Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://performancemanager5.successfactors.eu/login?company=C0012032330P

Overview

General Information

Sample URL:https://performancemanager5.successfactors.eu/login?company=C0012032330P
Analysis ID:853145
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

HTML body contains low number of good links
HTML title does not match URL
HTML page is missing a favicon

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5276 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 5600 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1640,i,13844028026794250996,13332963572850188320,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 4812 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://performancemanager5.successfactors.eu/login?company=C0012032330P MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://ajxlxi9ro.accounts.ondemand.com/saml2/idp/sso/ajxlxi9ro.accounts.ondemand.com?SAMLRequest=hZJNj9MwEIb%2FijV3J44TaGM1XZWtVlTiI2IDBy7IdSasUWIHj0PLv9%2BQFrQcWK72O%2FPMPPbm5jz07AcGst5VkCUCGDrjW%2Bu%2BVvCxueNruNluSA%2B9HNVuig%2FuA36fkCKbCx2py00FU3DKa7KknB6QVDTqfvf2jZKJUGPw0RvfA9vPhdbpuMAeYhxJpan%2Bdu7Ptgw%2B0cb4yUVKvGtx0K5NjB%2FSBZHadkyJ%2FP%2FSwO58MLhMWkGne0Jgh30FX1ayeGHKdsWzdSZ5UcqWl6I88vVx3aHQRX7sijlKNOHBUdQuViCFzLkouCya7KUqciXLROSrz8Dq606vrLu4ek7A8RIi9bppal6%2Fv2%2BAffrtfA7A1bBa6OGp2ucbayIMv2zC9nQ6JTQZg0SdNtEHWuTdCpFJkcs8F%2FUmfUr586rv5raHfe17a36yXd%2F7021AHbGCGCZchA46%2FnuQLMmWE9vybomqydGIxnYWW0i3V%2Bzf32f7CA%3D%3D&RelayState=%2Flogin%3Fcompany%3DC0012032330P&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=If2T%2Fzp1HU8BrxCG99RFHkhRpXLyk%2FbNJQ0SgLPj0%2FyCxxQCJvCxZHks3mlb7rGG0z3si4ohZp%2BGLoSricMozGQ9viLeukxrrXodjRlRX4AhNLWrR4hVxLCTNdnrwcpDfwsY04o0ZL5uLv0Ut1xfHY0T5bNLQX5C07gZ7jwYxwI%3DHTTP Parser: Number of links: 0
Source: https://ajxlxi9ro.accounts.ondemand.com/saml2/idp/sso/ajxlxi9ro.accounts.ondemand.com?SAMLRequest=hZJNj9MwEIb%2FijV3J44TaGM1XZWtVlTiI2IDBy7IdSasUWIHj0PLv9%2BQFrQcWK72O%2FPMPPbm5jz07AcGst5VkCUCGDrjW%2Bu%2BVvCxueNruNluSA%2B9HNVuig%2FuA36fkCKbCx2py00FU3DKa7KknB6QVDTqfvf2jZKJUGPw0RvfA9vPhdbpuMAeYhxJpan%2Bdu7Ptgw%2B0cb4yUVKvGtx0K5NjB%2FSBZHadkyJ%2FP%2FSwO58MLhMWkGne0Jgh30FX1ayeGHKdsWzdSZ5UcqWl6I88vVx3aHQRX7sijlKNOHBUdQuViCFzLkouCya7KUqciXLROSrz8Dq606vrLu4ek7A8RIi9bppal6%2Fv2%2BAffrtfA7A1bBa6OGp2ucbayIMv2zC9nQ6JTQZg0SdNtEHWuTdCpFJkcs8F%2FUmfUr586rv5raHfe17a36yXd%2F7021AHbGCGCZchA46%2FnuQLMmWE9vybomqydGIxnYWW0i3V%2Bzf32f7CA%3D%3D&RelayState=%2Flogin%3Fcompany%3DC0012032330P&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=If2T%2Fzp1HU8BrxCG99RFHkhRpXLyk%2FbNJQ0SgLPj0%2FyCxxQCJvCxZHks3mlb7rGG0z3si4ohZp%2BGLoSricMozGQ9viLeukxrrXodjRlRX4AhNLWrR4hVxLCTNdnrwcpDfwsY04o0ZL5uLv0Ut1xfHY0T5bNLQX5C07gZ7jwYxwI%3DHTTP Parser: Title: SuccessFactors - Company ID (C0012032330P): Log On does not match URL
Source: https://performancemanager5.successfactors.eu/saml2/Login?company=C0012032330P&RelayState=/login?company=C0012032330P&_s.crb=K53mhun5bNIipuYlzxVnTaCd%252feWmpqOAsiGg6Drjy6s%253dHTTP Parser: No favicon
Source: https://ajxlxi9ro.accounts.ondemand.com/saml2/idp/sso/ajxlxi9ro.accounts.ondemand.com?SAMLRequest=hZJNj9MwEIb%2FijV3J44TaGM1XZWtVlTiI2IDBy7IdSasUWIHj0PLv9%2BQFrQcWK72O%2FPMPPbm5jz07AcGst5VkCUCGDrjW%2Bu%2BVvCxueNruNluSA%2B9HNVuig%2FuA36fkCKbCx2py00FU3DKa7KknB6QVDTqfvf2jZKJUGPw0RvfA9vPhdbpuMAeYhxJpan%2Bdu7Ptgw%2B0cb4yUVKvGtx0K5NjB%2FSBZHadkyJ%2FP%2FSwO58MLhMWkGne0Jgh30FX1ayeGHKdsWzdSZ5UcqWl6I88vVx3aHQRX7sijlKNOHBUdQuViCFzLkouCya7KUqciXLROSrz8Dq606vrLu4ek7A8RIi9bppal6%2Fv2%2BAffrtfA7A1bBa6OGp2ucbayIMv2zC9nQ6JTQZg0SdNtEHWuTdCpFJkcs8F%2FUmfUr586rv5raHfe17a36yXd%2F7021AHbGCGCZchA46%2FnuQLMmWE9vybomqydGIxnYWW0i3V%2Bzf32f7CA%3D%3D&RelayState=%2Flogin%3Fcompany%3DC0012032330P&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=If2T%2Fzp1HU8BrxCG99RFHkhRpXLyk%2FbNJQ0SgLPj0%2FyCxxQCJvCxZHks3mlb7rGG0z3si4ohZp%2BGLoSricMozGQ9viLeukxrrXodjRlRX4AhNLWrR4hVxLCTNdnrwcpDfwsY04o0ZL5uLv0Ut1xfHY0T5bNLQX5C07gZ7jwYxwI%3DHTTP Parser: No favicon
Source: https://ajxlxi9ro.accounts.ondemand.com/saml2/idp/sso/ajxlxi9ro.accounts.ondemand.com?SAMLRequest=hZJNj9MwEIb%2FijV3J44TaGM1XZWtVlTiI2IDBy7IdSasUWIHj0PLv9%2BQFrQcWK72O%2FPMPPbm5jz07AcGst5VkCUCGDrjW%2Bu%2BVvCxueNruNluSA%2B9HNVuig%2FuA36fkCKbCx2py00FU3DKa7KknB6QVDTqfvf2jZKJUGPw0RvfA9vPhdbpuMAeYhxJpan%2Bdu7Ptgw%2B0cb4yUVKvGtx0K5NjB%2FSBZHadkyJ%2FP%2FSwO58MLhMWkGne0Jgh30FX1ayeGHKdsWzdSZ5UcqWl6I88vVx3aHQRX7sijlKNOHBUdQuViCFzLkouCya7KUqciXLROSrz8Dq606vrLu4ek7A8RIi9bppal6%2Fv2%2BAffrtfA7A1bBa6OGp2ucbayIMv2zC9nQ6JTQZg0SdNtEHWuTdCpFJkcs8F%2FUmfUr586rv5raHfe17a36yXd%2F7021AHbGCGCZchA46%2FnuQLMmWE9vybomqydGIxnYWW0i3V%2Bzf32f7CA%3D%3D&RelayState=%2Flogin%3Fcompany%3DC0012032330P&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=If2T%2Fzp1HU8BrxCG99RFHkhRpXLyk%2FbNJQ0SgLPj0%2FyCxxQCJvCxZHks3mlb7rGG0z3si4ohZp%2BGLoSricMozGQ9viLeukxrrXodjRlRX4AhNLWrR4hVxLCTNdnrwcpDfwsY04o0ZL5uLv0Ut1xfHY0T5bNLQX5C07gZ7jwYxwI%3DHTTP Parser: No <meta name="author".. found
Source: https://ajxlxi9ro.accounts.ondemand.com/saml2/idp/sso/ajxlxi9ro.accounts.ondemand.com?SAMLRequest=hZJNj9MwEIb%2FijV3J44TaGM1XZWtVlTiI2IDBy7IdSasUWIHj0PLv9%2BQFrQcWK72O%2FPMPPbm5jz07AcGst5VkCUCGDrjW%2Bu%2BVvCxueNruNluSA%2B9HNVuig%2FuA36fkCKbCx2py00FU3DKa7KknB6QVDTqfvf2jZKJUGPw0RvfA9vPhdbpuMAeYhxJpan%2Bdu7Ptgw%2B0cb4yUVKvGtx0K5NjB%2FSBZHadkyJ%2FP%2FSwO58MLhMWkGne0Jgh30FX1ayeGHKdsWzdSZ5UcqWl6I88vVx3aHQRX7sijlKNOHBUdQuViCFzLkouCya7KUqciXLROSrz8Dq606vrLu4ek7A8RIi9bppal6%2Fv2%2BAffrtfA7A1bBa6OGp2ucbayIMv2zC9nQ6JTQZg0SdNtEHWuTdCpFJkcs8F%2FUmfUr586rv5raHfe17a36yXd%2F7021AHbGCGCZchA46%2FnuQLMmWE9vybomqydGIxnYWW0i3V%2Bzf32f7CA%3D%3D&RelayState=%2Flogin%3Fcompany%3DC0012032330P&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=If2T%2Fzp1HU8BrxCG99RFHkhRpXLyk%2FbNJQ0SgLPj0%2FyCxxQCJvCxZHks3mlb7rGG0z3si4ohZp%2BGLoSricMozGQ9viLeukxrrXodjRlRX4AhNLWrR4hVxLCTNdnrwcpDfwsY04o0ZL5uLv0Ut1xfHY0T5bNLQX5C07gZ7jwYxwI%3DHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: chromecache_117.1.drString found in binary or memory: http://www.ilinsky.com)
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070
Source: classification engineClassification label: clean1.win@26/11@8/7
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1640,i,13844028026794250996,13332963572850188320,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://performancemanager5.successfactors.eu/login?company=C0012032330P
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1640,i,13844028026794250996,13332963572850188320,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		2
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 853145 URL: https://performancemanager5... Startdate: 24/04/2023 Architecture: WINDOWS Score: 1 5 chrome.exe 15 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.1 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 142.250.203.100, 443, 49714, 49798 GOOGLEUS United States 10->17 19 accounts.google.com 142.250.203.109, 443, 49705, 49708 GOOGLEUS United States 10->19 21 6 other IPs or domains 10->21

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://performancemanager5.successfactors.eu/login?company=C0012032330P0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.ilinsky.com)0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
142.250.203.109
truefalse
    		high
    www.google.com
    		142.250.203.100
    		truefalse
      		high
      clients.l.google.com
      		142.250.203.110
      		truefalse
        		high
        clients2.google.com
        		unknown
        		unknownfalse
          		high
          performancemanager5.successfactors.eu
          		unknown
          		unknownfalse
            		high
            ajxlxi9ro.accounts.ondemand.com
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                		high
                https://performancemanager5.successfactors.eu/saml2/Login?company=C0012032330P&RelayState=/login?company=C0012032330P&_s.crb=K53mhun5bNIipuYlzxVnTaCd%252feWmpqOAsiGg6Drjy6s%253dfalse
                  		high
                  https://ajxlxi9ro.accounts.ondemand.com/saml2/idp/sso/ajxlxi9ro.accounts.ondemand.com?SAMLRequest=hZJNj9MwEIb%2FijV3J44TaGM1XZWtVlTiI2IDBy7IdSasUWIHj0PLv9%2BQFrQcWK72O%2FPMPPbm5jz07AcGst5VkCUCGDrjW%2Bu%2BVvCxueNruNluSA%2B9HNVuig%2FuA36fkCKbCx2py00FU3DKa7KknB6QVDTqfvf2jZKJUGPw0RvfA9vPhdbpuMAeYhxJpan%2Bdu7Ptgw%2B0cb4yUVKvGtx0K5NjB%2FSBZHadkyJ%2FP%2FSwO58MLhMWkGne0Jgh30FX1ayeGHKdsWzdSZ5UcqWl6I88vVx3aHQRX7sijlKNOHBUdQuViCFzLkouCya7KUqciXLROSrz8Dq606vrLu4ek7A8RIi9bppal6%2Fv2%2BAffrtfA7A1bBa6OGp2ucbayIMv2zC9nQ6JTQZg0SdNtEHWuTdCpFJkcs8F%2FUmfUr586rv5raHfe17a36yXd%2F7021AHbGCGCZchA46%2FnuQLMmWE9vybomqydGIxnYWW0i3V%2Bzf32f7CA%3D%3D&RelayState=%2Flogin%3Fcompany%3DC0012032330P&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=If2T%2Fzp1HU8BrxCG99RFHkhRpXLyk%2FbNJQ0SgLPj0%2FyCxxQCJvCxZHks3mlb7rGG0z3si4ohZp%2BGLoSricMozGQ9viLeukxrrXodjRlRX4AhNLWrR4hVxLCTNdnrwcpDfwsY04o0ZL5uLv0Ut1xfHY0T5bNLQX5C07gZ7jwYxwI%3Dfalse
                    		high
                    https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                      		high
                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www.ilinsky.com)chromecache_117.1.drfalse
                      • Avira URL Cloud: safe
                      		low

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      142.250.203.100
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      142.250.203.110
                      		clients.l.google.comUnited States
                      		15169GOOGLEUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      142.250.203.109
                      		accounts.google.comUnited States
                      		15169GOOGLEUSfalse

                      Private

                      IP
                      192.168.2.1
                      192.168.2.4
                      127.0.0.1

                      General Information

                      Joe Sandbox Version:37.0.0 Beryl
                      Analysis ID:853145
                      Start date and time:2023-04-24 18:42:21 +02:00
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 6m 47s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:https://performancemanager5.successfactors.eu/login?company=C0012032330P
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Number of analysed new started processes analysed:12
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:CLEAN
                      Classification:clean1.win@26/11@8/7
                      EGA Information:Failed
                      HDC Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 142.250.203.99, 80.67.82.161, 80.67.82.155, 34.104.35.123, 157.133.170.72, 172.217.168.74, 142.250.203.106, 172.217.168.10, 172.217.168.42
                      • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, eu-only.successfactors.eu.edgekey.net, e88611.e3.akamaiedge.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, accounts.ondemand.com.cloud.sap.akadns.net
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtWriteVirtualMemory calls found.

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      Chrome Cache Entry: 112

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 125x36, components 3
                      Category:dropped
                      Size (bytes):759
                      Entropy (8bit):6.315389709880597
                      Encrypted:false
                      SSDEEP:12:VaGTdDcNfChpMu8bz0lJ0Xx0WzOsvWGKkCHdcfmcGHMf/qXzUOrS07DAzEgOsvW1:QMDcIhpKbzo0XxDuLHeOWXG4OZ7DAJu7
                      MD5:39C71C2CB4AB84E6F4DCF44AB863A7D0
                      SHA1:E0BC705DF50D2D4C132708C59AA40F0457FE8C00
                      SHA-256:8330E56EB436CC666F60A2F50DC5B89411921138D91357178319AA27BA1D0E7D
                      SHA-512:95B7A9BE6CFC18B68B0873FCA0F5151E29EAA1EC61AD7D7BD1B5FEE4B1FA102775C5C75835DC1156A1A12585D2F8626B566899C85D9D654CF23E7A7F8CCBE195
                      Malicious:false
                      Reputation:low
                      Preview:......JFIF............."Exif..MM.*.........................C....................................................................C.......................................................................$.}.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...

                      Chrome Cache Entry: 113

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 300x101, components 3
                      Category:dropped
                      Size (bytes):23385
                      Entropy (8bit):7.0021901543941585
                      Encrypted:false
                      SSDEEP:384:5LBjJ0u7tQKY9+N6r2cPoIBW4Ygm8wGmubaytwIGCJ0Q8O:5LBjJ0WtI9+rc+UhuQs7Q8O
                      MD5:EAACAB383BE279DE2456E8D058C64A04
                      SHA1:7141BF213C9D4F8995D1D819D4C333D3FB2940EA
                      SHA-256:5D4CACA5DA0BD4F0A6EBD3F4183F87D50FC2E6C1811F2C4966DBE0F216C6E69C
                      SHA-512:424C2AD2464C9B1EEB11A8C5944538FF0D1C6D590B2E4315B82CE23DAEFC3B62ADF09632680D746CCE92E63C9D3168150E5CA292E1134FD145C5377FA36C23D4
                      Malicious:false
                      Reputation:low
                      Preview:......JFIF............."Exif..MM.*.........................,Photoshop 3.0.8BIM..........................9lhttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>..<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 ">...<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">....<rdf:Description rdf:about="" xmlns:dc="http://purl.org/dc/elements/1.1/">.....<dc:format>image/jpeg</dc:format>.....<dc:title>......<rdf:Alt>.......<rdf:li xml:lang="x-default">0114_asia_sompo_logo-02</rdf:li>......</rdf:Alt>.....</dc:title>....</rdf:Description>....<rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpGImg="http://ns.adobe.com/xap/1.0/g/img/">.....<xmp:MetadataDate>2016-01-14T15:29:36+09:00</xmp:MetadataDate>.....<xmp:ModifyDate>2016-01-14T06:29:37Z</xmp:ModifyDate>.....<xmp:CreateDate>2016-01-14T15:29:36+09:00</xmp:CreateDate>.....<xmp:CreatorTool>Adobe Illustrator CS6 (Macint

                      Chrome Cache Entry: 114

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (32746)
                      Category:downloaded
                      Size (bytes):197247
                      Entropy (8bit):5.251797745548317
                      Encrypted:false
                      SSDEEP:3072:u7ox4gFoIOjwlQxJDi4MvXedbQY/ywD8yso:AhIOjwOxJ9+OdbQYawL
                      MD5:8A33B0F339F6EDCBC686065E29B885C3
                      SHA1:BB32935A1C336CFB710DEB4FA93A9AF201C23DB6
                      SHA-256:7D4853C26492FBA7F72BBE4378978D93AEF4EAB7B2FD2A817DB4EA2814C211F9
                      SHA-512:987B23B9C050D16FD7E7BE915273F404F311BE32247FDCC84C1EA915E33746E01D4BA93B984DA5A19BB9708E99A939CDA68B9BED2DA684E53EB8571786905C31
                      Malicious:false
                      Reputation:low
                      URL:https://ajxlxi9ro.accounts.ondemand.com/universalui/assets/application-7d4853c26492fba7f72bbe4378978d93aef4eab7b2fd2a817db4ea2814c211f9.js
                      Preview:function idsClose(){$("body").on("click",".js-close-trigger",function(e){e.preventDefault(),e.stopPropagation(),$(this).parents(".js-close-target").remove()})}function idsShowHelp(){"use strict";var e,t="body",n=".js-tooltip",r='<div class="ids-tooltip" role="tooltip"><p id="ids-tooltip-content"></p><div id="ids-tooltip-pointer"></div></div>',i=18,o=12;if($(".js-show-help").length>0){var a=$(r);a.addClass("js-tooltip"),a.find("#ids-tooltip-content").addClass("ids-tooltip-content js-tooltip-content"),a.find("#ids-tooltip-pointer").addClass("ids-tooltip-pointer js-tooltip-pointer"),$(t).append(a)}var s=function(e,t){t.css("left",""),t.css("width","");var n=t[0].getBoundingClientRect(),r=n.width,a=e[0].getBoundingClientRect(),s=a.left+$(window).scrollLeft()+a.width/2,u=s-r/2;if(u+r>$(window).innerWidth()-i){u=s-r/2-(u+r-($(window).innerWidth()-i))}u<i&&(u=i)+r>$(window).innerWidth()-i&&t.css("width",$(window).innerWidth()-2*i),t.css("left",u);var l=$(".js-tooltip-pointer");l.css("left",s-

                      Chrome Cache Entry: 115

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (65536), with no line terminators
                      Category:downloaded
                      Size (bytes):138822
                      Entropy (8bit):5.296170173024777
                      Encrypted:false
                      SSDEEP:1536:2Em6+HrHGiX8jVTI1HZfU+lyJmDiCksfQBCy+mpxkW3wAA1rn78O:2EfNi6IdZfQmOs7
                      MD5:FF721DEC5C58C442288584C386135E52
                      SHA1:26B8B99AEE4BD99C4F885826E7FAD6EE475A4AC4
                      SHA-256:FC2DAE44D4617819D75F2A433AE989E8865CCE116F675B906A274D168416832F
                      SHA-512:60A0CE5D57A0CB50BED077200D68F07BCF4911D352D2F314CD27A0298DC1B6D30E6C7F5346F2A5D36A0FE1CDF4AB772100E0D95AF0738D90F385D0EBF837D977
                      Malicious:false
                      Reputation:low
                      URL:https://ajxlxi9ro.accounts.ondemand.com/universalui/assets/ids-fc2dae44d4617819d75f2a433ae989e8865cce116f675b906a274d168416832f.css
                      Preview:html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td,article,aside,canvas,details,embed,figure,figcaption,footer,header,hgroup,menu,nav,output,ruby,section,summary,time,mark,audio,video{margin:0;padding:0;border:none;font:inherit;vertical-align:baseline}ol,ul{list-style:none}table{border-collapse:collapse;border-spacing:0}caption,th,td{text-align:left;font-weight:normal;vertical-align:middle}q,blockquote{quotes:none}q:before,q:after,blockquote:before,blockquote:after{content:"";content:none}a{text-decoration:none}a img{border:none}article,aside,details,figcaption,figure,footer,header,hgroup,menu,nav,section,summary{display:block}button{margin:0}@-webkit-keyframes spinner-animation{0%{-webkit-transform:rotate(0deg)}100%{-webkit-transform:rotate(360deg)}}@-moz-keyfra

                      Chrome Cache Entry: 116

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 300x101, components 3
                      Category:downloaded
                      Size (bytes):23385
                      Entropy (8bit):7.0021901543941585
                      Encrypted:false
                      SSDEEP:384:5LBjJ0u7tQKY9+N6r2cPoIBW4Ygm8wGmubaytwIGCJ0Q8O:5LBjJ0WtI9+rc+UhuQs7Q8O
                      MD5:EAACAB383BE279DE2456E8D058C64A04
                      SHA1:7141BF213C9D4F8995D1D819D4C333D3FB2940EA
                      SHA-256:5D4CACA5DA0BD4F0A6EBD3F4183F87D50FC2E6C1811F2C4966DBE0F216C6E69C
                      SHA-512:424C2AD2464C9B1EEB11A8C5944538FF0D1C6D590B2E4315B82CE23DAEFC3B62ADF09632680D746CCE92E63C9D3168150E5CA292E1134FD145C5377FA36C23D4
                      Malicious:false
                      Reputation:low
                      URL:https://ajxlxi9ro.accounts.ondemand.com/ui/public/cached/6408313adf3d9f5460e87225/v/1/logo
                      Preview:......JFIF............."Exif..MM.*.........................,Photoshop 3.0.8BIM..........................9lhttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>..<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 ">...<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">....<rdf:Description rdf:about="" xmlns:dc="http://purl.org/dc/elements/1.1/">.....<dc:format>image/jpeg</dc:format>.....<dc:title>......<rdf:Alt>.......<rdf:li xml:lang="x-default">0114_asia_sompo_logo-02</rdf:li>......</rdf:Alt>.....</dc:title>....</rdf:Description>....<rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpGImg="http://ns.adobe.com/xap/1.0/g/img/">.....<xmp:MetadataDate>2016-01-14T15:29:36+09:00</xmp:MetadataDate>.....<xmp:ModifyDate>2016-01-14T06:29:37Z</xmp:ModifyDate>.....<xmp:CreateDate>2016-01-14T15:29:36+09:00</xmp:CreateDate>.....<xmp:CreatorTool>Adobe Illustrator CS6 (Macint

                      Chrome Cache Entry: 117

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (520)
                      Category:downloaded
                      Size (bytes):7008
                      Entropy (8bit):5.405172687805311
                      Encrypted:false
                      SSDEEP:96:s0m5mjQFVFmYlBTR4yddMUVA1Y3o6bzdp7OPRP5LbRgwjM:Vm5mjQ1tBT6yHMUVA1IZpuLbKwjM
                      MD5:72CB3CFE41A02BEE182F8D2C07F9B893
                      SHA1:D001355479449B997161A1F6BB922F4D9866CB29
                      SHA-256:E2AAEC9826F489C85B078BBBEC0EFDB872FCBD16C74677111288BD7B02E807A9
                      SHA-512:B3DC4A8C6BE393382FB8125DC26C3F8DC7054B208EB6A1E86C076B9EE176A68D778138A7B1217C35675FE15F268F24C88C0C212CC211DD14051A7685445BA6BD
                      Malicious:false
                      Reputation:low
                      URL:https://performancemanager5.successfactors.eu/ui/extlib/XMLHttpRequest_1.0.5_sf.18/XMLHttpRequest.js
                      Preview:/**. * XMLHttpRequest.js Copyright (C) 2011 Sergey Ilinsky (http://www.ilinsky.com). *. * This work is free software; you can redistribute it and/or modify. * it under the terms of the GNU Lesser General Public License as published by. * the Free Software Foundation; either version 2.1 of the License, or. * (at your option) any later version.. *. * This work is distributed in the hope that it will be useful,. * but without any warranty; without even the implied warranty of. * merchantability or fitness for a particular purpose. See the. * GNU Lesser General Public License for more details.. *. * You should have received a copy of the GNU Lesser General Public License. * along with this library; if not, write to the Free Software Foundation, Inc.,. * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. */./* Note: Changes have been done for enhancements and perflog requirements in the application */.window.DEF_FLAG_OF_XMLHTTPREQUEST_JS||(window.DEF_FLAG_OF_XMLHTTPREQUEST_JS=!0,functio

                      Chrome Cache Entry: 118

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 125x36, components 3
                      Category:downloaded
                      Size (bytes):759
                      Entropy (8bit):6.315389709880597
                      Encrypted:false
                      SSDEEP:12:VaGTdDcNfChpMu8bz0lJ0Xx0WzOsvWGKkCHdcfmcGHMf/qXzUOrS07DAzEgOsvW1:QMDcIhpKbzo0XxDuLHeOWXG4OZ7DAJu7
                      MD5:39C71C2CB4AB84E6F4DCF44AB863A7D0
                      SHA1:E0BC705DF50D2D4C132708C59AA40F0457FE8C00
                      SHA-256:8330E56EB436CC666F60A2F50DC5B89411921138D91357178319AA27BA1D0E7D
                      SHA-512:95B7A9BE6CFC18B68B0873FCA0F5151E29EAA1EC61AD7D7BD1B5FEE4B1FA102775C5C75835DC1156A1A12585D2F8626B566899C85D9D654CF23E7A7F8CCBE195
                      Malicious:false
                      Reputation:low
                      URL:https://ajxlxi9ro.accounts.ondemand.com/ui/public/cached/tenant/v/1/tenant_logo
                      Preview:......JFIF............."Exif..MM.*.........................C....................................................................C.......................................................................$.}.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...

                      Chrome Cache Entry: 119

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel
                      Category:downloaded
                      Size (bytes):1406
                      Entropy (8bit):3.584173862687819
                      Encrypted:false
                      SSDEEP:12:H+4i+EnMlZKoCvzc4Ni/3Ek9eJw8YY3iiwxagfDQxcZSlc9cpmL/YSb/kmnP6C:sGKoCvzaEk9e3YxQKGpmjj
                      MD5:259C5376EE55693819E4F9A6F8B50C68
                      SHA1:F795CADBEB0AEB231E06FAA59AE75915F0688FAD
                      SHA-256:3F6056CCC3D427EE59C008B672968DCA2AAF78FB7D9959A11ED02FCB4AAF7906
                      SHA-512:7E594709F8ED91194D66DE280A814648DCB402F0E5BD0FA72D1ED6F006E0BF9AC4D1C6C088DB0856807CEBF891C32B34D73BB072035D0B22962557134E2321B1
                      Malicious:false
                      Reputation:low
                      URL:https://performancemanager5.successfactors.eu/favicon.ico
                      Preview:..............h.......(....... ...............................................[[[.............6..!..... ..:.....................666........................................@..............iii.............b..F..............0...........................L..9..K.;;;..A....................................................+.......................I..J...k....aaa..M...t.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      Chrome Cache Entry: 120

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (540)
                      Category:downloaded
                      Size (bytes):11576
                      Entropy (8bit):5.749925035136013
                      Encrypted:false
                      SSDEEP:192:V87kiFUi9a4/i9iJi1n9nfs4Q0idivXtNnk0+o+9OEdJHfLNINOTDLQidilgv:G7RFho4q8grnU4QBcvXtG0BkRPH5cUcK
                      MD5:89F67066907046C68FE028CD9866CBA0
                      SHA1:4481A05E071AF29DD2DA9BDEB0C08B2B924F6DFB
                      SHA-256:2EE483C6C8AC0A1A070FA2A1AF9EF0C46FCA385B84FFAD5A0ABBA2B48E226E02
                      SHA-512:86AC312E5D3DAEAA6D3122230C4D0428B6238446FED62F074BDF35953B06D73A14134E83C96B5C0A1F0DA9A5D016FB411816621285CB4083D72168673D75132A
                      Malicious:false
                      Reputation:low
                      URL:https://performancemanager5.successfactors.eu/ui/perflog/js/perflog_6afbc835fd7bc8ec51a93324df511558.js
                      Preview:try{window.DEF_FLAG_OF_PERFLOG_JS||(window.DEF_FLAG_OF_PERFLOG_JS=!0,window.PerfLog=function(){function G(a,c){var b=(window.pageHeaderJsonData||{}).pageInfo;if(!b){var d=(document.querySelector("meta[name\x3dpageInfo]")||{}).content;d&&(b=JSON.parse(d))}if(!b)return a;(d=b.moduleId)&&(a+="\x26moduleId\x3d"+l(d));(d=b.pageId)&&(a+="\x26pageId\x3d"+l(d));(b=b.pageQualifier)&&(a+="\x26pageQualifier\x3d"+l(b));c&&"NoAction"!=c?a+="\x26pageAction\x3d"+l(c):window.PerfLog.pageAction&&(a+="\x26pageAction\x3d"+.l(window.PerfLog.pageAction));return a}function P(a){var c=window.PerfPhase&&PerfPhase.tracking;if(!c)return a;["TRS","TIP","TML","TSL"].forEach(function(b){var d=c[b];d&&(a+="\x26"+b+"\x3d"+d)});return a}function m(a,c,b){return c&&0<=b?"\x26"+a+"\x3d"+l(c-b):""}function Q(a){var c=window.performance.navigation,b=window.performance.timing,d=(window.PerfPhase||{}).tracking||{};if(!c||!b)return a;var e=b.navigationStart;a+=m("RED",c.redirectCount,0);a+=m("TTB",b.responseStart,b.fetchSta

                      Chrome Cache Entry: 121

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with no line terminators
                      Category:downloaded
                      Size (bytes):16
                      Entropy (8bit):3.875
                      Encrypted:false
                      SSDEEP:3:H8CkYn:cnYn
                      MD5:FEA6821833CD148E6983684589BC235B
                      SHA1:72E217BF8FD37FDF2A4CD037B06FE058B9A7EAF1
                      SHA-256:FAA69E7A498D2C9094A84F45007A6E71EA1118703484AA3AC4709BA2921EF197
                      SHA-512:0F4178BE7BB38984FA4E90A3FB2210842181C25106FFA71316E6457987CBCB57D90160ED5DC92B4939FA3105FAFCD22F731AAC557956D8A06FC0C2397754CDD0
                      Malicious:false
                      Reputation:low
                      URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTA0LjAuNTExMi44MRIQCd9Ebc87tIKEEgUNfx-dBQ==?alt=proto
                      Preview:CgkKBw1/H50FGgA=

                      Chrome Cache Entry: 122

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (3665), with CRLF line terminators
                      Category:downloaded
                      Size (bytes):116346
                      Entropy (8bit):5.260111224383194
                      Encrypted:false
                      SSDEEP:768:yaXw04t3mWAQ0Qm4+VDKG+VD9Z/obmwWkkOyjOyyjeay9m+o+uuvTHD0H:yag04h+kG+HZ/o1y9m+o+uuvTHD0H
                      MD5:058005B5C4DD9B0A13CDADCDFB04BAD1
                      SHA1:0BAA5960191AD5FC2297A943E9FC1FDBCBB61EAE
                      SHA-256:5A164A11A21B14D0135A552F2A51DFB3AE6141E4FE4A7C6900070D6A43407714
                      SHA-512:4B35E892205A9F20F6EF92FDC24DAF055A744CE0620DB5ED6256512A8D7BDC3F84FCA51150C848F109155E1DE39436FC7062C4CEC67322373164C70E1110C264
                      Malicious:false
                      Reputation:low
                      URL:https://ajxlxi9ro.accounts.ondemand.com/ui/public/cached/Custom_CSS/v/97/RESOURCE_STYLESHEET
                      Preview:html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, img, ins, kbd, q, s, samp, small, strike, strong, sub, sup, tt, var, b, u, i, center, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td, article, aside, canvas, details, embed, figure, figcaption, footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video {.. margin:0;.. padding:0;.. border:none;.. font:inherit;.. vertical-align:baseline..}....ol, ul {.. list-style:none..}....table {.. border-collapse:collapse;.. border-spacing:0..}....caption, th, td {.. text-align:left;.. font-weight:normal;.. vertical-align:middle..}....q, blockquote {.. quotes:none..}....q:before, q:after, blockquote:before, blockquote:after {.. content:"";.. content:none..}....a {.. text-decoration:none..}....a img {.. border:none..}...

                      Static File Info

                      No static file info

                      Network Behavior

                      Download Network PCAP: filteredfull

                      Network Port Distribution

                      • Total Packets: 71
                      • 443 (HTTPS)
                      • 53 (DNS)
                      TimestampSource PortDest PortSource IPDest IP
                      Apr 24, 2023 18:43:27.746444941 CEST49704443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:27.746516943 CEST44349704142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:27.746615887 CEST49704443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:27.747178078 CEST49705443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:27.747220039 CEST44349705142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:27.747303009 CEST49705443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:27.772448063 CEST49707443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:27.772491932 CEST44349707142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:27.772725105 CEST49707443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:27.773288965 CEST49708443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:27.773364067 CEST44349708142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:27.773467064 CEST49708443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:27.774761915 CEST49704443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:27.774802923 CEST44349704142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:27.775130033 CEST49705443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:27.775156021 CEST44349705142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:27.775823116 CEST49707443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:27.775859118 CEST44349707142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:27.776124001 CEST49708443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:27.776153088 CEST44349708142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:27.897135973 CEST44349707142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:27.902163982 CEST44349704142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:27.922681093 CEST44349705142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:27.924642086 CEST44349708142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:27.944179058 CEST49704443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:27.944583893 CEST49708443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:27.944633007 CEST44349708142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:27.944880962 CEST49705443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:27.944927931 CEST44349705142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:27.945051908 CEST49704443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:27.945090055 CEST44349704142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:27.945235014 CEST49707443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:27.945266962 CEST44349707142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:27.945877075 CEST44349704142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:27.945878029 CEST44349707142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:27.946021080 CEST49707443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:27.946036100 CEST49704443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:27.946723938 CEST44349707142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:27.946799040 CEST49707443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:27.947015047 CEST44349708142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:27.947105885 CEST49708443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:27.947273970 CEST44349704142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:27.947345972 CEST49704443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:27.947350979 CEST44349705142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:27.947426081 CEST49705443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:28.696811914 CEST49705443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:28.697129965 CEST49708443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:28.697138071 CEST44349705142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:28.697287083 CEST44349708142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:28.697916985 CEST49705443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:28.697957993 CEST44349705142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:28.698431969 CEST49707443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:28.698530912 CEST49704443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:28.698605061 CEST44349707142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:28.698668957 CEST44349704142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:28.699166059 CEST49707443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:28.699182034 CEST44349707142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:28.732588053 CEST44349707142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:28.732737064 CEST49707443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:28.732753038 CEST44349707142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:28.732808113 CEST49707443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:28.740858078 CEST49704443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:28.740916014 CEST44349704142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:28.745176077 CEST49707443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:28.745238066 CEST44349707142.250.203.110192.168.2.6
                      Apr 24, 2023 18:43:28.783123970 CEST44349705142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:28.783184052 CEST49705443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:28.783210993 CEST44349705142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:28.783308029 CEST44349705142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:28.783354044 CEST49705443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:28.834825039 CEST49708443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:28.834862947 CEST44349708142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:28.858730078 CEST49704443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:43:28.889477015 CEST49705443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:28.889514923 CEST44349705142.250.203.109192.168.2.6
                      Apr 24, 2023 18:43:28.938374996 CEST49708443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:43:29.346996069 CEST49714443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:43:29.347049952 CEST44349714142.250.203.100192.168.2.6
                      Apr 24, 2023 18:43:29.347138882 CEST49714443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:43:29.347512007 CEST49714443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:43:29.347523928 CEST44349714142.250.203.100192.168.2.6
                      Apr 24, 2023 18:43:29.412406921 CEST44349714142.250.203.100192.168.2.6
                      Apr 24, 2023 18:43:29.435223103 CEST49714443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:43:29.435260057 CEST44349714142.250.203.100192.168.2.6
                      Apr 24, 2023 18:43:29.437767029 CEST44349714142.250.203.100192.168.2.6
                      Apr 24, 2023 18:43:29.437881947 CEST49714443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:43:29.441924095 CEST49714443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:43:29.442147970 CEST44349714142.250.203.100192.168.2.6
                      Apr 24, 2023 18:43:29.556807995 CEST49714443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:43:29.556842089 CEST44349714142.250.203.100192.168.2.6
                      Apr 24, 2023 18:43:29.658767939 CEST49714443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:43:39.391470909 CEST44349714142.250.203.100192.168.2.6
                      Apr 24, 2023 18:43:39.391594887 CEST44349714142.250.203.100192.168.2.6
                      Apr 24, 2023 18:43:39.391705990 CEST49714443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:43:45.614928961 CEST49714443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:43:45.614995003 CEST44349714142.250.203.100192.168.2.6
                      Apr 24, 2023 18:44:13.747311115 CEST49704443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:44:13.747348070 CEST44349704142.250.203.110192.168.2.6
                      Apr 24, 2023 18:44:13.841185093 CEST49708443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:44:13.841219902 CEST44349708142.250.203.109192.168.2.6
                      Apr 24, 2023 18:44:29.394897938 CEST49708443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:44:29.394975901 CEST49704443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:44:29.395070076 CEST44349708142.250.203.109192.168.2.6
                      Apr 24, 2023 18:44:29.395093918 CEST44349704142.250.203.110192.168.2.6
                      Apr 24, 2023 18:44:29.395138025 CEST49708443192.168.2.6142.250.203.109
                      Apr 24, 2023 18:44:29.395172119 CEST49704443192.168.2.6142.250.203.110
                      Apr 24, 2023 18:44:29.479602098 CEST49798443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:44:29.479691029 CEST44349798142.250.203.100192.168.2.6
                      Apr 24, 2023 18:44:29.479827881 CEST49798443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:44:29.480823040 CEST49798443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:44:29.480865955 CEST44349798142.250.203.100192.168.2.6
                      Apr 24, 2023 18:44:29.536289930 CEST44349798142.250.203.100192.168.2.6
                      Apr 24, 2023 18:44:29.575038910 CEST49798443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:44:29.575081110 CEST44349798142.250.203.100192.168.2.6
                      Apr 24, 2023 18:44:29.576014042 CEST44349798142.250.203.100192.168.2.6
                      Apr 24, 2023 18:44:29.576736927 CEST49798443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:44:29.576960087 CEST44349798142.250.203.100192.168.2.6
                      Apr 24, 2023 18:44:29.620076895 CEST49798443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:44:39.520706892 CEST44349798142.250.203.100192.168.2.6
                      Apr 24, 2023 18:44:39.520800114 CEST44349798142.250.203.100192.168.2.6
                      Apr 24, 2023 18:44:39.520931959 CEST49798443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:44:40.878935099 CEST49798443192.168.2.6142.250.203.100
                      Apr 24, 2023 18:44:40.879014015 CEST44349798142.250.203.100192.168.2.6
                      TimestampSource PortDest PortSource IPDest IP
                      Apr 24, 2023 18:43:27.263180017 CEST6460153192.168.2.68.8.8.8
                      Apr 24, 2023 18:43:27.264188051 CEST4978653192.168.2.68.8.8.8
                      Apr 24, 2023 18:43:27.285459995 CEST53497868.8.8.8192.168.2.6
                      Apr 24, 2023 18:43:27.305067062 CEST53646018.8.8.8192.168.2.6
                      Apr 24, 2023 18:43:28.366875887 CEST5633153192.168.2.68.8.8.8
                      Apr 24, 2023 18:43:29.215811968 CEST5908253192.168.2.68.8.8.8
                      Apr 24, 2023 18:43:29.246258974 CEST53590828.8.8.8192.168.2.6
                      Apr 24, 2023 18:43:29.275449991 CEST5950453192.168.2.68.8.8.8
                      Apr 24, 2023 18:43:29.330789089 CEST53595048.8.8.8192.168.2.6
                      Apr 24, 2023 18:43:29.438527107 CEST6519853192.168.2.68.8.8.8
                      Apr 24, 2023 18:44:29.377078056 CEST6069053192.168.2.68.8.8.8
                      Apr 24, 2023 18:44:29.392488956 CEST53606908.8.8.8192.168.2.6
                      Apr 24, 2023 18:44:29.401782990 CEST5675053192.168.2.68.8.8.8
                      Apr 24, 2023 18:44:29.426033974 CEST53567508.8.8.8192.168.2.6

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Apr 24, 2023 18:43:27.263180017 CEST192.168.2.68.8.8.80xed6bStandard query (0)clients2.google.comA (IP address)IN (0x0001)false
                      Apr 24, 2023 18:43:27.264188051 CEST192.168.2.68.8.8.80x46a3Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                      Apr 24, 2023 18:43:28.366875887 CEST192.168.2.68.8.8.80xf31cStandard query (0)performancemanager5.successfactors.euA (IP address)IN (0x0001)false
                      Apr 24, 2023 18:43:29.215811968 CEST192.168.2.68.8.8.80xc818Standard query (0)www.google.comA (IP address)IN (0x0001)false
                      Apr 24, 2023 18:43:29.275449991 CEST192.168.2.68.8.8.80xd39cStandard query (0)www.google.comA (IP address)IN (0x0001)false
                      Apr 24, 2023 18:43:29.438527107 CEST192.168.2.68.8.8.80x86c1Standard query (0)ajxlxi9ro.accounts.ondemand.comA (IP address)IN (0x0001)false
                      Apr 24, 2023 18:44:29.377078056 CEST192.168.2.68.8.8.80x33c8Standard query (0)www.google.comA (IP address)IN (0x0001)false
                      Apr 24, 2023 18:44:29.401782990 CEST192.168.2.68.8.8.80xe377Standard query (0)www.google.comA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Apr 24, 2023 18:43:27.285459995 CEST8.8.8.8192.168.2.60x46a3No error (0)accounts.google.com142.250.203.109A (IP address)IN (0x0001)false
                      Apr 24, 2023 18:43:27.305067062 CEST8.8.8.8192.168.2.60xed6bNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                      Apr 24, 2023 18:43:27.305067062 CEST8.8.8.8192.168.2.60xed6bNo error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                      Apr 24, 2023 18:43:28.401932001 CEST8.8.8.8192.168.2.60xf31cNo error (0)performancemanager5.successfactors.eueu-only.successfactors.eu.edgekey.netCNAME (Canonical name)IN (0x0001)false
                      Apr 24, 2023 18:43:29.246258974 CEST8.8.8.8192.168.2.60xc818No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                      Apr 24, 2023 18:43:29.330789089 CEST8.8.8.8192.168.2.60xd39cNo error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                      Apr 24, 2023 18:43:29.489242077 CEST8.8.8.8192.168.2.60x86c1No error (0)ajxlxi9ro.accounts.ondemand.comaccounts.ondemand.com.cloud.sap.akadns.netCNAME (Canonical name)IN (0x0001)false
                      Apr 24, 2023 18:44:29.392488956 CEST8.8.8.8192.168.2.60x33c8No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                      Apr 24, 2023 18:44:29.426033974 CEST8.8.8.8192.168.2.60xe377No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • accounts.google.com
                      • clients2.google.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      0192.168.2.649705142.250.203.109443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-04-24 16:43:28 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                      Host: accounts.google.com
                      Connection: keep-alive
                      Content-Length: 1
                      Origin: https://www.google.com
                      Content-Type: application/x-www-form-urlencoded
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070
                      2023-04-24 16:43:28 UTC0OUTData Raw: 20
                      Data Ascii:
                      2023-04-24 16:43:28 UTC2INHTTP/1.1 200 OK
                      Content-Type: application/json; charset=utf-8
                      Access-Control-Allow-Origin: https://www.google.com
                      Access-Control-Allow-Credentials: true
                      X-Content-Type-Options: nosniff
                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                      Pragma: no-cache
                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                      Date: Mon, 24 Apr 2023 16:43:28 GMT
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      Cross-Origin-Opener-Policy: same-origin; report-to="IdentityListAccountsHttp"
                      Content-Security-Policy: script-src 'report-sample' 'nonce-LEFgLEGyCjXRg7-zttVTjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                      Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      Report-To: {"group":"IdentityListAccountsHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external"}]}
                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                      Server: ESF
                      X-XSS-Protection: 0
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Accept-Ranges: none
                      Vary: Accept-Encoding
                      Connection: close
                      Transfer-Encoding: chunked
                      2023-04-24 16:43:28 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                      Data Ascii: 11["gaia.l.a.r",[]]
                      2023-04-24 16:43:28 UTC4INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      1192.168.2.649707142.250.203.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-04-24 16:43:28 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                      Host: clients2.google.com
                      Connection: keep-alive
                      X-Goog-Update-Interactivity: fg
                      X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                      X-Goog-Update-Updater: chromecrx-104.0.5112.81
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2023-04-24 16:43:28 UTC1INHTTP/1.1 200 OK
                      Content-Security-Policy: script-src 'report-sample' 'nonce-X1p2PfEsD2POw5AdVSqIZw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                      Pragma: no-cache
                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                      Date: Mon, 24 Apr 2023 16:43:28 GMT
                      Content-Type: text/xml; charset=UTF-8
                      X-Daynum: 5957
                      X-Daystart: 35008
                      X-Content-Type-Options: nosniff
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      Server: GSE
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Accept-Ranges: none
                      Vary: Accept-Encoding
                      Connection: close
                      Transfer-Encoding: chunked
                      2023-04-24 16:43:28 UTC2INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 39 35 37 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 35 30 30 38 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                      Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5957" elapsed_seconds="35008"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                      2023-04-24 16:43:28 UTC2INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                      Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                      2023-04-24 16:43:28 UTC2INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Statistics

                      CPU Usage

                      020406080s020406080100

                      Click to jump to process

                      Memory Usage

                      020406080s0.0020406080100MB

                      Click to jump to process

                      High Level Behavior Distribution

                      • File
                      • Registry

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:18:43:22
                      Start date:24/04/2023
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                      Imagebase:0x7ff6f9750000
                      File size:2851656 bytes
                      MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Show Windows behavior

                      File Activities

                      Show Windows behavior

                      Section Activities

                      Show Windows behavior

                      Registry Activities

                      Show Windows behavior

                      Mutex Activities

                      Show Windows behavior

                      Process Activities

                      Show Windows behavior

                      Thread Activities

                      Show Windows behavior

                      Memory Activities

                      Show Windows behavior

                      System Activities

                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      Show Windows behavior

                      Windows UI Activities

                      Show Windows behavior

                      Process Token Activities

                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                      General

                      Target ID:1
                      Start time:18:43:24
                      Start date:24/04/2023
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1640,i,13844028026794250996,13332963572850188320,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                      Imagebase:0x7ff6f9750000
                      File size:2851656 bytes
                      MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Show Windows behavior

                      File Activities

                      Show Windows behavior

                      Section Activities

                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      Show Windows behavior

                      Thread Activities

                      Show Windows behavior

                      Memory Activities

                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                      General

                      Target ID:2
                      Start time:18:43:27
                      Start date:24/04/2023
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://performancemanager5.successfactors.eu/login?company=C0012032330P
                      Imagebase:0x7ff6f9750000
                      File size:2851656 bytes
                      MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      Show Windows behavior

                      Section Activities

                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      Show Windows behavior

                      Thread Activities

                      Show Windows behavior

                      Memory Activities

                      Show Windows behavior

                      System Activities

                      Windows UI Activities

                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                      Disassembly

                      No disassembly