Edit tour

Windows Analysis Report
https://netflix.netfilm.online/i/df117e8a574734eac962e44d96d884ee9?fp=a8b756deca

Overview

General Information

Sample URL:	https://netflix.netfilm.online/i/df117e8a574734eac962e44d96d884ee9?fp=a8b756deca
Analysis ID:	1501614
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=2380,i,1463546029193500452,18011406207282864536,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5512 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://netflix.netfilm.online/i/df117e8a574734eac962e44d96d884ee9?fp=a8b756deca" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: https://netflix.netfilm.online/i/df117e8a574734eac962e44d96d884ee9?fp=a8b756deca

Virustotal: Detection: 9%

Perma Link

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49735 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49737 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.5:56836 -> 1.1.1.1:53

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49735 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8PkDBXDgEksCm9K&MD=hkBFbY92 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8PkDBXDgEksCm9K&MD=hkBFbY92 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: netflix.netfilm.online
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_73.2.dr, chromecache_75.2.dr	String found in binary or memory: http://delicioustheme.com/demo-15/index.html
Source: chromecache_74.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_69.2.dr, chromecache_79.2.dr, chromecache_72.2.dr, chromecache_81.2.dr, chromecache_77.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_72.2.dr	String found in binary or memory: http://jqueryui.com/themeroller/?bgShadowXPos=&bgOverlayXPos=&bgErrorXPos=&bgHighlightXPos=&bgConten
Source: chromecache_73.2.dr, chromecache_75.2.dr	String found in binary or memory: http://www.delicioustheme.com
Source: chromecache_71.2.dr, chromecache_78.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_74.2.dr	String found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
Source: chromecache_74.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49737 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@16/31@6/3

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=2380,i,1463546029193500452,18011406207282864536,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://netflix.netfilm.online/i/df117e8a574734eac962e44d96d884ee9?fp=a8b756deca"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=2380,i,1463546029193500452,18011406207282864536,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://netflix.netfilm.online/i/df117e8a574734eac962e44d96d884ee9?fp=a8b756deca	0%	Avira URL Cloud	safe
https://netflix.netfilm.online/i/df117e8a574734eac962e44d96d884ee9?fp=a8b756deca	9%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
netflix.netfilm.online	4%	Virustotal		Browse
www.google.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://jqueryui.com	0%	URL Reputation	safe
http://jqueryui.com	0%	URL Reputation	safe
https://getbootstrap.com/)	0%	URL Reputation	safe
https://github.com/twbs/bootstrap/blob/master/LICENSE)	0%	Avira URL Cloud	safe
http://delicioustheme.com/demo-15/index.html	0%	Avira URL Cloud	safe
http://www.delicioustheme.com	0%	Avira URL Cloud	safe
https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css	0%	Avira URL Cloud	safe
http://getbootstrap.com)	0%	Avira URL Cloud	safe
http://delicioustheme.com/demo-15/index.html	0%	Virustotal		Browse
https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css	0%	Virustotal		Browse
http://www.delicioustheme.com	0%	Virustotal		Browse
https://github.com/twbs/bootstrap/blob/master/LICENSE)	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	216.58.212.164	true	false	0%, Virustotal, Browse	unknown
netflix.netfilm.online	unknown	unknown	false	4%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://netflix.netfilm.online/index/5ed06c908a1d43f6a176e600f686e370/df117e8a574734eac962e44d96d884ee9?fp=a8b756deca	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://jqueryui.com	chromecache_69.2.dr, chromecache_79.2.dr, chromecache_72.2.dr, chromecache_81.2.dr, chromecache_77.2.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_74.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css	chromecache_74.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.delicioustheme.com	chromecache_73.2.dr, chromecache_75.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://getbootstrap.com/)	chromecache_71.2.dr, chromecache_78.2.dr	false	URL Reputation: safe	unknown
http://delicioustheme.com/demo-15/index.html	chromecache_73.2.dr, chromecache_75.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://getbootstrap.com)	chromecache_74.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved		unknown	unknown	false
216.58.212.164	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501614
Start date and time:	2024-08-30 08:27:38 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://netflix.netfilm.online/i/df117e8a574734eac962e44d96d884ee9?fp=a8b756deca
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@16/31@6/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.227, 142.250.185.227, 142.250.185.78, 108.177.15.84, 20.50.64.14, 34.104.35.123, 199.232.210.172, 192.229.221.95, 20.242.39.171, 20.3.187.198, 142.250.184.227, 72.21.81.240
Excluded domains from analysis (whitelisted): waws-prod-db3-191-08db.northeurope.cloudapp.azure.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 05:28:32 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9840473583113916
Encrypted:	false
SSDEEP:	48:8MdxWTRyWpNwHFidAKZdA19ehwiZUklqehHy+3:8aW9PpNSAy
MD5:	0FC5E4DDFB42FADE1F4D7996C6B3FE1D
SHA1:	E9019E531E02A648AD8102EE1D92AB9BEF056FA2
SHA-256:	54A8E50F653DB8618F4485DA98BFCCC6A136D0DE6AE421DB0B827509559719C8
SHA-512:	C607CD36AD712E0E303BFE94A4BB5AEAA7527EE669617725341FA04AFF84FFFC46A0A5E47EE02D2993A26DCB9F8533D1A3A3C918E8D8280D965F63CE91809A10
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....B.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.3....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.3....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.3....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.3..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.3...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 05:28:32 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9998319222392142
Encrypted:	false
SSDEEP:	48:82dxWTRyWpNwHFidAKZdA1weh/iZUkAQkqehwy+2:8gW9PpNI9QFy
MD5:	546B7F274962C69CE3BECCE87F785127
SHA1:	48574C23B0585A2C8DE4EC0E2BD31D6D178E0EBB
SHA-256:	FA1A4CD7B3B5401BA602C0490EBEB8F6F57A73D10286ECFAB04CB204CE5E3BC5
SHA-512:	587474ED74F5B62C0ED58B129F3D2C1273A2CB0CD95EDEABB402DF773D6D9ADF9FD3A7E76CD71408A989A8010C29B59A63815250D0D20EB8246D946011A8A8F9
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....H......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.3....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.3....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.3....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.3..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.3...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0095378325042965
Encrypted:	false
SSDEEP:	48:8x5dxWTRyWpsHFidAKZdA14tseh7sFiZUkmgqeh7sOy+BX:8xVW9PpcnEy
MD5:	8D37FDDE14BAD065DDD8BB3A2A7A6FFC
SHA1:	65C055E7BC7A6EBCA9CB9C0F21A1CE893AEFFBC0
SHA-256:	D31E3324A51D4D5AFC771C375AE88A0F19EB72914EBCEA6EA9C1A078476D8E43
SHA-512:	277BC82F94D1F70BB0B1E4F15D7AA52C50E3E7B3B1C15154B6E7424554FDA35626D996760F43A364C1C721102449624736AAE14F1B424E5F1BD5B05CC299DD5F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.3....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.3....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.3....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.3..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 05:28:32 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9977822838220582
Encrypted:	false
SSDEEP:	48:8B5dxWTRyWpNwHFidAKZdA1vehDiZUkwqehMy+R:8BVW9PpNT2y
MD5:	7DCEC0C972F0DAAFA4F5554642EC2E82
SHA1:	485D8D24389100DFF1EBBBCAC3205C7A0100435D
SHA-256:	378480334981B7CD3BC1C03B1422459D302D7F5FEBBF42EC8DAF1543E3AB719E
SHA-512:	35D3F30684D96A298ED1E6FF875C0C45DB38E6254673E786E2187F6AA6E91456F0FA2AD824AB06323A56D24C103A43D4018CBC2D72865FD5E5771F0F6EADEF01
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.3....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.3....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.3....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.3..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.3...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 05:28:32 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.987098190784963
Encrypted:	false
SSDEEP:	48:85dxWTRyWpNwHFidAKZdA1hehBiZUk1W1qehiy+C:8VW9PpND9Cy
MD5:	6E04CBAA2CECDA479BF80D3BC37E258A
SHA1:	6F2EF5EBD7EC749BD6C6291FF84E1F0D460A1AF7
SHA-256:	7C8B15F694E29742F83C9AE477C38AA81B433E3DC52E71CB9F6210C6962E5441
SHA-512:	4FCDED4EFEDE6F1299A4EBDDEBD3B41896E634D6878B3BB1002A11B1E09EE698B641E54D53AAAFECE582E766B194F00FFFE14451D42CAAFC04067C7260D5099E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.3....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.3....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.3....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.3..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.3...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 05:28:32 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.995180574661374
Encrypted:	false
SSDEEP:	48:82dxWTRyWpNwHFidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbEy+yT+:8gW9PpNzT/TbxWOvTbEy7T
MD5:	E4B8B4EC30F19D47D4C5C5C7390D17F2
SHA1:	D389CE7373880CA2F12649CA6A7C2B398FA15F5F
SHA-256:	5923919BE600B51A614DE8F9C8B3B2B5359F90EE6B34D65A45AAEAE09FEE73C1
SHA-512:	CE52D40CDD4604ECA53D03DFD5C480EE1F93C0D19756BC27FEAAA9AE60E425932F95CDDB7422E9C688805D8985F30448B50A506B51A71ED24DF22A2436A9F6F2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....m......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.3....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.3....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.3....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.3..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.3...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (64394), with CRLF line terminators
Category:	dropped
Size (bytes):	255089
Entropy (8bit):	5.159752797884137
Encrypted:	false
SSDEEP:	3072:nDPNddBFak8JUaVDpYujVHUc92smVppuzUPFI9fB8NpjJSyACAV:TNdIVWjNS9cdzAV
MD5:	B4BAECB73B7A75044853D7F4D363CB49
SHA1:	CEE14F8598C3C7F75ED141896F976FE94ED286A0
SHA-256:	9D9B75E6BF99296F7797ED12F73137F52966DBB02180FF054C6C01680C7BDB1D
SHA-512:	B5E6510052414B90C694C0A01835A7B49C73801757BC12F0AFA7BB96808FC63E474A38CC7C28ADCF3A4A43D145BE9DCCF0A1923A405777FE3D2FD06474583229
Malicious:	false
Reputation:	low
Preview:	/! jQuery UI - v1.13.2 - 2022-07-14.. http://jqueryui.com..* Includes: widget.js, position.js, data.js, disable-selection.js, effect.js, effects/effect-blind.js, effects/effect-bounce.js, effects/effect-clip.js, effects/effect-drop.js, effects/effect-explode.js, effects/effect-fade.js, effects/effect-fold.js, effects/effect-highlight.js, effects/effect-puff.js, effects/effect-pulsate.js, effects/effect-scale.js, effects/effect-shake.js, effects/effect-size.js, effects/effect-slide.js, effects/effect-transfer.js, focusable.js, form-reset-mixin.js, jquery-patch.js, keycode.js, labels.js, scroll-parent.js, tabbable.js, unique-id.js, widgets/accordion.js, widgets/autocomplete.js, widgets/button.js, widgets/checkboxradio.js, widgets/controlgroup.js, widgets/datepicker.js, widgets/dialog.js, widgets/draggable.js, widgets/droppable.js, widgets/menu.js, widgets/mouse.js, widgets/progressbar.js, widgets/resizable.js, widgets/selectable.js, widgets/selectmenu.js, widgets/slider.js, widgets/sor

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65446), with CRLF line terminators
Category:	dropped
Size (bytes):	89503
Entropy (8bit):	5.290152941028811
Encrypted:	false
SSDEEP:	1536:ejExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1vE:eIh8GgP3hujzwbhd3XvSiDQ47GKq
MD5:	0732E3EABBF8AA7CE7F69EEDBD07DFDD
SHA1:	4CD5DDC413B3024D7B56331C0D0D0B2BD933F27F
SHA-256:	CE9D07500AD91EC2B524C270764EC4C9A33E78320D8D374EC400EDE488F6251B
SHA-512:	41D24C426ABCF913BE59917591D906318A547661280036B098A2B1B948BCF9FF14F268B140DB10956730D64A857A61B81034D888ED7F857419DEE6B8D327447C
Malicious:	false
Reputation:	low
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}func

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (39553), with CRLF line terminators
Category:	downloaded
Size (bytes):	39685
Entropy (8bit):	5.135776519349501
Encrypted:	false
SSDEEP:	768:np/wtev6UwUx0eWN3MebE9rQuFfU8Vt0azWcsi1m3K0rmq5YW:OorXfURXiUrmq5YW
MD5:	105A4995B8777AEAF68BFF64BF7D2AE0
SHA1:	E21390F730EB97D3D26B908AAACECD0A00A433E0
SHA-256:	A915D483B99AF421F4813E6B60599B4E39FAFF120E54B5E9838386D4AE1A4C60
SHA-512:	6BEED488F5BC341194DF23CC5A1133EFFF442C30E0E80811FF7DAB1BBB73E809D1CA2A7A4FD02160364E8CE781BAA788C0F47C291946A32B06AF8E64435E74D8
Malicious:	false
Reputation:	low
URL:	https://netflix.netfilm.online/common/bootstrap/js/bootstrap.min.js?tn=2472464012
Preview:	/!.. Bootstrap v3.4.1 (https://getbootstrap.com/).. * Copyright 2011-2019 Twitter, Inc... * Licensed under the MIT license.. */..if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");!function(t){"use strict";var e=jQuery.fn.jquery.split(" ")[0].split(".");if(e[0]<2&&e[1]<9\|\|1==e[0]&&9==e[1]&&e[2]<1\|\|3<e[0])throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(),function(n){"use strict";n.fn.emulateTransitionEnd=function(t){var e=!1,i=this;n(this).one("bsTransitionEnd",function(){e=!0});return setTimeout(function(){e\|\|n(i).trigger(n.support.transition.end)},t),this},n(function(){n.support.transition=function o(){var t=document.createElement("bootstrap"),e={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var i in e)if(t.style[i]!==undefined)return{end:e[i]};return!1}(),n.support.transition&&(n.event.s

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (29164), with CRLF line terminators
Category:	downloaded
Size (bytes):	32109
Entropy (8bit):	5.256360302686669
Encrypted:	false
SSDEEP:	384:6CwiEtw1cR8lOXHc11evBMzymUh+4x6GcOzDBSc7nfZBhVi:plEtPXHcEBMznURx6GcOzDfBhA
MD5:	4EF4EC09FD03E96AC23FB3CB85C16746
SHA1:	A1A208B1EF92C7E604AE53EA283492EEB045D1D7
SHA-256:	B0B53EA606E7397F37666242CD8D63D17186B3CC8513D49A9852BF4828A1FC46
SHA-512:	CC021C31550069F904FA63DCDE06124CD77C74B61976F68C40756C80835CA51E06F3F7886FAB886CEF861EB7FF3B22A492CDE7EA705206F0AA388967D3D9649D
Malicious:	false
Reputation:	low
URL:	https://netflix.netfilm.online/common/jqueryui/jquery-ui.min.css
Preview:	/! jQuery UI - v1.12.0 - 2016-07-08.. http://jqueryui.com..* Includes: core.css, accordion.css, autocomplete.css, menu.css, button.css, controlgroup.css, checkboxradio.css, datepicker.css, dialog.css, draggable.css, resizable.css, progressbar.css, selectable.css, selectmenu.css, slider.css, sortable.css, spinner.css, tabs.css, tooltip.css, theme.css..* To view and modify this theme, visit http://jqueryui.com/themeroller/?bgShadowXPos=&bgOverlayXPos=&bgErrorXPos=&bgHighlightXPos=&bgContentXPos=&bgHeaderXPos=&bgActiveXPos=&bgHoverXPos=&bgDefaultXPos=&bgShadowYPos=&bgOverlayYPos=&bgErrorYPos=&bgHighlightYPos=&bgContentYPos=&bgHeaderYPos=&bgActiveYPos=&bgHoverYPos=&bgDefaultYPos=&bgShadowRepeat=&bgOverlayRepeat=&bgErrorRepeat=&bgHighlightRepeat=&bgContentRepeat=&bgHeaderRepeat=&bgActiveRepeat=&bgHoverRepeat=&bgDefaultRepeat=&iconsHover=url(%22images%2Fui-icons_555555_256x240.png%22)&iconsHighlight=url(%22images%2Fui-icons_777620_256x240.png%22)&iconsHeader=url(%22images%2Fui-icons_444444

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	13532
Entropy (8bit):	4.74930061264459
Encrypted:	false
SSDEEP:	384:yxiQ952UOM7FEOBO57QNZhgfR6H9CWXkOX:s52UOM7FEOBO57QNZhgfR6H9CWXkOX
MD5:	4B2F2BCE67A3C4AB9B0F17372F010918
SHA1:	EB379F291A848680DDD5D3ECB4E59818F9A602E3
SHA-256:	9BDDCF9A5FC7BAF7E7BDFE849437591EE53DCA4206B1B8AF6A705ADA50FBADBA
SHA-512:	0C6DDFCDB4EE038C98C1EB9FAA6AF8DF0D55BD5F74704F2AB51B20E6C107B8757BE11640FD5753C4A955A64E451FFF661357C2C61C769ED9B6209416BF9BCB27
Malicious:	false
Reputation:	low
URL:	https://netflix.netfilm.online/common/css/rp_tooltips.css
Preview:	/..Theme Name: CSS Bubbles and Tooltips..Theme URI: http://delicioustheme.com/demo-15/index.html..Description: A beautiful CSS Bubbles and Tooltips..Author: ukrop-studio..Author URI: http://www.delicioustheme.com../..../* ==========================================================================.. Style.. ========================================================================== */.....rp_container_top {.. margin-top: 70px;.. margin-bottom: 50px;..}.... .rp_container_top p span {.. font-size: 24px;.. text-transform: uppercase;.. color: black;.. padding-right: 15px;.. }.....rp_name_tooltips {.. padding: 15px 10px;.. background: lightyellow;.. color: black;.. margin: 0 auto;.. text-align: center;..}.....rp_container_bottom {.. margin-top: 70px;.. margin-bottom: 50px;..}.... .rp_container_bottom p span {.. font-size: 24px;.. text-transform: uppercase;.. color: black;.. padding-right: 15px;..

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (540), with CRLF line terminators
Category:	downloaded
Size (bytes):	173441
Entropy (8bit):	4.798954977875309
Encrypted:	false
SSDEEP:	768:yER2n1QySUVLqqkXZTMegYFomDquiMRNTHU44DMIMETn5VBKCkcuZGB2Vcx/cXiC:Wn1QyiLZGB2VKcXihoiL3yFITMK4fWS
MD5:	CB7BD9E2B45319F4E7C2E613B8F6C0E8
SHA1:	6175C12BF84A28C6A281AB923752481B6FE58056
SHA-256:	2797160125A75DDDC44D8CBEE398BAD6770DBFE2F57479CA65C3F4142E1A9DF0
SHA-512:	DCDC72D350803257CFE7729215A4B3AC99AD9C6CDD04D466B570EEA3CDE3F5225D82FFBA496EE7F171DC65650314FA95F2A4132840EC74C9CF060027295FC9FA
Malicious:	false
Reputation:	low
URL:	https://netflix.netfilm.online/common/bootstrap/css/bootstrap.css
Preview:	/!.. Bootstrap v3.3.6 (http://getbootstrap.com).. * Copyright 2011-2015 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. /../! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css */..html {.. font-family: sans-serif;.. -webkit-text-size-adjust: 100%;.. -ms-text-size-adjust: 100%;..}....body {.. margin: 0;..}....article,..aside,..details,..figcaption,..figure,..footer,..header,..hgroup,..main,..menu,..nav,..section,..summary {.. display: block;..}....audio,..canvas,..progress,..video {.. display: inline-block;.. vertical-align: baseline;..}.... audio:not([controls]) {.. display: none;.. height: 0;.. }....[hidden],..template {.. display: none;..}....a {.. background-color: transparent;..}.... a:active,.. a:hover {.. outline: 0;.. }....abbr[title] {.. border-bottom: 1px dotted;..}....b,..strong {.. font-weight: bold;..}....dfn {.. font-style: italic;

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	12677
Entropy (8bit):	5.176265687437868
Encrypted:	false
SSDEEP:	192:yxN1jBGISrhFui5bAmhfQYquf2ssl1eFSm5TvzSFUMGTyjsDt5E2YeFdpOHej:yxHjBcFFAmhJYet
MD5:	E9B944B679BC0716E7C506AC6684BA28
SHA1:	B7D753886AC0E8AA16F792AB354025F60376516E
SHA-256:	4BC5A823BC0D699486B8DA7C703F02935D4E050FDF7E139CA77C6E744F9899F6
SHA-512:	50362FA9C95E04B2E32EB154429CA1D30E1777120D47D8F64F0B177BF47739BB53C7369EAC6CF7888F3AD94BD885EC8EB8980B90214E56C181F507DA2FDEDDCF
Malicious:	false
Reputation:	low
URL:	https://netflix.netfilm.online/common/css/rp_bubbles.css
Preview:	/..Theme Name: CSS Bubbles and Tooltips..Theme URI: http://delicioustheme.com/demo-15/index.html..Description: A beautiful CSS Bubbles and Tooltips..Author: ukrop-studio..Author URI: http://www.delicioustheme.com../ .. .. ../* ==========================================================================.. Style.. ========================================================================== */.. .....rp_talk_bubble {..margin:10px;..display: inline-block;..position: relative;..width:220px;..height: auto;..background-color:lightyellow;..}.....rp_talktext {..padding:1.5em;..text-align:center;..line-height:1.8em;..}.....rp_talktext p {..font-style:italic; ..-webkit-margin-before: 0em;..-webkit-margin-after: 0em;..}.....rp_triangle_right.rp_left_top:after{..content: ' ';..position: absolute;..width: 0;..height: 0;..left: -20px;..right: auto;..top: 0px;..bottom: auto;..border: 22px solid;..border-color: lightyellow transparent transparent transparent;..}.....rp_triangle_right.rp_left_to

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	300
Entropy (8bit):	5.296860541290094
Encrypted:	false
SSDEEP:	6:mdW4Qn4mc4sLWAEtS8LB3QF50Mf7fUkL2S3n6pI0yROa7UtMWXfGb:lP4WhkbHLf7fUkL2SKpRyRaMWPGb
MD5:	77EB316280464380D868F214E7F7A8B2
SHA1:	666BC4AD59BDE786941EED5E81A8C23F9CF36421
SHA-256:	D811496EE7BCF59A88FB8BD4077DF5DFE94B7F4DAB3B03451C8231F556F2BE71
SHA-512:	8B9F3570946E9EF630AB5EA756C227600E3EDE3A88E3C38EB2B7A4B60E35B1B6452BFDA0B1A491C2F64EAFB226A5952ADCE8A69D73254A5C6A4FC3636FB0D956
Malicious:	false
Reputation:	low
URL:	https://netflix.netfilm.online/i/df117e8a574734eac962e44d96d884ee9?fp=a8b756deca
Preview:	....<!DOCTYPE html>..<html xmlns="http://www.w3.org/1999/xhtml">..<head>.. <link rel="icon" href="data:," />..</head>..<body>.. <script>.. window.location.replace('/index/5ed06c908a1d43f6a176e600f686e370/df117e8a574734eac962e44d96d884ee9?fp=a8b756deca');.. </script>..</body>..</html>

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (15418), with CRLF line terminators
Category:	downloaded
Size (bytes):	15552
Entropy (8bit):	5.2951899743266875
Encrypted:	false
SSDEEP:	192:Ly4ncR8lOG1bRCNPbtqxlhIuxrjv572hk/k52bZuQEjQDMsrsUR9P:L1cR8lOXHc11evs
MD5:	909CE025471E11A770DFEB266D02384A
SHA1:	B915957FC131DB3EC221E130AF9B2023D039D458
SHA-256:	4E2EC0490FFA766A812249114B99F7B2B578C750619F3175D948BE265F07AF11
SHA-512:	82888F071C8F992D6E33F2BF3E7E8A19BD1CEDD4D7F9923151D02947CAC846E61B061DBE855706D12EAD3DAC762E16D4429FF675C5192C9AF86239ACD58FE77D
Malicious:	false
Reputation:	low
URL:	https://netflix.netfilm.online/common/jqueryui/jquery-ui.structure.min.css
Preview:	/! jQuery UI - v1.12.0 - 2016-07-08.. http://jqueryui.com..* Copyright jQuery Foundation and other contributors; Licensed MIT */.....ui-helper-hidden{display:none}.ui-helper-hidden-accessible{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.ui-helper-reset{margin:0;padding:0;border:0;outline:0;line-height:1.3;text-decoration:none;font-size:100%;list-style:none}.ui-helper-clearfix:before,.ui-helper-clearfix:after{content:"";display:table;border-collapse:collapse}.ui-helper-clearfix:after{clear:both}.ui-helper-zfix{width:100%;height:100%;top:0;left:0;position:absolute;opacity:0;filter:Alpha(Opacity=0)}.ui-front{z-index:100}.ui-state-disabled{cursor:default!important;pointer-events:none}.ui-icon{display:inline-block;vertical-align:middle;margin-top:-.25em;position:relative;text-indent:-99999px;overflow:hidden;background-repeat:no-repeat}.ui-widget-icon-block{left:50%;margin-left:-8px;display:block}.ui-widget-overlay{position:fixed

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (39553), with CRLF line terminators
Category:	dropped
Size (bytes):	39685
Entropy (8bit):	5.135776519349501
Encrypted:	false
SSDEEP:	768:np/wtev6UwUx0eWN3MebE9rQuFfU8Vt0azWcsi1m3K0rmq5YW:OorXfURXiUrmq5YW
MD5:	105A4995B8777AEAF68BFF64BF7D2AE0
SHA1:	E21390F730EB97D3D26B908AAACECD0A00A433E0
SHA-256:	A915D483B99AF421F4813E6B60599B4E39FAFF120E54B5E9838386D4AE1A4C60
SHA-512:	6BEED488F5BC341194DF23CC5A1133EFFF442C30E0E80811FF7DAB1BBB73E809D1CA2A7A4FD02160364E8CE781BAA788C0F47C291946A32B06AF8E64435E74D8
Malicious:	false
Reputation:	low
Preview:	/!.. Bootstrap v3.4.1 (https://getbootstrap.com/).. * Copyright 2011-2019 Twitter, Inc... * Licensed under the MIT license.. */..if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");!function(t){"use strict";var e=jQuery.fn.jquery.split(" ")[0].split(".");if(e[0]<2&&e[1]<9\|\|1==e[0]&&9==e[1]&&e[2]<1\|\|3<e[0])throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(),function(n){"use strict";n.fn.emulateTransitionEnd=function(t){var e=!1,i=this;n(this).one("bsTransitionEnd",function(){e=!0});return setTimeout(function(){e\|\|n(i).trigger(n.support.transition.end)},t),this},n(function(){n.support.transition=function o(){var t=document.createElement("bootstrap"),e={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var i in e)if(t.style[i]!==undefined)return{end:e[i]};return!1}(),n.support.transition&&(n.event.s

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (64394), with CRLF line terminators
Category:	downloaded
Size (bytes):	255089
Entropy (8bit):	5.159752797884137
Encrypted:	false
SSDEEP:	3072:nDPNddBFak8JUaVDpYujVHUc92smVppuzUPFI9fB8NpjJSyACAV:TNdIVWjNS9cdzAV
MD5:	B4BAECB73B7A75044853D7F4D363CB49
SHA1:	CEE14F8598C3C7F75ED141896F976FE94ED286A0
SHA-256:	9D9B75E6BF99296F7797ED12F73137F52966DBB02180FF054C6C01680C7BDB1D
SHA-512:	B5E6510052414B90C694C0A01835A7B49C73801757BC12F0AFA7BB96808FC63E474A38CC7C28ADCF3A4A43D145BE9DCCF0A1923A405777FE3D2FD06474583229
Malicious:	false
Reputation:	low
URL:	https://netflix.netfilm.online/common/jqueryui/jquery-ui.min.js?tn=2472464012
Preview:	/! jQuery UI - v1.13.2 - 2022-07-14.. http://jqueryui.com..* Includes: widget.js, position.js, data.js, disable-selection.js, effect.js, effects/effect-blind.js, effects/effect-bounce.js, effects/effect-clip.js, effects/effect-drop.js, effects/effect-explode.js, effects/effect-fade.js, effects/effect-fold.js, effects/effect-highlight.js, effects/effect-puff.js, effects/effect-pulsate.js, effects/effect-scale.js, effects/effect-shake.js, effects/effect-size.js, effects/effect-slide.js, effects/effect-transfer.js, focusable.js, form-reset-mixin.js, jquery-patch.js, keycode.js, labels.js, scroll-parent.js, tabbable.js, unique-id.js, widgets/accordion.js, widgets/autocomplete.js, widgets/button.js, widgets/checkboxradio.js, widgets/controlgroup.js, widgets/datepicker.js, widgets/dialog.js, widgets/draggable.js, widgets/droppable.js, widgets/menu.js, widgets/mouse.js, widgets/progressbar.js, widgets/resizable.js, widgets/selectable.js, widgets/selectmenu.js, widgets/slider.js, widgets/sor

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1264
Entropy (8bit):	5.007296555087936
Encrypted:	false
SSDEEP:	24:ho4WpvT6ujfueHeLyJ7AFoDnqM2MseMcVssiPMf:y1pvdjfueHeLyJkiDnt5sBcVssHf
MD5:	96A2A21B3A8BD177E19862CD952CD206
SHA1:	4D015D7BCC4B93F2371CC8809AACA36A9B659B33
SHA-256:	B946D5DA844EB23DF3BEC5419AB8D7EDE3D920885D98BA1AEC7C54FC2FC8B5D1
SHA-512:	BA898BB653DA8250456563085D339ED0E15D261F08C23D7AFABB516CBF29050CC731D4E3157AA6719A64984D10C6B81634732063B0537793EF0F54BFB37ECDC2
Malicious:	false
Reputation:	low
URL:	https://netflix.netfilm.online/index/5ed06c908a1d43f6a176e600f686e370/df117e8a574734eac962e44d96d884ee9?fp=a8b756deca
Preview:	<!DOCTYPE html>....<html xmlns="http://www.w3.org/1999/xhtml">..<head>.. <title>Blank</title>.. <meta charset="utf-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. <meta name="viewport" content="width=device-width, initial-scale=1" />.. <link rel="icon" href="data:," />.. <link href="/common/bootstrap/css/bootstrap.css" rel="stylesheet" />.... <link href="/common/jqueryui/jquery-ui.min.css" rel="stylesheet" />.. <link href="/common/jqueryui/jquery-ui.structure.min.css" rel="stylesheet" />.. <link href="/common/jqueryui/jquery-ui.theme.min.css" rel="stylesheet" />.... <link href="/common/css/rp_bubbles.css" rel="stylesheet" />.. <link href="/common/css/rp_tooltips.css" rel="stylesheet" />.... <style>.. .. .. </style>..</head>..<body>.. .... <script src="/common/jquery/jquery.min.js?tn=2472464012"></script>.. <script src="/common/bootstrap/js/bootstrap.min.js?tn=2472464012"></script>.. <script src="/common/

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (13746), with CRLF line terminators
Category:	downloaded
Size (bytes):	13880
Entropy (8bit):	4.87224905855555
Encrypted:	false
SSDEEP:	192:LwGIzlzymUh+4pQ8l6GcIPRBGWLTxBm9v5B6xBpYPzFhCNBjVs5y6sybYw9QoFYG:L7MzymUh+4x6GcOzDBSc7nfZBhVi
MD5:	74FB9452A91EF09555EB92AA59516997
SHA1:	B74731AF5B28A90CCA86FA1097C75D8F8419AB87
SHA-256:	11E1CF2B2EE76191E1556D414A6EEBB8E9A357B5930EBBC06858162174B1683D
SHA-512:	0107FDE1E003F418B9DA20D5DC38AE6D6397E70C239406343ED995470C934E032C833A4B01FE6E776C699646D64C3D2D376C2A21D9B1180CD4B3D41764B6F318
Malicious:	false
Reputation:	low
URL:	https://netflix.netfilm.online/common/jqueryui/jquery-ui.theme.min.css
Preview:	/! jQuery UI - v1.12.0 - 2016-07-08.. http://jqueryui.com..* Copyright jQuery Foundation and other contributors; Licensed MIT */.....ui-widget{font-family:Arial,Helvetica,sans-serif;font-size:1em}.ui-widget .ui-widget{font-size:1em}.ui-widget input,.ui-widget select,.ui-widget textarea,.ui-widget button{font-family:Arial,Helvetica,sans-serif;font-size:1em}.ui-widget.ui-widget-content{border:1px solid #c5c5c5}.ui-widget-content{border:1px solid #ddd;background:#fff;color:#333}.ui-widget-content a{color:#333}.ui-widget-header{border:1px solid #ddd;background:#e9e9e9;color:#333;font-weight:bold}.ui-widget-header a{color:#333}.ui-state-default,.ui-widget-content .ui-state-default,.ui-widget-header .ui-state-default,.ui-button,html .ui-button.ui-state-disabled:hover,html .ui-button.ui-state-disabled:active{border:1px solid #c5c5c5;background:#f6f6f6;font-weight:normal;color:#454545}.ui-state-default a,.ui-state-default a:link,.ui-state-default a:visited,a.ui-button,a:link.ui-button,a:visi

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65446), with CRLF line terminators
Category:	downloaded
Size (bytes):	89503
Entropy (8bit):	5.290152941028811
Encrypted:	false
SSDEEP:	1536:ejExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1vE:eIh8GgP3hujzwbhd3XvSiDQ47GKq
MD5:	0732E3EABBF8AA7CE7F69EEDBD07DFDD
SHA1:	4CD5DDC413B3024D7B56331C0D0D0B2BD933F27F
SHA-256:	CE9D07500AD91EC2B524C270764EC4C9A33E78320D8D374EC400EDE488F6251B
SHA-512:	41D24C426ABCF913BE59917591D906318A547661280036B098A2B1B948BCF9FF14F268B140DB10956730D64A857A61B81034D888ED7F857419DEE6B8D327447C
Malicious:	false
Reputation:	low
URL:	https://netflix.netfilm.online/common/jquery/jquery.min.js?tn=2472464012
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}func

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 30, 2024 08:28:22.823309898 CEST	49674	443	192.168.2.5	23.1.237.91
Aug 30, 2024 08:28:22.823312044 CEST	49675	443	192.168.2.5	23.1.237.91
Aug 30, 2024 08:28:22.901443005 CEST	49673	443	192.168.2.5	23.1.237.91
Aug 30, 2024 08:28:32.486577034 CEST	49675	443	192.168.2.5	23.1.237.91
Aug 30, 2024 08:28:32.516920090 CEST	49674	443	192.168.2.5	23.1.237.91
Aug 30, 2024 08:28:32.689819098 CEST	49673	443	192.168.2.5	23.1.237.91
Aug 30, 2024 08:28:33.720805883 CEST	49713	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:28:33.720841885 CEST	443	49713	216.58.212.164	192.168.2.5
Aug 30, 2024 08:28:33.720918894 CEST	49713	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:28:33.721143007 CEST	49713	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:28:33.721158028 CEST	443	49713	216.58.212.164	192.168.2.5
Aug 30, 2024 08:28:34.144218922 CEST	443	49703	23.1.237.91	192.168.2.5
Aug 30, 2024 08:28:34.144325018 CEST	49703	443	192.168.2.5	23.1.237.91
Aug 30, 2024 08:28:34.356911898 CEST	443	49713	216.58.212.164	192.168.2.5
Aug 30, 2024 08:28:34.357191086 CEST	49713	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:28:34.357201099 CEST	443	49713	216.58.212.164	192.168.2.5
Aug 30, 2024 08:28:34.358208895 CEST	443	49713	216.58.212.164	192.168.2.5
Aug 30, 2024 08:28:34.358274937 CEST	49713	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:28:34.359143019 CEST	49713	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:28:34.359220982 CEST	443	49713	216.58.212.164	192.168.2.5
Aug 30, 2024 08:28:34.506268024 CEST	49713	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:28:34.506284952 CEST	443	49713	216.58.212.164	192.168.2.5
Aug 30, 2024 08:28:34.616035938 CEST	49713	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:28:36.923324108 CEST	49723	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:36.923357964 CEST	443	49723	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:36.923475981 CEST	49723	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:36.945744991 CEST	49723	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:36.945764065 CEST	443	49723	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:37.593307972 CEST	443	49723	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:37.593369961 CEST	49723	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:37.605743885 CEST	49723	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:37.605758905 CEST	443	49723	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:37.606214046 CEST	443	49723	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:37.658467054 CEST	49723	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:37.936697006 CEST	49723	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:37.984505892 CEST	443	49723	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:38.134849072 CEST	443	49723	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:38.134964943 CEST	443	49723	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:38.135025978 CEST	49723	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:38.135077000 CEST	49723	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:38.135083914 CEST	443	49723	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:38.135093927 CEST	49723	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:38.135098934 CEST	443	49723	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:38.178050041 CEST	49728	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:38.178076982 CEST	443	49728	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:38.178220034 CEST	49728	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:38.178512096 CEST	49728	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:38.178524017 CEST	443	49728	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:38.813754082 CEST	443	49728	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:38.813828945 CEST	49728	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:38.886533022 CEST	49728	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:38.886548996 CEST	443	49728	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:38.886861086 CEST	443	49728	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:38.888848066 CEST	49728	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:38.936497927 CEST	443	49728	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:39.095042944 CEST	443	49728	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:39.095096111 CEST	443	49728	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:39.095155001 CEST	49728	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:39.096359015 CEST	49728	443	192.168.2.5	184.28.90.27
Aug 30, 2024 08:28:39.096365929 CEST	443	49728	184.28.90.27	192.168.2.5
Aug 30, 2024 08:28:42.899876118 CEST	49729	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:28:42.899920940 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:42.900121927 CEST	49729	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:28:42.901050091 CEST	49729	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:28:42.901065111 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:43.586941004 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:43.587023973 CEST	49729	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:28:43.588808060 CEST	49729	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:28:43.588815928 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:43.589015961 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:43.642380953 CEST	49729	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:28:44.150778055 CEST	49729	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:28:44.192498922 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:44.272361994 CEST	443	49713	216.58.212.164	192.168.2.5
Aug 30, 2024 08:28:44.272428989 CEST	443	49713	216.58.212.164	192.168.2.5
Aug 30, 2024 08:28:44.272501945 CEST	49713	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:28:44.376084089 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:44.376106977 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:44.376113892 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:44.376140118 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:44.376161098 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:44.376172066 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:44.376178026 CEST	49729	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:28:44.376193047 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:44.376226902 CEST	49729	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:28:44.376247883 CEST	49729	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:28:44.376899004 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:44.376955986 CEST	49729	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:28:44.376961946 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:44.377075911 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:44.377129078 CEST	49729	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:28:44.658406019 CEST	49713	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:28:44.658421993 CEST	443	49713	216.58.212.164	192.168.2.5
Aug 30, 2024 08:28:44.959851027 CEST	49703	443	192.168.2.5	23.1.237.91
Aug 30, 2024 08:28:44.960016966 CEST	49703	443	192.168.2.5	23.1.237.91
Aug 30, 2024 08:28:44.961323023 CEST	49735	443	192.168.2.5	23.1.237.91
Aug 30, 2024 08:28:44.961361885 CEST	443	49735	23.1.237.91	192.168.2.5
Aug 30, 2024 08:28:44.961493015 CEST	49735	443	192.168.2.5	23.1.237.91
Aug 30, 2024 08:28:44.962115049 CEST	49735	443	192.168.2.5	23.1.237.91
Aug 30, 2024 08:28:44.962127924 CEST	443	49735	23.1.237.91	192.168.2.5
Aug 30, 2024 08:28:44.964682102 CEST	443	49703	23.1.237.91	192.168.2.5
Aug 30, 2024 08:28:44.964840889 CEST	443	49703	23.1.237.91	192.168.2.5
Aug 30, 2024 08:28:45.104298115 CEST	49729	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:28:45.104326010 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:45.104357004 CEST	49729	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:28:45.104363918 CEST	443	49729	52.165.165.26	192.168.2.5
Aug 30, 2024 08:28:45.542062998 CEST	443	49735	23.1.237.91	192.168.2.5
Aug 30, 2024 08:28:45.542144060 CEST	49735	443	192.168.2.5	23.1.237.91
Aug 30, 2024 08:29:04.692967892 CEST	443	49735	23.1.237.91	192.168.2.5
Aug 30, 2024 08:29:04.693037033 CEST	49735	443	192.168.2.5	23.1.237.91
Aug 30, 2024 08:29:21.459238052 CEST	49737	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:29:21.459287882 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:21.459593058 CEST	49737	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:29:21.459726095 CEST	49737	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:29:21.459739923 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:22.159627914 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:22.159826994 CEST	49737	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:29:22.163288116 CEST	49737	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:29:22.163296938 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:22.163499117 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:22.171669006 CEST	49737	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:29:22.212506056 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:22.433290005 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:22.433317900 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:22.433331966 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:22.433391094 CEST	49737	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:29:22.433423042 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:22.433487892 CEST	49737	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:29:22.434500933 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:22.434542894 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:22.434561014 CEST	49737	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:29:22.434570074 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:22.434603930 CEST	49737	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:29:22.434880018 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:22.434931040 CEST	49737	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:29:22.437747955 CEST	49737	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:29:22.437767982 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:22.437782049 CEST	49737	443	192.168.2.5	52.165.165.26
Aug 30, 2024 08:29:22.437787056 CEST	443	49737	52.165.165.26	192.168.2.5
Aug 30, 2024 08:29:33.854526043 CEST	49739	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:29:33.854554892 CEST	443	49739	216.58.212.164	192.168.2.5
Aug 30, 2024 08:29:33.858730078 CEST	49739	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:29:33.859344006 CEST	49739	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:29:33.859355927 CEST	443	49739	216.58.212.164	192.168.2.5
Aug 30, 2024 08:29:34.493160963 CEST	443	49739	216.58.212.164	192.168.2.5
Aug 30, 2024 08:29:34.493416071 CEST	49739	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:29:34.493429899 CEST	443	49739	216.58.212.164	192.168.2.5
Aug 30, 2024 08:29:34.493740082 CEST	443	49739	216.58.212.164	192.168.2.5
Aug 30, 2024 08:29:34.494606972 CEST	49739	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:29:34.494657993 CEST	443	49739	216.58.212.164	192.168.2.5
Aug 30, 2024 08:29:34.548223972 CEST	49739	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:29:44.413958073 CEST	443	49739	216.58.212.164	192.168.2.5
Aug 30, 2024 08:29:44.414025068 CEST	443	49739	216.58.212.164	192.168.2.5
Aug 30, 2024 08:29:44.414165020 CEST	49739	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:29:44.456878901 CEST	49739	443	192.168.2.5	216.58.212.164
Aug 30, 2024 08:29:44.456903934 CEST	443	49739	216.58.212.164	192.168.2.5
Aug 30, 2024 08:29:45.738090038 CEST	56836	53	192.168.2.5	1.1.1.1
Aug 30, 2024 08:29:45.742933035 CEST	53	56836	1.1.1.1	192.168.2.5
Aug 30, 2024 08:29:45.743076086 CEST	56836	53	192.168.2.5	1.1.1.1
Aug 30, 2024 08:29:45.747826099 CEST	53	56836	1.1.1.1	192.168.2.5
Aug 30, 2024 08:29:46.194297075 CEST	56836	53	192.168.2.5	1.1.1.1
Aug 30, 2024 08:29:46.199326038 CEST	53	56836	1.1.1.1	192.168.2.5
Aug 30, 2024 08:29:46.199420929 CEST	56836	53	192.168.2.5	1.1.1.1

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 30, 2024 08:28:30.162121058 CEST	53	49848	1.1.1.1	192.168.2.5
Aug 30, 2024 08:28:32.048141003 CEST	53	54162	1.1.1.1	192.168.2.5
Aug 30, 2024 08:28:32.130203962 CEST	53	59614	1.1.1.1	192.168.2.5
Aug 30, 2024 08:28:32.211182117 CEST	62558	53	192.168.2.5	1.1.1.1
Aug 30, 2024 08:28:32.211380005 CEST	59607	53	192.168.2.5	1.1.1.1
Aug 30, 2024 08:28:32.263573885 CEST	53	59607	1.1.1.1	192.168.2.5
Aug 30, 2024 08:28:33.145790100 CEST	53	60703	1.1.1.1	192.168.2.5
Aug 30, 2024 08:28:33.706907034 CEST	60459	53	192.168.2.5	1.1.1.1
Aug 30, 2024 08:28:33.707062006 CEST	60055	53	192.168.2.5	1.1.1.1
Aug 30, 2024 08:28:33.713874102 CEST	53	60055	1.1.1.1	192.168.2.5
Aug 30, 2024 08:28:33.717714071 CEST	53	60459	1.1.1.1	192.168.2.5
Aug 30, 2024 08:28:37.058371067 CEST	64347	53	192.168.2.5	1.1.1.1
Aug 30, 2024 08:28:37.058815002 CEST	52742	53	192.168.2.5	1.1.1.1
Aug 30, 2024 08:28:37.125976086 CEST	53	52742	1.1.1.1	192.168.2.5
Aug 30, 2024 08:28:50.946830034 CEST	53	54895	1.1.1.1	192.168.2.5
Aug 30, 2024 08:29:10.109687090 CEST	53	65018	1.1.1.1	192.168.2.5
Aug 30, 2024 08:29:29.183713913 CEST	53	60897	1.1.1.1	192.168.2.5
Aug 30, 2024 08:29:32.921135902 CEST	53	59067	1.1.1.1	192.168.2.5
Aug 30, 2024 08:29:45.737543106 CEST	53	52852	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 30, 2024 08:28:32.211182117 CEST	192.168.2.5	1.1.1.1	0x7d88	Standard query (0)	netflix.netfilm.online	A (IP address)	IN (0x0001)	false
Aug 30, 2024 08:28:32.211380005 CEST	192.168.2.5	1.1.1.1	0xc077	Standard query (0)	netflix.netfilm.online	65	IN (0x0001)	false
Aug 30, 2024 08:28:33.706907034 CEST	192.168.2.5	1.1.1.1	0xf2d9	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 08:28:33.707062006 CEST	192.168.2.5	1.1.1.1	0xc3d2	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 30, 2024 08:28:37.058371067 CEST	192.168.2.5	1.1.1.1	0x5bd9	Standard query (0)	netflix.netfilm.online	A (IP address)	IN (0x0001)	false
Aug 30, 2024 08:28:37.058815002 CEST	192.168.2.5	1.1.1.1	0xd738	Standard query (0)	netflix.netfilm.online	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 30, 2024 08:28:32.260348082 CEST	1.1.1.1	192.168.2.5	0x7d88	No error (0)	netflix.netfilm.online	tnlanding.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 08:28:32.260348082 CEST	1.1.1.1	192.168.2.5	0x7d88	No error (0)	tnlanding.azurewebsites.net	waws-prod-db3-191.sip.azurewebsites.windows.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 08:28:32.260348082 CEST	1.1.1.1	192.168.2.5	0x7d88	No error (0)	waws-prod-db3-191.sip.azurewebsites.windows.net	waws-prod-db3-191-08db.northeurope.cloudapp.azure.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 08:28:32.263573885 CEST	1.1.1.1	192.168.2.5	0xc077	No error (0)	netflix.netfilm.online	tnlanding.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 08:28:32.263573885 CEST	1.1.1.1	192.168.2.5	0xc077	No error (0)	tnlanding.azurewebsites.net	waws-prod-db3-191.sip.azurewebsites.windows.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 08:28:32.263573885 CEST	1.1.1.1	192.168.2.5	0xc077	No error (0)	waws-prod-db3-191.sip.azurewebsites.windows.net	waws-prod-db3-191-08db.northeurope.cloudapp.azure.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 08:28:33.713874102 CEST	1.1.1.1	192.168.2.5	0xc3d2	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 30, 2024 08:28:33.717714071 CEST	1.1.1.1	192.168.2.5	0xf2d9	No error (0)	www.google.com		216.58.212.164	A (IP address)	IN (0x0001)	false
Aug 30, 2024 08:28:37.105124950 CEST	1.1.1.1	192.168.2.5	0x5bd9	No error (0)	netflix.netfilm.online	tnlanding.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 08:28:37.105124950 CEST	1.1.1.1	192.168.2.5	0x5bd9	No error (0)	tnlanding.azurewebsites.net	waws-prod-db3-191.sip.azurewebsites.windows.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 08:28:37.105124950 CEST	1.1.1.1	192.168.2.5	0x5bd9	No error (0)	waws-prod-db3-191.sip.azurewebsites.windows.net	waws-prod-db3-191-08db.northeurope.cloudapp.azure.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 08:28:37.125976086 CEST	1.1.1.1	192.168.2.5	0xd738	No error (0)	netflix.netfilm.online	tnlanding.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 08:28:37.125976086 CEST	1.1.1.1	192.168.2.5	0xd738	No error (0)	tnlanding.azurewebsites.net	waws-prod-db3-191.sip.azurewebsites.windows.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 08:28:37.125976086 CEST	1.1.1.1	192.168.2.5	0xd738	No error (0)	waws-prod-db3-191.sip.azurewebsites.windows.net	waws-prod-db3-191-08db.northeurope.cloudapp.azure.com		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49723	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 06:28:37 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-30 06:28:38 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=97695 Date: Fri, 30 Aug 2024 06:28:38 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49728	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 06:28:38 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-30 06:28:39 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=97648 Date: Fri, 30 Aug 2024 06:28:38 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-30 06:28:39 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49729	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 06:28:44 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8PkDBXDgEksCm9K&MD=hkBFbY92 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-30 06:28:44 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: f5e14dd5-633c-435b-a94f-f1d2fe191685 MS-RequestId: e83d658d-ba1d-4729-ad77-d87acf1e9581 MS-CV: 8LePExZSoUKf3dL0.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 30 Aug 2024 06:28:44 GMT Connection: close Content-Length: 24490
2024-08-30 06:28:44 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-08-30 06:28:44 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49737	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-08-30 06:29:22 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8PkDBXDgEksCm9K&MD=hkBFbY92 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-30 06:29:22 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: d164669b-ef2c-4feb-ae4c-99bbe6ec2f0a MS-RequestId: 72895979-5733-4722-b3e2-a112eade35c8 MS-CV: mSPvUVifPE+N2v91.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 30 Aug 2024 06:29:21 GMT Connection: close Content-Length: 30005
2024-08-30 06:29:22 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-08-30 06:29:22 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1568, Parent PID: 5544

General

Target ID:	0
Start time:	02:28:24
Start date:	30/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3252, Parent PID: 1568

General

Target ID:	2
Start time:	02:28:28
Start date:	30/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=2380,i,1463546029193500452,18011406207282864536,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5512, Parent PID: 5544

General

Target ID:	3
Start time:	02:28:31
Start date:	30/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://netflix.netfilm.online/i/df117e8a574734eac962e44d96d884ee9?fp=a8b756deca"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://netflix.netfilm.online/i/df117e8a574734eac962e44d96d884ee9?fp=a8b756deca

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
https://netflix.netfilm.online/i/df117e8a574734eac962e44d96d884ee9?fp=a8b756deca