Windows Analysis Report
https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0

Overview

General Information

Sample URL:	https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0
Analysis ID:	1523416
Infos:

Detection

Phisher

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Phisher

Performs DNS queries to domains with low reputation

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

Yara detected Phisher

Source: Yara match

File source: dropped/chromecache_63, type: DROPPED

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49758 version: TLS 1.2

Networking

Performs DNS queries to domains with low reputation

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: iamcosless.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: iamcosless.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: iamcosless.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: iamcosless.xyz

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:15 GMTServer: Apache/2.4.52 (Ubuntu)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 2819Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 5b 7b 6f db 38 12 ff 7f 81 fb 0e 5c f7 b0 69 6f 23 cb 4e 9a 66 37 75 72 e8 23 7b 0d ae 6d 16 4d 8a 45 81 02 02 25 8d 25 26 94 a8 92 94 1d ed a7 bf 21 25 39 b2 e3 87 ec 24 6d 6e b7 06 9a 5a 34 39 43 ce e3 c7 e1 70 34 50 81 64 99 3e 62 c3 c7 63 96 86 62 dc e5 22 a0 9a 89 b4 1b 4b 18 76 59 1a f0 3c 04 f5 b8 f3 a8 f3 e4 09 99 d7 87 1c ce 6d ee 4a c8 38 0d e0 b1 fb d9 fd fc e8 b3 eb 46 db 5b 8f b6 9e 4c 37 df 6c b4 4d ee d6 93 e7 03 b7 9a da 0f 83 1f 5f 9f be 3a ff f4 fb 31 89 75 c2 8f fe f1 c3 c0 fc 4f 38 4d a3 c3 0e a4 1d 6c 21 f8 19 c4 40 c3 ea bb 7d 4e 40 53 12 c4 54 2a d0 87 9d 5c 0f 9d 5f 3a cd df 35 d3 1c 8e 4e 5e bc 7b 75 7a f6 f6 f8 ec 6c e0 96 2d b3 24 52 9a c0 61 07 85 60 e7 83 eb eb 90 40 a4 1a 52 a4 da 59 d0 9b e6 3a 16 b2 45 c7 11 83 71 26 a4 6e 74 1d b3 50 c7 87 21 8c 58 00 8e 7d d8 26 2c 65 9a 51 ee a8 80 72 38 ec 6f 93 84 5e b1 24 4f ea 86 29 f2 9c a5 97 44 02 3f ec 28 5d 70 50 31 00 d2 37 4a 69 b6 28 d7 a7 0a ba 81 52 1b 0d 56 97 c0 41 a3 b2 37 25 80 fa 0b 59 1a a9 5b 10 28 44 ae bd fe c6 04 7c 71 b5 f1 d8 84 b2 cd 97 9e b1 2b 16 2c 17 1d 5a 8f 0e 72 4d 4c bf 9a 04 4b 68 04 ca 1d d2 91 1d 8d 7f 16 8c a6 59 c6 c1 d1 22 0f 62 67 0e 81 d9 9f bb 59 1a b5 a6 a4 d8 9f a0 0e 3b fb 3b 57 fb 3b 2b e8 3a b6 d3 26 d4 fb fd a7 57 f8 6f 15 fd aa 5b 93 c3 c0 6d c0 c0 c0 17 61 d1 64 1d b2 11 09 38 55 c8 02 75 30 44 19 7b a9 90 09 e5 de 94 07 cd f6 35 24 41 7a 56 85 b3 fd 66 fb 1a 37 46 db 00 39 af e3 6c 67 c5 ae 34 40 8a be cf f3 24 55 8b 86 d8 61 2c 89 88 9d 41 85 10 07 64 b7 97 5d 3d 47 99 c9 60 22 a2 7e b5 1e 57 69 2a ad 5c 08 e5 33 f0 73 83 b2 ca 68 5a 93 4e a8 8c 58 8a 42 ce 0e 88 d3 7f 8a 0c 42 a6 10 9c 8b 03 c4 20 d4 1c 38 3e c2 fc e5 f3 18 58 14 eb 03 b2 8f 3d 86 b8 64 c7 68 ee 80 ec d8 29 4d 81 aa a1 be 8c 3b ad 94 fc a8 33 91 0a 17 63 6f 88 22 27 85 f6 fc 5c 23 ca 74 8e 06 2e dd 94 8a 1e 33 ad 51 7f 77 40 6a 88 bb 94 2f c4 65 5b 5a 4d 23 d2 70 a5 6b 1b 3a d3 b4 30 88 9f 42 a0 21 1c b8 d8 6f 91 b9 2c f8 6d 5e fb 6c db 8d e7 0d ed 3f 43 db ba 7f eb 2f 77 c0 6b 19 b5 13 ab dd b3 57 0f 31 9f 6b ab 24 27 67 e4 cd f1 87 e3 25 2c 96 a8 e4 c6 3a 72 7f 8d 59 bc 13 12 4d 32 46 97 eb f7 48 9e b2 2f 39 90 37 e7 ef de 12 0d 09 3a 9a 06 85 9e 46 44 0a c4 cf d3 90 03 61 2a dd d2 66 84 26 74 0c 4a 24 80 01 97 8e 09 25 5c 68 22 86 64 08 54 e7 12 c7 e1 8e 4a 22 89 4f 04 a3 15 16 a5 c4 97 22 47 37 25 5a 10 dc 2b 89 5f 34 64 d0 bd 9b c5 03 ee 84 dc 43 11 98 f0 c8 5f b9 fa 01 1a 5d 42 58 58 99 4a a0 3d d3 d0 21 68 8e 0e b6 0c 99 4c d0 55 58 18 42 ea 61 1b da 65 cd c8 f4 43 6b f5 32 1a 9a b8 61 15 23 cb 8c a5 19 ee a1 ba c8 a0 9a 68 a7 0a bb aa 07 33 8f ea eb b5 5b 78 c6 08 71 46 26 22 8d 05 47 e4 3f ec 1c a3 65 4a f2 49 e4 92 1c 97 fd 25 7c c9 99 84 b0 cd 34 4a b0 a8 e6
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "241e-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 2570Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 1a 6b 73 db b8 f1 b3 f4 2b 50 67 ee 12 27 12 4d 52 92 ed 48 93 69 93 cc 65 9a e9 a5 d7 69 32 ed 87 de 4d 06 22 41 09 67 92 a0 09 d0 b6 92 c9 7f ef 2e 00 52 7c 5a b2 c7 b6 f9 c2 2e 76 17 fb c2 02 f0 d9 cb f1 4b f2 e1 d7 b7 5f fe f5 f6 fd 3f c8 7f e6 8e 07 df b7 b7 b7 4e c6 ef 22 91 2b 27 10 09 b4 f8 af cf dc cb 33 df f5 16 e3 97 67 e3 f1 f8 ec 25 f9 42 d7 31 23 22 22 ef 45 aa 58 aa c6 6f 1e fc 33 1e 3d fb 37 93 4c 91 9f c9 3b 2a 79 20 a1 41 bf 90 cf 6a 17 33 fc fc cc 15 db 7f 7d d9 65 62 93 d3 6c bb 83 8f 5f 79 7a 25 f5 53 2a 7c 7e 4c e8 46 63 bd 2b 94 12 29 be 7d 10 79 82 cf 4f 5c 06 a4 14 bc c5 93 bc f8 98 ca 8c e7 2c 24 eb 1d f9 c5 21 9f d8 8e e5 f2 f4 11 e3 41 16 a3 bf f1 24 03 c5 91 93 ad 52 d9 f2 ec 2c 02 f5 48 67 23 c4 26 66 34 e3 12 35 7a 16 48 f9 d7 88 26 3c de bd f9 2d 63 e9 ab cf 34 95 cb b9 eb 4e 16 ae cb 15 8d 79 30 b9 80 2f 68 39 59 8d 47 5b 95 c4 13 b2 16 e1 6e 42 42 7e 33 21 32 a3 e9 84 d0 2c 8b 99 9a 10 b1 fe 93 05 f0 e4 51 4e 13 36 21 5b 0f 2e 1f ae 19 5c 73 b8 16 70 9d 4f 48 06 34 62 11 5c 5d 17 42 01 5a 96 c3 8d c2 df 7a 9d c3 3d c8 45 ba 4b e0 25 0c 73 26 25 e0 f2 cd 84 04 1c 51 03 11 c2 3d 64 20 45 18 01 67 06 78 3c 01 30 4f 01 f1 6a 1d 4e c8 35 48 05 7f 34 01 2e 32 a1 31 a0 4a 95 f3 2b a6 9f 22 05 64 59 ac f1 06 08 0a a4 bd a1 c0 15 1a 0a a0 02 1c c0 83 18 34 84 c8 02 a0 21 90 14 f0 5e c0 15 03 3c e2 2c 0e 25 8e 16 bc 12 b8 c7 74 8d d2 c4 6c c3 52 40 55 e8 8c 40 85 66 8a 0b 10 50 19 65 a9 48 08 e8 a2 b6 8c 22 52 8e af 70 c1 3b cd 15 0f b0 0b f8 40 a8 7b a6 37 54 e2 18 15 e5 b1 c4 21 ae 59 88 7c 37 05 ea 09 9e 15 71 24 8a b2 22 55 fd dc e4 02 47 95 b0 14 06 93 52 30 90 28 54 56 00 e7 bc 58 83 18 12 cc a3 7b ca 22 49 68 8e 82 71 34 14 bc 5f 81 04 45 c8 05 e8 03 e4 10 e4 fb 78 34 82 e6 0d 4f 97 c4 05 d3 8f 32 b0 07 4f 37 f6 6b 2d 72 60 69 3f d0 b3 a6 92 7f 63 4b e2 b9 ee 4f 65 d3 12 ac b2 65 39 57 d8 70 c3 70 a0 34 9e 82 4f 6d 80 e6 9a 4a 16 f3 94 ad c8 8f f1 a8 ad 84 6a f0 8d d1 96 1a 38 3c 6a 3b 4e 3d 88 90 cb 2c a6 bb a5 71 39 cd 0e 6d a2 61 28 c0 74 cb f8 66 0b c2 7a 1a 66 6c 6d a1 12 86 85 21 bf 24 a9 b0 a2 d6 1d f7 5a a3 e9 0f d9 8b b2 5c 33 f0 12 56 77 f7 25 8d 50 fa f1 e8 ba 02 5e 9b 36 4d 2c 30 39 6c 49 9e 3f 5f d5 3f 2b e2 da c1 34 aa 31 c1 34 10 71 4c 33 09 32 96 6f 7b fb 4c 21 3e 03 6b 34 e8 6c b2 4e 23 b1 3d 32 b7 a0 06 b5 0c 34 b8 42 f5 a7 e1 92 3c 8b a2 a8 ed 0d e7 d9 dd aa a1 64 7f 0e 2d 25 92 49 3c 30 56 4c 3d 04 53 cf f3 89 84 fb 54 82 d7 44 e4 2f 26 81 d1 54 19 55 c4 02 1c ee d9 7c 3e c7 cf e9 2d 5b 5f 71 a0 a1 b9 25 e0 13 5b 3d 50 c0 e6 e0 62 e0 5d e1 8a c0 70 3f f0 3b 8c 54 62 d0 49 0e 51 0a c4 d3 8d 1e 46 45 45 b1 3b 23 f3 94 86 7f 16
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "885c-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 7132Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 3d 6b 73 e3 36 92 9f 9d aa f9 0f b8 9d 4a ed 78 ca 92 f8 d4 b3 ee ea 72 93 cd a3 2a c9 e5 92 d4 d6 dd 27 16 45 51 12 d7 14 a9 25 29 db 93 29 ff f7 c3 1b 8d 07 29 d9 e3 d9 4c e2 d8 23 81 40 77 a3 d1 68 74 37 80 e6 e4 ed ab 2f de a2 6f ca b4 fb 39 cd 6e d1 77 bf fd f8 03 fa 7b 34 f6 49 e9 bb fa f8 be 29 76 fb 0e 05 9e 1f a3 9f 8b 87 6f ea a6 23 4f ee ef ef c7 c7 e2 61 8b bf 8e b3 fa 40 8a 82 c5 c4 9b 4f 48 45 fc 6d f2 ea 0b f6 33 79 3b 1a 8d d0 cf 69 d3 21 6f 89 d0 eb 1f 8b 36 43 f4 3f 5c 4e aa 8d 37 79 7b 9b 30 2c 1f 50 97 3f 74 a3 b4 2c 76 d5 12 d1 b2 15 7a 14 75 ca 7c 6b 56 21 45 b4 06 43 85 09 44 3e 01 7a 25 88 4b f0 bf 89 8f c6 5d de 16 49 db bd 2f 73 0c 61 8d 3b ba 6b ea 53 b5 59 a2 d7 71 96 46 db 6c 75 4c 37 9b a2 da 2d 51 e4 1d 1f 90 b7 82 58 b2 bc ea f2 86 e2 b1 00 ff 73 54 64 75 85 81 72 00 a3 75 dd 75 f5 61 89 42 0c 87 36 41 93 b7 e8 b7 bc ed 0e 75 55 a4 25 fa 35 cf ba 02 b7 78 57 a6 6d 8b fa 88 ed 0a 56 bd d5 fb 0b 29 c1 ff 63 c8 ff 73 aa bb 1c c3 7f e8 dc b0 fe 49 9e 8f 08 8c 0f f8 e9 55 56 97 75 b3 7c bd dd 6e 57 e4 eb b6 ae ba 51 5b fc 9e 2f 83 39 26 57 16 dd 13 d6 2f d7 75 b9 a1 65 65 51 e5 a3 7d 4e 0b 51 18 b3 9a 26 0d 5f d7 5d 4f 7f 18 0d 1b fc 1c d0 d0 ec d6 e9 9b 20 8e 6f c4 af 37 9e 5d bf 38 51 bf 15 1d 1e 72 2a 67 6e c6 90 e7 c3 9c f1 2f 27 c2 a3 35 19 0d 92 84 1f 8a ea 76 80 02 0c e1 16 10 80 1c 7c 99 9b 7c f1 23 17 a2 ef 89 20 7e 7f 48 77 ce 0e bf 2e 8f a3 63 7d 18 15 a4 c2 68 1e 7d 40 f5 31 cd 8a ee fd d2 1b c7 72 0e 89 59 14 58 10 02 34 de e7 e9 26 6f 12 df 3d 91 08 e7 d6 f5 c3 a8 dd a7 9b fa 7e 89 3c 34 0a c9 54 c2 3f b4 4f de 0d fd 19 fb d7 a8 a8 da 5c cc 5b 2a ed 88 a0 4a ee 8a 4d 5e 27 9b e2 8e f2 e3 58 b7 05 99 29 4b b4 2d 1e 72 c6 ee df 47 45 b5 c9 1f 96 68 14 78 1e fa b7 e2 70 c4 e4 a5 15 86 85 c8 e3 ae 3e 62 bc 2b a6 39 e8 27 31 1b f1 47 a2 2b c8 07 52 b1 be cb 9b 6d 49 a8 dc 17 9b 4d 5e 31 66 32 52 28 15 b8 73 3a 0d e9 ba ad cb 53 97 af 00 1e f2 51 a2 22 5f 14 36 2a 1b 00 e1 a1 a8 b0 e8 6c ba fd 12 f9 9e f7 a5 2c 13 a2 23 0b 79 a5 f4 d4 d5 f4 bb a8 20 0b 7a 59 40 09 00 03 72 6a ca 37 7f 9d 4c 36 f9 a1 6e bb 7d 5e e5 ed b8 a8 b6 f5 04 ab 9d bc 6b 27 54 0e da c9 b1 c6 02 98 8e ff 71 dc fd f5 1a 55 f5 a8 c9 8f 79 6a 02 1b a5 5d 97 66 fb 03 d6 3e 4b d4 66 4d 5d 96 26 e6 7a fd 0f ac d8 46 db 02 d7 c8 08 7b 69 e9 e8 3e 5f df 16 dd 08 80 a2 02 0c ab 1c ea df 07 9f d7 43 4f 07 1e b9 c7 98 fd 5c 31 49 47 af ff 4e 07 9b eb e4 57 5f fc fb 93 ff 63 1a ef 6a bc 4f db 91 90 1c 29 35 4d 8e 97 d5 e2 2e 5f 21 49 0c a7 85 6a 70 aa 28 93 ed a9 2c 13 cc d4 3c c7 cb 88 29 13 90 cd 8f 06 a2 71 cb c8 4e 2c bc 4a 5a 91 98 12 42 18 91 25 75 c8 94 4d 64 71 0e 21 29 75
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "5e5f-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4024Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 85 5c c1 72 e3 36 12 3d 8f bf c2 9b 1c 26 49 45 33 a2 64 81 d2 a4 b6 b2 bb 55 49 d5 5e f7 bc 17 10 04 25 44 24 c1 01 41 cb f2 56 fe 7d 01 52 b6 e3 47 3e 4c 2e 53 b1 5e 83 60 77 a3 d1 78 dd e0 3f 2a db fa 55 25 95 be ff df dd 87 db ff 34 a6 be 7e b9 ff 58 d5 d2 77 52 9d 3f fe 72 f7 a1 77 ea cb e0 ea 1f 3e 7e fa f4 39 a2 fa cf 2f bf 7e d2 d6 ff ea 9f af b9 72 1f 7f fc 36 f2 7b a3 2b f3 f4 82 bf af ac 6b a4 ff e1 a3 6e 0a 5d 96 ba 5c d9 4e b7 fe da e9 8f 3f fe 7c f7 e1 03 19 e8 62 ab ea d7 d9 18 f1 af 49 31 ef 17 a4 bc 1b f4 37 1f d8 3f 1e 6f 92 df bf 6a e5 6d 88 f0 eb f8 ea a3 fa 2e da 1c 4f fe cb 7d 1b 7f ac 5f fe da fb 6b ad df fe f8 e7 dd dd a7 ce fc 7c 6f 12 5a bf ff 9b 69 3a eb bc 6c 7d 54 6b a7 e5 39 0e d0 6a 32 66 ea f1 8f d2 99 30 ce 5f fe ec f5 93 5f 79 27 db 3e be c5 eb c0 b5 69 f5 ea 74 1b 23 fb e5 ee ee c3 e7 9f ee ff a5 bd d7 ee fe f7 30 d2 fd 7f 74 5b 6a 67 da e3 fd df df fe bb ff e9 f3 dd 87 f0 e8 e2 6c c2 9b 8c 73 6b ac f5 a7 00 fb 72 1f 9e 6b 64 6d 64 af cb f0 80 55 63 9f 57 b6 7f 9a c1 8e 4e 5e 7b 25 6b fd a2 9d 27 a3 6c bb d2 57 fd a5 d0 61 8e a3 83 86 bf 78 1d df e3 bb ff ea f5 7a fd 5d c4 be 42 3b d9 69 b7 52 b5 e9 a8 44 f6 5e a2 91 a6 a6 d8 cd 7b ac b7 c7 63 cd e7 b2 7d 8f ae e5 d5 0e 9e a2 1f 00 6d da 33 c5 ee de 63 0b 5d f3 39 0b 18 d7 2a 3e 6e fe 1e 3b b4 49 f4 fe 3d da 99 a2 b0 2d 45 1f de a3 4d 23 8f 54 75 19 98 b1 37 c7 56 d2 57 cc c0 84 5e ba a3 a6 8a ce c0 88 d1 39 0a 2b 5d 49 05 b6 28 90 50 4a 06 66 bc 48 af 4e 14 0c 76 94 c6 ad ba e0 26 14 0f b6 54 b2 d1 4e 52 34 58 f3 d1 94 da 52 30 18 b3 34 bd a2 58 30 65 17 d6 7e 08 06 0c be 01 63 36 b6 35 de 72 38 58 b3 d7 ee 31 31 38 5a d3 1e 29 14 ec 78 d2 d2 51 2f d9 3c 60 20 71 32 84 a3 8e da 72 83 b6 ac 83 cf ae fe 18 7a 6f 2a 6a d0 8d 58 12 aa 75 c5 e7 95 2f 49 28 9d 34 c0 7e 49 c6 8d 01 9d 89 80 89 0b 6b a9 cb 6f d7 b3 38 a7 5d 4f d1 68 5e 2f f9 6a da 6e 16 c0 ab 0d 85 6f d1 68 1d d7 ca 76 66 e1 b8 55 a4 a7 b3 43 d7 94 8e af ee 2d 18 f7 d9 da 66 65 68 80 dc e6 0b f0 c4 86 b1 c5 f0 ab bb 9a 3a da 16 ec a9 8c 53 b5 0e c1 66 a0 86 7a 58 2f 8a 34 a6 4d c8 64 8b 32 ea a4 b9 52 1f 70 05 df 64 9c ed f9 73 c0 d0 fd d7 41 ba 6f bc ce c3 a2 48 fa 75 d0 de 93 4c fa 75 c4 b2 4c f2 75 c0 f4 8d 09 f0 ee 14 d2 2f 2a 31 33 be b2 7c 07 7b 00 eb f7 67 d3 ad 8a 84 a3 ef d6 38 fc c5 b4 74 f8 1d 58 3d b5 85 ed 36 b8 ea 86 9e be e5 0e cd ec 2d cd e3 76 60 df 4a f6 31 ef 74 97 c4 ce be 43 fb 46 bd 7c 4b 06 ed 7b 1a aa 8a 27 81 bb 7c b6 4a b5 a4 6b 7a 07 66 ad 6c 5d f2 08 b6 03 b3 0e 4d e1 42 26 48 13 02 31 db 88 79 ba 26 30 a7 3a 69 d7 d8 46 27 b6 19 01 a6 2d 1d b7 96 40 cb 0e 7c 26 60 d8 90 7e 0d d4 3a 62 b7 00 5e 0d 5d 6d 25
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "2673-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1584Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 5a db 8e db 36 10 7d f7 57 10 db 87 24 8b 5d 5f 64 59 be 35 41 d1 04 59 14 68 da 02 49 0b 14 e8 0b 6d d1 36 11 59 14 24 da de ed 62 ff bd 43 5d a9 0b 2f ca 36 05 0a c4 d8 87 f5 70 74 38 3c 1c 0d cf c8 1a 5d 0f ae d1 c7 cf 24 20 9c 85 e8 8f c9 d0 81 ef 6f 59 f4 10 d3 fd 81 23 67 3c 99 dc a0 77 f8 4c d0 1d 3e e2 ed 81 c0 f0 e5 72 19 ee 09 4f f2 ab 86 5b 76 04 eb fb 98 10 c4 19 3a 25 04 9d 42 9f c4 88 1f 08 fa f0 d3 27 14 d0 2d 09 13 32 04 a7 03 e7 d1 6a 34 12 08 2c 02 23 3b c5 5b 32 64 f1 7e 94 3b 25 a3 23 e5 b7 c5 15 d1 21 82 8b bc 91 33 86 bf 09 84 36 1a 0c 06 a3 6b f4 09 6f 02 82 d8 0e 22 0d 39 09 79 32 78 dd fb 33 40 f0 f9 ee 47 0c e1 2e bd 31 ba 8b a9 9f 99 52 70 8e 5e fe c6 62 1e 63 ca 5f 65 e6 0f 6c 43 61 52 95 f9 67 1c fa c9 16 47 24 b7 bf 0d 08 8e 69 b8 47 69 cc 22 e8 c6 5c fd 23 4e a1 04 38 30 1e 72 4c 43 e0 d8 f8 79 44 11 4b 28 a7 2c 5c a1 98 04 98 d3 33 59 a3 0b f5 f9 61 25 82 89 ee d7 e8 88 e3 3d 85 f1 31 c2 27 ce d6 28 c2 be 0f a1 83 61 8d 9e 9a 33 c2 bf c1 e9 18 de 28 ec 89 26 92 5d c0 30 5f a1 80 ec f8 1a f9 34 89 02 fc b0 42 34 0c 00 a0 88 e2 56 8c ae d0 44 0a ec 36 cd c5 c2 96 07 14 b3 8b 79 f1 c5 c4 39 ce 86 71 ce 8e 2b c8 ea 0c 28 45 82 9d f9 85 24 9c f8 90 4c 62 01 e8 6d 80 13 48 44 c1 76 be 44 61 1e e2 20 3a e0 9b 72 99 d9 77 d5 4c d9 22 64 fa 52 0c 76 24 7b 19 23 fd ae c2 c8 57 3d 96 23 4d 53 48 a4 8f 14 5d b9 01 2c 24 ca cd a9 c6 ba 37 e8 b1 48 09 37 e5 a6 63 db f9 85 d9 21 4c c6 f2 3e c9 08 07 28 11 1a 8c 0a c1 53 20 ec a0 5e e8 82 28 11 1c 47 85 00 e9 6f 87 b0 50 20 24 f4 de 8e 87 a9 ab 42 20 67 12 da f0 e0 aa 98 24 22 35 ac 10 54 4c 86 54 9f 10 25 c2 4c c5 24 d7 ae 41 46 50 31 09 c7 87 96 88 12 c1 53 31 c9 2f 24 d0 ed 67 89 30 57 e7 24 8d 39 51 47 51 21 e8 72 d2 0a 61 a1 ce c9 9d 0e 40 42 d0 e4 a4 1d c2 d2 95 4b 5f a3 40 dc 0a 32 fc 1c 44 09 31 55 52 79 61 19 42 d2 0d 51 6d 67 b3 fe fe ba db 25 a0 27 3a 6b 5a 3a 74 bb 79 b8 85 00 db 1b 2c 8e b7 ec b0 ca 4b ae a7 2a 5f 15 10 c4 69 01 34 51 ed 96 04 24 ea 99 19 48 b5 69 15 90 48 21 73 44 8e ea 2e 90 80 a0 ba 99 81 94 3b 58 01 41 42 59 70 34 55 dd 13 12 90 b8 c5 8d 40 ae 99 ec b4 e4 99 81 cc 64 8b ca 67 5e da cc 4c 36 ef 58 58 57 42 9a 97 16 74 91 d4 02 32 93 9d 95 43 13 d0 dc 26 b3 b3 aa 68 00 b2 cb 6c 33 d0 c2 26 b3 77 6d 9c 16 d0 b2 20 3b 57 dc 6d 29 ff 0c d5 2d 84 22 e3 64 85 de 91 84 ee 43 b4 63 31 c2 59 4d 13 ad c8 dc 5b 44 f7 a5 f3 0f 47 e2 53 8c 58 18 3c a0 64 1b 8b d0 a1 41 40 2f 8f 20 ec ca 13 05 2e 78 95 9b f1 7d 61 5e ce 96 c2 fc 38 28 16 d9 4f ed cb e0 05 a5 4d 5a 65 91 d8 3d a6 53 f1 96 3a bd 3e f7 33 24 b4 ba 09 90 b1 bf 50 5a 77 2c 46 c2 4e 03 ec 84 32 f1 d2 8a bb 92 f1 4d c6 9b b2 5d 3d
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "18c8-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1795Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 58 5b 6f db 36 14 7e 5e 80 fc 07 6e c5 80 a6 8b 6c 59 b6 93 d8 41 1f dc d4 49 83 6e 4d 9b 36 45 bb 37 da a2 6d 2e b4 a8 51 74 9c 0b fa df 77 48 4a 32 29 51 76 b6 a7 39 40 6c de ce e5 3b 57 72 7f 6f 7f af fd 0a 05 be 0f 22 49 8c 2e 3f 5f 7d b9 fa 38 6e d8 f1 aa ad 8f cb c5 6a 39 41 74 89 e7 44 4f b5 cc c4 13 4a 79 46 25 e5 c9 10 09 c2 b0 a4 77 e4 14 2d b1 98 d3 24 98 70 29 f9 72 88 a2 30 bd 3f 45 fc 8e 88 19 e3 eb 21 5a d0 38 26 c9 29 fa 51 92 c1 87 a8 f8 05 3c e6 40 36 a6 59 ca f0 c3 10 4d 18 9f de 9e a2 09 17 31 11 81 c0 31 5d 65 43 4d 30 9f 92 3c 0d 18 99 c9 62 0d 75 61 d1 5a 13 74 be 70 17 2d be 39 b7 35 8d e5 62 88 3a 61 f8 ab 2d 56 8b 26 33 ee e8 88 27 19 67 2b 09 3a 2a 96 43 14 9e 22 e0 a1 bf 0b 6d e1 a7 43 8e a7 78 4a e5 83 5e 98 51 26 89 00 32 2c 5d e0 97 f9 ca eb f0 e0 14 05 6b 32 b9 a5 32 90 02 27 25 33 c6 50 2b ea 67 88 d1 84 60 01 9b 96 fc 71 c7 0e be 8b 42 b6 7d c3 d6 c5 12 99 e1 42 59 b3 c4 a7 54 b1 b3 51 31 e1 09 71 b0 4c b1 84 85 04 b6 2b 87 9a e0 e9 ed 5c f0 55 12 0f d1 4a b0 97 60 87 76 be a3 95 26 f3 83 53 e5 64 68 b3 2b 98 72 c6 81 ac 98 4f f0 cb f0 50 ff b5 7a 00 5c ca 69 02 a7 02 72 47 12 99 79 f8 4a 72 2f 6d 87 32 1b b6 9a b4 c9 94 b6 d0 2f a2 28 72 67 1c d1 8e fb 20 5b 2e f3 8b d9 6c 06 1c 71 1c d3 64 ae 68 a5 f7 8a 74 0d cd aa a4 b9 eb 57 75 c9 a4 e0 c9 bc 8c 18 33 49 96 9e 93 ca 6e c1 82 a8 00 00 b6 7d 15 34 a5 14 a1 96 a3 89 3a 10 9b f1 44 06 19 7d 24 70 34 b2 8e 96 61 ad e9 a9 33 c6 a3 66 5c c0 e4 2a 4d 89 98 e2 cc 63 03 2d a2 4d b5 a3 08 b8 32 1e 7b 45 4a 71 62 6b 47 13 7d a8 c8 0c 1e 4f ca 52 41 25 d1 8e 04 f6 0e 04 49 09 96 3e 89 5a 31 96 a4 60 50 d8 ba a7 84 70 45 b2 1c 71 e3 39 41 1f 34 40 41 67 a0 76 e4 39 4f 98 53 06 6b 4f 6a d4 d9 a2 eb d3 12 b7 40 ab db 8a 59 71 6b b6 62 4c e1 d5 90 86 0a 63 18 63 16 1a 1c 6f d3 60 07 4c 28 18 0c 06 15 0f 75 44 04 49 72 2d bb fd 2d d8 f4 9b 68 58 1a e5 74 8c f0 5e 3a 21 e0 9b 83 e9 c6 39 5e 49 ee 50 9f ac 00 89 24 28 a8 6f 80 cc 17 72 d1 7d 20 6a a3 f4 55 84 9b 14 a0 7f 56 83 29 c7 f6 a8 6b 63 6b 46 ff 02 db a3 9e 72 99 13 ed fa 65 da 84 6c d1 54 1b 74 1e f1 eb 6e 3c 0e a0 ee 46 0a 6a 05 55 37 f2 41 55 4b 89 15 a8 00 95 26 ec 8d a0 70 b4 38 1c 95 89 fc b0 98 40 4f fb 7b 3f b9 f5 19 a9 10 da df 2b 59 46 6a 4b a5 2b d0 46 d7 7b a0 bd 98 e1 64 fa 30 e1 f7 a6 b7 28 46 c1 5a e0 14 0c 59 8e b3 5b 9a d8 63 0e e6 13 f6 04 4d 92 ca 84 ea 58 ec 09 45 12 d1 99 c0 cb fa 34 9f fc 45 a6 d2 9e 4e f0 5d 65 a8 93 85 3d 27 97 a9 02 50 eb af 4b 06 08 a5 f2 53 81 3b a4 76 49 a7 98 05 98 d1 39 a0 0a ce b6 b1 5d 68 67 e4 d3 0a 88 ca ac 3f d3 65 ca 85 c4 49 9e be 5c 81 b7 b8 73 68 d5 b3 47 c0 25 26 f7 43 74 12 46 61 61 4e 07 d4
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 148Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 6d ce b1 0a c2 30 10 80 e1 dd a7 38 d3 a1 0d 48 6e d7 b4 4f d2 a5 24 57 0d 1c b9 70 49 29 be bd 22 2e 62 d7 8f 7f f8 7d 0d 9a 4a 9b d2 3a ec 29 47 d9 1d 4b 58 5a 92 ec 1e 4a ab 4b 39 f0 16 a9 0e a6 33 d6 c2 51 03 e3 21 3b a5 c2 4b a0 01 67 9c bb 19 f1 7e e9 bb de fe f2 3f 7e 08 7b 7b f3 f8 5d 3b f9 a2 04 b5 3d 99 46 13 84 45 af 4a d1 4c 41 36 8e 90 a5 41 59 b4 12 6c ca 70 f6 f8 8e a7 17 14 27 db 9a d6 00 00 00 Data Ascii: m08HnO$WpI)".b}J:)GKXZJK93Q!;Kg~?~{{];=FEJLA6AYlp'
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "2bcc5-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 16949Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d fb 93 e3 36 92 e6 ef 8e f0 ff c0 dd 0e 6f b8 fb 4a 5d e2 4b 8f ea b8 8b 9d f1 4e 8f 2f ce 3b 3b 37 ed db fd 51 41 49 54 95 6c 49 54 48 aa 7e d8 b1 ff fb 11 7c e2 91 99 00 48 4a a2 da d5 b5 3b ee 66 49 04 90 00 12 89 cc ef cb fc f6 9b 6f bf b9 7f f3 ed 37 6f 9c f7 9b e8 f4 f7 68 f1 ab f3 e3 cf ff fe 93 f3 9f 01 7b f6 43 b2 ff 72 58 3f 3e 9d 1c 6f e8 86 ce df d7 9f df 27 87 13 fb cd a7 4f 9f de ee d7 9f 57 e9 3f df 2e 92 2d 7b e4 8e ef 87 93 7b f6 c1 6f bf c9 7f 5c 67 e0 fc 2d 39 6c a3 cd b7 df fc 1c cd 37 b1 93 ac d2 77 ee 4e f1 2e 7d c9 ff b4 fe f3 ed 37 4e fa e7 ef d1 e1 e4 0c 1f 1c e7 d5 bf af 8f 0b ee 99 cb 9e fd 18 47 cb f8 c0 3d f5 d8 53 d6 68 b4 38 71 8f 7d f6 f8 7d 1c 9d 9e 0f f1 91 7b 1e b0 e7 1f e2 c3 c7 f5 42 78 1e 66 af d9 ac d3 ae f3 8f 47 ec f1 cf f1 f1 b4 de 26 bb 75 b4 e1 7f 37 86 5b 9e 64 2d 27 c9 89 75 b3 99 18 de dc b3 59 1b 0c 06 92 30 9c ec 4f fa 9c 7d 60 bd 3a 44 db f8 ed c2 75 7e cf 5b 9f 27 87 54 34 0f bb 64 17 bf cb 9f 24 1f e3 c3 6a 93 7c 7a 78 5a 2f 97 f1 ae 78 fa 14 b3 29 7f f0 86 fb cf c5 93 4f eb e5 e9 e9 21 4c 1f 7c fb cd 7f b3 4e bf fd b8 5e c6 c9 7f 1d a2 fd 3e 3e 94 ef df 27 c7 f5 69 9d ec 1e 9c 43 9c 2e a6 f5 c7 b2 99 7d b4 5c ae 77 8f 83 79 72 3a 25 db 07 27 1c bd f5 c2 ef de 39 f7 e9 a2 19 3d 4c 1d d6 5b fe 73 a7 64 ff e0 78 61 d5 7c d1 21 67 f8 0e 6c fe 7f 39 f9 50 d5 7e 44 f3 63 b2 79 3e 95 fd c8 de 3b 2c fe b1 89 57 a7 fa 5f f9 08 1d 77 38 fc ce f9 a7 f5 76 9f ae eb 68 77 92 da 57 7f 0b f6 e6 6d d6 9b 1f 98 70 b5 5d 2a 7a 51 0d 35 ef a2 24 f8 ac 61 a0 2f c5 a3 79 ba 6b 1f 0f c9 f3 6e f9 e0 14 93 9b f7 eb 18 2f 58 a3 b3 7d b2 4e f7 5c da 19 67 b9 3e ee 37 d1 97 e2 73 4e f1 b1 64 91 ae dc d9 fc 39 9d 9d 5d d9 e3 c1 a7 78 fe eb fa 34 38 1d a2 5d d1 f7 68 b3 71 de 7a 47 67 b3 de c5 d1 a1 68 7c b0 4d 7e 33 f8 d0 51 ff 99 44 fb 91 74 a9 46 a7 87 4c 21 15 4f b6 d1 e1 71 bd 1b 64 52 1c d7 ab 53 18 d1 c3 13 3f 13 c9 3e 5a ac 4f 5f 1e de 8e 8b 0f 73 fb 88 53 20 c2 4e 2a 35 dd 6c 97 29 b3 99 eb bc 7d ca 3e 35 3b 9e be 6c aa 75 57 cf c3 60 91 6c 92 c3 c3 ab d5 6a f5 4e 5d da 9e 57 cd af b4 33 dc 7a cd cf 93 cf 83 e3 53 b4 4c 37 e7 d0 19 f8 fb cf ce e1 71 1e 7d 3f bc cb 7e de ba e1 6b 67 bd 3b c6 a7 72 c8 6a 17 57 b9 e6 fe 5d 91 1d fe 95 a7 53 fc f9 24 0e aa 18 49 34 65 3f e5 3c a4 3a 6d 70 5c ff 16 3f b8 41 d5 61 74 72 b2 47 fc d0 78 59 84 f5 a4 a9 dd 39 a6 aa 69 b6 4a 05 dd cb 45 49 f4 fb ab db 50 9a 31 6a b6 18 f0 f5 2f 27 49 3c 6a 57 0a 4d e7 7b 92 36 e4 1e 70 9a ef f9 b0 f9 fe 9f df be bd 5f 6f a3 c7 f8 78 5f 74 6f bd 48 76 c7 fb 2f a7 b7 fb dd e3 3f bf b6 1d 63 d5 49 71 7c 6a 57 4d fb 91 3c 9f 9e e7 f1 20 7b 5b de 25 bc f1 d3 a7 f5 29 55

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/base.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/skeleton.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/landings.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/layout_1.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/box.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/main.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/pixicon.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /un/1256_md/15/697/31/0/0 HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/star.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/1.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/2.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/3.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/1.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/star.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/machine.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/domains-that-never-sleep.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/3.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/2.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/website-builder.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/logo_2.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: iamcosless.xyz
Source: global traffic	DNS traffic detected: DNS query: copperswing.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: cooperswing.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49758 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.troj.win@30/37@39/70

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1980,i,3125285047739233221,18165284228548967673,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1980,i,3125285047739233221,18165284228548967673,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.35	unknown	United States	15169	GOOGLEUS	false
142.250.110.84	unknown	United States	15169	GOOGLEUS	false
142.250.185.78	unknown	United States	15169	GOOGLEUS	false
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
142.250.186.78	play.google.com	United States	15169	GOOGLEUS	false
172.217.16.202	unknown	United States	15169	GOOGLEUS	false
185.80.128.253	iamcosless.xyz	Lithuania	61053	VPSNET-ASLT	true
172.217.16.219	unknown	United States	15169	GOOGLEUS	false
216.58.206.78	unknown	United States	15169	GOOGLEUS	false
172.217.18.3	unknown	United States	15169	GOOGLEUS	false
8.8.8.8	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.18.110	plus.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
iamcosless.xyz	185.80.128.253	true
google.com	216.58.206.46	true
plus.l.google.com	172.217.18.110	true
play.google.com	142.250.186.78	true
www.google.com	142.250.184.196	true
copperswing.com	unknown	unknown
apis.google.com	unknown	unknown
cooperswing.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
http://iamcosless.xyz/stylesheets/skeleton.css	false	unknown
http://iamcosless.xyz/un/1256_md/15/697/31/0/0	false	unknown
http://iamcosless.xyz/images/1_normal/logo_2.png	false	unknown
http://iamcosless.xyz/images/1_normal/3.png	false	unknown
http://iamcosless.xyz/stylesheets/pixicon.css	false	unknown
http://iamcosless.xyz/stylesheets/box.css	false	unknown
http://iamcosless.xyz/images/1_normal/domains-that-never-sleep.png	false	unknown
http://iamcosless.xyz/images/1_normal/website-builder.png	false	unknown
http://iamcosless.xyz/images/1_normal/1.png	false	unknown
http://iamcosless.xyz/	false	unknown
http://iamcosless.xyz/images/1_normal/machine.png	false	unknown
http://iamcosless.xyz/stylesheets/main.css	false	unknown
http://iamcosless.xyz/stylesheets/landings.css	false	unknown
http://iamcosless.xyz/stylesheets/base.css	false	unknown
http://iamcosless.xyz/images/1_normal/2.png	false	unknown
http://iamcosless.xyz/stylesheets/layout_1.css	false	unknown
http://iamcosless.xyz/images/1_normal/star.png	false	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:39:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	216B832418D0089F2D5919E40FEE1A0F	A9E86DE3EA678DC8F58B91A73C2F2A8436F4307C	7A92B5B04295924552DD7ACA51C6180E1C90FD6EF9BF279F613AA53E301D7BB1
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:39:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	1254AFA43E1510280813FAE06B774248	8749ACCC3BD4769AE8F14FC5F27BE93A39A8470D	49CB5A0B43352511D03835084FD9BABD5B0FD8EA33A657E1DAF237119FBCA4F4
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	5BC4453F3C6A87BBF0853046D2A8E19C	0086B3B36F742AE541F722F53F5B6A8D5EC28B27	98F56F934BCACC8CB408FBC5D10F9D30F956661A92E2F2E836508830CEC29EBA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:39:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	902E513EAEC91324C26F92B6EC080E08	89F61A487C796BD80BFCBA41301AD40B4E2825E2	7F82A665CA69F28C674179CDBA36F05099A01B23B95ECEA26BC23C94B7A09FAF
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:39:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E58A9F30B4AE3D3EA2894DF9632B5F61	AE7128CEEC6FA7B8A7524567FD90AEF4A3385E46	8CBBF40F6ACFFD809264EEC82AAB59E7667075871F83011643D1B7F6FC805DDE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:39:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E790BE7F765BC47E4C0158FC2B0EB8EF	092326571FFBE59802A27FAA743CB64B1BC66A82	E5A1EDAA74EBDAAA159BB5064789CBD0BA9E52387991EA6782FE2BDDB243D977
Chrome Cache Entry: 60	gzip compressed data, from Unix, original size modulo 2^32 34908	4320C4407CE7F7B67D3B0FCDDD1406B8	3773169CCC1D033057F1328C155A8A639EA3ADEF	6AFD673226CAC1939D07657DED79AB022783080E026B6C8843AB2E7643ADCF17
Chrome Cache Entry: 62	gzip compressed data, from Unix, original size modulo 2^32 24159	77689B41EF61ADB6B3A3D45AF81A24BC	885BE0F5567C0E08457F4EB1308D90D6636066F3	9109F4E31B4F3AC689FD2026EB06DE29FE6FA6F137CEF05E194E26E3D232FBCE
Chrome Cache Entry: 63	HTML document, ASCII text, with no line terminators	2DADD3CB72B089372A47E77366D810D6	48FDF5434963A0A410899D45EABB50254677866B	F3BAA6109C5F2F72E6AC870B416B53C5324E3FECDF0D90FE4D46D2EEDE31CAEA
Chrome Cache Entry: 64	ASCII text, with very long lines (796)	74E782E7B2C591B06A75BCB16633ED2A	7FC3C3E4714029144DDB99A9AAE8168F5B006B81	433EEA599622E1648CE37BB224E0465CBFD7701424AC51B9636FA3BA2E0692AE
Chrome Cache Entry: 65	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced	814611B9F26D4F4E63A24BBE5A5C2852	792CBF6B784D74F6B83E5FE34C0605DF45C23347	6DBDEA804FCE3407D4A9F36F99D6CCEF79888533D0DF5F016361ED9651A79699
Chrome Cache Entry: 66	ASCII text	6FED308183D5DFC421602548615204AF	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
Chrome Cache Entry: 67	gzip compressed data, from Unix, original size modulo 2^32 6344	4C74BB118DABD92AF268075E27F9CAF7	7C637C97CEB8188CEE2494282A0997C6B513E7A4	2E52DD46D09095564259539493533D5BB836C2CD8BE4FCB3601A39D2A46D98DC
Chrome Cache Entry: 68	gzip compressed data, from Unix, original size modulo 2^32 179397	5E2EC0A85D573B5CF6D3941AA45C5E32	EEDC3FAE00656B2789787CCE2171ABEA38BCC1F1	0377C8336D00B6B4BDCA27E51B3511E6175ED33C49B0C5673412AD7C3208DFAC
Chrome Cache Entry: 69	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced	B3AC347DBADD87CCA3F2FAE2B0A33D68	FF2304FB427AE6D0411C7D2C229BF06397674293	3E01BF2E5DBAA6EF53A54298D5D6EABC1C7FDFC5121B44B92102E531D54B670A
Chrome Cache Entry: 70	ASCII text, with very long lines (1885)	C299A572DF117831926BC3A0A25BA255	673F2AC4C7A41AB95FB14E2687666E81BC731E95	F847294692483E4B7666C0F98CBE2BD03B86AE27B721CAE332FEB26223DDE9FC
Chrome Cache Entry: 71	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3	FC75CCD472B2FB888D109518563F30D9	83DDE8978C289E380E3744FA9DCABE752857152A	8208B6F6D8F4434669EB2681B8D32186C08B37514F9B608D16B59D70AB9088F5
Chrome Cache Entry: 72	ASCII text, with very long lines (65531)	B6EC6E381A7CD92D36527C7E73E573BA	8502C1E0A5E65964A2906C87E2E397093BC35772	BC93D983D7B3B40F20E9CB858699C9B75E44A9CEAC03B00B2ADB25E27B0192DF
Chrome Cache Entry: 73	ASCII text	C6851349C0CC4E93E05C8D66A0326380	AA6B08B1EED8ECF94903592A517B1914F67AB576	8475DC5DB140A947EAB89434596BDFF82A3C5E7561E4C5E6594CA7F7E674407B
Chrome Cache Entry: 74	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3	231A46FEE91EF8C3DEBCE32F7604720D	29ABD6294CB51631D5F1009853505FB80266A92E	F0CD26BE3D7EF29D072528E2493D53B985A813D2BB2E9F8B5CE2D22E1E3CC1B6
Chrome Cache Entry: 75	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3	28BCC6BCD610E874872A0B170F82442B	0C973A805634F1BA09A05A67C1D4DE9AC13E8584	AD3E504EBCF71912F8DBB4760151A22EB63AF8BADA7A6A60B1EB0E15D793792D
Chrome Cache Entry: 77	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3	095394A5F7D171AB5A4D7EB5251D39EE	D33F27AFCB5BB72C85F3F44F0B806508C70EDA8D	29066DF86F65F174B0EFFA68CB4001B4DB3F9A9AFA803007A4D3E91C5234C8AE
Chrome Cache Entry: 78	gzip compressed data, from Unix, original size modulo 2^32 16160	26DE018FC41DF8482712D1D96938B637	F676979C1DB8CBE438BDBD305E6A235AFD8C94B9	DAA9E13DC10B842B06513F9C56FB28D0BFE6B429E62F26658B268876DD26A8C0
Chrome Cache Entry: 79	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3	09043EC89F9B5B8BC59D420DC3545E85	88F1AC7E0A0519933F1903FB21726C85C44DB777	820BF549A2F6376104BC619E00B7E58EEF4234885A69A53F329912EF4D5E5091
Chrome Cache Entry: 80	SVG Scalable Vector Graphics image	554640F465EB3ED903B543DAE0A1BCAC	E0E6E2C8939008217EB76A3B3282CA75F3DC401A	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
Chrome Cache Entry: 82	gzip compressed data, from Unix, original size modulo 2^32 9843	72A33CD04BFA1377E187C487CA363F43	0F39F9D30AFDE4447183F1B0173F2C8952EB9D6B	A634A35C45CE40C4D5B7CEEF5722E61D8D400F6FF638266181E16DD12006D9EC
Chrome Cache Entry: 83	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced	86B24A4AB1229A93AA8C9F8BF984FC15	3D76578C06FA99C3FAC818D732587EB707BF0041	40CD6605441A70EE70288F67DA0B2CEA693A70F33F1868D6F9FE1B79F0529E4B
Chrome Cache Entry: 84	PNG image data, 512 x 512, 8-bit colormap, non-interlaced	D00247DC3EDAF691912B25E87FA7992A	447A83F3369B3A3DCC355A61A9F1760D15F8AFDA	6B9B8C1A720EE221A4F9F67CE320749AC17317741D0CD5E74F4D4528E59DB5E5
Chrome Cache Entry: 85	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3	5AE5A048E6F37F3AD26DD9972B18E3D0	043E8AF0CD010A8AFBC86F9CBF0EC01B8A878141	D6FD1ADD84C343CAEFE2F63B4AC4E8F3F5C7EBC1D038EF8203B48EAAB9FBA9A6
Chrome Cache Entry: 86	ASCII text, with very long lines (3470)	1E1650D5265FCED6DD8697119E823A15	0025E35E93E0016910F0EEC9382AF1B5D14571C5	15EE3F2F907F45FF9776B62361BE1D61F632965708FECE02665C9E323FB9F932
Chrome Cache Entry: 87	ASCII text, with very long lines (2287)	7E72E82308A3FBA94B275631316B47EC	30C09510C11E807FA7D9D14246CD24574BC373A4	EA3EC3E26DDD02EA022418261A6CFC6DBFB5B994DC064BAA8D14C448ED96649C
Chrome Cache Entry: 88	PNG image data, 64 x 10, 8-bit colormap, non-interlaced	6D8EEB32E1E6B7C2A17405D2AF397606	0028BC31FF6F5742BE90761F802BEFB766296E28	B4B609D361976491914F5B2861F6C72DC805F11BA1FFFC84331CB536D99B7ACB
Chrome Cache Entry: 89	gzip compressed data, from Unix, original size modulo 2^32 9246	67D1BBA27EAE7F8E7490E0962658371C	A024B0745B36071736CCAC079EAA16C545B93AA1	752B49880134DF4D5B06FDE3D539766DE24935AF716076DB881631DFC55CD349
Chrome Cache Entry: 90	gzip compressed data, from Unix, original size modulo 2^32 214	B06CE0387CC1C4DD302CB73C267BC626	041AE42DBDF58A63B890C00804A2D5A6983E20B5	84774A37A66E6579A40C25FECCD4DCCF2C872E3FE40DAFD1536B3FDD5667E76B
Chrome Cache Entry: 91	ASCII text, with very long lines (5162), with no line terminators	6776548F23C2A44FBD3C7343F0CB43E1	1E6871D4196BB00F0D161D5DC8872A8D940CEC30	DDFC74A717ADCA6E6DB1BCF58D64FF7205F52BA4B61617A0137045088622C86E
Chrome Cache Entry: 92	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3	83ED130BFDF0EF58F440FB441E537904	3B95468D2334ED9BD1764C943F9AF86D523CB0C6	F727EBE253D8002533DA2DDB05A3391A786FC47B85AF320AC54E3718A4C3CD9C
Chrome Cache Entry: 93	ASCII text	9FAE2B6737B98261777262B14B586F28	79C894898B2CED39335EB0003C18B27AA8C6DDCD	F55F6B26E77DF6647E544AE5B45892DCEA380B7A6D2BFAA1E023EA112CE81E73

Phishing

Yara detected Phisher

Source: Yara match

File source: dropped/chromecache_63, type: DROPPED

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49758 version: TLS 1.2

Networking

Performs DNS queries to domains with low reputation

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: iamcosless.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: iamcosless.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: iamcosless.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: iamcosless.xyz

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:15 GMTServer: Apache/2.4.52 (Ubuntu)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 2819Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 5b 7b 6f db 38 12 ff 7f 81 fb 0e 5c f7 b0 69 6f 23 cb 4e 9a 66 37 75 72 e8 23 7b 0d ae 6d 16 4d 8a 45 81 02 02 25 8d 25 26 94 a8 92 94 1d ed a7 bf 21 25 39 b2 e3 87 ec 24 6d 6e b7 06 9a 5a 34 39 43 ce e3 c7 e1 70 34 50 81 64 99 3e 62 c3 c7 63 96 86 62 dc e5 22 a0 9a 89 b4 1b 4b 18 76 59 1a f0 3c 04 f5 b8 f3 a8 f3 e4 09 99 d7 87 1c ce 6d ee 4a c8 38 0d e0 b1 fb d9 fd fc e8 b3 eb 46 db 5b 8f b6 9e 4c 37 df 6c b4 4d ee d6 93 e7 03 b7 9a da 0f 83 1f 5f 9f be 3a ff f4 fb 31 89 75 c2 8f fe f1 c3 c0 fc 4f 38 4d a3 c3 0e a4 1d 6c 21 f8 19 c4 40 c3 ea bb 7d 4e 40 53 12 c4 54 2a d0 87 9d 5c 0f 9d 5f 3a cd df 35 d3 1c 8e 4e 5e bc 7b 75 7a f6 f6 f8 ec 6c e0 96 2d b3 24 52 9a c0 61 07 85 60 e7 83 eb eb 90 40 a4 1a 52 a4 da 59 d0 9b e6 3a 16 b2 45 c7 11 83 71 26 a4 6e 74 1d b3 50 c7 87 21 8c 58 00 8e 7d d8 26 2c 65 9a 51 ee a8 80 72 38 ec 6f 93 84 5e b1 24 4f ea 86 29 f2 9c a5 97 44 02 3f ec 28 5d 70 50 31 00 d2 37 4a 69 b6 28 d7 a7 0a ba 81 52 1b 0d 56 97 c0 41 a3 b2 37 25 80 fa 0b 59 1a a9 5b 10 28 44 ae bd fe c6 04 7c 71 b5 f1 d8 84 b2 cd 97 9e b1 2b 16 2c 17 1d 5a 8f 0e 72 4d 4c bf 9a 04 4b 68 04 ca 1d d2 91 1d 8d 7f 16 8c a6 59 c6 c1 d1 22 0f 62 67 0e 81 d9 9f bb 59 1a b5 a6 a4 d8 9f a0 0e 3b fb 3b 57 fb 3b 2b e8 3a b6 d3 26 d4 fb fd a7 57 f8 6f 15 fd aa 5b 93 c3 c0 6d c0 c0 c0 17 61 d1 64 1d b2 11 09 38 55 c8 02 75 30 44 19 7b a9 90 09 e5 de 94 07 cd f6 35 24 41 7a 56 85 b3 fd 66 fb 1a 37 46 db 00 39 af e3 6c 67 c5 ae 34 40 8a be cf f3 24 55 8b 86 d8 61 2c 89 88 9d 41 85 10 07 64 b7 97 5d 3d 47 99 c9 60 22 a2 7e b5 1e 57 69 2a ad 5c 08 e5 33 f0 73 83 b2 ca 68 5a 93 4e a8 8c 58 8a 42 ce 0e 88 d3 7f 8a 0c 42 a6 10 9c 8b 03 c4 20 d4 1c 38 3e c2 fc e5 f3 18 58 14 eb 03 b2 8f 3d 86 b8 64 c7 68 ee 80 ec d8 29 4d 81 aa a1 be 8c 3b ad 94 fc a8 33 91 0a 17 63 6f 88 22 27 85 f6 fc 5c 23 ca 74 8e 06 2e dd 94 8a 1e 33 ad 51 7f 77 40 6a 88 bb 94 2f c4 65 5b 5a 4d 23 d2 70 a5 6b 1b 3a d3 b4 30 88 9f 42 a0 21 1c b8 d8 6f 91 b9 2c f8 6d 5e fb 6c db 8d e7 0d ed 3f 43 db ba 7f eb 2f 77 c0 6b 19 b5 13 ab dd b3 57 0f 31 9f 6b ab 24 27 67 e4 cd f1 87 e3 25 2c 96 a8 e4 c6 3a 72 7f 8d 59 bc 13 12 4d 32 46 97 eb f7 48 9e b2 2f 39 90 37 e7 ef de 12 0d 09 3a 9a 06 85 9e 46 44 0a c4 cf d3 90 03 61 2a dd d2 66 84 26 74 0c 4a 24 80 01 97 8e 09 25 5c 68 22 86 64 08 54 e7 12 c7 e1 8e 4a 22 89 4f 04 a3 15 16 a5 c4 97 22 47 37 25 5a 10 dc 2b 89 5f 34 64 d0 bd 9b c5 03 ee 84 dc 43 11 98 f0 c8 5f b9 fa 01 1a 5d 42 58 58 99 4a a0 3d d3 d0 21 68 8e 0e b6 0c 99 4c d0 55 58 18 42 ea 61 1b da 65 cd c8 f4 43 6b f5 32 1a 9a b8 61 15 23 cb 8c a5 19 ee a1 ba c8 a0 9a 68 a7 0a bb aa 07 33 8f ea eb b5 5b 78 c6 08 71 46 26 22 8d 05 47 e4 3f ec 1c a3 65 4a f2 49 e4 92 1c 97 fd 25 7c c9 99 84 b0 cd 34 4a b0 a8 e6
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "241e-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 2570Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 1a 6b 73 db b8 f1 b3 f4 2b 50 67 ee 12 27 12 4d 52 92 ed 48 93 69 93 cc 65 9a e9 a5 d7 69 32 ed 87 de 4d 06 22 41 09 67 92 a0 09 d0 b6 92 c9 7f ef 2e 00 52 7c 5a b2 c7 b6 f9 c2 2e 76 17 fb c2 02 f0 d9 cb f1 4b f2 e1 d7 b7 5f fe f5 f6 fd 3f c8 7f e6 8e 07 df b7 b7 b7 4e c6 ef 22 91 2b 27 10 09 b4 f8 af cf dc cb 33 df f5 16 e3 97 67 e3 f1 f8 ec 25 f9 42 d7 31 23 22 22 ef 45 aa 58 aa c6 6f 1e fc 33 1e 3d fb 37 93 4c 91 9f c9 3b 2a 79 20 a1 41 bf 90 cf 6a 17 33 fc fc cc 15 db 7f 7d d9 65 62 93 d3 6c bb 83 8f 5f 79 7a 25 f5 53 2a 7c 7e 4c e8 46 63 bd 2b 94 12 29 be 7d 10 79 82 cf 4f 5c 06 a4 14 bc c5 93 bc f8 98 ca 8c e7 2c 24 eb 1d f9 c5 21 9f d8 8e e5 f2 f4 11 e3 41 16 a3 bf f1 24 03 c5 91 93 ad 52 d9 f2 ec 2c 02 f5 48 67 23 c4 26 66 34 e3 12 35 7a 16 48 f9 d7 88 26 3c de bd f9 2d 63 e9 ab cf 34 95 cb b9 eb 4e 16 ae cb 15 8d 79 30 b9 80 2f 68 39 59 8d 47 5b 95 c4 13 b2 16 e1 6e 42 42 7e 33 21 32 a3 e9 84 d0 2c 8b 99 9a 10 b1 fe 93 05 f0 e4 51 4e 13 36 21 5b 0f 2e 1f ae 19 5c 73 b8 16 70 9d 4f 48 06 34 62 11 5c 5d 17 42 01 5a 96 c3 8d c2 df 7a 9d c3 3d c8 45 ba 4b e0 25 0c 73 26 25 e0 f2 cd 84 04 1c 51 03 11 c2 3d 64 20 45 18 01 67 06 78 3c 01 30 4f 01 f1 6a 1d 4e c8 35 48 05 7f 34 01 2e 32 a1 31 a0 4a 95 f3 2b a6 9f 22 05 64 59 ac f1 06 08 0a a4 bd a1 c0 15 1a 0a a0 02 1c c0 83 18 34 84 c8 02 a0 21 90 14 f0 5e c0 15 03 3c e2 2c 0e 25 8e 16 bc 12 b8 c7 74 8d d2 c4 6c c3 52 40 55 e8 8c 40 85 66 8a 0b 10 50 19 65 a9 48 08 e8 a2 b6 8c 22 52 8e af 70 c1 3b cd 15 0f b0 0b f8 40 a8 7b a6 37 54 e2 18 15 e5 b1 c4 21 ae 59 88 7c 37 05 ea 09 9e 15 71 24 8a b2 22 55 fd dc e4 02 47 95 b0 14 06 93 52 30 90 28 54 56 00 e7 bc 58 83 18 12 cc a3 7b ca 22 49 68 8e 82 71 34 14 bc 5f 81 04 45 c8 05 e8 03 e4 10 e4 fb 78 34 82 e6 0d 4f 97 c4 05 d3 8f 32 b0 07 4f 37 f6 6b 2d 72 60 69 3f d0 b3 a6 92 7f 63 4b e2 b9 ee 4f 65 d3 12 ac b2 65 39 57 d8 70 c3 70 a0 34 9e 82 4f 6d 80 e6 9a 4a 16 f3 94 ad c8 8f f1 a8 ad 84 6a f0 8d d1 96 1a 38 3c 6a 3b 4e 3d 88 90 cb 2c a6 bb a5 71 39 cd 0e 6d a2 61 28 c0 74 cb f8 66 0b c2 7a 1a 66 6c 6d a1 12 86 85 21 bf 24 a9 b0 a2 d6 1d f7 5a a3 e9 0f d9 8b b2 5c 33 f0 12 56 77 f7 25 8d 50 fa f1 e8 ba 02 5e 9b 36 4d 2c 30 39 6c 49 9e 3f 5f d5 3f 2b e2 da c1 34 aa 31 c1 34 10 71 4c 33 09 32 96 6f 7b fb 4c 21 3e 03 6b 34 e8 6c b2 4e 23 b1 3d 32 b7 a0 06 b5 0c 34 b8 42 f5 a7 e1 92 3c 8b a2 a8 ed 0d e7 d9 dd aa a1 64 7f 0e 2d 25 92 49 3c 30 56 4c 3d 04 53 cf f3 89 84 fb 54 82 d7 44 e4 2f 26 81 d1 54 19 55 c4 02 1c ee d9 7c 3e c7 cf e9 2d 5b 5f 71 a0 a1 b9 25 e0 13 5b 3d 50 c0 e6 e0 62 e0 5d e1 8a c0 70 3f f0 3b 8c 54 62 d0 49 0e 51 0a c4 d3 8d 1e 46 45 45 b1 3b 23 f3 94 86 7f 16
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "885c-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 7132Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 3d 6b 73 e3 36 92 9f 9d aa f9 0f b8 9d 4a ed 78 ca 92 f8 d4 b3 ee ea 72 93 cd a3 2a c9 e5 92 d4 d6 dd 27 16 45 51 12 d7 14 a9 25 29 db 93 29 ff f7 c3 1b 8d 07 29 d9 e3 d9 4c e2 d8 23 81 40 77 a3 d1 68 74 37 80 e6 e4 ed ab 2f de a2 6f ca b4 fb 39 cd 6e d1 77 bf fd f8 03 fa 7b 34 f6 49 e9 bb fa f8 be 29 76 fb 0e 05 9e 1f a3 9f 8b 87 6f ea a6 23 4f ee ef ef c7 c7 e2 61 8b bf 8e b3 fa 40 8a 82 c5 c4 9b 4f 48 45 fc 6d f2 ea 0b f6 33 79 3b 1a 8d d0 cf 69 d3 21 6f 89 d0 eb 1f 8b 36 43 f4 3f 5c 4e aa 8d 37 79 7b 9b 30 2c 1f 50 97 3f 74 a3 b4 2c 76 d5 12 d1 b2 15 7a 14 75 ca 7c 6b 56 21 45 b4 06 43 85 09 44 3e 01 7a 25 88 4b f0 bf 89 8f c6 5d de 16 49 db bd 2f 73 0c 61 8d 3b ba 6b ea 53 b5 59 a2 d7 71 96 46 db 6c 75 4c 37 9b a2 da 2d 51 e4 1d 1f 90 b7 82 58 b2 bc ea f2 86 e2 b1 00 ff 73 54 64 75 85 81 72 00 a3 75 dd 75 f5 61 89 42 0c 87 36 41 93 b7 e8 b7 bc ed 0e 75 55 a4 25 fa 35 cf ba 02 b7 78 57 a6 6d 8b fa 88 ed 0a 56 bd d5 fb 0b 29 c1 ff 63 c8 ff 73 aa bb 1c c3 7f e8 dc b0 fe 49 9e 8f 08 8c 0f f8 e9 55 56 97 75 b3 7c bd dd 6e 57 e4 eb b6 ae ba 51 5b fc 9e 2f 83 39 26 57 16 dd 13 d6 2f d7 75 b9 a1 65 65 51 e5 a3 7d 4e 0b 51 18 b3 9a 26 0d 5f d7 5d 4f 7f 18 0d 1b fc 1c d0 d0 ec d6 e9 9b 20 8e 6f c4 af 37 9e 5d bf 38 51 bf 15 1d 1e 72 2a 67 6e c6 90 e7 c3 9c f1 2f 27 c2 a3 35 19 0d 92 84 1f 8a ea 76 80 02 0c e1 16 10 80 1c 7c 99 9b 7c f1 23 17 a2 ef 89 20 7e 7f 48 77 ce 0e bf 2e 8f a3 63 7d 18 15 a4 c2 68 1e 7d 40 f5 31 cd 8a ee fd d2 1b c7 72 0e 89 59 14 58 10 02 34 de e7 e9 26 6f 12 df 3d 91 08 e7 d6 f5 c3 a8 dd a7 9b fa 7e 89 3c 34 0a c9 54 c2 3f b4 4f de 0d fd 19 fb d7 a8 a8 da 5c cc 5b 2a ed 88 a0 4a ee 8a 4d 5e 27 9b e2 8e f2 e3 58 b7 05 99 29 4b b4 2d 1e 72 c6 ee df 47 45 b5 c9 1f 96 68 14 78 1e fa b7 e2 70 c4 e4 a5 15 86 85 c8 e3 ae 3e 62 bc 2b a6 39 e8 27 31 1b f1 47 a2 2b c8 07 52 b1 be cb 9b 6d 49 a8 dc 17 9b 4d 5e 31 66 32 52 28 15 b8 73 3a 0d e9 ba ad cb 53 97 af 00 1e f2 51 a2 22 5f 14 36 2a 1b 00 e1 a1 a8 b0 e8 6c ba fd 12 f9 9e f7 a5 2c 13 a2 23 0b 79 a5 f4 d4 d5 f4 bb a8 20 0b 7a 59 40 09 00 03 72 6a ca 37 7f 9d 4c 36 f9 a1 6e bb 7d 5e e5 ed b8 a8 b6 f5 04 ab 9d bc 6b 27 54 0e da c9 b1 c6 02 98 8e ff 71 dc fd f5 1a 55 f5 a8 c9 8f 79 6a 02 1b a5 5d 97 66 fb 03 d6 3e 4b d4 66 4d 5d 96 26 e6 7a fd 0f ac d8 46 db 02 d7 c8 08 7b 69 e9 e8 3e 5f df 16 dd 08 80 a2 02 0c ab 1c ea df 07 9f d7 43 4f 07 1e b9 c7 98 fd 5c 31 49 47 af ff 4e 07 9b eb e4 57 5f fc fb 93 ff 63 1a ef 6a bc 4f db 91 90 1c 29 35 4d 8e 97 d5 e2 2e 5f 21 49 0c a7 85 6a 70 aa 28 93 ed a9 2c 13 cc d4 3c c7 cb 88 29 13 90 cd 8f 06 a2 71 cb c8 4e 2c bc 4a 5a 91 98 12 42 18 91 25 75 c8 94 4d 64 71 0e 21 29 75
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "5e5f-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4024Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 85 5c c1 72 e3 36 12 3d 8f bf c2 9b 1c 26 49 45 33 a2 64 81 d2 a4 b6 b2 bb 55 49 d5 5e f7 bc 17 10 04 25 44 24 c1 01 41 cb f2 56 fe 7d 01 52 b6 e3 47 3e 4c 2e 53 b1 5e 83 60 77 a3 d1 78 dd e0 3f 2a db fa 55 25 95 be ff df dd 87 db ff 34 a6 be 7e b9 ff 58 d5 d2 77 52 9d 3f fe 72 f7 a1 77 ea cb e0 ea 1f 3e 7e fa f4 39 a2 fa cf 2f bf 7e d2 d6 ff ea 9f af b9 72 1f 7f fc 36 f2 7b a3 2b f3 f4 82 bf af ac 6b a4 ff e1 a3 6e 0a 5d 96 ba 5c d9 4e b7 fe da e9 8f 3f fe 7c f7 e1 03 19 e8 62 ab ea d7 d9 18 f1 af 49 31 ef 17 a4 bc 1b f4 37 1f d8 3f 1e 6f 92 df bf 6a e5 6d 88 f0 eb f8 ea a3 fa 2e da 1c 4f fe cb 7d 1b 7f ac 5f fe da fb 6b ad df fe f8 e7 dd dd a7 ce fc 7c 6f 12 5a bf ff 9b 69 3a eb bc 6c 7d 54 6b a7 e5 39 0e d0 6a 32 66 ea f1 8f d2 99 30 ce 5f fe ec f5 93 5f 79 27 db 3e be c5 eb c0 b5 69 f5 ea 74 1b 23 fb e5 ee ee c3 e7 9f ee ff a5 bd d7 ee fe f7 30 d2 fd 7f 74 5b 6a 67 da e3 fd df df fe bb ff e9 f3 dd 87 f0 e8 e2 6c c2 9b 8c 73 6b ac f5 a7 00 fb 72 1f 9e 6b 64 6d 64 af cb f0 80 55 63 9f 57 b6 7f 9a c1 8e 4e 5e 7b 25 6b fd a2 9d 27 a3 6c bb d2 57 fd a5 d0 61 8e a3 83 86 bf 78 1d df e3 bb ff ea f5 7a fd 5d c4 be 42 3b d9 69 b7 52 b5 e9 a8 44 f6 5e a2 91 a6 a6 d8 cd 7b ac b7 c7 63 cd e7 b2 7d 8f ae e5 d5 0e 9e a2 1f 00 6d da 33 c5 ee de 63 0b 5d f3 39 0b 18 d7 2a 3e 6e fe 1e 3b b4 49 f4 fe 3d da 99 a2 b0 2d 45 1f de a3 4d 23 8f 54 75 19 98 b1 37 c7 56 d2 57 cc c0 84 5e ba a3 a6 8a ce c0 88 d1 39 0a 2b 5d 49 05 b6 28 90 50 4a 06 66 bc 48 af 4e 14 0c 76 94 c6 ad ba e0 26 14 0f b6 54 b2 d1 4e 52 34 58 f3 d1 94 da 52 30 18 b3 34 bd a2 58 30 65 17 d6 7e 08 06 0c be 01 63 36 b6 35 de 72 38 58 b3 d7 ee 31 31 38 5a d3 1e 29 14 ec 78 d2 d2 51 2f d9 3c 60 20 71 32 84 a3 8e da 72 83 b6 ac 83 cf ae fe 18 7a 6f 2a 6a d0 8d 58 12 aa 75 c5 e7 95 2f 49 28 9d 34 c0 7e 49 c6 8d 01 9d 89 80 89 0b 6b a9 cb 6f d7 b3 38 a7 5d 4f d1 68 5e 2f f9 6a da 6e 16 c0 ab 0d 85 6f d1 68 1d d7 ca 76 66 e1 b8 55 a4 a7 b3 43 d7 94 8e af ee 2d 18 f7 d9 da 66 65 68 80 dc e6 0b f0 c4 86 b1 c5 f0 ab bb 9a 3a da 16 ec a9 8c 53 b5 0e c1 66 a0 86 7a 58 2f 8a 34 a6 4d c8 64 8b 32 ea a4 b9 52 1f 70 05 df 64 9c ed f9 73 c0 d0 fd d7 41 ba 6f bc ce c3 a2 48 fa 75 d0 de 93 4c fa 75 c4 b2 4c f2 75 c0 f4 8d 09 f0 ee 14 d2 2f 2a 31 33 be b2 7c 07 7b 00 eb f7 67 d3 ad 8a 84 a3 ef d6 38 fc c5 b4 74 f8 1d 58 3d b5 85 ed 36 b8 ea 86 9e be e5 0e cd ec 2d cd e3 76 60 df 4a f6 31 ef 74 97 c4 ce be 43 fb 46 bd 7c 4b 06 ed 7b 1a aa 8a 27 81 bb 7c b6 4a b5 a4 6b 7a 07 66 ad 6c 5d f2 08 b6 03 b3 0e 4d e1 42 26 48 13 02 31 db 88 79 ba 26 30 a7 3a 69 d7 d8 46 27 b6 19 01 a6 2d 1d b7 96 40 cb 0e 7c 26 60 d8 90 7e 0d d4 3a 62 b7 00 5e 0d 5d 6d 25
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "2673-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1584Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 5a db 8e db 36 10 7d f7 57 10 db 87 24 8b 5d 5f 64 59 be 35 41 d1 04 59 14 68 da 02 49 0b 14 e8 0b 6d d1 36 11 59 14 24 da de ed 62 ff bd 43 5d a9 0b 2f ca 36 05 0a c4 d8 87 f5 70 74 38 3c 1c 0d cf c8 1a 5d 0f ae d1 c7 cf 24 20 9c 85 e8 8f c9 d0 81 ef 6f 59 f4 10 d3 fd 81 23 67 3c 99 dc a0 77 f8 4c d0 1d 3e e2 ed 81 c0 f0 e5 72 19 ee 09 4f f2 ab 86 5b 76 04 eb fb 98 10 c4 19 3a 25 04 9d 42 9f c4 88 1f 08 fa f0 d3 27 14 d0 2d 09 13 32 04 a7 03 e7 d1 6a 34 12 08 2c 02 23 3b c5 5b 32 64 f1 7e 94 3b 25 a3 23 e5 b7 c5 15 d1 21 82 8b bc 91 33 86 bf 09 84 36 1a 0c 06 a3 6b f4 09 6f 02 82 d8 0e 22 0d 39 09 79 32 78 dd fb 33 40 f0 f9 ee 47 0c e1 2e bd 31 ba 8b a9 9f 99 52 70 8e 5e fe c6 62 1e 63 ca 5f 65 e6 0f 6c 43 61 52 95 f9 67 1c fa c9 16 47 24 b7 bf 0d 08 8e 69 b8 47 69 cc 22 e8 c6 5c fd 23 4e a1 04 38 30 1e 72 4c 43 e0 d8 f8 79 44 11 4b 28 a7 2c 5c a1 98 04 98 d3 33 59 a3 0b f5 f9 61 25 82 89 ee d7 e8 88 e3 3d 85 f1 31 c2 27 ce d6 28 c2 be 0f a1 83 61 8d 9e 9a 33 c2 bf c1 e9 18 de 28 ec 89 26 92 5d c0 30 5f a1 80 ec f8 1a f9 34 89 02 fc b0 42 34 0c 00 a0 88 e2 56 8c ae d0 44 0a ec 36 cd c5 c2 96 07 14 b3 8b 79 f1 c5 c4 39 ce 86 71 ce 8e 2b c8 ea 0c 28 45 82 9d f9 85 24 9c f8 90 4c 62 01 e8 6d 80 13 48 44 c1 76 be 44 61 1e e2 20 3a e0 9b 72 99 d9 77 d5 4c d9 22 64 fa 52 0c 76 24 7b 19 23 fd ae c2 c8 57 3d 96 23 4d 53 48 a4 8f 14 5d b9 01 2c 24 ca cd a9 c6 ba 37 e8 b1 48 09 37 e5 a6 63 db f9 85 d9 21 4c c6 f2 3e c9 08 07 28 11 1a 8c 0a c1 53 20 ec a0 5e e8 82 28 11 1c 47 85 00 e9 6f 87 b0 50 20 24 f4 de 8e 87 a9 ab 42 20 67 12 da f0 e0 aa 98 24 22 35 ac 10 54 4c 86 54 9f 10 25 c2 4c c5 24 d7 ae 41 46 50 31 09 c7 87 96 88 12 c1 53 31 c9 2f 24 d0 ed 67 89 30 57 e7 24 8d 39 51 47 51 21 e8 72 d2 0a 61 a1 ce c9 9d 0e 40 42 d0 e4 a4 1d c2 d2 95 4b 5f a3 40 dc 0a 32 fc 1c 44 09 31 55 52 79 61 19 42 d2 0d 51 6d 67 b3 fe fe ba db 25 a0 27 3a 6b 5a 3a 74 bb 79 b8 85 00 db 1b 2c 8e b7 ec b0 ca 4b ae a7 2a 5f 15 10 c4 69 01 34 51 ed 96 04 24 ea 99 19 48 b5 69 15 90 48 21 73 44 8e ea 2e 90 80 a0 ba 99 81 94 3b 58 01 41 42 59 70 34 55 dd 13 12 90 b8 c5 8d 40 ae 99 ec b4 e4 99 81 cc 64 8b ca 67 5e da cc 4c 36 ef 58 58 57 42 9a 97 16 74 91 d4 02 32 93 9d 95 43 13 d0 dc 26 b3 b3 aa 68 00 b2 cb 6c 33 d0 c2 26 b3 77 6d 9c 16 d0 b2 20 3b 57 dc 6d 29 ff 0c d5 2d 84 22 e3 64 85 de 91 84 ee 43 b4 63 31 c2 59 4d 13 ad c8 dc 5b 44 f7 a5 f3 0f 47 e2 53 8c 58 18 3c a0 64 1b 8b d0 a1 41 40 2f 8f 20 ec ca 13 05 2e 78 95 9b f1 7d 61 5e ce 96 c2 fc 38 28 16 d9 4f ed cb e0 05 a5 4d 5a 65 91 d8 3d a6 53 f1 96 3a bd 3e f7 33 24 b4 ba 09 90 b1 bf 50 5a 77 2c 46 c2 4e 03 ec 84 32 f1 d2 8a bb 92 f1 4d c6 9b b2 5d 3d
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "18c8-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1795Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 58 5b 6f db 36 14 7e 5e 80 fc 07 6e c5 80 a6 8b 6c 59 b6 93 d8 41 1f dc d4 49 83 6e 4d 9b 36 45 bb 37 da a2 6d 2e b4 a8 51 74 9c 0b fa df 77 48 4a 32 29 51 76 b6 a7 39 40 6c de ce e5 3b 57 72 7f 6f 7f af fd 0a 05 be 0f 22 49 8c 2e 3f 5f 7d b9 fa 38 6e d8 f1 aa ad 8f cb c5 6a 39 41 74 89 e7 44 4f b5 cc c4 13 4a 79 46 25 e5 c9 10 09 c2 b0 a4 77 e4 14 2d b1 98 d3 24 98 70 29 f9 72 88 a2 30 bd 3f 45 fc 8e 88 19 e3 eb 21 5a d0 38 26 c9 29 fa 51 92 c1 87 a8 f8 05 3c e6 40 36 a6 59 ca f0 c3 10 4d 18 9f de 9e a2 09 17 31 11 81 c0 31 5d 65 43 4d 30 9f 92 3c 0d 18 99 c9 62 0d 75 61 d1 5a 13 74 be 70 17 2d be 39 b7 35 8d e5 62 88 3a 61 f8 ab 2d 56 8b 26 33 ee e8 88 27 19 67 2b 09 3a 2a 96 43 14 9e 22 e0 a1 bf 0b 6d e1 a7 43 8e a7 78 4a e5 83 5e 98 51 26 89 00 32 2c 5d e0 97 f9 ca eb f0 e0 14 05 6b 32 b9 a5 32 90 02 27 25 33 c6 50 2b ea 67 88 d1 84 60 01 9b 96 fc 71 c7 0e be 8b 42 b6 7d c3 d6 c5 12 99 e1 42 59 b3 c4 a7 54 b1 b3 51 31 e1 09 71 b0 4c b1 84 85 04 b6 2b 87 9a e0 e9 ed 5c f0 55 12 0f d1 4a b0 97 60 87 76 be a3 95 26 f3 83 53 e5 64 68 b3 2b 98 72 c6 81 ac 98 4f f0 cb f0 50 ff b5 7a 00 5c ca 69 02 a7 02 72 47 12 99 79 f8 4a 72 2f 6d 87 32 1b b6 9a b4 c9 94 b6 d0 2f a2 28 72 67 1c d1 8e fb 20 5b 2e f3 8b d9 6c 06 1c 71 1c d3 64 ae 68 a5 f7 8a 74 0d cd aa a4 b9 eb 57 75 c9 a4 e0 c9 bc 8c 18 33 49 96 9e 93 ca 6e c1 82 a8 00 00 b6 7d 15 34 a5 14 a1 96 a3 89 3a 10 9b f1 44 06 19 7d 24 70 34 b2 8e 96 61 ad e9 a9 33 c6 a3 66 5c c0 e4 2a 4d 89 98 e2 cc 63 03 2d a2 4d b5 a3 08 b8 32 1e 7b 45 4a 71 62 6b 47 13 7d a8 c8 0c 1e 4f ca 52 41 25 d1 8e 04 f6 0e 04 49 09 96 3e 89 5a 31 96 a4 60 50 d8 ba a7 84 70 45 b2 1c 71 e3 39 41 1f 34 40 41 67 a0 76 e4 39 4f 98 53 06 6b 4f 6a d4 d9 a2 eb d3 12 b7 40 ab db 8a 59 71 6b b6 62 4c e1 d5 90 86 0a 63 18 63 16 1a 1c 6f d3 60 07 4c 28 18 0c 06 15 0f 75 44 04 49 72 2d bb fd 2d d8 f4 9b 68 58 1a e5 74 8c f0 5e 3a 21 e0 9b 83 e9 c6 39 5e 49 ee 50 9f ac 00 89 24 28 a8 6f 80 cc 17 72 d1 7d 20 6a a3 f4 55 84 9b 14 a0 7f 56 83 29 c7 f6 a8 6b 63 6b 46 ff 02 db a3 9e 72 99 13 ed fa 65 da 84 6c d1 54 1b 74 1e f1 eb 6e 3c 0e a0 ee 46 0a 6a 05 55 37 f2 41 55 4b 89 15 a8 00 95 26 ec 8d a0 70 b4 38 1c 95 89 fc b0 98 40 4f fb 7b 3f b9 f5 19 a9 10 da df 2b 59 46 6a 4b a5 2b d0 46 d7 7b a0 bd 98 e1 64 fa 30 e1 f7 a6 b7 28 46 c1 5a e0 14 0c 59 8e b3 5b 9a d8 63 0e e6 13 f6 04 4d 92 ca 84 ea 58 ec 09 45 12 d1 99 c0 cb fa 34 9f fc 45 a6 d2 9e 4e f0 5d 65 a8 93 85 3d 27 97 a9 02 50 eb af 4b 06 08 a5 f2 53 81 3b a4 76 49 a7 98 05 98 d1 39 a0 0a ce b6 b1 5d 68 67 e4 d3 0a 88 ca ac 3f d3 65 ca 85 c4 49 9e be 5c 81 b7 b8 73 68 d5 b3 47 c0 25 26 f7 43 74 12 46 61 61 4e 07 d4
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 148Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 6d ce b1 0a c2 30 10 80 e1 dd a7 38 d3 a1 0d 48 6e d7 b4 4f d2 a5 24 57 0d 1c b9 70 49 29 be bd 22 2e 62 d7 8f 7f f8 7d 0d 9a 4a 9b d2 3a ec 29 47 d9 1d 4b 58 5a 92 ec 1e 4a ab 4b 39 f0 16 a9 0e a6 33 d6 c2 51 03 e3 21 3b a5 c2 4b a0 01 67 9c bb 19 f1 7e e9 bb de fe f2 3f 7e 08 7b 7b f3 f8 5d 3b f9 a2 04 b5 3d 99 46 13 84 45 af 4a d1 4c 41 36 8e 90 a5 41 59 b4 12 6c ca 70 f6 f8 8e a7 17 14 27 db 9a d6 00 00 00 Data Ascii: m08HnO$WpI)".b}J:)GKXZJK93Q!;Kg~?~{{];=FEJLA6AYlp'
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "2bcc5-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 16949Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d fb 93 e3 36 92 e6 ef 8e f0 ff c0 dd 0e 6f b8 fb 4a 5d e2 4b 8f ea b8 8b 9d f1 4e 8f 2f ce 3b 3b 37 ed db fd 51 41 49 54 95 6c 49 54 48 aa 7e d8 b1 ff fb 11 7c e2 91 99 00 48 4a a2 da d5 b5 3b ee 66 49 04 90 00 12 89 cc ef cb fc f6 9b 6f bf b9 7f f3 ed 37 6f 9c f7 9b e8 f4 f7 68 f1 ab f3 e3 cf ff fe 93 f3 9f 01 7b f6 43 b2 ff 72 58 3f 3e 9d 1c 6f e8 86 ce df d7 9f df 27 87 13 fb cd a7 4f 9f de ee d7 9f 57 e9 3f df 2e 92 2d 7b e4 8e ef 87 93 7b f6 c1 6f bf c9 7f 5c 67 e0 fc 2d 39 6c a3 cd b7 df fc 1c cd 37 b1 93 ac d2 77 ee 4e f1 2e 7d c9 ff b4 fe f3 ed 37 4e fa e7 ef d1 e1 e4 0c 1f 1c e7 d5 bf af 8f 0b ee 99 cb 9e fd 18 47 cb f8 c0 3d f5 d8 53 d6 68 b4 38 71 8f 7d f6 f8 7d 1c 9d 9e 0f f1 91 7b 1e b0 e7 1f e2 c3 c7 f5 42 78 1e 66 af d9 ac d3 ae f3 8f 47 ec f1 cf f1 f1 b4 de 26 bb 75 b4 e1 7f 37 86 5b 9e 64 2d 27 c9 89 75 b3 99 18 de dc b3 59 1b 0c 06 92 30 9c ec 4f fa 9c 7d 60 bd 3a 44 db f8 ed c2 75 7e cf 5b 9f 27 87 54 34 0f bb 64 17 bf cb 9f 24 1f e3 c3 6a 93 7c 7a 78 5a 2f 97 f1 ae 78 fa 14 b3 29 7f f0 86 fb cf c5 93 4f eb e5 e9 e9 21 4c 1f 7c fb cd 7f b3 4e bf fd b8 5e c6 c9 7f 1d a2 fd 3e 3e 94 ef df 27 c7 f5 69 9d ec 1e 9c 43 9c 2e a6 f5 c7 b2 99 7d b4 5c ae 77 8f 83 79 72 3a 25 db 07 27 1c bd f5 c2 ef de 39 f7 e9 a2 19 3d 4c 1d d6 5b fe 73 a7 64 ff e0 78 61 d5 7c d1 21 67 f8 0e 6c fe 7f 39 f9 50 d5 7e 44 f3 63 b2 79 3e 95 fd c8 de 3b 2c fe b1 89 57 a7 fa 5f f9 08 1d 77 38 fc ce f9 a7 f5 76 9f ae eb 68 77 92 da 57 7f 0b f6 e6 6d d6 9b 1f 98 70 b5 5d 2a 7a 51 0d 35 ef a2 24 f8 ac 61 a0 2f c5 a3 79 ba 6b 1f 0f c9 f3 6e f9 e0 14 93 9b f7 eb 18 2f 58 a3 b3 7d b2 4e f7 5c da 19 67 b9 3e ee 37 d1 97 e2 73 4e f1 b1 64 91 ae dc d9 fc 39 9d 9d 5d d9 e3 c1 a7 78 fe eb fa 34 38 1d a2 5d d1 f7 68 b3 71 de 7a 47 67 b3 de c5 d1 a1 68 7c b0 4d 7e 33 f8 d0 51 ff 99 44 fb 91 74 a9 46 a7 87 4c 21 15 4f b6 d1 e1 71 bd 1b 64 52 1c d7 ab 53 18 d1 c3 13 3f 13 c9 3e 5a ac 4f 5f 1e de 8e 8b 0f 73 fb 88 53 20 c2 4e 2a 35 dd 6c 97 29 b3 99 eb bc 7d ca 3e 35 3b 9e be 6c aa 75 57 cf c3 60 91 6c 92 c3 c3 ab d5 6a f5 4e 5d da 9e 57 cd af b4 33 dc 7a cd cf 93 cf 83 e3 53 b4 4c 37 e7 d0 19 f8 fb cf ce e1 71 1e 7d 3f bc cb 7e de ba e1 6b 67 bd 3b c6 a7 72 c8 6a 17 57 b9 e6 fe 5d 91 1d fe 95 a7 53 fc f9 24 0e aa 18 49 34 65 3f e5 3c a4 3a 6d 70 5c ff 16 3f b8 41 d5 61 74 72 b2 47 fc d0 78 59 84 f5 a4 a9 dd 39 a6 aa 69 b6 4a 05 dd cb 45 49 f4 fb ab db 50 9a 31 6a b6 18 f0 f5 2f 27 49 3c 6a 57 0a 4d e7 7b 92 36 e4 1e 70 9a ef f9 b0 f9 fe 9f df be bd 5f 6f a3 c7 f8 78 5f 74 6f bd 48 76 c7 fb 2f a7 b7 fb dd e3 3f bf b6 1d 63 d5 49 71 7c 6a 57 4d fb 91 3c 9f 9e e7 f1 20 7b 5b de 25 bc f1 d3 a7 f5 29 55

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/base.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/skeleton.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/landings.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/layout_1.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/box.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/main.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/pixicon.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /un/1256_md/15/697/31/0/0 HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/star.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/1.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/2.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/3.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/1.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/star.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/machine.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/domains-that-never-sleep.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/3.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/2.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/website-builder.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/logo_2.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: iamcosless.xyz
Source: global traffic	DNS traffic detected: DNS query: copperswing.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: cooperswing.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49758 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.troj.win@30/37@39/70

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1980,i,3125285047739233221,18165284228548967673,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1980,i,3125285047739233221,18165284228548967673,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

ID:	1523416
Product:	CloudBasic
Start time:	15:38:52
Start date:	01.10.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0