.comConnection: keep-aliveOrigin: https://www.applezein.netsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.applezein.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /w3css/4/w3.css HTTP/1.1Host: www.w3schools.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://www.applezein.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /4.7.5/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-aliveOrigin: https://www.applezein.netsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.applezein.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /ajax/libs/font-awesome/6.1.1/css/all.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://www.applezein.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.applezein.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.applezein.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2024/12/cropped-iappzein-32x32.png HTTP/1.1Host: www.applezein.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2024/12/cropped-iappzein-32x32.png HTTP/1.1Host: www.applezein.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
          Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
          Source: global trafficHTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
          Source: global trafficDNS traffic detected: DNS query: teqaloki.site
          Source: global trafficDNS traffic detected: DNS query: www.applezein.net
          Source: global trafficDNS traffic detected: DNS query: static.cloudflareinsights.com
          Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
          Source: global trafficDNS traffic detected: DNS query: www.google.com
          Source: global trafficDNS traffic detected: DNS query: cdn.socket.io
          Source: global trafficDNS traffic detected: DNS query: www.w3schools.com
          Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
          Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
          Source: unknownHTTP traffic detected: POST /o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.com HTTP/1.1Host: www.applezein.netConnection: keep-aliveContent-Length: 146822Cache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Origin: https://www.applezein.netContent-Type: application/x-www-form-urlencodedUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _cid=d95c966f62061971954c42732f5c2038
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Mar 2025 15:15:35 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Sat, 01 Oct 2022 14:59:10 GMTAccept-Ranges: bytesContent-Length: 11816Vary: Accept-EncodingContent-Type: text/html
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Mar 2025 15:15:36 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: max-age=3600, must-revalidatelink: <https://www.applezein.net/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RMdKpImWWFR8P5q%2Fldw2GdWi1gNDk8d8jgCRvzxSEJL2fr%2FhitM6VL3jrr7F%2Bsd6q79i4a4oNky9V%2BGKoyxArQKmUW9APjmgiXGEWIxeEpcP3NnUmjp7OlOIz%2BxugF19yJK%2Fvw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 92571ff72bb8efa7-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=107882&min_rtt=102779&rtt_var=27017&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1288&delivery_rate=36224&cwnd=235&unsent_bytes=0&cid=dc501a9c5e50f555&ts=1411&x=0"
          Source: unknownNetwork traffic detected: HTTP traffic on port 60848 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60850 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60818
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60817
          Source: unknownNetwork traffic detected: HTTP traffic on port 60821 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60831 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60854 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60851
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60895
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60850
          Source: unknownNetwork traffic detected: HTTP traffic on port 60863 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60867 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60856
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60855
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60854
          Source: unknownNetwork traffic detected: HTTP traffic on port 60886 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60849 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60851 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60855 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60818 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60876 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60862
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60861
          Source: unknownNetwork traffic detected: HTTP traffic on port 60862 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60903
          Source: unknownNetwork traffic detected: HTTP traffic on port 60866 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60869
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60867
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60866
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60865
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60821
          Source: unknownNetwork traffic detected: HTTP traffic on port 60887 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60863
          Source: unknownNetwork traffic detected: HTTP traffic on port 60817 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60856 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60861 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60832 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60903 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60833
          Source: unknownNetwork traffic detected: HTTP traffic on port 60865 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60876
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60832
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60831
          Source: unknownNetwork traffic detected: HTTP traffic on port 60869 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60847 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60849
          Source: unknownNetwork traffic detected: HTTP traffic on port 60895 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60833 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60848
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60847
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60887
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60886
          Source: unknownNetwork traffic detected: HTTP traffic on port 60885 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60885
          Source: unknownHTTPS traffic detected: 192.185.13.169:443 -> 192.168.2.24:60847 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 192.185.13.169:443 -> 192.168.2.24:60848 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.73.238:443 -> 192.168.2.24:60850 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.73.238:443 -> 192.168.2.24:60851 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.16.80.73:443 -> 192.168.2.24:60854 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.73.238:443 -> 192.168.2.24:60855 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.73.238:443 -> 192.168.2.24:60856 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 142.250.80.100:443 -> 192.168.2.24:60862 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.24:60861 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.33.44.236:443 -> 192.168.2.24:60865 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 3.168.73.40:443 -> 192.168.2.24:60867 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.24:60866 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.24:60876 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.24:60885 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.26.6.182:443 -> 192.168.2.24:60887 version: TLS 1.2
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6516_764590356
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6516_764590356
          Source: classification engineClassification label: mal76.phis.win@23/14@22/282
          Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1888,i,3824071751807653076,17082837227517660433,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2204 /prefetch:11
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1888,i,3824071751807653076,17082837227517660433,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2204 /prefetch:11
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://teqaloki.site/gasnasalk/hagshaisn/xxx/ZXdlbi5jYWlybnNAZm9zdGVyLWdhbWtvLmNvbQ=="
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: Window RecorderWindow detected: More than 3 window changes detected
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          Browser Extensions
          1
          Process Injection
          1
          Masquerading
          OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
          Encrypted Channel
          Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          Extra Window Memory Injection
          1
          Process Injection
          LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
          Non-Application Layer Protocol
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
          File Deletion
          Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
          Application Layer Protocol
          Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Extra Window Memory Injection
          NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
          Ingress Tool Transfer
          Traffic DuplicationData Destruction

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          https://teqaloki.site/gasnasalk/hagshaisn/xxx/ZXdlbi5jYWlybnNAZm9zdGVyLWdhbWtvLmNvbQ==0%Avira URL Cloudsafe
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          SourceDetectionScannerLabelLink
          https://www.applezein.net/favicon.ico0%Avira URL Cloudsafe
          https://teqaloki.site/favicon.ico0%Avira URL Cloudsafe
          https://a.nel.cloudflare.com/report/v4?s=RMdKpImWWFR8P5q%2Fldw2GdWi1gNDk8d8jgCRvzxSEJL2fr%2FhitM6VL3jrr7F%2Bsd6q79i4a4oNky9V%2BGKoyxArQKmUW9APjmgiXGEWIxeEpcP3NnUmjp7OlOIz%2BxugF19yJK%2Fvw%3D%3D0%Avira URL Cloudsafe
          https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css0%Avira URL Cloudsafe
          https://www.applezein.net/wp-content/uploads/2024/12/cropped-iappzein-32x32.png0%Avira URL Cloudsafe
          https://www.applezein.net/cdn-cgi/rum?0%Avira URL Cloudsafe
          https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg0%Avira URL Cloudsafe
          https://www.applezein.net/files/images/Logo.png0%Avira URL Cloudsafe
          NameIPActiveMaliciousAntivirus DetectionReputation
          s-part-0012.t-0009.t-msedge.net
          13.107.246.40
          truefalse
            high
            teqaloki.site
            192.185.13.169
            truefalse
              unknown
              a.nel.cloudflare.com
              35.190.80.1
              truefalse
                high
                e329293.dscd.akamaiedge.net
                23.209.72.31
                truefalse
                  high
                  static.cloudflareinsights.com
                  104.16.80.73
                  truefalse
                    high
                    d2vgu95hoyrpkh.cloudfront.net
                    3.168.73.40
                    truefalse
                      high
                      cdnjs.cloudflare.com
                      104.17.25.14
                      truefalse
                        high
                        www.applezein.net
                        172.67.73.238
                        truetrue
                          unknown
                          www.google.com
                          142.250.80.100
                          truefalse
                            high
                            a1400.dscb.akamai.net
                            23.33.44.236
                            truefalse
                              high
                              aadcdn.msftauth.net
                              unknown
                              unknownfalse
                                high
                                www.w3schools.com
                                unknown
                                unknownfalse
                                  high
                                  cdn.socket.io
                                  unknown
                                  unknownfalse
                                    high
                                    NameMaliciousAntivirus DetectionReputation
                                    https://teqaloki.site/gasnasalk/hagshaisn/xxx/ZXdlbi5jYWlybnNAZm9zdGVyLWdhbWtvLmNvbQ==false
                                      unknown
                                      https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015false
                                        high
                                        https://www.applezein.net/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9FZHZkR0k9JnVpZD1VU0VSMjAwMjIwMjVVMzUwMjIwMjk=N0123Newen.cairns@foster-gamko.comtrue
                                          unknown
                                          https://a.nel.cloudflare.com/report/v4?s=RMdKpImWWFR8P5q%2Fldw2GdWi1gNDk8d8jgCRvzxSEJL2fr%2FhitM6VL3jrr7F%2Bsd6q79i4a4oNky9V%2BGKoyxArQKmUW9APjmgiXGEWIxeEpcP3NnUmjp7OlOIz%2BxugF19yJK%2Fvw%3D%3Dfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://www.applezein.net/cdn-cgi/rum?true
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.cssfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://www.applezein.net/files/images/Logo.pngtrue
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svgfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://www.w3schools.com/w3css/4/w3.cssfalse
                                            high
                                            https://www.applezein.net/wp-content/uploads/2024/12/cropped-iappzein-32x32.pngtrue
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://www.applezein.net/favicon.icotrue
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://teqaloki.site/favicon.icofalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://cdn.socket.io/4.7.5/socket.io.min.jsfalse
                                              high
                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs
                                              IPDomainCountryFlagASNASN NameMalicious
                                              13.107.246.40
                                              s-part-0012.t-0009.t-msedge.netUnited States
                                              8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              142.250.65.163
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              142.251.32.99
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              142.250.217.138
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              3.168.73.40
                                              d2vgu95hoyrpkh.cloudfront.netUnited States
                                              16509AMAZON-02USfalse
                                              104.16.80.73
                                              static.cloudflareinsights.comUnited States
                                              13335CLOUDFLARENETUSfalse
                                              104.26.6.182
                                              unknownUnited States
                                              13335CLOUDFLARENETUSfalse
                                              142.250.80.3
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              35.190.80.1
                                              a.nel.cloudflare.comUnited States
                                              15169GOOGLEUSfalse
                                              23.209.72.31
                                              e329293.dscd.akamaiedge.netUnited States
                                              20940AKAMAI-ASN1EUfalse
                                              23.209.72.9
                                              unknownUnited States
                                              20940AKAMAI-ASN1EUfalse
                                              1.1.1.1
                                              unknownAustralia
                                              13335CLOUDFLARENETUSfalse
                                              142.251.35.170
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              142.250.65.174
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              142.250.80.100
                                              www.google.comUnited States
                                              15169GOOGLEUSfalse
                                              142.250.65.195
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              142.251.40.142
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              23.33.44.236
                                              a1400.dscb.akamai.netUnited States
                                              20940AKAMAI-ASN1EUfalse
                                              172.67.73.238
                                              www.applezein.netUnited States
                                              13335CLOUDFLARENETUStrue
                                              172.217.165.142
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              192.185.13.169
                                              teqaloki.siteUnited States
                                              46606UNIFIEDLAYER-AS-1USfalse
                                              142.250.176.195
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              104.17.25.14
                                              cdnjs.cloudflare.comUnited States
                                              13335CLOUDFLARENETUSfalse
                                              172.253.115.84
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              IP
                                              192.168.2.24
                                              Joe Sandbox version:42.0.0 Malachite
                                              Analysis ID:1647225
                                              Start date and time:2025-03-24 16:14:00 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                              Sample URL:https://teqaloki.site/gasnasalk/hagshaisn/xxx/ZXdlbi5jYWlybnNAZm9zdGVyLWdhbWtvLmNvbQ==
                                              Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                                              Run name:Potential for more IOCs and behavior
                                              Number of analysed new started processes analysed:12
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • EGA enabled
                                              Analysis Mode:stream
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal76.phis.win@23/14@22/282
                                              • Exclude process from analysis (whitelisted): svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 172.64.149.23, 104.18.38.233
                                              • Excluded domains from analysis (whitelisted): crt.comodoca.com.cdn.cloudflare.net, crt.comodoca.com
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                              • VT rate limit hit for: https://teqaloki.site/gasnasalk/hagshaisn/xxx/ZXdlbi5jYWlybnNAZm9zdGVyLWdhbWtvLmNvbQ==
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
                                              Category:dropped
                                              Size (bytes):199
                                              Entropy (8bit):6.766983163126765
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:21B761F2B1FD37F587D7222023B09276
                                              SHA1:F7A416C8907424F9A9644753E3A93D4D63AE640E
                                              SHA-256:72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
                                              SHA-512:77745F60804D421B34DE26F8A216CEE27C440E469FD786A642757CCEDBC4875D5196431897D80137BD3E20B01104BA76DEC7D8E75771D8A9B5F14B66F2A9B7C0
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:..........u....0.._%2k.8?....w..k..!.M.."b5<.M.bD..c..l.:..}...@.8p.sn.j...%".B...J..6...c..^..?...2d...R..w.<%..}..}s..ir0/.......:8).(.......^u...0..U..I.F....{]...[-......~..F.P_.....G.....
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text, with very long lines (358)
                                              Category:downloaded
                                              Size (bytes):11816
                                              Entropy (8bit):5.037139572888145
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:A8063BD37D3C8FB3176A6BF140558A4D
                                              SHA1:E32CF4B407DB3D3773DED13FF64B70FDBAD7735F
                                              SHA-256:BCCB23D41C2CC69CF0C7D22C4314CA8181A513C6999B73E45307792830F4E482
                                              SHA-512:82D749F6B17B21587FB345CA196A2AA83ECA80AD66ED9C1AB88B36709BED14175D53AFEFE9ACC0DAFC4FAD78FFB8DF155193A6829BC857AD6D68B1C84AF7B854
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://teqaloki.site/favicon.ico
                                              Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">.<head profile="http://gmpg.org/xfn/11">. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <title>404 - PAGE NOT FOUND</title>...... Add Slide Outs -->.....<script src="http://code.jquery.com/jquery-3.3.1.min.js"></script> .....<script src="/cgi-sys/js/simple-expand.min.js"></script>. . <style type="text/css">. body{padding:0;margin:0;font-family:helvetica;}. #container{margin:20px auto;width:868px;}. #container #top404{background-image:url('/cgi-sys/images/404top_w.jpg');background-repeat:no-repeat;width:868px;height:168px;}. #container #mid404{background-image:url('/cgi-sys/images/404mid.gif');background-repeat:repeat-y;width:868px;}. #container #mid404 #gatorbottom{position:relative;left:39px;float:left;}. #
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
                                              Category:dropped
                                              Size (bytes):276
                                              Entropy (8bit):7.316609873335077
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:4E3510919D29D18EEB6E3E8B2687D2F5
                                              SHA1:31522A9EC576A462C3F1FFA65C010D4EB77E9A85
                                              SHA-256:1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
                                              SHA-512:DFAD29E3CF9E51D1749961B47382A5151B1F3C98DEABF2B63742EB6B7F7743EE9B605D646A730CF3E087D4F07E43107C8A01FF5F68020C7BF933EBA370175682
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....*e.......J).*8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:dropped
                                              Size (bytes):1636
                                              Entropy (8bit):4.214613323368661
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:F7AB697E65B83CE9870A4736085DEEEC
                                              SHA1:5FF40BFF26B523FBBEAA5228A2AAC63E44AFAA90
                                              SHA-256:CBB3706E65B35A43BDCFEBD23B5479DC0542CA7E23197869B683D12B524472FE
                                              SHA-512:158874143CE65485348813431BB585227772F315234E08158A329DF98319AA5F1DB21DEF2AD7CAA5C25AD11660E7D4E05158CFA1198913A33B1B91676C4CA402
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M38,14H10V34H38V14m2,22H8V12H40V36M17.688,18.8V28.828H15.531V21.234a3.2,3.2,0,0,1-.672.43l-.266.117a2.55,2.55,0,0,1-.562.188,2.423,2.423,0,0,1-.3.07q-.141.023-.281.055V20.266q.422-.125.813-.281t.766-.344a8.253,8.253,0,0,0,1.344-.844h1.313m4.531,8.234h4.156v1.8H19.859v-.75a3.292,3.292,0,0,1,.25-1.344,4.183,4.183,0,0,1,.625-1.078,5.7,5.7,0,0,1,.844-.828q.219-.187.438-.352t.422-.32q.453-.312.766-.578a2.593,2.593,0,0,0,.3-.281l.25-.281a3.148,3.148,0,0,0,.328-.562,1.59,1.59,0,0,0,.109-.609,1.176,1.176,0,0,0-.359-.937,1.552,1.552,0,0,0-1.078-.328,3.625,3.625,0,0,0-2.422,1V19.688a4.866,4.866,0,0,1,1.359-.625,5.548,5.548,0,0,1,1.516-.2,4.456,4.456,0,0,1,1.344.188,2.461,2.461,0,0,1,1,.563,2.242,2.242,0,0,1,.625.875,3.007,3.007,0,0,1,.219,1.156,3.538,3.538,0,0,1-.055.641,3.7,3.7,0,0,1-.148.563,3.439,3.439,0,0,1-.562.953,7.2,7.2,0,0,1-.8.8q-.21
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                              Category:dropped
                                              Size (bytes):2228
                                              Entropy (8bit):7.82817506159911
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:EF9941290C50CD3866E2BA6B793F010D
                                              SHA1:4736508C795667DCEA21F8D864233031223B7832
                                              SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                                              SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                              Category:downloaded
                                              Size (bytes):1435
                                              Entropy (8bit):7.8613342322590265
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:9F368BC4580FED907775F31C6B26D6CF
                                              SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                              SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                              SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
                                              Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (49854)
                                              Category:downloaded
                                              Size (bytes):49993
                                              Entropy (8bit):5.216475744251136
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:777EB8FD4F8320B6E5CC9A7159BDEC6A
                                              SHA1:6B4032E88D0040182089FE3BEFDECEE9346E8921
                                              SHA-256:73EBA16BC895FDFA454E27ECB80DEF31EDE8D861F99E175FF93B110EABEC044F
                                              SHA-512:D75B7C43EBD8F49942AEBF8FBDE64A4D826AF27ECED3D6395FFA64FDA31DDEF26E812BEEE313AE9C6114CDA003A8BDC8F1C64A13FA41C3009F5F30E4449876B1
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://cdn.socket.io/4.7.5/socket.io.min.js
                                              Preview:/*!. * Socket.IO v4.7.5. * (c) 2014-2024 Guillermo Rauch. * Released under the MIT License.. */.!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).io=t()}(this,(function(){"use strict";function e(t){return e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e(t)}function t(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function n(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,(i=r.key,o=void 0,"symbol"==typeof(o=function(e,t){if("object"!=typeof e||null===e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,t||"default");if("object"!=typeof r)return r;th
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (65317)
                                              Category:downloaded
                                              Size (bytes):100782
                                              Entropy (8bit):4.782445110770722
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:6386FB409D4A2ABC96EEE7BE8F6D4CC4
                                              SHA1:09102CFC60EFB430A25EE97CEE9A6A35DF6DFC59
                                              SHA-256:0DF5A33710E433DE1F5415B1D47E4130CA7466AEE5B81955F1045C4844BBB3ED
                                              SHA-512:29F91FC180EC2E4225C10A7A2C59E5F3335D2C6C6EF58000D50BF020D92CE0F85C125412BEA73254B2C3F5A3215DDD77B908E85ED10A368B0E59A66A5E07A5D2
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css
                                              Preview:/*!. * Font Awesome Free 6.1.1 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2022 Fonticons, Inc.. */..fa{font-family:var(--fa-style-family,"Font Awesome 6 Free");font-weight:var(--fa-style,900)}.fa,.fa-brands,.fa-duotone,.fa-light,.fa-regular,.fa-solid,.fa-thin,.fab,.fad,.fal,.far,.fas,.fat{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:var(--fa-display,inline-block);font-style:normal;font-variant:normal;line-height:1;text-rendering:auto}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-2xs{font-size:.625em;line-height:.1em;vertical-align:.225em}.fa-xs{font-size:.75em;line-height:.08333em;vertical-align:.125em}.fa-sm{font-size:.875em;line-height:.07143em;vertical-align:.05357em
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                              Category:downloaded
                                              Size (bytes):1128
                                              Entropy (8bit):7.782331353222871
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:4AB4BCFB3DE18932AD234C0B56416B23
                                              SHA1:DBE8676CD4C0D1730936DF33BB802E6A26A0BCAF
                                              SHA-256:07553C42C08088339ABDD7A35518EFCFA923E6989125E435536CD6422090ABD7
                                              SHA-512:83374954D09FD63690DCD1F369BE5D0D5C040D620A87B0AC9AFF5769BFFBF70C47D343A39FB6722FA45133720264AF681F0BA130DE088EB5819C423124451AE2
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://www.applezein.net/wp-content/uploads/2024/12/cropped-iappzein-32x32.png
                                              Preview:.PNG........IHDR... ... .....szz..../IDATX...o[u..?.wm'qm....u....Q..R..<$F... ......!1....V.......J....H.*B"}.v..._.vr.....H...~...=....+.....UD^...q .4...{...@AUg.oU.k.l6.Q..........A./".ST.`..U.~..l.^U..l..A...H...?...Z}OU....H..3..>kp..F...U.jj.>...;.xID.6.Y....O.W....O.....2@...e..F.S-..~...A........y..C.M4X..c.)lV.\..jEf..s....O.8......T.\./..4.G.....n..<.l.._..7.{$....Ckk+.x.#f....l!...dr.....Zo.Ti.F....u]..,.L.....&.d...0...T*...`..k"..L.F.......,.|.TI......MD.T*..J...8...^.g..,...............x.]qU.,..\...y.zzz......+.i.@D...P*.BU.{......{.....D.....9..9:;;...I>..m.....5^.LKK..L..3}gH.R....................,//.L&....H..q.....^..p..Px........../..8.".H.~....8>..n..y8.l.[.c=..>.....A.nL.`hh.@ .....+e.. .......B....P...D(8.....\..:..r...*]/.t.r..E.k......X<.....eA.qx..a..<..:....B......_~....+..e.....f...<}..vG^D..t2.?D:....T- .....X,F:.frr.Ri.s!..r.%@9y.........J%D.P(D2.F8.bzz..xM.b..Y.Iz......J.L$..|...%2.....T..]..u.;....=..;...q......t.....s..
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Unicode text, UTF-8 (with BOM) text
                                              Category:downloaded
                                              Size (bytes):23427
                                              Entropy (8bit):5.112735417225198
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:BA0537E9574725096AF97C27D7E54F76
                                              SHA1:BD46B47D74D344F435B5805114559D45979762D5
                                              SHA-256:4A7611BC677873A0F87FE21727BC3A2A43F57A5DED3B10CE33A0F371A2E6030F
                                              SHA-512:FC43F1A6B95E1CE005A8EFCDB0D38DF8CC12189BEAC18099FD97C278D254D5DA4C24556BD06515D9D6CA495DDB630A052AEFC0BB73D6ED15DEBC0FB1E8E208E7
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://www.w3schools.com/w3css/4/w3.css
                                              Preview:./* W3.CSS 4.15 December 2020 by Jan Egil and Borge Refsnes */.html{box-sizing:border-box}*,*:before,*:after{box-sizing:inherit}./* Extract from normalize.css by Nicolas Gallagher and Jonathan Neal git.io/normalize */.html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}.article,aside,details,figcaption,figure,footer,header,main,menu,nav,section{display:block}summary{display:list-item}.audio,canvas,progress,video{display:inline-block}progress{vertical-align:baseline}.audio:not([controls]){display:none;height:0}[hidden],template{display:none}.a{background-color:transparent}a:active,a:hover{outline-width:0}.abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}.b,strong{font-weight:bolder}dfn{font-style:italic}mark{background:#ff0;color:#000}.small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}.sub{bottom:-0.25em}sup{top:-0.5em}figure{margin:1em 40px}img{border-style:none}.code,kbd,p
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
                                              Category:dropped
                                              Size (bytes):673
                                              Entropy (8bit):7.6596900876595075
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:0E176276362B94279A4492511BFCBD98
                                              SHA1:389FE6B51F62254BB98939896B8C89EBEFFE2A02
                                              SHA-256:9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
                                              SHA-512:8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
                                              Category:downloaded
                                              Size (bytes):2407
                                              Entropy (8bit):7.900400471609788
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:9D372E951D45A26EDE2DC8B417AAE4F8
                                              SHA1:84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
                                              SHA-256:4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
                                              SHA-512:78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
                                              Preview:...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx|............|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (19948), with no line terminators
                                              Category:downloaded
                                              Size (bytes):19948
                                              Entropy (8bit):5.261902742187293
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:EC18AF6D41F6F278B6AED3BDABFFA7BC
                                              SHA1:62C9E2CAB76B888829F3C5335E91C320B22329AE
                                              SHA-256:8A18D13015336BC184819A5A768447462202EF3105EC511BF42ED8304A7ED94F
                                              SHA-512:669B0E9A545057ACBDD3B4C8D1D2811EAF4C776F679DA1083E591FF38AE7684467ABACEF5AF3D4AABD9FB7C335692DBCA0DEF63DDAC2CD28D8E14E95680C3511
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
                                              Preview:!function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n||0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]]].join("")}},944:function(e){"use strict";var t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto)||"undefined"!=typeof msCrypto&&"function"==typeof window.msCrypto.getRandomValues&&msCrypto.getRandomValues.bind(msCrypto);if(t){var n=new Uint8Array(16);e.exports=function(){return t(n),n}}else{var r=new Array(16);e.exports=function(){for(var e,t=0;t<16;t++)0==(3&t)&&(e=4294967296*Math.random()),r[t]=e>>>((3&t)<<3)&255;return r}}},508:function(e,t,n){"use strict";var r=n(944),i=n(343);e.exports=function(e,t,n){var o=t&&n||0;"string"==typeof e&&(t="binary"===e?new Array(16):null,e=null);var a=(e=e||{}).random||(e.rng||r)();if(
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):68
                                              Entropy (8bit):4.835131731013994
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:1FF88D7E6CE0EFFEC359C41A6ED77C2F
                                              SHA1:0A7EF1924FB8FC49B70126C75A0E3476688A1E56
                                              SHA-256:842DD742BBF5C87477A45B6D5F9DC0DE51109F24BFEFAC949E6902ED367ABFF2
                                              SHA-512:D974F02AF3F19FD743E957F60794499F343FBDB0ACB6A71A55B13F8E0A237E00C859D3528655BE09294107850D6976B561BF0A32FB7B6DA7E44105E29C1E1E66
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC44ORIuCYyra7pGbq1hEgUNkWGVThIFDTWGVBwSBQ2RYZVOEgUNkWGVTiGH8_7X3TlMUg==?alt=proto
                                              Preview:CjAKCw2RYZVOGgQICRgBCgcNNYZUHBoACgsNkWGVThoECAkYAQoLDZFhlU4aBAgJGAE=
                                              No static file info