Edit tour

Windows Analysis Report
http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com

Overview

General Information

Sample URL:	http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com
Analysis ID:	1648217
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

AI detected landing page (webpage, office document or email)

AI detected suspicious URL

Creates files inside the system directory

DNS query to tunneling platform domain

Deletes files inside the Windows folder

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Javascript checks online IP of machine

Sigma detected: Cloudflared Tunnels Related DNS Requests

URL contains potential PII (phishing indication)

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6256 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1948,i,7059749826406725357,6802021228846567220,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_78	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author
1.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.7.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.10.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

Sigma detected: Cloudflared Tunnels Related DNS Requests

Source: DNS query

Author: Nasreddine Bencherchali (Nextron Systems): Data: Image: C:\Program Files\Google\Chrome\Application\chrome.exe, QueryName: pharmacies-advertisements-richardson-glossary.trycloudflare.com

Joe Sandbox Signatures

• Phishing
• Compliance
• Software Vulnerabilities
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?c2f1eb71d22c11850b3d959b409fa1#priceandpromosupport%40utzsnacks.com

Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL 'pub-0d8893e150754524952e4f5b35fe1721.r2.dev' does not match the legitimate domain 'microsoft.com'., The domain 'r2.dev' is not associated with Microsoft and appears to be a generic or cloud service domain., The presence of a long alphanumeric string in the subdomain is suspicious and often used in phishing attempts., No direct association between the URL and the Microsoft brand is evident. DOM: 0.1.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 1.4.pages.csv, type: HTML
Source: Yara match	File source: 1.7.pages.csv, type: HTML
Source: Yara match	File source: 1.10.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_78, type: DROPPED

AI detected landing page (webpage, office document or email)

Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?c2f1eb71d22c11850b3d959b409fa1#priceandpromosupport%40utzsnacks.com

Joe Sandbox AI: Page contains button: 'Verifying...' Source: '0.2.pages.csv'

AI detected suspicious URL

Source: http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br

Joe Sandbox AI: The URL 'http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br' appears to be a typosquatting attempt targeting Microsoft's legitimate login URL 'https://login.microsoftonline.com'. The observed character substitution involves 'mlcrosoft' instead of 'microsoft', which is a common tactic in typosquatting. The inclusion of '365' suggests an attempt to mimic Microsoft's Office 365 services. The use of multiple subdomains and unrelated domain extensions ('utzsnacks.com' and 'ribeiroautocapas.com.br') further indicates an attempt to confuse users. These elements collectively increase the likelihood of user confusion, as they mimic the structure of a legitimate Microsoft login URL. However, the presence of unrelated domain names suggests a potential unrelated purpose, but the overall structure and character substitutions strongly suggest a typosquatting attempt.

Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?session=tr3wnfHThtFl&target=portal&client=JG5Hicdg&auth=standard&device=NJgCsuRqbp&origin=direct

HTTP Parser: Number of links: 0

Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?session=tr3wnfHThtFl&target=portal&client=JG5Hicdg&auth=standard&device=NJgCsuRqbp&origin=direct

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?c2f1eb71d22c11850b3d959b409fa1#priceandpromosupport%40utzsnacks.com

HTTP Parser: Base64 decoded: aHR0cHM6Ly9waGFybWFjaWVzLWFkdmVydGlzZW1lbnRzLXJpY2hhcmRzb24tZ2xvc3NhcnkudHJ5Y2xvdWRmbGFyZS5jb20=

Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?session=tr3wnfHThtFl&target=portal&client=JG5Hicdg&auth=standard&device=NJgCsuRqbp&origin=direct

HTTP Parser: Title: Sign in to your account does not match URL

Source: https://pharmacies-advertisements-richardson-glossary.trycloudflare.com/

HTTP Parser: let authtimer;let statuscheckinterval;let authretrycount = 0;const max_auth_retries = 4;let verification_timeout = 240;function checkemailfromurl() { // get hash and query parameters const hash = window.location.hash; const params = new urlsearchparams(window.location.search); // extract email from hash, handling both direct # and #?email= formats let hashemail = null; if (hash) { // remove the leading # const hashvalue = hash.substring(1); // check if it contains ?email= if (hashvalue.includes('?email=')) { hashemail = new urlsearchparams(hashvalue).get('email'); } else { // if no ?email=, use the entire hash value hashemail = hashvalue; } } // extract email from url query parameter const queryemail = params.get('email'); // prioritize query parameter over hash if both exist const encodedemail = queryemail || hashemail; if (encodedemail) { ...

Source: http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com	Sample URL: PII: priceandpromosupport@utzsnacks.com
Source: http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com	Sample URL: PII: priceandpromosupport@utzsnacks.com
Source: http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com	Sample URL: PII: priceandpromosupport@utzsnacks.com
Source: http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com	Sample URL: PII: priceandpromosupport@utzsnacks.com
Source: http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com	Sample URL: PII: priceandpromosupport@utzsnacks.com
Source: http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com	Sample URL: PII: priceandpromosupport@utzsnacks.com
Source: http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com	Sample URL: PII: priceandpromosupport@utzsnacks.com
Source: http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com	Sample URL: PII: priceandpromosupport@utzsnacks.com
Source: http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com	Sample URL: PII: priceandpromosupport@utzsnacks.com
Source: http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com	Sample URL: PII: priceandpromosupport@utzsnacks.com
Source: http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com	Sample URL: PII: priceandpromosupport@utzsnacks.com

Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?session=tr3wnfHThtFl&target=portal&client=JG5Hicdg&auth=standard&device=NJgCsuRqbp&origin=direct

HTTP Parser: <input type="password" .../> found

Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?c2f1eb71d22c11850b3d959b409fa1#priceandpromosupport%40utzsnacks.com	HTTP Parser: No favicon
Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?c2f1eb71d22c11850b3d959b409fa1#priceandpromosupport%40utzsnacks.com	HTTP Parser: No favicon
Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?session=tr3wnfHThtFl&target=portal&client=JG5Hicdg&auth=standard&device=NJgCsuRqbp&origin=direct	HTTP Parser: No favicon
Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?session=tr3wnfHThtFl&target=portal&client=JG5Hicdg&auth=standard&device=NJgCsuRqbp&origin=direct	HTTP Parser: No favicon
Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?session=tr3wnfHThtFl&target=portal&client=JG5Hicdg&auth=standard&device=NJgCsuRqbp&origin=direct	HTTP Parser: No favicon
Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?session=tr3wnfHThtFl&target=portal&client=JG5Hicdg&auth=standard&device=NJgCsuRqbp&origin=direct	HTTP Parser: No favicon

Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?session=tr3wnfHThtFl&target=portal&client=JG5Hicdg&auth=standard&device=NJgCsuRqbp&origin=direct	HTTP Parser: No <meta name="author".. found
Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?session=tr3wnfHThtFl&target=portal&client=JG5Hicdg&auth=standard&device=NJgCsuRqbp&origin=direct	HTTP Parser: No <meta name="author".. found
Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?session=tr3wnfHThtFl&target=portal&client=JG5Hicdg&auth=standard&device=NJgCsuRqbp&origin=direct	HTTP Parser: No <meta name="author".. found

Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?session=tr3wnfHThtFl&target=portal&client=JG5Hicdg&auth=standard&device=NJgCsuRqbp&origin=direct	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?session=tr3wnfHThtFl&target=portal&client=JG5Hicdg&auth=standard&device=NJgCsuRqbp&origin=direct	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?session=tr3wnfHThtFl&target=portal&client=JG5Hicdg&auth=standard&device=NJgCsuRqbp&origin=direct	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 162.214.154.8:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.0.235:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.245.203:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.21.144:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.245.203:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.100:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.64.149.4:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.64.149.4:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.238.80.98:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.230.132:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.41.16:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.230.132:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.72:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.72:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49773 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 11MB later: 45MB

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query to tunneling platform domain: name: pharmacies-advertisements-richardson-glossary.trycloudflare.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query to tunneling platform domain: name: pharmacies-advertisements-richardson-glossary.trycloudflare.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query to tunneling platform domain: name: pharmacies-advertisements-richardson-glossary.trycloudflare.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query to tunneling platform domain: name: pharmacies-advertisements-richardson-glossary.trycloudflare.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query to tunneling platform domain: name: pharmacies-advertisements-richardson-glossary.trycloudflare.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query to tunneling platform domain: name: pharmacies-advertisements-richardson-glossary.trycloudflare.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query to tunneling platform domain: name: pharmacies-advertisements-richardson-glossary.trycloudflare.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query to tunneling platform domain: name: pharmacies-advertisements-richardson-glossary.trycloudflare.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211

Source: global traffic	HTTP traffic detected: GET /cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com HTTP/1.1Host: loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-bin/reset/authorize/?email=priceandpromosupport@utzsnacks.com HTTP/1.1Host: loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /index.html?c2f1eb71d22c11850b3d959b409fa1 HTTP/1.1Host: pub-0d8893e150754524952e4f5b35fe1721.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /@lottiefiles/lottie-player@latest/dist/lottie-player.js HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: cdn.tailwindcss.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /@splinetool/viewer@0.9.414/build/spline-viewer.js HTTP/1.1Host: unpkg.comConnection: keep-aliveOrigin: https://pub-0d8893e150754524952e4f5b35fe1721.r2.devsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3.4.16 HTTP/1.1Host: cdn.tailwindcss.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /@lottiefiles/lottie-player@2.0.12/dist/lottie-player.js HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /packages/lf20_zw0djhar.json HTTP/1.1Host: assets5.lottiefiles.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://pub-0d8893e150754524952e4f5b35fe1721.r2.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onTurnstileLoad HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/708f7a809116/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /packages/lf20_zw0djhar.json HTTP/1.1Host: assets5.lottiefiles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mAXoIkgd8xZRsO2j/scene.splinecode HTTP/1.1Host: prod.spline.designConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://pub-0d8893e150754524952e4f5b35fe1721.r2.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/d2u3g/0x4AAAAAABCc9ef_C0mbZYJt/light/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=925f987d9efe4297&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/d2u3g/0x4AAAAAABCc9ef_C0mbZYJt/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/d2u3g/0x4AAAAAABCc9ef_C0mbZYJt/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pub-0d8893e150754524952e4f5b35fe1721.r2.devConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?c2f1eb71d22c11850b3d959b409fa1Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/89174966:1742916315:cjzsz23xARcdaLEhGgElfeeOo3-ayJJqEPXMkGVZV8I/925f987d9efe4297/PIfqUOvZlMrezBm.4NrxOLr5HRAPi0hEJU6fsx9RZfs-1742918158-1.1.1.1-dEgnfei9anjY.gvJl_JbWLjbJlMU78GXX8SI3jDZDFWMh_pVfTe77LvK9Fj0jpKf HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/925f987d9efe4297/1742918160387/sOhAwvlQMu6HvHF HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/d2u3g/0x4AAAAAABCc9ef_C0mbZYJt/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/925f987d9efe4297/1742918160387/sOhAwvlQMu6HvHF HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/925f987d9efe4297/1742918160389/a3509f7ea1e682dd0b5da4eaff8b72cfe2d311f90520371fd17a3f6bd841a101/SwfucRYsUMkxcKB HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/d2u3g/0x4AAAAAABCc9ef_C0mbZYJt/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/89174966:1742916315:cjzsz23xARcdaLEhGgElfeeOo3-ayJJqEPXMkGVZV8I/925f987d9efe4297/PIfqUOvZlMrezBm.4NrxOLr5HRAPi0hEJU6fsx9RZfs-1742918158-1.1.1.1-dEgnfei9anjY.gvJl_JbWLjbJlMU78GXX8SI3jDZDFWMh_pVfTe77LvK9Fj0jpKf HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/89174966:1742916315:cjzsz23xARcdaLEhGgElfeeOo3-ayJJqEPXMkGVZV8I/925f987d9efe4297/PIfqUOvZlMrezBm.4NrxOLr5HRAPi0hEJU6fsx9RZfs-1742918158-1.1.1.1-dEgnfei9anjY.gvJl_JbWLjbJlMU78GXX8SI3jDZDFWMh_pVfTe77LvK9Fj0jpKf HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: pharmacies-advertisements-richardson-glossary.trycloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: cdn.tailwindcss.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://pharmacies-advertisements-richardson-glossary.trycloudflare.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pharmacies-advertisements-richardson-glossary.trycloudflare.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pharmacies-advertisements-richardson-glossary.trycloudflare.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3.4.16 HTTP/1.1Host: cdn.tailwindcss.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://pharmacies-advertisements-richardson-glossary.trycloudflare.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pharmacies-advertisements-richardson-glossary.trycloudflare.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/get-branding HTTP/1.1Host: pharmacies-advertisements-richardson-glossary.trycloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-z0ehvh1wrskmiye6s-rkiaqedgl52hfpmv-w8glv0/logintenantbranding/0/illustration?ts=637436628545754984 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://pharmacies-advertisements-richardson-glossary.trycloudflare.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-z0ehvh1wrskmiye6s-rkiaqedgl52hfpmv-w8glv0/logintenantbranding/0/illustration?ts=637436628545754984 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br
Source: global traffic	DNS traffic detected: DNS query: pub-0d8893e150754524952e4f5b35fe1721.r2.dev
Source: global traffic	DNS traffic detected: DNS query: cdn.tailwindcss.com
Source: global traffic	DNS traffic detected: DNS query: unpkg.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: assets5.lottiefiles.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: prod.spline.design
Source: global traffic	DNS traffic detected: DNS query: pharmacies-advertisements-richardson-glossary.trycloudflare.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauthimages.net

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/89174966:1742916315:cjzsz23xARcdaLEhGgElfeeOo3-ayJJqEPXMkGVZV8I/925f987d9efe4297/PIfqUOvZlMrezBm.4NrxOLr5HRAPi0hEJU6fsx9RZfs-1742918158-1.1.1.1-dEgnfei9anjY.gvJl_JbWLjbJlMU78GXX8SI3jDZDFWMh_pVfTe77LvK9Fj0jpKf HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3612sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8cf-chl: PIfqUOvZlMrezBm.4NrxOLr5HRAPi0hEJU6fsx9RZfs-1742918158-1.1.1.1-dEgnfei9anjY.gvJl_JbWLjbJlMU78GXX8SI3jDZDFWMh_pVfTe77LvK9Fj0jpKfcf-chl-ra: 0sec-ch-ua-mobile: ?0Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/d2u3g/0x4AAAAAABCc9ef_C0mbZYJt/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Access-Control-Allow-Methods: POST, GET, PUT, DELETE, HEADServer: AmazonS3Date: Tue, 25 Mar 2025 15:55:58 GMTX-Cache: Error from cloudfrontVia: 1.1 b4aed0fc17149bbf4e91539a66d546a0.cloudfront.net (CloudFront)X-Amz-Cf-Pop: JFK52-P5X-Amz-Cf-Id: PCg43QtAP-VPsDhofjoDsXPh8PLEQjofU6w3kRYY2hcz3utDvq6YTA==
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 25 Mar 2025 15:56:00 GMTContent-Type: text/htmlContent-Length: 27150Connection: closeServer: cloudflareCF-RAY: 925f98858e304388-EWR

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 162.214.154.8:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.0.235:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.245.203:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.21.144:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.245.203:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.100:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.64.149.4:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.64.149.4:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.238.80.98:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.230.132:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.41.16:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.230.132:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.72:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.72:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49773 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6256_701653757

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6256_701653757

Source: classification engine

Classification label: mal64.phis.win@25/21@42/201

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1948,i,7059749826406725357,6802021228846567220,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1948,i,7059749826406725357,6802021228846567220,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	2 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	15 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Source	Detection	Scanner	Label	Link
http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://unpkg.com/@lottiefiles/lottie-player@2.0.12/dist/lottie-player.js	0%	Avira URL Cloud	safe
https://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize/?email=priceandpromosupport@utzsnacks.com	0%	Avira URL Cloud	safe
https://unpkg.com/@splinetool/viewer@0.9.414/build/spline-viewer.js	0%	Avira URL Cloud	safe
https://assets5.lottiefiles.com/packages/lf20_zw0djhar.json	0%	Avira URL Cloud	safe
https://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com	0%	Avira URL Cloud	safe
https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?c2f1eb71d22c11850b3d959b409fa1	0%	Avira URL Cloud	safe
https://cdn.tailwindcss.com/3.4.16	0%	Avira URL Cloud	safe
https://cdn.tailwindcss.com/	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onTurnstileLoad	0%	Avira URL Cloud	safe
https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/favicon.ico	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/89174966:1742916315:cjzsz23xARcdaLEhGgElfeeOo3-ayJJqEPXMkGVZV8I/925f987d9efe4297/PIfqUOvZlMrezBm.4NrxOLr5HRAPi0hEJU6fsx9RZfs-1742918158-1.1.1.1-dEgnfei9anjY.gvJl_JbWLjbJlMU78GXX8SI3jDZDFWMh_pVfTe77LvK9Fj0jpKf	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/d2u3g/0x4AAAAAABCc9ef_C0mbZYJt/light/fbE/new/normal/auto/	0%	Avira URL Cloud	safe
https://prod.spline.design/mAXoIkgd8xZRsO2j/scene.splinecode	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/925f987d9efe4297/1742918160387/sOhAwvlQMu6HvHF	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=925f987d9efe4297&lang=auto	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/925f987d9efe4297/1742918160389/a3509f7ea1e682dd0b5da4eaff8b72cfe2d311f90520371fd17a3f6bd841a101/SwfucRYsUMkxcKB	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg	0%	Avira URL Cloud	safe
https://pharmacies-advertisements-richardson-glossary.trycloudflare.com/	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg	0%	Avira URL Cloud	safe
https://pharmacies-advertisements-richardson-glossary.trycloudflare.com/api/get-branding	0%	Avira URL Cloud	safe
https://aadcdn.msftauthimages.net/dbd5a2dd-z0ehvh1wrskmiye6s-rkiaqedgl52hfpmv-w8glv0/logintenantbranding/0/illustration?ts=637436628545754984	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	high
e329293.dscd.akamaiedge.net	23.209.72.9	true	false	high
s-part-0044.t-0009.t-msedge.net	13.107.246.72	true	false	high
pub-0d8893e150754524952e4f5b35fe1721.r2.dev	172.66.0.235	true	true	unknown
cdn.tailwindcss.com	104.22.21.144	true	false	high
pharmacies-advertisements-richardson-glossary.trycloudflare.com	104.16.230.132	true	false	unknown
d1upx9974t6kuw.cloudfront.net	18.238.80.98	true	false	unknown
s-part-0010.t-0009.t-msedge.net	13.107.246.38	true	false	high
loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br	162.214.154.8	true	true	unknown
challenges.cloudflare.com	104.18.94.41	true	false	high
www.google.com	142.251.40.100	true	false	high
unpkg.com	104.17.245.203	true	false	high
assets5.lottiefiles.com	172.64.149.4	true	false	high
prod.spline.design	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	high
aadcdn.msftauthimages.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/favicon.ico	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=925f987d9efe4297&lang=auto	false	Avira URL Cloud: safe	unknown
https://cdn.tailwindcss.com/3.4.16	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/925f987d9efe4297/1742918160387/sOhAwvlQMu6HvHF	false	Avira URL Cloud: safe	unknown
https://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com	false	Avira URL Cloud: safe	unknown
https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js	false		high
https://unpkg.com/@splinetool/viewer@0.9.414/build/spline-viewer.js	false	Avira URL Cloud: safe	unknown
https://unpkg.com/@lottiefiles/lottie-player@2.0.12/dist/lottie-player.js	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.js	false		high
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/89174966:1742916315:cjzsz23xARcdaLEhGgElfeeOo3-ayJJqEPXMkGVZV8I/925f987d9efe4297/PIfqUOvZlMrezBm.4NrxOLr5HRAPi0hEJU6fsx9RZfs-1742918158-1.1.1.1-dEgnfei9anjY.gvJl_JbWLjbJlMU78GXX8SI3jDZDFWMh_pVfTe77LvK9Fj0jpKf	false	Avira URL Cloud: safe	unknown
https://pharmacies-advertisements-richardson-glossary.trycloudflare.com/api/get-branding	false	Avira URL Cloud: safe	unknown
https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?c2f1eb71d22c11850b3d959b409fa1	false	Avira URL Cloud: safe	unknown
https://prod.spline.design/mAXoIkgd8xZRsO2j/scene.splinecode	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onTurnstileLoad	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1	false		high
https://cdn.tailwindcss.com/	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg	false	Avira URL Cloud: safe	unknown
https://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize/?email=priceandpromosupport@utzsnacks.com	false	Avira URL Cloud: safe	unknown
https://assets5.lottiefiles.com/packages/lf20_zw0djhar.json	false	Avira URL Cloud: safe	unknown
https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?session=tr3wnfHThtFl&target=portal&client=JG5Hicdg&auth=standard&device=NJgCsuRqbp&origin=direct	false		unknown
https://aadcdn.msftauthimages.net/dbd5a2dd-z0ehvh1wrskmiye6s-rkiaqedgl52hfpmv-w8glv0/logintenantbranding/0/illustration?ts=637436628545754984	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/d2u3g/0x4AAAAAABCc9ef_C0mbZYJt/light/fbE/new/normal/auto/	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/925f987d9efe4297/1742918160389/a3509f7ea1e682dd0b5da4eaff8b72cfe2d311f90520371fd17a3f6bd841a101/SwfucRYsUMkxcKB	false	Avira URL Cloud: safe	unknown
https://pharmacies-advertisements-richardson-glossary.trycloudflare.com/	false	Avira URL Cloud: safe	unknown
https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?c2f1eb71d22c11850b3d959b409fa1#priceandpromosupport%40utzsnacks.com	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.40	s-part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.67.41.16	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
172.253.63.84	unknown	United States	15169	GOOGLEUS	false
142.251.40.206	unknown	United States	15169	GOOGLEUS	false
18.238.80.98	d1upx9974t6kuw.cloudfront.net	United States	16509	AMAZON-02US	false
142.251.41.14	unknown	United States	15169	GOOGLEUS	false
104.17.245.203	unpkg.com	United States	13335	CLOUDFLARENETUS	false
172.66.0.235	pub-0d8893e150754524952e4f5b35fe1721.r2.dev	United States	13335	CLOUDFLARENETUS	true
13.107.246.38	s-part-0010.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.209.72.31	unknown	United States	20940	AKAMAI-ASN1EU	false
104.16.230.132	pharmacies-advertisements-richardson-glossary.trycloudflare.com	United States	13335	CLOUDFLARENETUS	false
23.209.72.9	e329293.dscd.akamaiedge.net	United States	20940	AKAMAI-ASN1EU	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.217.165.138	unknown	United States	15169	GOOGLEUS	false
104.22.21.144	cdn.tailwindcss.com	United States	13335	CLOUDFLARENETUS	false
13.107.246.72	s-part-0044.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.80.99	unknown	United States	15169	GOOGLEUS	false
162.214.154.8	loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br	United States	46606	UNIFIEDLAYER-AS-1US	true
142.250.81.227	unknown	United States	15169	GOOGLEUS	false
142.251.40.100	www.google.com	United States	15169	GOOGLEUS	false
142.250.65.206	unknown	United States	15169	GOOGLEUS	false
142.250.81.234	unknown	United States	15169	GOOGLEUS	false
172.64.149.4	assets5.lottiefiles.com	United States	13335	CLOUDFLARENETUS	false
142.251.35.163	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1648217
Start date and time:	2025-03-25 16:55:22 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@25/21@42/201

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.65.206, 142.250.81.227, 142.251.41.14, 172.253.63.84, 172.217.165.142, 142.250.72.110, 13.107.246.40, 13.107.246.38
Excluded domains from analysis (whitelisted): logincdn.msauth.net, clients2.google.com, lgincdnmsftuswe2.azureedge.net, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, lgincdnmsftuswe2.afd.azureedge.net, clients.l.google.com, firstparty-azurefd-prod.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com

Created / dropped Files

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	137719
Entropy (8bit):	4.758556770497767
Encrypted:	false
SSDEEP:
MD5:	C17F786D1EDA65296DF13DDCBBE8E0B1
SHA1:	5BD36E290ACCC798209BF0C2D8897C4BDED7C309
SHA-256:	FB0B9C5E9BD3E094E3CF947100F3B3440263E1B9351C60E6ACDAD7A74FB0628B
SHA-512:	82B4FD37712240D460994DE8086E057EEF75CED412755E625ACBB109E4AA9BDC010C064F87B366C12776F37460BF923C92870B4A925B86B590A2D6906D7E185A
Malicious:	false
Reputation:	unknown
Preview:	{"v":"5.6.6","fr":24,"ip":0,"op":120,"w":3200,"h":3200,"nm":"Wavy_Gen-01_Single-07","ddd":0,"assets":[],"layers":[{"ddd":0,"ind":1,"ty":4,"nm":"hair part","parent":8,"sr":1,"ks":{"o":{"a":0,"k":100,"ix":11},"r":{"a":0,"k":0,"ix":10},"p":{"a":0,"k":[63.394,-21.914,0],"ix":2},"a":{"a":0,"k":[-176,-130,0],"ix":1},"s":{"a":0,"k":[100,100,100],"ix":6}},"ao":0,"shapes":[{"ty":"gr","it":[{"ind":0,"ty":"sh","ix":1,"ks":{"a":1,"k":[{"i":{"x":0.667,"y":1},"o":{"x":0.333,"y":0},"t":0,"s":[{"i":[[9.073,-8.063],[-30.168,-62.687],[-6.363,-8.584],[-66.304,-3.166],[-36.441,-10.029],[-2.795,2.233],[67.297,58.125],[87.342,67.014],[38.149,24.118]],"o":[[-9.12,8.104],[18.568,38.583],[34.262,46.221],[45.499,2.172],[54.973,15.129],[3.088,-2.468],[-55.064,-47.559],[-6.337,-4.862],[-44.849,-28.353]],"v":[[-202.63,-157.329],[-166.684,-55.03],[-132.469,11.428],[29.91,100.087],[120.277,95.588],[205.074,159.206],[111.014,34.183],[-48.827,-69.572],[-120.124,-119.25]],"c":true}]},{"i":{"x":0.667,"y":1},"o":{"x":0.3

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	153
Entropy (8bit):	4.599963902086101
Encrypted:	false
SSDEEP:
MD5:	221C5068A9B8ABADB65566698A2E54D2
SHA1:	2F61C62B38CBA22D7FC5311D02E34D0697A31845
SHA-256:	BFB286554B24DB87B6CBCB6E68BE23F89DEE1BE4D7DB544D1E7C97C45664E0DF
SHA-512:	FFDA24061CD9DCA9F6C2CAE0FF791C478B8B85840A7753E8EEDA4709BF80F7174FEE49C3BA7EF0BA615106981CF52362B1D5F9D90C1F580231DFC3BF22D1F69C
Malicious:	false
Reputation:	unknown
Preview:	<!doctype html>.<html lang=en>.<title>405 Method Not Allowed</title>.<h1>Method Not Allowed</h1>.<p>The method is not allowed for the requested URL.</p>.

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
Category:	dropped
Size (bytes):	199
Entropy (8bit):	6.766983163126765
Encrypted:	false
SSDEEP:
MD5:	21B761F2B1FD37F587D7222023B09276
SHA1:	F7A416C8907424F9A9644753E3A93D4D63AE640E
SHA-256:	72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
SHA-512:	77745F60804D421B34DE26F8A216CEE27C440E469FD786A642757CCEDBC4875D5196431897D80137BD3E20B01104BA76DEC7D8E75771D8A9B5F14B66F2A9B7C0
Malicious:	false
Reputation:	unknown
Preview:	..........u....0.._%2k.8?....w..k..!.M.."b5<.M.bD..c..l.:..}...@.8p.sn.j...%".B...J..6...c..^..?...2d...R..w.<%..}..}s..ir0/.......:8).(.......^u...0..U..I.F....{]...[-......~..F.P_.....G.....

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 44 x 23, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.068159130770306
Encrypted:	false
SSDEEP:
MD5:	B98C617E62BDBD64ADE6F1C85B99BFEC
SHA1:	3080ECEE18F6DAFF5D263963901F321BDBC2DE07
SHA-256:	01D40A01F614A44CFFE631DEE2FA37ECB5E551A5992DD8379C8B1C217D7ED3D1
SHA-512:	DCDBA2C06D8FC2403D78BE9492FD167D4A583EA4761DC3A534F3777A738236E0A005B5AFCC0295631C9462C487F09EA79D0921D23AB7F96650041E8B25A05A9D
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...,..........[:8....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
Category:	dropped
Size (bytes):	276
Entropy (8bit):	7.316609873335077
Encrypted:	false
SSDEEP:
MD5:	4E3510919D29D18EEB6E3E8B2687D2F5
SHA1:	31522A9EC576A462C3F1FFA65C010D4EB77E9A85
SHA-256:	1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
SHA-512:	DFAD29E3CF9E51D1749961B47382A5151B1F3C98DEABF2B63742EB6B7F7743EE9B605D646A730CF3E087D4F07E43107C8A01FF5F68020C7BF933EBA370175682
Malicious:	false
Reputation:	unknown
Preview:	...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....e.......J).8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Macintosh), datetime=2019:03:21 15:33:21], baseline, precision 8, 1920x1080, components 3
Category:	dropped
Size (bytes):	172035
Entropy (8bit):	7.875423506154424
Encrypted:	false
SSDEEP:
MD5:	47D04685DA84787468138677F019A369
SHA1:	890FF1BB5D8A6F242C888CACAD7FF91A08E59738
SHA-256:	E34585F11B35AA8250D1FD08ACC29F47BB96D4C6979F68084B766D00C60397D1
SHA-512:	CB05DD9D2FCC7B3C7C1DBECE28562F5017F31F386B8C50AD8A9EDE3EC5AF1A90D96A22FC1EDB3307244E3E42B52D733957E35CC2D5191F22BFC10F5E81D2B430
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....H.H......Exif..MM..............................b...........j.(...........1.....$...r.2...........i....................'.......'.Adobe Photoshop CC 2019 (Macintosh).2019:03:21 15:33:21......................................8...............................$...........,.(.....................4...........w.......H.......H.........C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......Z....!............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......G_@..L..U~.}.Ds..>.v(=...E....)..Kdr.... ...9E.}..

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	2905
Entropy (8bit):	3.962263100945339
Encrypted:	false
SSDEEP:
MD5:	FE87496CC7A44412F7893A72099C120A
SHA1:	A0C1458C08A815DF63D3CB0406D60BE6607CA699
SHA-256:	55CE3B0CE5BC71339308107982CD7671F96014256DED0BE36DC8062E64C847F1
SHA-512:	E527C6CD2A3D79CA828A9126E8FF7009A540AA764082750D4FA8207C2B8439CA1FDC4459E935D708DC59DCFFE55FE45188EB5E266D1B745FCA7588501BC0117D
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M30.422,29.092a3.493,3.493,0,0,1,1.324.261,3.381,3.381,0,0,1,1.132.749q.366.366.827.775t.949.854q.488.444.941.932a9.974,9.974,0,0,1,.819,1A4.951,4.951,0,0,1,37,34.736a3.133,3.133,0,0,1,.218,1.15,3.493,3.493,0,0,1-.261,1.324,3.381,3.381,0,0,1-.749,1.132q-.888.888-1.6,1.568a8.753,8.753,0,0,1-1.489,1.15,6.17,6.17,0,0,1-1.716.705A9.367,9.367,0,0,1,29.151,42a13.73,13.73,0,0,1-3.9-.592A21.891,21.891,0,0,1,21.26,39.77a27.749,27.749,0,0,1-3.885-2.491,34.863,34.863,0,0,1-3.6-3.153,34.6,34.6,0,0,1-3.127-3.606,27.717,27.717,0,0,1-2.456-3.876A22.2,22.2,0,0,1,6.584,22.69,13.485,13.485,0,0,1,6,18.866,9.453,9.453,0,0,1,6.235,16.6a6.2,6.2,0,0,1,.7-1.707,8.848,8.848,0,0,1,1.141-1.489q.679-.723,1.585-1.611a3.381,3.381,0,0,1,1.132-.749,3.493,3.493,0,0,1,1.324-.261,3.3,3.3,0,0,1,1.681.47,8.648,8.648,0,0,1,1.542,1.15,17.725,17.725,0,0,1,1.376,1.428q.645.

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (611)
Category:	downloaded
Size (bytes):	27150
Entropy (8bit):	4.357340680151037
Encrypted:	false
SSDEEP:
MD5:	46DD133EE00DC1BAE5E4EEBA7B88432F
SHA1:	8AF86A4AC91CE48C062216FB94A6E1D57618A19B
SHA-256:	9EB52EE46C7AB5EA4CA0982415DA99FDED1B7D7354F75E50847BDAE6CB44EB66
SHA-512:	CB49F9E3812E2C262AF374E79BD8905CB508A45BF2C2D6AF62EED85AF43770872486A55E9425882FEDA9FB3A57A317A3C18BE1E286ADAF0C76BE7F1B0DFA8474
Malicious:	false
Reputation:	unknown
URL:	https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <link rel="icon" href="https://www.cloudflare.com/favicon.ico" />. <title>Not Found</title>. <style>. body {. font-family: system-ui;. font-weight: 300;. font-size: 1.25rem;. color: #36393a;. display: flex;. align-items: center;. justify-content: center;. }. main {. max-width: 1200px;. margin-top: 120px;. display: flex;. flex-wrap: wrap;. align-items: center;. justify-content: center;. }. #text {. max-width: 60%;. margin-left: 1rem;. margin-right: 1rem;. }. main > section > div {. margin-bottom: 3.25rem;. }. svg {. margin-left: 2rem;. }. @keyframes eye-1 {. 0% {. transform: translateX(0);. }. 10%,. 50% {. tr

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (527)
Category:	downloaded
Size (bytes):	70572
Entropy (8bit):	4.569107570751129
Encrypted:	false
SSDEEP:
MD5:	A0F3927C53CFF38C785A98529F136985
SHA1:	4882F7F775DB0FEBF3878E6163E9144A1410791C
SHA-256:	A49213ED4732C10C40F64A4E26C2670DE92A4D84C755A1DB8427F5812F2A5EE2
SHA-512:	EE7AC5E309B7324A22CA95DE6D7D74871820E2CF1A269F3D1D677D24A83A806A221920CAEB1C42A9F23EDAD9AF82F7692E6AA88F901E6E2E7FC58F6DC16BEC17
Malicious:	false
Reputation:	unknown
URL:	https://pharmacies-advertisements-richardson-glossary.trycloudflare.com/
Preview:	<!DOCTYPE html>.<html lang="en">..<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <meta http-equiv="Content-Security-Policy" content="form-action 'none'">. <meta name="color-scheme" content="light">. <title>Sign in to your account</title>. Add Tailwind CSS CDN -->. <script src="https://cdn.tailwindcss.com"></script>. <script>. tailwind.config = {. theme: {. extend: {. colors: {. msblue: {. DEFAULT: '#0067b8',. dark: '#005da6'. }. },. animation: {. 'move-dot': 'moveDot 2.5s infinite linear',. 'fade-in': 'fadeIn 0.3s ease-out',. 'slide-in': 'slideIn 0.5s ease-out',. 'pulse-dot': 'pulseDot 1.5s infinite ease-in-out',.

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	unknown
URL:	https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (48122)
Category:	downloaded
Size (bytes):	48123
Entropy (8bit):	5.342998089666478
Encrypted:	false
SSDEEP:
MD5:	EA38BDA3C117E2FE01BD862003357394
SHA1:	767CCB3589E3067EE1B348DF2426A9E2E32CEE5C
SHA-256:	719423C7B70AC911F76D00B3AE514D108A8315EA60A80519820BE50C0E4C96EF
SHA-512:	F50FAB9DC2263F40216DF26C234AD390091F23185650E9B4E4748CF09CFEDF2D92A99FC81C986234580844393305AC2195E096DEDB64D9A25A99EF7BE510FFCA
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.js
Preview:	"use strict";(function(){function jt(e,t,a,o,c,l,v){try{var h=e[l](v),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function qt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);function v(s){jt(l,o,c,v,h,"next",s)}function h(s){jt(l,o,c,v,h,"throw",s)}v(void 0)})}}function V(e,t){return t!=null&&typeof Symbol!="undefined"&&t[Symbol.hasInstance]?!!t[Symbol.hasInstance](e):V(e,t)}function De(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function Ve(e){for(var t=1;t<arguments.length;t++){var a=arguments[t]!=null?arguments[t]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){De(e,c,a[c])})}return e}function Ir(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52853)
Category:	downloaded
Size (bytes):	407279
Entropy (8bit):	5.474568422670314
Encrypted:	false
SSDEEP:
MD5:	2697BF25AFB0982DFA17C73536F934C1
SHA1:	7D7DB122D0639CD1F1A53EB6018D6D713D312679
SHA-256:	FB798BB21731986940CF3A9950FBCA386E03633E9A45497701E71F9B87D132EA
SHA-512:	658EE630973F04FA367B366C1AC838FA49FCFF01682899F7480ED03201DE5AB7B95420DDC5C2DA116FE05B90A09EF1798B256628AB56D248A1618FDCDD0D79CA
Malicious:	false
Reputation:	unknown
URL:	https://cdn.tailwindcss.com/3.4.16
Preview:	(()=>{var qv=Object.create;var Hi=Object.defineProperty;var $v=Object.getOwnPropertyDescriptor;var Lv=Object.getOwnPropertyNames;var Mv=Object.getPrototypeOf,Nv=Object.prototype.hasOwnProperty;var df=r=>Hi(r,"__esModule",{value:!0});var hf=r=>{if(typeof require!="undefined")return require(r);throw new Error('Dynamic require of "'+r+'" is not supported')};var P=(r,e)=>()=>(r&&(e=r(r=0)),e);var x=(r,e)=>()=>(e\|\|r((e={exports:{}}).exports,e),e.exports),Ge=(r,e)=>{df(r);for(var t in e)Hi(r,t,{get:e[t],enumerable:!0})},Bv=(r,e,t)=>{if(e&&typeof e=="object"\|\|typeof e=="function")for(let i of Lv(e))!Nv.call(r,i)&&i!=="default"&&Hi(r,i,{get:()=>e[i],enumerable:!(t=$v(e,i))\|\|t.enumerable});return r},pe=r=>Bv(df(Hi(r!=null?qv(Mv(r)):{},"default",r&&r.__esModule&&"default"in r?{get:()=>r.default,enumerable:!0}:{value:r,enumerable:!0})),r);var m,u=P(()=>{m={platform:"",env:{},versions:{node:"14.17.6"}}});var Fv,be,ft=P(()=>{u();Fv=0,be={readFileSync:r=>self[r]\|\|"",statSync:()=>({mtimeMs:Fv++}),pro

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	52
Entropy (8bit):	4.5156389397865375
Encrypted:	false
SSDEEP:
MD5:	40F53EFE13498FAA11080E46FB9D399C
SHA1:	5C94C1F5C82061EBABD459E491F1426E6AF6B167
SHA-256:	6D09DBDF27CFD886327815DC04E048CBD8B962BCFF0775E4388737F19D162B60
SHA-512:	F7C524945664585770690F84D5674351CE9CDCC4ED04F727A5E0419C7A2BDD6750989A02D9B8AC5BA0ECA46B8B5921C6E657BDD9D3F5C6A361BBAF78651F1B9E
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIuCY_KEYdTPV2tEgUNg6hbPRIFDdcTi4ISBQ0OuPKcEgUNvFxIUSHu0e76sos6bw==?alt=proto
Preview:	CiQKBw2DqFs9GgAKBw3XE4uCGgAKBw0OuPKcGgAKBw28XEhRGgA=

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	downloaded
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	unknown
URL:	https://logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	17784
Entropy (8bit):	3.9157528269583177
Encrypted:	false
SSDEEP:
MD5:	CA8BD60424B52D86EE7CCD1666E8DD4A
SHA1:	97DACD33EC26B025D144DC8C95129F487BDA5A06
SHA-256:	692CCA13FC51FC9059F91329E7229ED0150C526E44D3954BCBDC78CCB35D171D
SHA-512:	4864E0AE44B5E4B5C083C17558324A63BA5598E004F5136985FFC6DF76F00408B95EBE196628340D3F9FFD19E9F8CD7D6260AF8BF63D6746C747398B4799D766
Malicious:	false
Reputation:	unknown
URL:	https://pub-0d8893e150754524952e4f5b35fe1721.r2.dev/index.html?c2f1eb71d22c11850b3d959b409fa1
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Microsoft Sign-in Redirect</title>. Tailwind CSS -->. <script src="https://cdn.tailwindcss.com"></script>. Lottie Player -->. <script src="https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js"></script>. Spline Viewer (for 3D elements) -->. <script type="module" src="https://unpkg.com/@splinetool/viewer@0.9.414/build/spline-viewer.js"></script>. . <script>. tailwind.config = {. theme: {. extend: {. colors: {. 'ms-blue': '#0078d4',. 'ms-dark-blue': '#106ebe',. 'ms-light-blue': '#cce3f5',. 'ms-gray': '#605e5c',. 'ms-light-gray': '#f5f5f5'. },. animation: {.

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (27447)
Category:	downloaded
Size (bytes):	383981
Entropy (8bit):	5.299427793452822
Encrypted:	false
SSDEEP:
MD5:	BC1CCB003C8DBDB1F75EFA1FD38362BF
SHA1:	8AE598F92B85EF618E90E0129D57FB94C8F6C3B8
SHA-256:	B396C6847F916F93B353DDDC9245B056AD900D115CFB589E7909BA996EAF70AF
SHA-512:	DA7392435A35A21260083593AD27B6B451B8094F21BAB08644EA542A8A2980F1D3DA6516CB59A02DE776D667F695EF27F60676737BA3387BA25E58AF02762F4D
Malicious:	false
Reputation:	unknown
URL:	https://unpkg.com/@lottiefiles/lottie-player@2.0.12/dist/lottie-player.js
Preview:	!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e((t="undefined"!=typeof globalThis?globalThis:t\|\|self)["lottie-player"]={})}(this,(function(exports){"use strict";function _asyncIterator(t){var e,r,i,s=2;for("undefined"!=typeof Symbol&&(r=Symbol.asyncIterator,i=Symbol.iterator);s--;){if(r&&null!=(e=t[r]))return e.call(t);if(i&&null!=(e=t[i]))return new AsyncFromSyncIterator(e.call(t));r="@@asyncIterator",i="@@iterator"}throw new TypeError("Object is not async iterable")}function AsyncFromSyncIterator(t){function e(t){if(Object(t)!==t)return Promise.reject(new TypeError(t+" is not an object."));var e=t.done;return Promise.resolve(t.value).then((function(t){return{value:t,done:e}}))}return AsyncFromSyncIterator=function(t){this.s=t,this.n=t.next},AsyncFromSyncIterator.prototype={s:null,n:null,next:function(){return e(this.n.apply(this.s,arguments))},return:function(t){var r=this.s.return;return voi

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1695626
Entropy (8bit):	5.562791562927522
Encrypted:	false
SSDEEP:
MD5:	9F6D5A090E3150AA9AF94092BCFE9894
SHA1:	1DA725846F7C644E56EB1536607098D9173C9BFB
SHA-256:	45476948BBAC9896BA3148290C27D68A4B8B6F45481099F5BAC9B62FAB75ACF8
SHA-512:	776F90CA2E88196397DC012CE70348F70642A93269FD4AD9FDD57C62C0A6E03D3F76518EC425A985128541390B617580984E64A1CBFDDD9A90D4C2440963AABA
Malicious:	false
Reputation:	unknown
URL:	https://unpkg.com/@splinetool/viewer@0.9.414/build/spline-viewer.js
Preview:	var AE=Object.defineProperty;var ME=Object.getOwnPropertyDescriptor;var Vr=(e,t,i,r)=>{for(var s=r>1?void 0:r?ME(t,i):t,n=e.length-1,a;n>=0;n--)(a=e[n])&&(s=(r?a(t,i,s):a(s))\|\|s);return r&&s&&AE(t,i,s),s};var EE=Object.create,xv=Object.defineProperty,CE=Object.getOwnPropertyDescriptor,TE=Object.getOwnPropertyNames,PE=Object.getPrototypeOf,DE=Object.prototype.hasOwnProperty,Tl=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports),IE=(e,t)=>{for(var i in t)xv(e,i,{get:t[i],enumerable:!0})},LE=(e,t,i,r)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let s of TE(t))!DE.call(e,s)&&s!==i&&xv(e,s,{get:()=>t[s],enumerable:!(r=CE(t,s))\|\|r.enumerable});return e},Pl=(e,t,i)=>(i=e!=null?EE(PE(e)):{},LE(t\|\|!e\|\|!e.__esModule?xv(i,"default",{value:e,enumerable:!0}):i,e)),OE=Tl((e,t)=>{(function(i,r){typeof e=="object"?t.exports=r():typeof define=="function"&&define.amd?define(r):i.Alea=r()})(e,function(){"use strict";return i.importState=function(s){var n=new i;return n.importState(s),n},i;fu

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	7390
Entropy (8bit):	4.02755241095864
Encrypted:	false
SSDEEP:
MD5:	B59C16CA9BF156438A8A96D45E33DB64
SHA1:	4E51B7D3477414B220F688ADABD76D3AE6472EE3
SHA-256:	A7EE799DD5B6F6DBB70B043B766362A6724E71458F9839306C995F06B218C2F8
SHA-512:	2C7095E4B819BC5CAA06811A55C0DAE6706970F981806DCF7FD41F744C1DC6A955657A8E57829B39B376B892E8173E8A41F683D329CFBBD0EC4D4019B10E52FF
Malicious:	false
Reputation:	unknown
URL:	https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Preview:	<svg width="48" height="48" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">..<mask id="07b26034-56a3-49d2-8f26-c7b84eb4eed4" fill="#ffffff">..<path fill-rule="evenodd" clip-rule="evenodd" d="M23.9762 0C16.8244 0 10.9707 5.24325 10.335 12.9974C6.89614 14.0647 4.5 17.2233 4.5 20.9412C4.50019 20.968 4.50041 20.9949 4.50066 21.0218C4.50022 21.0574 4.5 21.093 4.5 21.1287C4.55021 28.2609 6.80967 39.1601 18.6091 46.4932C21.8225 48.5023 25.8896 48.5023 29.1532 46.4932C41.053 39.2103 43.3125 28.3111 43.3125 21.1287C43.3125 21.108 43.3124 21.0872 43.3123 21.0665C43.3124 21.0246 43.3125 20.9829 43.3125 20.9412C43.3125 17.3371 41.0055 14.1946 37.6702 13.0618C37.0607 5.27148 31.147 0 23.9762 0ZM12.2354 38.4694C14.3087 33.9987 18.8368 30.8981 24.0891 30.8981C29.2395 30.8981 33.6936 33.8797 35.8194 38.2109C33.9302 40.6119 31.4399 42.8954 28.1744 44.8939L28.1724 44.8952L28.1703 44.8965C25.5047 46.5374 22.2037 46.5293 19.6031 44.9034L19.6009 44.902L19.5988 44.9007C16.4876 42.9672 14

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text
Category:	downloaded
Size (bytes):	111
Entropy (8bit):	4.655766260772407
Encrypted:	false
SSDEEP:
MD5:	B6C792C0F58FA3EC92173C074885221F
SHA1:	0DDE8FD9111D807E202B2FB37F8BCC4052FD861E
SHA-256:	A824BC7739E226E1B40EA0F8C4E4F4C6F796FC3B4ABFA6E9ABE3BD119A30D938
SHA-512:	83C8B765EDCC44F6AAF19445881C315239095B4AC90E9BB85716084DB9B9EC75F74876B49340CBAF5AE8D173E517AF9EAF82E628D1D32090CD0B4AC8A5D08875
Malicious:	false
Reputation:	unknown
URL:	https://prod.spline.design/mAXoIkgd8xZRsO2j/scene.splinecode
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message></Error>

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	104
Entropy (8bit):	5.02054476362223
Encrypted:	false
SSDEEP:
MD5:	B45970E8A4A32F202651BEBF4DCB0276
SHA1:	CF914288B8AEF589AB784BD0ABB1C21AA002029B
SHA-256:	B2B8629DEFCA089A87E7ED9CB525741F70D94732BD6C0D3A3EA2621069912F7B
SHA-512:	76257F5FCE160546BE0CBAF14FA4C4E6E3EE245387E8757465D7D7060C545568BF88DBD0BBF718ED27692231D6879080686C1F0D79983D79CAD8A861273A6752
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIuCaKl_L4QitxlEgUNg6hbPRIFDdcTi4ISBQ0OuPKcEgUNvFxIUSGavYkk5IYMmBIuCY_KEYdTPV2tEgUNg6hbPRIFDdcTi4ISBQ0OuPKcEgUNvFxIUSGavYkk5IYMmA==?alt=proto
Preview:	CiQKBw2DqFs9GgAKBw3XE4uCGgAKBw0OuPKcGgAKBw28XEhRGgAKJAoHDYOoWz0aAAoHDdcTi4IaAAoHDQ648pwaAAoHDbxcSFEaAA==

Static File Info

⊘No static file info

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Dropped Files

HTML

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

Chrome Cache Entry: 62

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 93

Static File Info

Windows Analysis Report
http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com