Windows Analysis Report
https://patientportal.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138'

Overview

General Information

Sample URL:	https://patientportal.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138'
Analysis ID:	1501750
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected non-DNS traffic on DNS port

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:54552 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54544 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54555 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54556 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54561 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.6:54532 -> 1.1.1.1:53

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:54552 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78

Source: global traffic	HTTP traffic detected: GET /appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27 HTTP/1.1Host: patientportal.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27 HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /runtime.828784c1b995f56f.js HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-wfe-100.advancedmd.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pp-wfe-100.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /polyfills.55f1c22607bcff8d.js HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-wfe-100.advancedmd.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pp-wfe-100.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /main.679ab1521d22507c.js HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-wfe-100.advancedmd.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pp-wfe-100.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/api.js HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pp-wfe-100.advancedmd.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SecureSubmit.v1/token/2.1/securesubmit.min.js HTTP/1.1Host: api2.heartlandportico.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pp-wfe-100.advancedmd.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /8/stable/8.0/amds-theme-default/material-theme.css HTTP/1.1Host: amds-material-dev.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pp-wfe-100.advancedmd.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /8/stable/8.0/amds-icons/amds-icons.css HTTP/1.1Host: amds-material-dev.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pp-wfe-100.advancedmd.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /styles.bc20a01cb439f66e.css HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pp-wfe-100.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/api.js HTTP/1.1Host: apis.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SecureSubmit.v1/token/2.1/securesubmit.min.js HTTP/1.1Host: api2.heartlandportico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /runtime.828784c1b995f56f.js HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /polyfills.55f1c22607bcff8d.js HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /OpenSans.4543090a37b427da.ttf HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-wfe-100.advancedmd.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://pp-wfe-100.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /8/stable/8.0/amds-theme-default/material-theme.css HTTP/1.1Host: amds-material-dev.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pp-wfe-100.advancedmd.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Range: bytes=113740-113740If-Range: "976aefe9ad86359727c7f5ca90124ec2"
Source: global traffic	HTTP traffic detected: GET /8/stable/8.0/amds-theme-default/material-theme.css HTTP/1.1Host: amds-material-dev.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pp-wfe-100.advancedmd.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Range: bytes=113740-149637If-Range: "976aefe9ad86359727c7f5ca90124ec2"
Source: global traffic	HTTP traffic detected: GET /favicon.ico?v=2 HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pp-wfe-100.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico?v=2 HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_126.2.dr, chromecache_128.2.dr

String found in binary or memory: inline:{css:1},disableRealtimeCallback:!1,drive_share:{skipInitCommand:!0},csi:{rate:.01},client:{cors:!1},signInDeprecation:{rate:0},include_granted_scopes:!0,llang:"en",iframes:{youtube:{params:{location:["search","hash"]},url:":socialhost:/:session_prefix:_/widget/render/youtube?usegapi=1",methods:["scroll","openwindow"]},ytsubscribe:{url:"https://www.youtube.com/subscribe_embed?usegapi=1"},plus_circle:{params:{url:""},url:":socialhost:/:session_prefix::se:_/widget/plus/circle?usegapi=1"}, equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: patientportal.advancedmd.com
Source: global traffic	DNS traffic detected: DNS query: pp-wfe-100.advancedmd.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: api2.heartlandportico.com
Source: global traffic	DNS traffic detected: DNS query: amds-material-dev.advancedmd.com

Source: chromecache_122.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_122.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Digitized
Source: chromecache_122.2.dr	String found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_125.2.dr	String found in binary or memory: https://amds-material-dev.advancedmd.com/8/stable/8.0/amds-icons/amds-icons.css
Source: chromecache_125.2.dr	String found in binary or memory: https://amds-material-dev.advancedmd.com/8/stable/8.0/amds-theme-default/material-theme.css
Source: chromecache_125.2.dr	String found in binary or memory: https://api2.heartlandportico.com/SecureSubmit.v1/token/2.1/securesubmit.min.js
Source: chromecache_128.2.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_128.2.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://classroom.google.com/sharewidget?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/widget/backdrop?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://dataconnector.corp.google.com/:session_prefix:ui/widgetview?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://drive.google.com/savetodrivebutton?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://families.google.com/webcreation?usegapi=1&usegapi=1
Source: chromecache_133.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_133.2.dr	String found in binary or memory: https://fonts.googleapis.com/icon?family=Material
Source: chromecache_119.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqW106F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWt06F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtE6F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtU6F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtk6F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWu06F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuk6F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWvU6F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWxU6F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_128.2.dr	String found in binary or memory: https://pay.google.com/gp/v/widget/save
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://play.google.com/work/embedded/search?usegapi=1&usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://ssl.gstatic.com/microscope/embed/
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://talkgadget.google.com/:session_prefix:talkgadget/_/widget
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://www.google.com/shopping/customerreviews/badge?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://www.google.com/shopping/customerreviews/optin?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://www.gstatic.com/partners/badge/templates/badge.html?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://www.youtube.com/subscribe_embed?usegapi=1

Source: unknown	Network traffic detected: HTTP traffic on port 54536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54559 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54561 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54539
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54533
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54555 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54537
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54536
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54535
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54534
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54552 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54537 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54533 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54544
Source: unknown	Network traffic detected: HTTP traffic on port 54554 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54543
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54542
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54544 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54550
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 54534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54555
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54554
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54552
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54559
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54556
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54561
Source: unknown	Network traffic detected: HTTP traffic on port 54550 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 54543 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 54535 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54539 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54556 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54542 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54544 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54555 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54556 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54561 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@21/31@18/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2184,i,9724161557650723365,11028119364261934946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://patientportal.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138'"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2184,i,9724161557650723365,11028119364261934946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.78	unknown	United States	15169	GOOGLEUS	false
35.211.11.79	api2.heartlandportico.com	United States	19527	GOOGLE-2US	false
13.224.189.37	d1he4b11razhen.cloudfront.net	United States	16509	AMAZON-02US	false
13.227.219.121	d11ag707s7acdq.cloudfront.net	United States	16509	AMAZON-02US	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.174	plus.l.google.com	United States	15169	GOOGLEUS	false
18.244.18.92	d1nn1qnqm7ih5y.cloudfront.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.6

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
api2.heartlandportico.com	35.211.11.79	true
plus.l.google.com	142.250.185.174	true
www.google.com	216.58.206.68	true
d1nn1qnqm7ih5y.cloudfront.net	18.244.18.92	true
d11ag707s7acdq.cloudfront.net	13.227.219.121	true
d1he4b11razhen.cloudfront.net	13.224.189.37	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
windowsupdatebg.s.llnwi.net	87.248.205.0	true
patientportal.advancedmd.com	unknown	unknown
amds-material-dev.advancedmd.com	unknown	unknown
apis.google.com	unknown	unknown
pp-wfe-100.advancedmd.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pp-wfe-100.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27	false		unknown
https://apis.google.com/js/api.js	false	URL Reputation: safe	unknown
https://amds-material-dev.advancedmd.com/8/stable/8.0/amds-theme-default/material-theme.css	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api2.heartlandportico.com/SecureSubmit.v1/token/2.1/securesubmit.min.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://amds-material-dev.advancedmd.com/8/stable/8.0/amds-icons/amds-icons.css	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pp-wfe-100.advancedmd.com/styles.bc20a01cb439f66e.css	false	Avira URL Cloud: safe	unknown
https://patientportal.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pp-wfe-100.advancedmd.com/main.679ab1521d22507c.js	false	Avira URL Cloud: safe	unknown
https://pp-wfe-100.advancedmd.com/runtime.828784c1b995f56f.js	false	Avira URL Cloud: safe	unknown
https://pp-wfe-100.advancedmd.com/polyfills.55f1c22607bcff8d.js	false	Avira URL Cloud: safe	unknown
https://pp-wfe-100.advancedmd.com/OpenSans.4543090a37b427da.ttf	false	Avira URL Cloud: safe	unknown
https://pp-wfe-100.advancedmd.com/favicon.ico?v=2	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 117	ASCII text, with very long lines (58316), with no line terminators	6AD0160EF7E55046344194326BAF8047	D29DA73025C94A5A83058F460CA66895632A443B	C77FA61B6C6BE144435E8C67CDBCA511E07F83D87709D96BDF269472DA1F287B
Chrome Cache Entry: 118	ASCII text	FB5CBA4B1FEF7F473C2678ED4A25FB2C	03F05E41D7FCA6D4BB8C0CA6DCAD86C17A896BAA	7D7DB4A3B65F03C2217BF8FDDF5B10B1B0AD02F99099DB11599E1BF397780574
Chrome Cache Entry: 119	ASCII text	71D6A57D21337114032CA39B294F3591	ADA1D867672276F16EF4D3B8A46A519FBA8E3D4E	36B2057EB5EEF261A2CBB8C149DCF3A11EDAA15CCD8E3D462EB34999F5FF8F2A
Chrome Cache Entry: 120	Unicode text, UTF-8 text, with very long lines (32000)	73C6850396835226A45224698B43059A	DB4255AFD4B5E1A03DAE721E1D0C367B011DE405	23A2910290EFB69A0B108FDE2A3BAEC75EA713CBCB354C4F129A51042D3C3178
Chrome Cache Entry: 121	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	7A97A94B3A886BECAB8BD482A0C85874	94A07EF125633818F92EA3457967A0A927CCB332	05E6C55EF2FB42FBE3385C541E3976A2C4B329EB9A89D9D0B406C84D97C2686E
Chrome Cache Entry: 122	TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 26 names, Macintosh, Digitized data copyright \251 2010-2011, Google Corporation.Open SansRegularAscender - Open Sans	629A55A7E793DA068DC580D184CC0E31	3564ED0B5363DF5CF277C16E0C6BEDC5A682217F	E64E508B2AA2880F907E470C4550980EC4C0694D103A43F36150AC3F93189BEE
Chrome Cache Entry: 123	ASCII text, with very long lines (65536), with no line terminators	DBE4FD4EC19BF9695FE8AD7948F05446	2F55B82086E996C936DE71A7E0366FD1B514C573	D0D081E8D35770128027BEE44AC31E7AE7CD1C15E0924825ED5FF525D353ED70
Chrome Cache Entry: 124	Unicode text, UTF-8 text, with very long lines (32000)	73C6850396835226A45224698B43059A	DB4255AFD4B5E1A03DAE721E1D0C367B011DE405	23A2910290EFB69A0B108FDE2A3BAEC75EA713CBCB354C4F129A51042D3C3178
Chrome Cache Entry: 125	HTML document, ASCII text, with very long lines (1528)	BDBCBB3B6ADE6737CB3252F40E87CD60	58A513764BFC6F0D0387D2081C7BFEA4BF6032F9	A475A496036528BCDA17EBEF09238A6BBA569AB9BD5662494C49A50CBEA2B475
Chrome Cache Entry: 126	ASCII text, with very long lines (2051)	DEBC792D9379E95E47071E67D3480AE3	978B28EE04BE45DE1F89BB589F7DD1A3367C913F	5F301B41A86204F34CE1F69010EC3A242FC11E61CDEA50BC82968C064A406CC3
Chrome Cache Entry: 127	ASCII text, with very long lines (3015), with no line terminators	F82D581AA364ACC142717DBDA2DAC271	0929A744C51016670B1C401A6364662F96A40B6F	050CA712A0421EAB5924B2F0C277BC549CE05627D9CAE243BA21A5F990A673C3
Chrome Cache Entry: 128	ASCII text, with very long lines (2051)	DEBC792D9379E95E47071E67D3480AE3	978B28EE04BE45DE1F89BB589F7DD1A3367C913F	5F301B41A86204F34CE1F69010EC3A242FC11E61CDEA50BC82968C064A406CC3
Chrome Cache Entry: 129	ASCII text, with very long lines (1572)	3C89B4E5563F4BA0410A1D7D4F3AD23E	6455000459BF2AD68625B8B554A652CC84145261	B17609553B24140FC01409B78FA834FE878DE6410FE9E8996B0A5F6A984DDD6D
Chrome Cache Entry: 130	ASCII text, with very long lines (65536), with no line terminators	C1DB6D769CB841A9D2CCB364A100F757	CB8AFFA064D49090138BCB2BDC8F96912471ADA4	96518CFDDFE78CDAD221E3117DFE60525908EC533E6C311D7D6A05563AD1DE44
Chrome Cache Entry: 131	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	7A97A94B3A886BECAB8BD482A0C85874	94A07EF125633818F92EA3457967A0A927CCB332	05E6C55EF2FB42FBE3385C541E3976A2C4B329EB9A89D9D0B406C84D97C2686E
Chrome Cache Entry: 132	ASCII text, with very long lines (3015), with no line terminators	F82D581AA364ACC142717DBDA2DAC271	0929A744C51016670B1C401A6364662F96A40B6F	050CA712A0421EAB5924B2F0C277BC549CE05627D9CAE243BA21A5F990A673C3
Chrome Cache Entry: 133	ASCII text, with very long lines (582), with CRLF, LF line terminators	976AEFE9AD86359727C7F5CA90124EC2	21A5A45D1B1A9A2542521E2E6D25A6F1C9166240	9A7BA4157D730B6EC069FCD2CD3EF90D3E694CAA0E42D13D75323EB602C4C091
Chrome Cache Entry: 134	ASCII text, with very long lines (58316), with no line terminators	6AD0160EF7E55046344194326BAF8047	D29DA73025C94A5A83058F460CA66895632A443B	C77FA61B6C6BE144435E8C67CDBCA511E07F83D87709D96BDF269472DA1F287B

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:54552 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54544 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54555 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54556 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54561 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.6:54532 -> 1.1.1.1:53

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:54552 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.162.78

Source: global traffic	HTTP traffic detected: GET /appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27 HTTP/1.1Host: patientportal.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27 HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /runtime.828784c1b995f56f.js HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-wfe-100.advancedmd.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pp-wfe-100.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /polyfills.55f1c22607bcff8d.js HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-wfe-100.advancedmd.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pp-wfe-100.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /main.679ab1521d22507c.js HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-wfe-100.advancedmd.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pp-wfe-100.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/api.js HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pp-wfe-100.advancedmd.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SecureSubmit.v1/token/2.1/securesubmit.min.js HTTP/1.1Host: api2.heartlandportico.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pp-wfe-100.advancedmd.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /8/stable/8.0/amds-theme-default/material-theme.css HTTP/1.1Host: amds-material-dev.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pp-wfe-100.advancedmd.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /8/stable/8.0/amds-icons/amds-icons.css HTTP/1.1Host: amds-material-dev.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pp-wfe-100.advancedmd.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /styles.bc20a01cb439f66e.css HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pp-wfe-100.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/api.js HTTP/1.1Host: apis.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SecureSubmit.v1/token/2.1/securesubmit.min.js HTTP/1.1Host: api2.heartlandportico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /runtime.828784c1b995f56f.js HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /polyfills.55f1c22607bcff8d.js HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /OpenSans.4543090a37b427da.ttf HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-wfe-100.advancedmd.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://pp-wfe-100.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /8/stable/8.0/amds-theme-default/material-theme.css HTTP/1.1Host: amds-material-dev.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pp-wfe-100.advancedmd.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Range: bytes=113740-113740If-Range: "976aefe9ad86359727c7f5ca90124ec2"
Source: global traffic	HTTP traffic detected: GET /8/stable/8.0/amds-theme-default/material-theme.css HTTP/1.1Host: amds-material-dev.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pp-wfe-100.advancedmd.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Range: bytes=113740-149637If-Range: "976aefe9ad86359727c7f5ca90124ec2"
Source: global traffic	HTTP traffic detected: GET /favicon.ico?v=2 HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pp-wfe-100.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138%27Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico?v=2 HTTP/1.1Host: pp-wfe-100.advancedmd.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_126.2.dr, chromecache_128.2.dr

Source: global traffic	DNS traffic detected: DNS query: patientportal.advancedmd.com
Source: global traffic	DNS traffic detected: DNS query: pp-wfe-100.advancedmd.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: api2.heartlandportico.com
Source: global traffic	DNS traffic detected: DNS query: amds-material-dev.advancedmd.com

Source: chromecache_122.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_122.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Digitized
Source: chromecache_122.2.dr	String found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_125.2.dr	String found in binary or memory: https://amds-material-dev.advancedmd.com/8/stable/8.0/amds-icons/amds-icons.css
Source: chromecache_125.2.dr	String found in binary or memory: https://amds-material-dev.advancedmd.com/8/stable/8.0/amds-theme-default/material-theme.css
Source: chromecache_125.2.dr	String found in binary or memory: https://api2.heartlandportico.com/SecureSubmit.v1/token/2.1/securesubmit.min.js
Source: chromecache_128.2.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_128.2.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://classroom.google.com/sharewidget?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/widget/backdrop?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://dataconnector.corp.google.com/:session_prefix:ui/widgetview?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://drive.google.com/savetodrivebutton?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://families.google.com/webcreation?usegapi=1&usegapi=1
Source: chromecache_133.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_133.2.dr	String found in binary or memory: https://fonts.googleapis.com/icon?family=Material
Source: chromecache_119.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqW106F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWt06F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtE6F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtU6F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtk6F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWu06F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuk6F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWvU6F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWxU6F15M.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_129.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_128.2.dr	String found in binary or memory: https://pay.google.com/gp/v/widget/save
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://play.google.com/work/embedded/search?usegapi=1&usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://ssl.gstatic.com/microscope/embed/
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://talkgadget.google.com/:session_prefix:talkgadget/_/widget
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://www.google.com/shopping/customerreviews/badge?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://www.google.com/shopping/customerreviews/optin?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://www.gstatic.com/partners/badge/templates/badge.html?usegapi=1
Source: chromecache_126.2.dr, chromecache_128.2.dr	String found in binary or memory: https://www.youtube.com/subscribe_embed?usegapi=1

Source: unknown	Network traffic detected: HTTP traffic on port 54536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54559 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54561 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54539
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54533
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54555 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54537
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54536
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54535
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54534
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54552 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54537 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54533 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54544
Source: unknown	Network traffic detected: HTTP traffic on port 54554 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54543
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54542
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54544 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54550
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 54534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54555
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54554
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54552
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54559
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54556
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54561
Source: unknown	Network traffic detected: HTTP traffic on port 54550 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 54543 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 54535 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54539 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54556 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54542 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54544 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54555 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54556 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.162.78:443 -> 192.168.2.6:54561 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@21/31@18/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2184,i,9724161557650723365,11028119364261934946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://patientportal.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138'"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2184,i,9724161557650723365,11028119364261934946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1501750
Product:	CloudBasic
Start time:	12:31:10
Start date:	30.08.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://patientportal.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138'

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://patientportal.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138'

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://patientportal.advancedmd.com/appointment/unsubscribe?token=dlU0NEdEaktVUUp6VUl5eU1ydlUwZCtXaW00K1o4REIrK3I3VFVQKy90bz0=&lk=142138'