Edit tour

Windows Analysis Report
http://drnavingupta.com

Overview

General Information

Sample URL:	http://drnavingupta.com
Analysis ID:	1417277

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://drnavingupta.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6216 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2004,i,8940572455797430262,5353063589015061432,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.199.50.2:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.199.50.2:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49760 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 7MB later: 30MB

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Mar 2024 19:44:49 GMTServer: nginx/1.23.4Content-Type: text/html; charset=UTF-8Content-Length: 14252Link: <http://drnavingupta.com/wp-json/>; rel="https://api.w.org/", <http://drnavingupta.com/wp-json/wp/v2/pages/5>; rel="alternate"; type="application/json", <http://drnavingupta.com/>; rel=shortlinkVary: Accept-EncodingContent-Encoding: gzipX-Server-Cache: trueX-Proxy-Cache: EXPIREDData Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 72 ed 72 1b 47 96 e5 6f 31 a2 df 21 55 8e 96 c8 6e d4 07 00 12 fc 02 e0 91 49 c9 96 67 f4 b1 a2 3c 8e 5e db a1 48 54 5d 54 25 99 95 99 ce cc 02 08 ab 15 31 af 31 8f b0 af b1 8f b2 4f b2 37 b3 0a 20 08 82 14 45 c8 33 bb 08 12 a8 ca bc f7 9c 73 cf 3d fd c7 a7 6f 4e de ff e3 ed 73 52 d8 92 0f ff b2 d5 7f 1c 86 bf b0 31 79 f9 9c ec ff e6 de dd 39 49 39 35 66 10 30 20 0c f6 03 c2 a9 c8 07 01 88 f0 a7 b3 c0 f7 fc 02 22 63 e3 df c2 f0 3a c2 c1 7a 84 83 7b 22 3c de 76 2a 76 c8 3f eb a7 83 1d 42 7e 1b ba cb 05 ea 0d 98 30 5c 81 2a 80 66 ee b7 04 4b 49 5a 50 6d c0 0e 82 9f de bf 08 0f 82 c5 b9 a0 25 0c 82 09 83 a9 92 da 06 24 95 c2 82 c0 ba 29 cb 6c 31 c8 60 c2 52 08 fd 4b 8b 30 c1 2c a3 3c 34 29 e5 30 68 7b 14 ce c4 05 d1 c0 07 81 d2 72 cc 38 04 a4 d0 30 1e 04 85 b5 ea 28 8e f3 52 e5 91 d4 79 7c 39 16 71 fb 46 0f 13 f9 88 a6 17 2b 4d 99 16 74 82 57 95 b2 34 4a 65 19 5f 96 5c ab 34 52 85 0a 48 bc e4 13 b7 ce ec 43 6f b6 49 35 53 96 18 9d de 8e 33 55 61 33 61 6c 0b 28 c1 c4 0c df 59 1a 4a 01 f1 b9 89 9d b5 7b d1 b9 09 88 9d 29 34 c6 c2 a5 8d cf e9 84 d6 e0 c1 b0 1f d7 4f 37 37 67 99 e5 30 7c 5b d0 54 92 f7 9a a2 57 22 27 4f be 39 e8 b4 db c7 64 e5 f8 85 96 25 69 1f 1e 1e f4 e3 ba 6d 79 1b 4f b5 1c 49 6b 9e 2e 76 f1 b4 a4 97 21 2b 69 0e a1 d2 e0 76 75 c4 a9 ce e1 29 5a b1 64 e6 d3 4c 18 57 30 06 9b 16 4f 6b 43 9f c6 f1 18 51 4c 94 4b 99 73 a0 8a 19 e7 c3 4a 67 40 b9 05 b4 ca c2 7c 6e aa 14 67 29 b5 4c 8a 58 1b f3 77 f4 1f af 9c d4 41 b0 3a a2 a6 bf 57 f2 98 bc 00 c8 3e b7 c6 31 d6 c4 c1 9f 40 7e 22 cb 12 ad 32 f7 52 91 36 c5 4b 72 1e 3d 72 89 22 ef 0b 66 88 61 16 48 65 c0 10 8c 08 f9 de 1b 47 9e 09 ca 67 96 a5 86 8c 66 e4 95 14 06 35 bf 14 86 e5 05 92 2a 5e e5 4c 90 c9 41 d4 d9 8b 12 12 92 9f 8c 13 77 d5 63 35 66 dc 1d 85 c4 89 32 a8 6a 3a 9d 46 65 8d c3 1a 1c 2f 8e 60 9a e6 72 5e 4b 0b 47 37 d8 50 a2 90 96 a4 95 d6 38 05 9f b9 9c 8c 59 5e 69 c8 88 14 28 ba 99 21 c2 71 a0 9e 46 4e 05 68 22 70 5c d4 22 09 ad 70 32 61 9d c7 40 a6 cc 16 37 a7 64 c2 4f bf ca 6d c0 5a 9c 03 47 a6 02 78 d4 88 7d b4 d0 7b 35 69 2a 33 70 e5 8b 12 5f 11 df cb cf c6 02 93 6a a6 6c 13 0a 0b 97 36 3e a7 13 5a 9f 06 c3 ad f8 6f a4 ff f8 97 93 d3 67 ef 9f fd 42 fe 16 6f 4d 99 c8 e4 34 fa 30 55 50 ca 73 76 36 97 3a 20 1f 83 11 35 f0 93 e6 c1 51 50 fb ff 6b fc 6b 6c a2 69 24 75 fe 6b cc 4a 9a 83 f9 15 73 a1 e1 d7 d8 37 ff 1a b7 77 a3 24 4a 7e 8d f7 3b 97 fb 9d 5f e3 a0 15 a0 00 ec 8f 94 c8 f1 c5 4c f2 87 e1 61 a3 47 c3 df e7 35 20 3e b9 77 59 e9 14 82 a3 8f 01 ae d3 2d c6 b5 35 f8 1e 7e 35 c6 bf c6 53 15 32 91 f2 2a Data
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Mar 2024 19:44:49 GMTServer: ApacheUpgrade: h2,h2cConnection: UpgradeLast-Modified: Wed, 08 Nov 2023 01:48:48 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4532Content-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 52 db 6e e3 38 b6 7d ee fe 0a 75 35 0a 90 d2 a6 5a 72 e2 24 c5 20 41 03 f3 13 73 26 1d 04 94 48 4b ec 50 24 87 a4 6f 11 ea df 87 ba d8 96 65 ca b2 53 85 aa 97 53 97 44 dc 97 b5 d7 5e 7b 85 7c 8e 81 22 0c 19 ba 24 a5 14 9a 1a 2a 38 dc 46 7e a3 85 14 ca 20 6e be 86 a0 2a 4d 84 31 a2 00 71 d9 7c 40 10 4e 67 8a 14 47 75 46 48 5b 64 7f ba 2a 76 05 51 5d 31 0d 5d 05 a9 60 40 1b a4 8c c5 c9 14 ad 03 8b 82 37 31 18 0f 97 df 38 ca 6f 86 cb 67 8e f2 d9 70 f9 ad a3 fc 76 b8 fc ce 51 7e e7 2a 27 1c 57 7a 74 ab 6d 08 c6 d1 60 f1 f5 71 f1 f5 50 f1 dd 51 ed 20 89 fb a3 d2 fb a1 d2 2f 47 a5 5f fa a5 4a ac 0e af b8 0b 1c 9f b0 48 c0 3d e4 c2 f8 cf da 6c 18 b9 7a 2c 90 ca 28 7f 09 ca e6 a3 35 1f 9c 3a dc 52 98 91 de da 68 ee c6 bf 9f ad f2 91 5c ff fd 32 8a d0 14 f6 31 aa c5 4a 4c b5 64 68 03 ab 47 bf 00 69 49 52 03 f4 7f 17 48 91 b2 7d 29 64 a8 80 f1 9f 47 3a e4 60 be 60 ac cc 09 cd 72 2b 53 14 7d ee 57 ac 9a 8a 15 c5 26 77 16 e8 5c 51 fe 06 a2 72 ce c8 ba 7d c1 23 2b 65 f6 18 4d 45 f5 75 7c 90 ed 75 35 88 a7 cd f5 0c 29 ec 92 86 b4 37 d7 50 11 49 90 f1 e3 e9 a4 a0 bc 40 6b 3f 9a c4 73 15 04 c3 50 23 48 67 01 59 b6 7a 6b a8 1d 50 15 dc f1 19 41 a1 b6 4b 83 94 70 43 54 89 18 cd 78 13 82 4d a8 5f 2e 96 44 cd 99 75 6e 4e 31 26 bc dc be 61 f3 3e 36 fd 82 63 82 cb 44 28 4c 94 3d 34 a6 0b 0d c3 e9 cc e1 3f 09 a2 03 d7 49 84 31 e5 99 b5 5d fb 75 7c 36 69 5d 38 d2 33 0d dd b3 a6 23 7d 03 6d 37 23 6d b1 b3 eb 7e 8c a4 ab 6b 3d a6 07 60 64 6e ba a2 3c 6c 13 8a 66 b9 71 c8 b5 1e e3 df 40 1e 2e d1 43 75 6e b8 1e 5b b1 01 9e 9e 02 76 8a b0 19 15 21 11 c6 88 c2 29 83 11 d2 21 c2 66 54 84 16 72 40 86 0a d5 29 c2 06 cc ce 04 0e a7 b3 13 d8 fd 6c 03 6f c8 da d4 2a 96 f5 17 62 34 e3 b0 7a 77 0a e1 2a 27 8a f8 50 09 61 82 12 80 aa 2f 95 4d ab b6 1a 85 f7 77 15 f4 c3 61 26 41 9a d4 1b f5 e2 05 b6 5c e2 a9 a3 83 65 30 65 a8 90 7e 1c de d6 f9 49 1c ce 6e 6e 1b 74 ef 0f 2f b2 2b 2c 57 36 58 07 82 5e f7 9a ed ba ef da e6 eb d9 97 9b a6 35 6e 5a a7 e1 b5 b3 37 5f 64 a4 ed 9e 86 db d1 76 f2 7d d3 3d 0d 67 51 14 d9 fe eb d0 d5 9d d1 0c b5 dd d7 6d f7 f4 80 f8 b4 99 7e 73 3c 5d 4b 94 56 17 5a ef 97 af 0c 3b b9 b3 e5 b7 0d 96 a3 7a b3 af be 19 af 5e 57 92 f7 b0 8f 16 d9 43 ef 8a af 7b c5 5f 6b 03 b4 f7 5f 25 00 71 5a 00 a3 10 d7 d4 50 c1 01 5e 28 54 7d c0 f8 26 8a 0a fd 30 5c 48 18 da c0 d9 c9 1a 82 74 45 67 be e0 69 8d 99 2e 12 9a 82 84 bc 53 a2 fc 28 bc 99 c4 93 28 bc 9d 4d e2 60 10 03 22 c6 bc 25 52 fe 28 e3 e0 74 59 8f cb 48 75 bd 5d f0 f5 af 82 60 8a 3c 5f 2a 32 27 4a 03 45 f0 22 25 18 14 a2 e6 d6 3c 83 32 ec a0 20 43 ca 0e 7d 2e 38 f9 8d 16 52 28 83 b8 f9 ba 43 2c d0 1a ac 28 36 39 bc bb 9f ca f5 45 18 bd d2 67 8c 0c b2 d4 a4 a5 dc c6 6c d7 cb 09 84 67 eb 0d ad af 1e 5b 9c 39 c2
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Mar 2024 19:44:49 GMTServer: ApacheLast-Modified: Sun, 03 Mar 2024 11:32:06 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 13471Content-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 bd b2 ff 72 e4 b6 d5 2d fa b7 54 a5 77 40 46 a5 7b 6c 7d 22 45 f6 2f 49 54 39 37 13 c7 73 3e d7 8d 93 1c 3b 39 a7 4e b9 5c 2e 90 d8 24 11 81 00 0d 80 6a f5 b8 e6 81 ee 6b dc 27 bb 1b 00 d9 cd ee 66 6b 66 e2 7c 87 94 ba 9b 9b 1b 6b af bd d6 ba bd be 38 ff 7b 0d 0d 90 bf d0 06 32 f2 6d a1 24 2f c8 5f 25 0c f5 7f 7c ff 6d 46 6a 6b 5b 93 dd de 5a 2c b9 86 b8 50 cd 2d f7 bd 91 92 70 7b 71 fe b6 b3 b5 d2 19 f9 7b df 31 54 4e 9f bf 38 ff 13 98 42 f3 d6 72 25 c7 93 09 37 84 92 56 43 c3 bb 86 fc d2 51 c1 ed 86 58 cf 66 cd 6d 4d 5a fe 02 82 b4 a0 4b 28 2c b1 9b 56 55 9a b6 f5 86 50 c9 88 06 d3 2a 69 f8 33 48 30 c6 97 10 2f ef b8 b0 a4 44 3e a6 05 60 3d 0e ad 20 3c 9a 42 69 20 aa 24 0f cb ff 88 f7 a8 34 ad c0 b9 d2 1a 24 a4 70 24 f9 e1 9b bf 12 a3 90 0e b5 64 a3 3a 4d b0 d9 62 03 42 0a 41 34 95 4f a4 e6 55 3d 0c c6 45 5b 6a 79 2e 7a ee 6f bf fd ab 43 70 6f ff b7 a2 c6 3a bc 1b f2 ad 25 0d 7d 82 ed 90 ce 78 36 7f c6 2d 48 d1 19 ab 1a fe 1e cb 7e 28 15 42 ad 8d 9b 4d ac 22 06 6c d7 3a 71 7a 81 b8 24 0d 97 9d 05 73 e3 5b 0a 2a 09 50 c3 c5 86 74 ad 50 94 f9 5e a1 2a 75 43 1a c5 78 e9 95 25 39 2d 9e 2a ad 3a a4 55 28 a1 f4 0d 6a a5 ac 1b 09 2f f6 06 17 2e 38 15 a4 01 c6 29 e9 b4 30 7e 19 d5 a1 fa aa 2b 6a 2e 2b dc 68 43 04 97 9e 77 a1 18 c4 6e a9 ce 72 81 cc 0d 11 14 19 59 f2 9f 7f ff ee cf 64 79 43 be fe e1 87 b9 d7 60 ad 34 43 a7 d1 28 89 2a e1 b6 65 27 0b 17 08 e3 cd 2a 34 60 19 d1 1d 47 ba 06 a3 9a 60 ab 57 42 28 f5 64 48 a5 14 23 0a b7 7c 06 bd 21 b9 46 71 40 c7 e4 87 ae 6d 95 b6 ce 83 52 03 dc 10 5a 14 e1 24 10 d3 bf ab 01 5d 77 d9 3c 8c 76 df 70 7b 43 be 87 1e c5 74 10 d2 54 62 60 9c 5c 04 19 4c 9d 1d de df c6 17 e7 ff 13 b4 f1 e9 9e c7 b3 8b f3 bf a3 04 18 36 e7 97 ca c8 2a 5e b8 e2 f7 f0 4b c7 b5 c3 c6 85 d0 29 9b 91 45 7c 37 aa ff ed 3f ff 96 91 65 3c 8b 17 17 e7 7f e6 05 48 03 19 f9 ef 7f f9 07 f9 ef 28 85 46 57 fe d6 e5 02 e3 da bf 23 cf 33 82 ca 39 c1 f5 f6 00 f9 c7 f7 df 66 03 db f5 7a 1d 57 b2 8b 95 ae 6e 45 78 6f 6e ab 56 44 b3 38 89 6b db 08 64 4a 2b 93 91 1c 63 72 83 d2 42 84 99 e8 1a 79 43 ec 5a f5 bf 31 5e 1a 63 6e 23 c3 19 e4 14 03 13 72 1a ed 92 b4 2d a1 67 dd f6 21 44 af ec 84 88 d6 9c d9 3a b2 d0 b4 8e 2d 02 5a 11 09 2a ab 8e 56 10 f5 16 dc 84 5c 47 aa f5 a9 d8 c2 f8 94 e2 63 29 e0 85 e7 02 a2 1a 28 03 a4 61 35 95 06 f1 b0 3b c2 f4 b0 cd 0d 91 b0 c6 4e b7 45 d3 80 2e 70 92 b1 bc 78 da 44 ad 32 38 a0 c4 8c 75 1a 58 c4 1b 1c 6c dc 44 77 10 0b fe 80 b4 c6 59 f7 62 c9 9f 54 43 39 9a c9 0b 67 76 84 c2 5c 9c 5f 9c ff 45 59 34 e4 5b 5f 23 7f 95 10 08 0f 19 33 a4 a8 b9 60 a1 18 02 14 36 88 0b 13 32 8e c8 68 01 7f 86 fe 05 7f ef c9 93 35 b7 b5 ea 2c 26 1a e8 13 97 95 4f ae 87 c1 60 7d eb 83 ad 21 30 44 ae 18 29 d2 19 d7 a0 f0 93 4b 4c 1a 65 44 95 a4 51 8c 97 1b 77 be 50 98 f6 92 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Mar 2024 19:44:49 GMTServer: ApacheUpgrade: h2,h2cConnection: UpgradeLast-Modified: Fri, 06 Nov 2020 17:47:56 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 80Content-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 d3 d7 e2 e5 0a c9 48 cd 4d 55 f0 4b cc 4d b5 52 f0 4c ce cf cb 4c 56 f0 cf 4b e5 e5 72 2e 2d 2e c9 cf 55 70 0e 0e 56 08 49 cd 2d c8 49 2c 49 55 48 cb 2f 42 52 a3 c7 cb a5 a5 cf cb 05 00 ef 89 77 35 45 00 00 00 Data Ascii: HMUKMRLLVKr.-.UpVI-I,IUH/BRw5E
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Mar 2024 19:44:49 GMTServer: ApacheUpgrade: h2,h2cConnection: UpgradeLast-Modified: Wed, 08 Nov 2023 01:48:48 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 839Content-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 9d 52 4d 8f db 36 10 bd f7 57 78 79 58 90 00 c5 3a 05 7a 91 a1 2c b6 ee 16 58 a0 db 1c d2 5b 51 2c 28 71 6c 13 4b 93 0e 39 b2 6b 28 fa ef 1d ca b2 57 09 8c 4d 90 1b 3f 66 e6 bd 79 ef 71 2e aa f7 dd 5e c7 99 ab 1a a7 53 ea 9a e0 13 c6 b6 c1 10 79 d7 38 0b 1e 1f 4d 09 52 29 e5 fb aa eb 45 87 1b 9b 54 d8 a1 a5 ca aa d3 0d da 3d 2c 73 6f c9 fc ca 14 87 ba d0 de 6e 35 82 29 ac 67 32 86 80 a5 6f 9d 1b 4e 4f 3a ae ad 2f d9 7c f7 1f 93 b8 89 90 36 c1 99 72 7e 9a df 87 3a 41 dc c3 83 83 2d 01 27 0e d2 57 43 2f 56 37 ef 44 67 57 fc 86 b3 47 8f 10 13 34 99 c1 87 53 43 64 d6 cf 0e d6 9b 70 10 22 02 b6 d1 2f 56 ad 1f 4a 66 9a 07 99 46 de cf db 16 75 7e 5d 6a e7 6a dd bc e4 3f e9 45 ef 00 67 b6 f2 70 98 5d 1b cf 4f cd 1b ed 8d 83 69 81 aa 09 74 f8 15 72 2a 8c 90 66 18 f6 34 c2 5d 06 e9 49 87 90 ed f5 a2 29 da 20 ed b9 62 da bc 00 b5 0a f1 41 37 1b 1e c8 c4 bc 40 aa c2 22 a8 c1 c8 3f 6d 42 45 66 a2 b6 3e f1 b3 33 11 f6 a0 5d 11 ed 7a 83 4c dc de 72 ea 50 3b 1d 49 ec 51 73 21 ad 1a 5d e0 79 27 aa 69 5f 1f 64 a7 11 a3 ad 5b 84 54 de cc e5 e5 f6 87 75 24 4a f9 0f 1b c0 d9 bf 3d 09 f0 43 6d a2 17 fd 15 9d 73 12 44 f7 ba 31 d2 c6 a8 6c 7a ad f1 6b a2 8a 0a 29 60 80 13 0d b4 39 09 76 76 46 4d 12 4b fb 9d 1b 3e b5 10 8f 1f c1 41 4e fe bd 73 9c a9 2f d3 cc c4 05 5c 13 b8 fe 5e 08 52 c2 ab d6 9f b5 38 03 4e 17 fd c2 62 0e d3 3d 3d 41 51 ea fd 9d c2 e3 0e aa aa 62 af 4a 32 31 98 8e 95 1f 67 2e f0 2d ef c7 3d 4c 61 3d 13 9f 3f 7f ad d1 d5 b2 3e 93 dc 8e cc 96 da b9 5a 37 2f d9 0b 49 a8 ad 73 53 aa fa 44 55 bf 41 d5 56 fa 42 f5 f6 16 a9 c6 2a ba dc 9f eb 38 33 1a 75 51 bb d0 bc 0c f1 bc fa 1d 61 e7 f4 71 24 4a bc 98 a0 41 99 cd d0 90 be a3 41 de cc 85 a4 c2 bf ed 16 42 8b 9c 8b cc 5d 45 d8 86 3d 7c 1b ae 97 bf ce 45 b6 d5 d8 44 32 7b ca 0c 17 83 56 fd c2 84 a6 dd 82 1f 34 7d d8 d3 21 0b 0c 1e 22 67 bf 7f 78 5a 92 29 f9 2d 68 03 86 c9 01 b7 e1 14 85 b7 fa 0e c1 1b 88 27 55 d2 cf 18 02 b9 40 d7 16 31 f8 82 ca 7f 74 d2 65 a3 a2 a1 1c ae f3 98 48 53 b2 51 50 c5 3b 65 80 02 e4 ee 28 27 96 a6 3c 9a 45 43 d9 24 80 55 eb 9b dc 36 6b 78 1c 53 70 ea b9 20 d7 c1 1c af 46 71 40 2e c0 58 0c b1 d8 e9 35 30 92 b1 f2 70 98 39 de c5 10 b0 84 bb cb 94 4f 2d c4 e3 47 70 24 6f 20 f2 ca 92 76 71 a5 1b 28 5e 4f e9 85 fe 49 87 e7 e7 e6 24 2d 13 65 a6 24 71 13 21 6d 82 33 a5 fa 85 38 7f 6d 76 26 8c d5 7d 8c fa a8 56 31 6c f9 05 95 02 f7 e0 20 1f d3 6f c7 65 de e1 2f bd a5 2c f8 95 29 0e f5 18 03 e2 2d 16 5e 85 3a 41 dc c3 b9 9e a3 8c 92 24 92 ef e6 39 0d 5c 2c 7e fa 1f 5f 40 72 fd 61 07 00 00 Data Ascii: RM6WxyX:z,X[Q,(qlK9k(WM?fyq.^Sy8MR)ET=,son5)g2oNO:/\|6r~:A-'W
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Mar 2024 19:44:50 GMTServer: ApacheLast-Modified: Sun, 21 Jan 2024 17:49:50 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1090Content-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 9d 52 4b 6f db 46 10 3e 93 bf 62 7c a2 22 58 74 ef 86 0a d8 8e d3 18 48 5d 20 31 d0 43 51 18 6b 72 28 6d bd dc 65 f7 21 45 68 fc df 3b b3 bb 7a b1 b6 e3 f4 62 8b 3b af ef 75 36 9d 96 30 85 0f 52 21 68 b1 92 0b e1 a5 d1 f5 5f ae a6 67 ae 7c 14 ba 55 e8 c0 9b c5 42 49 bd 00 bf 3c ec 84 1e 75 80 ce 58 70 bd 50 0a 5c 63 11 b5 03 9a 02 d4 e2 81 47 ef 2e 2e e1 11 37 bc ed 60 d0 85 61 30 d6 c7 d9 d6 9a a1 35 eb b4 2d 9e 3e 2b 27 d0 05 dd 70 eb e4 1d fc 53 16 8d d1 ce 83 93 1e 6f f7 4b e6 d0 9a 26 d0 94 af 17 e8 af 15 f2 cf cb cd 4d 3b 81 8a 5b 67 fb 83 15 bc 3b 2f cb e2 ec 0c 3e a3 0f 56 03 0a ab 36 20 bb 31 a3 d6 a0 d3 95 07 fc 2a 9d af cb 82 3a 26 70 32 be 1c 31 15 36 ae 3a 2f 8b a7 72 8b f0 21 78 1f 91 1d 0f 1c e0 73 97 9b 3b b1 b8 15 3d 12 ca d4 4e e0 fe 80 9f e0 cf 57 10 e6 bd cf a2 ab 82 6e b1 93 1a db 0a e6 f3 39 f8 cd 80 a6 db 8e bc 08 35 7a f7 56 a0 41 8d 40 7e 94 2d a6 15 31 1b 3b 84 84 28 be 4a 07 d8 0f 7e 13 b3 60 0f 18 7d 07 75 1c 4e 98 d3 c6 da f9 8d c2 ba 95 6e 50 62 43 80 2b 6d 34 56 e7 63 52 d9 28 9e af 1b 25 9c fb c4 12 11 55 2f a4 76 74 8f 4c 9e 71 95 88 e4 03 a3 5e d1 b6 c7 6d 79 33 b1 bd 4b 1c d9 89 3a f1 6d 21 0e 46 7a fc 2c ac 14 33 fc 3a d0 37 d5 56 42 05 24 be cd 12 bc ec f1 d0 42 12 a6 51 b2 79 c4 96 94 c8 14 e9 f2 f5 8a 24 67 18 a8 d1 12 8c d8 53 9d 42 17 74 c3 c6 4c 12 e4 91 5b 7b f0 09 15 0d 66 78 39 f0 49 96 7c 86 bc bd f0 de 4a fa e4 ce 23 c8 ac 0a db 50 79 1b b0 ca 02 ed 2c 78 6d f0 14 aa 4e 28 87 49 b0 e2 09 90 3e 7e 68 3c 9f 8c d3 24 79 42 4e aa 7f c6 de ac 5e 54 9d b6 8e 54 f7 06 22 12 58 2f 51 c7 b1 e0 d0 26 b9 1d 98 e0 1d 87 96 df f5 5e c2 b2 68 4d 13 38 f0 6f b2 01 90 3b b2 3e 94 2e e7 c9 d1 2b ee ba d1 71 fd 1c c6 1e ed 22 18 47 6b 2f 2c 19 71 68 cf c9 68 45 16 ff 45 af 6d d4 65 e4 f5 ff 74 eb 50 ef 5f 58 51 a5 a2 42 4a ea 47 72 12 59 18 07 6b e9 97 32 49 4a 0f 81 44 4b d4 b9 cb 11 e5 f8 48 ac ae f3 c0 e5 e6 4e 2c 6e 45 1f ef 57 6f 3c 00 cd 52 aa d6 92 75 af 9e fb 9d 8a 57 db ce 7c fa ef 80 76 f3 85 b6 35 de d8 0b a5 e8 6c cd 85 19 49 d8 cf 96 c2 cd 76 bb 7f 06 71 0a f5 20 16 78 cf c5 7b 2a de 1f 16 f7 68 ef a2 ba d0 51 3c 1c a0 68 96 e0 65 8f 20 e2 c9 84 5f ba 54 a6 f0 19 0b 0f 2a 58 8b 2d c1 ed e8 6b 02 7b d0 60 ba ac 55 f2 96 7f 3f 17 b7 b8 8c 3c 4a c6 7e e0 2f fa b0 01 93 5b 2f 8d f1 e1 17 a7 9e de cc e6 d8 04 8b 0d ca 15 77 78 13 a8 3d a5 f7 15 6e 47 c6 bc ce 33 6e 74 5e 58 3f 86 1d c3 b9 c7 3d 9d 96 05 4c e1 0b 52 46 e8 6e 4a be 83 3a d1 68 94 70 f4 ae 41 e8 6d 94 6a ee 3f 23 94 41 37 5e 52 e9 60 fb 24 81 92 1d e1 4f 6c fc 66 40 98 cf e7 5b e5 e1 db b7 ff 54 a2 b8 99 4f a1 28 c1 0e 55 47 c1 a3 88 3a 36 85 c5 fd 95 50 41 18 e8 cd 9a b0 58 c6 e4 0a dd a0 a3 38 3a 16 88 1f 1a 4e 87 ce a2 05 ed a5 82 35 c2 52 7a a8 b5 58 cd 72 d2 8b
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Mar 2024 19:44:50 GMTServer: ApacheLast-Modified: Thu, 02 Feb 2023 12:23:26 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 5344Content-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 52 6b 73 db 38 b2 fd 3e bf 42 e6 6e 29 c4 86 a2 f8 10 49 51 0e c7 95 38 f1 d6 d4 dd c9 4c ed e4 ce fd e0 68 6f 81 40 c3 66 96 22 75 f9 88 9d b1 f4 df 2f d0 d0 83 b2 e4 87 92 ec b8 ca 47 20 d0 7d ba fb f4 19 fe ed a4 f7 e1 3a ab 7b 22 cb a1 27 7f 69 db 94 83 2b 28 a0 a2 0d f0 de df 86 3f 0c 87 bd df ca b6 62 30 e9 dd cc 07 59 c1 f2 96 43 3d fc 54 0f 9b 1b 98 95 9f 32 7b 96 15 f6 a7 fa 87 cf b4 ea ad ae 12 d1 16 ac c9 ca c2 24 77 46 5b 43 af 6e aa 8c 35 c6 a9 8a 99 25 77 29 ad 61 62 5c 37 cd bc 9e 0c b7 3c f4 96 f1 c2 66 e5 6c f8 79 e8 8e 6c c7 f6 86 86 05 b7 cd c4 b0 e7 c5 95 61 d5 d9 1f 32 2d f2 6e 23 cf b0 58 4e eb fa 3d 9d c9 1b 4c 97 37 65 f1 19 aa 66 72 27 aa 72 76 5e 72 f8 b5 cc 8a 66 b2 e9 85 93 3b 9e 18 aa 15 49 96 24 cd 97 39 94 a2 c7 cf e6 b4 aa e1 a7 a2 31 b9 e5 86 64 c2 4f 33 61 f2 57 61 10 f8 21 a9 a0 69 ab a2 07 32 f9 74 73 0e 02 2f 0e 5f 9a 26 1f 24 3a ea c7 1f 5d 87 58 41 e8 7b ce 4b d3 75 3c bf cf 09 59 5a 4d b9 ed a2 5c 5a a5 54 b5 2a ab 49 47 9c 46 6a 6f cb fa 50 34 ef 65 68 bf 7f ef c2 ae 60 9e 53 06 e7 d7 59 ce cd 5b 13 9f 69 de 58 27 2e b1 d4 87 ac 82 ed 77 a6 b4 5a 72 d7 f6 fb c6 fa c6 38 59 8f da 2e 16 66 9b dc 31 9a e7 29 65 ff 9e b4 cb cd 50 33 9b 97 ef cb e6 57 c5 95 b4 9d 0f cb 3c a0 58 a7 18 25 77 2b 0a f5 d5 d5 5a ed ba b5 84 c5 12 6e 41 f2 5e 5e 59 69 42 ed 75 75 13 64 ae 92 5a 4e 9d 92 3b 51 56 a6 e8 65 45 8f 25 c6 ab 6c 76 d5 33 a4 11 0a 46 1b f3 05 6e 3a 31 5e 58 32 79 bd 74 eb 85 d1 7b 61 bd e0 15 bd ba a2 69 0e 89 21 68 5e 03 5e 4a 7d 54 34 97 31 f2 ab 57 57 4c 7d a6 ea 93 58 ad 6c 81 36 72 a2 b4 6d a0 96 2d 03 21 ad 7d 4d eb 5f 6e 8a 5f ab 72 2e 0d f4 c5 14 a4 df 77 4e 92 44 d8 59 c1 e1 f6 17 61 1a 52 47 79 39 70 93 24 61 db db 9e f1 52 bc 34 12 f5 64 32 f9 b0 6a 59 de cb c1 5f a8 b2 ed a5 98 ae b7 68 36 56 45 b0 0d 72 da 8d 1e fe 68 90 e5 4a 45 b6 24 cb 7b cb 54 42 4a 19 2d 90 33 50 4b 72 58 85 55 5a 99 55 5b 79 b2 8e ec 71 53 6a ad 63 31 52 2e 91 29 d3 28 17 d5 16 4d 52 3b 87 e2 aa b9 3e 55 42 9f d2 c1 e0 94 b0 24 bd a4 53 cb 97 23 99 20 db 29 64 e8 07 b9 62 72 26 ec 79 5b 5f 9b 8c 4c 5c a9 02 2c 16 46 79 23 cd fb db ef 7f 7f 97 c3 4c 7a d3 50 8b 5a 2c ae 6c a9 61 63 ea 54 b5 16 bb 29 ff 51 de 40 75 4e 6b 30 09 59 2c ba be ea f7 bb 5f 92 7d b1 e0 26 93 5d af 4d 28 96 72 e0 cb 29 b1 e6 49 be d3 ee 5c b5 8b 16 81 e4 c4 95 c3 f1 92 b5 aa 0f 9b 55 40 1b 78 bb fa bc 90 76 50 bf 26 91 13 e7 97 f3 a9 d5 c8 75 ab e6 7e a7 79 0b 56 95 38 a7 65 72 6d c3 2d 30 b3 21 92 53 fa cf ac 93 52 6f 94 c8 61 2b e9 46 9b ce e7 50 f0 73 a5 9f 79 6b 36 76 9d 67 72 7b 95 55 13 eb c4 21 c4 2a 93 f2 d2 99 5a 99 74 75 49 24 6b fd b2 5c f5 6b d5 4a f8 b5 c5 33 b9 3e 2b eb f7 6b dd 3c 93 fe 36 8b a4 80 9b de 4f 33 7a 05 c4 2e a5 aa 55 59 c9 9c d5 c9 2a ec

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/css/dist/block-library/style.min.css?ver=6.4.3 HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://drnavingupta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/wp-plugin-hostgator/vendor/newfold-labs/wp-module-patterns/assets/build/utilities.css?ver=0.1.8 HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://drnavingupta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/iconic-one/style.css?ver=2.4 HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://drnavingupta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/iconic-one/custom.css?ver=6.4.3 HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://drnavingupta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/wp-plugin-hostgator/vendor/newfold-labs/wp-module-patterns/assets/build/utilities.js?ver=0.1.8 HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://drnavingupta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/iconic-one/img/facebook.png HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://drnavingupta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/iconic-one/img/instagram.png HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://drnavingupta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/iconic-one/img/linkedin.png HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://drnavingupta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/iconic-one/js/selectnav.js?ver=1.0 HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://drnavingupta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/iconic-one/img/instagram.png HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/iconic-one/img/facebook.png HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/iconic-one/img/linkedin.png HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2020/01/phaco-training2-1-1536x672.jpg HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://drnavingupta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2020/01/phaco-training3.jpg HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://drnavingupta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/05/Hematology-Doctors-in-Dubai-1.jpg HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://drnavingupta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=6.4.3 HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://drnavingupta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2020/01/phaco-training2-1-1536x672.jpg HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/05/Hematology-Doctors-in-Dubai-1.jpg HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2020/01/phaco-training3.jpg HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/05/cropped-Hematology-Doctors-in-Dubai-32x32.jpg HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://drnavingupta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2017/05/cropped-Hematology-Doctors-in-Dubai-32x32.jpg HTTP/1.1Host: drnavingupta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: drnavingupta.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.199.50.2:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.199.50.2:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49760 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@14/36@10/116

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://drnavingupta.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2004,i,8940572455797430262,5353063589015061432,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2004,i,8940572455797430262,5353063589015061432,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://drnavingupta.com	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://drnavingupta.com/wp-content/plugins/wp-plugin-hostgator/vendor/newfold-labs/wp-module-patterns/assets/build/utilities.js?ver=0.1.8	0%	Avira URL Cloud	safe
http://drnavingupta.com/wp-content/uploads/2020/01/phaco-training3.jpg	0%	Avira URL Cloud	safe
http://drnavingupta.com/wp-content/themes/iconic-one/style.css?ver=2.4	0%	Avira URL Cloud	safe
http://drnavingupta.com/wp-content/themes/iconic-one/img/facebook.png	0%	Avira URL Cloud	safe
http://drnavingupta.com/wp-content/uploads/2017/05/Hematology-Doctors-in-Dubai-1.jpg	0%	Avira URL Cloud	safe
http://drnavingupta.com/wp-content/plugins/wp-plugin-hostgator/vendor/newfold-labs/wp-module-patterns/assets/build/utilities.css?ver=0.1.8	0%	Avira URL Cloud	safe
http://drnavingupta.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3	0%	Avira URL Cloud	safe
http://drnavingupta.com/wp-content/themes/iconic-one/img/instagram.png	0%	Avira URL Cloud	safe
http://drnavingupta.com/wp-content/themes/iconic-one/js/selectnav.js?ver=1.0	0%	Avira URL Cloud	safe
http://drnavingupta.com/wp-content/themes/iconic-one/img/linkedin.png	0%	Avira URL Cloud	safe
http://drnavingupta.com/wp-content/themes/iconic-one/custom.css?ver=6.4.3	0%	Avira URL Cloud	safe
http://drnavingupta.com/wp-content/uploads/2020/01/phaco-training2-1-1536x672.jpg	0%	Avira URL Cloud	safe
http://drnavingupta.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.3	0%	Avira URL Cloud	safe
http://drnavingupta.com/wp-content/uploads/2017/05/cropped-Hematology-Doctors-in-Dubai-32x32.jpg	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
drnavingupta.com	192.185.52.89	true	false	unknown
www.google.com	142.251.16.106	true	false	high
web.archive.org	207.241.237.3	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://drnavingupta.com/wp-content/plugins/wp-plugin-hostgator/vendor/newfold-labs/wp-module-patterns/assets/build/utilities.js?ver=0.1.8	false	Avira URL Cloud: safe	unknown
http://drnavingupta.com/wp-content/themes/iconic-one/style.css?ver=2.4	false	Avira URL Cloud: safe	unknown
http://drnavingupta.com/wp-content/themes/iconic-one/js/selectnav.js?ver=1.0	false	Avira URL Cloud: safe	unknown
http://drnavingupta.com/wp-content/plugins/wp-plugin-hostgator/vendor/newfold-labs/wp-module-patterns/assets/build/utilities.css?ver=0.1.8	false	Avira URL Cloud: safe	unknown
http://drnavingupta.com/wp-content/themes/iconic-one/img/linkedin.png	false	Avira URL Cloud: safe	unknown
http://drnavingupta.com/wp-content/uploads/2020/01/phaco-training3.jpg	false	Avira URL Cloud: safe	unknown
http://drnavingupta.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3	false	Avira URL Cloud: safe	unknown
http://drnavingupta.com/wp-content/uploads/2017/05/cropped-Hematology-Doctors-in-Dubai-32x32.jpg	false	Avira URL Cloud: safe	unknown
http://drnavingupta.com/wp-content/themes/iconic-one/img/facebook.png	false	Avira URL Cloud: safe	unknown
http://drnavingupta.com/wp-content/themes/iconic-one/img/instagram.png	false	Avira URL Cloud: safe	unknown
http://drnavingupta.com/wp-content/uploads/2017/05/Hematology-Doctors-in-Dubai-1.jpg	false	Avira URL Cloud: safe	unknown
http://drnavingupta.com/wp-content/themes/iconic-one/custom.css?ver=6.4.3	false	Avira URL Cloud: safe	unknown
http://drnavingupta.com/wp-content/uploads/2020/01/phaco-training2-1-1536x672.jpg	false	Avira URL Cloud: safe	unknown
http://drnavingupta.com/	false		unknown
http://drnavingupta.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.3	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.16.100	unknown	United States	15169	GOOGLEUS	false
172.253.63.95	unknown	United States	15169	GOOGLEUS	false
207.241.237.3	web.archive.org	United States	7941	INTERNET-ARCHIVEUS	false
172.253.63.94	unknown	United States	15169	GOOGLEUS	false
192.185.52.89	drnavingupta.com	United States	46606	UNIFIEDLAYER-AS-1US	false
172.253.62.84	unknown	United States	15169	GOOGLEUS	false
142.251.16.113	unknown	United States	15169	GOOGLEUS	false
142.251.163.94	unknown	United States	15169	GOOGLEUS	false
142.251.16.106	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417277
Start date and time:	2024-03-28 20:44:20 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://drnavingupta.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@14/36@10/116

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 172.253.63.94, 142.251.16.100, 142.251.16.101, 142.251.16.138, 142.251.16.139, 142.251.16.113, 142.251.16.102, 172.253.62.84, 172.253.63.95, 142.250.31.95, 34.104.35.123, 142.251.111.95, 172.253.122.95, 172.253.62.95, 142.251.163.95, 142.251.167.95, 142.251.16.95, 172.253.115.95
Excluded domains from analysis (whitelisted): fonts.googleapis.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://drnavingupta.com

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:44:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9900567901767765
Encrypted:	false
SSDEEP:
MD5:	DEA39F1A81B3B80D25705B09328194E2
SHA1:	A71987753BA6607C8BCFDFD75337024E9EABF6BB
SHA-256:	CAC9D96250B6111F07740C2959FA8468F815945773126EA8F82B07979718DB3D
SHA-512:	CD1F118689802E5BFF070F038863FBD19090CDA5AA2C878DC91818E962524D46FCF108A13ADC07E6A4BB5224BFEB625AD2D8FB1B6E239708729FD43F6F4AE7A4
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....4X.eH...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:44:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.006727178378672
Encrypted:	false
SSDEEP:
MD5:	08D19603A5BF6D539112DA4324B37480
SHA1:	13CB6F37D31FACA5A944E8F01EAD94F17D53E9FE
SHA-256:	14ED10F0C707E4BC45B490A7D2A33C4C8AB88DF25E53116E7D0762E7C0E3C058
SHA-512:	2DC7CA819060A81EDED34A9C6B97A8EBBD294D202FCDB2CF0DDEFD5C028B9AE466FBE31566407CFB0A6B2D9D20DD4358F36A32036AF7DBC6963A83DA5B06E15B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......eH...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.015475066990392
Encrypted:	false
SSDEEP:
MD5:	45DAF6D3BCF02E18DA5ACB8A6B423DDB
SHA1:	2BD662FAA5E72EEFEDDD2C057BF76DC3E07A331C
SHA-256:	32E29F5817B1769E2DD289B0F79D93F1BB352CFD79D93BF004006E817F2B3A5C
SHA-512:	AB98C9B7BE0B2363BB3203817CE52257DA8EEA53D1A1132CBC98B641F74C191099D9959A109F9C97211101763899991FEAC8D8066F646062E333D1DD61816496
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:44:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.00608980323912
Encrypted:	false
SSDEEP:
MD5:	558D318E488C2CAF429C901AC3DC7F18
SHA1:	EA16C4B5F3B4BF766F19D88A04C85299FFE387E1
SHA-256:	3EB0AABFBD36AFFFB4AFB351A6FD7D0CAB78757215C52CF8A47AAF0E14EBF074
SHA-512:	A198B684DD6C5EE9C54545A947E0761124AB70DF6C94A07E85BC16634B1A99C6B98835482DE45BA1FE6E9956345093805535D4E952EF61B9C5CA1FA0B1FA7AA5
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......eH...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:44:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.991142341317846
Encrypted:	false
SSDEEP:
MD5:	E6DCF9FD8B011DBC9E0F5B285E2F58A4
SHA1:	549DBDC6028DC80A75E671D9DC9BA48C77AD545C
SHA-256:	3FE048416DF5C3FD669CD7E76BF23A49005AB39E2CFEA4BFCA2E74E43998D5AB
SHA-512:	920855A4A9CD23E98622DB616B2F71E9D8D3617436570F3B091D2A6F7EDBC8E3673AA59C509E742414A6DFF7531D6032C77EAC3D46BAD9C6CA689C4C15CC9A34
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....pO.eH...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:44:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.0055510253147375
Encrypted:	false
SSDEEP:
MD5:	A79A05910D6F279E9B486C2907928FEC
SHA1:	B376A1ECE7A1D551F6B44FD7C88673C95FB04C1E
SHA-256:	87B47BC0FFA5F2A0F5E8F12F311B8820D6FFFBCE485F39D1DFBAFD5EA92FF8EC
SHA-512:	E340D0F5676E6FFC329AD0155EEAB7332814ECF1133BE9D13F5A9615C92DF7674F51F2A50422BC7EED0DE53345C18FEDB660135A22D4A75CF3BE44357106F07C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......eH...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	3612
Entropy (8bit):	5.436892578616484
Encrypted:	false
SSDEEP:
MD5:	31B6C2E46E8B7722255E403628B8B3FF
SHA1:	164A470E295DCBC8D580ECC4F4D9656457CBEEE0
SHA-256:	0B161BFF030BB7D9D7128FD5902566AB087E590BC341FA81FF07205AE6D31B21
SHA-512:	0BDD6A81BE96BE1CDEDDC84CE2DFA430B0726DFBDFA2DF354E79DAEC989C6EBA70AEFCBD5149ABA4E888B0A2D2491A0D9E5CCBAD7A592CCB66942A131DF4FE84
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css?family=Ubuntu%3A400%2C700&subset=latin%2Clatin-ext
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Ubuntu';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKcg72j00.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Ubuntu';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKew72j00.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Ubuntu';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKcw72j00.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Ubuntu';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfA72j00.woff2) format('woff2');. unicode-range: U+0370-0377

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 34852, version 1.0
Category:	downloaded
Size (bytes):	34852
Entropy (8bit):	7.99370036872867
Encrypted:	true
SSDEEP:
MD5:	0E8EEFB4549A2EDF26C560CB9845952E
SHA1:	8D0B1718AACAD934FD0043C87CBC54AA091396BF
SHA-256:	7F653B3CE9D3277457FC6DA4EDB246AE2F6C913F088C42DCB8CD2E96267AA21A
SHA-512:	237659DD4B8680AB4856D38290D57AE9211B479C51033D8DB4AC61326551E33CC245EBF10EED35AAB6854D8196D6651EB70CB63A2BA1D7373404851FE084772E
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
Preview:	wOF2.......$......<................................r..2.`..V........#...........,...(.6.$..T. ..v..X..q[.+...n..!..m.ad..%.`.b...$...q..`..@.m~......IE.L:H...........A9.(u@F.(.E>..TZ.>..<L.],....&!...(x.R.Q:....yx..+r~.....r,..R.....\y..\|:.\...9.$r...\|..j].....-.0_..9=...B...}.U.`..2.L.........O..n.I];....P.7....GO..k...w.]$Q..M..t..!(..>p8...a...&....@............p.......LIC.....X....J............t.w.l....J..k...D.}o...............Y..D.....m....".6"r..Y.f`......V..E.U$...g}../.....I(.>u.....U.`n....`.............F.(0Q....BQ.9...#.Q...\|...kZy.5ee..2....{Z.....+5w..1..bG".$......;..sE.=g(i...kB...Jj....VUWWu5T.t.4..fF.Z&.,....l.9a...Zr..V.V...4,........./.t?.B.2I ...t .J.......\.v.vn.r.f@T.:Qtdp.........@l.x....)......A9Ra%..5`.s(..\|.C..S'R.W...t(..u.....S.....DG~.h..`.7hG...z..pf.Kk..F....k.N%..S....2.8jN..V.H;.v.B.....2...j6$.6......Gt..> ;cgh.> ./_......K..hC.@.:J..._]*.v....s3,m.....K.b...zZ..1w............([.=.5...l......

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=13, manufacturer=NIKON CORPORATION, model=NIKON D7000, orientation=upper-left, xresolution=200, yresolution=208, resolutionunit=2, software=Ver.1.03 , datetime=2018:01:14 15:25:25], baseline, precision 8, 1000x662, components 3
Category:	dropped
Size (bytes):	250803
Entropy (8bit):	7.9537072029506595
Encrypted:	false
SSDEEP:
MD5:	BE01809D0B7E24C39D0259B82CA7D25F
SHA1:	40D1AA108449C7205D32AB29505EE16F86D5001B
SHA-256:	E5D5A04DED0CC8B6E5DDC84AF9B23164A71D27DC42F18E84C04C06F6E93830D1
SHA-512:	E5B60BD13F5CCD3793ADE497205953CF65A84FEDE77AE92C4BF1344AC0DA9A14B7ADE8091C63AB21B7A51BD909A854E13388FE9B527847D4F7081EA59ECA522A
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....,.,.....Exif..MM....................................................................(...........1...........2...........;.....%.......................7.....i.........T.%..............NIKON CORPORATION.NIKON D7000....,.......,....Ver.1.03 .2018:01:14 15:25:25. .. ..............R...........Z."...........'...........0..................0230...........b...........v.................................................................................................\|.................,...@........90..........90..........90..........0100.....................@.........................l...........................................................................................................................................................................................................@...G....2018:01:14 15:25:25.2018:01:14 15:25:25....................$............Nikon.....MM.*.....5........0210

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 32x32, components 3
Category:	dropped
Size (bytes):	763
Entropy (8bit):	6.91437768015387
Encrypted:	false
SSDEEP:
MD5:	54A0C5D18D99A0676BABA562ADFE535F
SHA1:	04216E5728419E4FAE744382E9ED24AF528DCEFE
SHA-256:	9A687FCD24C4EAF83086A456BEBC2E7B2CBBFA9AC3FC2DBD946284D47893ED07
SHA-512:	3B4B65A3EBE0450B09AE3D230478801A9BB28591032EDC004A9C2707C0FCDFBBBDD0448FC395DE74D55B886054DEF2131193C0EC865756379C1E98C05237E084
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....H.H.....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$...... . .."....................................)..........................1.!."Qaq..A.........................................................A.............?.......l.$y..h!J(......\...k..u+..Y./..?Tl aG..h'...6.V.0a.Pp..+y.+ ...?z]..U......Kb:[k.<..O..>..r......E.r.r..ij.q.RIq..BR.v....s..J6l..&.4F+J...a.JQPB.2G..9....T..eU!#...M... $)>.m'...Y...E.$0&.`!8.V.O..a.A.M+...Q..%..e..jK..t..`..AQ..s...4.;m..$...AZ..........u&k.\I..(w..S..........=.!-.PnDv.....u.x#.~.:......I..X..MV..d.a.l~Z.w.....c.B..QN~.....\q!3...f.W[./.6%G..q....P.:l...:......NI.m.r...eKgit$..Bs..9..5......HN...

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 69
Category:	downloaded
Size (bytes):	80
Entropy (8bit):	5.143942707918267
Encrypted:	false
SSDEEP:
MD5:	040003CF65B6C4798553F4E36A891309
SHA1:	B713F52AD2DD551C96FFDA8BE8A8192C57451B25
SHA-256:	4526687EC6B48055C82E8C501A70A055778F686E89B4788F146CFD34A0398DEB
SHA-512:	B63CD518FA1EBC57F6D89FD1B6B563AF357EAAF234327914CFFDB8B2C63F8438A63F79266C33A33C14F5FC22BEC43587A91C5D5C412F52A893FB76B45F87DB3F
Malicious:	false
Reputation:	unknown
URL:	http://drnavingupta.com/wp-content/themes/iconic-one/custom.css?ver=6.4.3
Preview:	................H.MU.K.M.R.L...LV..K..r.-...Up..V.I.-.I,IUH./BR.........w5E...

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 800x506, components 3
Category:	downloaded
Size (bytes):	53616
Entropy (8bit):	7.954673310573179
Encrypted:	false
SSDEEP:
MD5:	A06935A5712204A9D70E60465786286E
SHA1:	87DFC451CDF48DE0944746515EB29DE168D5E220
SHA-256:	F3BCF6DD74B0004FAE68E87CE53FB204A448A95A8B89949C97F445DA5FDC25D0
SHA-512:	0A6D7BE4EE10AEDB21E3AC702EAF296E1B578C729E8928030E09B9BFB18A11DCA25F7FD952B5B40FB9E78E63B7AE0E86EAA1D69FF3F22E521CEFF220CF18E6DF
Malicious:	false
Reputation:	unknown
URL:	https://web.archive.org/web/20170112074137im_/http://www.drnavingupta.com/wp-content/uploads/2009/02/ot45.jpg
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........ .."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Fi.Q.m...H...P....-E.+.....N.........P..GsI.....s.@<ri....).>..w..7....t...........T..i.j%f....9_.A......&j..@......=?.h$R..."...i......?.6.~o...Z."..Q#.).~QH."..PQ&E.Fi.....!.i..M.....ZM..P....7.Fnx.f..O.A.jnr.&M.-...L./.B...RR..(.!.C.?.JC.}.(.L.JJ3@.GY.{..I.\.......M%.w. .wo....}..BRR.U.^............."..SG..LC[....J..}iZ.0..p..H.....Jx......z.P...QE1..'.?.S.

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1340
Entropy (8bit):	7.780230204329494
Encrypted:	false
SSDEEP:
MD5:	AAB011E91CC76FF9B9723A1A0BDEC9B9
SHA1:	6FA5D8AAC4768F26CD8CA41F22E061B122335118
SHA-256:	20C1B9F092F05357D6995E44CABECA210911D1D01566F3A4477F10B06D0E224F
SHA-512:	F6E155C60A36D2927F55228D2C6C9A3571D548AF33CDE4D03FF2B98C98B8D84E0C124CA7A5982BB661E575F27BB9FED833197CF50F2826511495C9C112436A81
Malicious:	false
Reputation:	unknown
URL:	http://drnavingupta.com/wp-content/themes/iconic-one/img/instagram.png
Preview:	.PNG........IHDR... ... .....szz.....pHYs..........+......IDATX..._lSu..?....J..?........".#......O........1..YHx.h2^\|3...8..} .@..d(!..c.#@..e.R....[W...#.O....\|......s.iX$...j....CDV.....a.GU.......6%.....&.Z.....j._..).[.(....G...D ....\|. .....,.<.4.2...>...MvA..P.`...l.....b6p.hD9_...N.-t.`. ......P....m].=>..8@$.6.....Ap.G.......\.D.8w....%@.@....P..)....\...o"E....f.......L..V..{.wp..J..k...C\|&....R.$c.....M.........`fD..(w.G`.R..>....k.......C....1....)&..7..[....P.4.U..,.Px...N......%..G......'..Y...({e3.Ee.z..\|.;.}...p..w..j0.g...y.1...d.j.?>.YYB`..[..A.LE.....wQ).@.T._.0..]..{6....m.g..j..M.A .v.;....<..`M.@.SUw...q..10.}X.lO..X..K..9u..!.m9.?J.$...V....b......^DV.8]...x.4..%........F/.......=...6..x...M9o...w....n.._...q.....q.,..f.R...u..R...V...r....59......5.g..o....O.....xm.S`.......RG.\G.....&......N..M..?.p.b..=G.. Bp.r....'/d9.L.u....33F....mc'.0...G.(..~...(..@....:..........`..P...^133.>.....HY............KI.G..nqu..a

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 800x600, components 3
Category:	dropped
Size (bytes):	48767
Entropy (8bit):	7.91159073492215
Encrypted:	false
SSDEEP:
MD5:	0C152D2385D25C42CEA4BBB57822A737
SHA1:	02EBF00A1440F45C60C73E1A31316A15D3D3577F
SHA-256:	7DA093BD77EE7C7DA62E83F9275C38AD3A1EEF1BC69DB78440603E07C081D99A
SHA-512:	E51718D31B9A0DDFCD8885796AB4231CD057790491B07184962FAB8603E4BC1CF458934C12DF253E0504EEE9E9F1D5012750A104CFDCAB47610B5ADDD9DC737B
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......X. .."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...K@.....R.@-^....!....g..j.O.9.R...4...Ce...$`..[6.n.>..Vu.A....W.2ca.q...8..W.9l.`.t.....F#....u...`.54.#yfb....1.@..P..K....(.......U-.....~q......A@.qE&h.1h.....4...@.f.........i...Fi...p..Q.N...f....Fh.]..Fj0h..CR.#.D.-.J.6...B..H>a.@..o.;4.Y.P/...5\.).R;...l.....A]...$.....Z.m.v.m.>`..O....\/....Z...+..piq.H:..X.D......7.4y.%UR.s..9$.......u...1E(....)..

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 627x464, components 3
Category:	downloaded
Size (bytes):	50017
Entropy (8bit):	7.971737192748877
Encrypted:	false
SSDEEP:
MD5:	D0A1E7B9E6D40E39805F7C545F6DE331
SHA1:	0106A09F9FA69335EB419BB2456FC8670BAFA6B0
SHA-256:	792FD24605A5D5E05FA44D9ECB35D5D12483B752F4E835F1FE8F4A8400F4DBFB
SHA-512:	0A56CB297529770C70DF46F9D19D40F212D86BA5BBB182D2713188BC288C411C1427E9673B7430CE9F1B849DD0D6254FCDB69BBD4D5475AB25F3A54176B83BE3
Malicious:	false
Reputation:	unknown
URL:	https://web.archive.org/web/20170112063131im_/http://www.drnavingupta.com/wp-content/uploads/2009/02/exam1.jpg
Preview:	......JFIF.....`.`.....C..............................................!........."$".$.......C.........................................................................s.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...W..r....~^..s.y-..w3..rL7h..X.L._M..p... ^I....ye.........P....Wn.WV2.............O.&t.....:l[.;.O.d..<..}..c.Z...~v.t..F..tq....vU.'J.\|.Kjr...<...f'h..._...p\V.GK..Jp..X..I.z..#....z..7E.....D...k2..?.........p_.W..o...>k.f.'....\|.p.r>.......&....q..S...iw'..7..\|.P?.z.1...g.-....=s....&%...U.....3RP.....G...Mw.q....[...ii...u../....L...Z4

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 1889
Category:	downloaded
Size (bytes):	839
Entropy (8bit):	7.741593279058002
Encrypted:	false
SSDEEP:
MD5:	4D7747C0260088C1D1476D27BB4F3BBC
SHA1:	A366059DDB34563BF9B5E5EDE099B36D8F4849CC
SHA-256:	6EDFFA3A9558AECE2FDABEEFF0CF4ADC986EDB586623741AFE624B63D1C25063
SHA-512:	638EE8E8DD6ADEA0D5BE6A56CDA338E394BBA2F10A1DE6CB5283E6E211EA22A7D82E92AA2FC307A8023D5A6B8068F673BF70E79C156CB6BA406F3845985A6BE5
Malicious:	false
Reputation:	unknown
URL:	http://drnavingupta.com/wp-content/plugins/wp-plugin-hostgator/vendor/newfold-labs/wp-module-patterns/assets/build/utilities.js?ver=0.1.8
Preview:	...........RM..6...WxyX...:.z..,...X....[Q,(ql.K..9.k(....W..M..?f.y.q....^....S......y.8...M.R)....E...T......=,so........n5.).g2...o..NO:../.\|......6..r~..:A...-.'..WC/V7.DgW...G...4...SCd....p.".../V..Jf...F....u~]j.j..?.E..g..p.]..O...i...t..r..f..4.]..I.....). .b.....A7....@.."...?mBEf..>.3...]..z.L..r.P;.I.Qs!..].y'.i_.d....[.T......u$J.....=..Cm.....s.D..1..lz..k...)`....9.vvFM.K...>.....AN..s../....\...^.R...8.N...b..==AQ........b.J21....g..-..=La=..?....>....Z7/..I..sS..DU.A.V.B........83.uQ......a..q$J...A.....A......B....]E.=\|.....E...D2{....V.....4}..!..."g..xZ.).-h..............'U.....@..1....t.e......HS.QP.;e....('..<.EC.$.U..6kx.Sp. ....Fq@..X....50...p.9.......O-..Gp$o ..vq..(^O..I....$-.e.$q.!m.3...8.mv&..}...V1l...... ..o.e../..,..).....-.^.:A......$...9.\,~.._@r.a...

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 600x600, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=15], baseline, precision 8, 1536x672, components 1
Category:	dropped
Size (bytes):	147207
Entropy (8bit):	7.62479446302925
Encrypted:	false
SSDEEP:
MD5:	373C1246538A5F425418D423B1635D22
SHA1:	9EE155CF270D856CC56122A9B8126108148C05A1
SHA-256:	BE35A90ED0086593E41B1884E8F23270EED18F3BF084350C01D9F3308727A8B3
SHA-512:	E69FC4F26807CC289C1840660E96C8BD944D61116F88B098B28B0FD03693958EBF254923119825EDEB3428AD6E6A1F2660D2E85E3DDDF3AA340843027ED83B46
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....X.X....3zExif..MM.*.............&.................................................................(...........1.....&...".2.........H.;.....%...\...................7.....i...........%.........B...............V........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=12, manufacturer=Panasonic, model=DMC-FZ18, orientation=upper-left, xresolution=177, yresolution=185, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2009:07:12 06:51:02], baseline, precision 8, 800x644, components 3
Category:	downloaded
Size (bytes):	219495
Entropy (8bit):	7.9421074421966145
Encrypted:	false
SSDEEP:
MD5:	7F9F465556EB5685692C3EDFE0D7DB3D
SHA1:	E9B898E635DE8405F5B180E9AEFC7A226711EA82
SHA-256:	3FA6BFF43D9DF13605D5463AD7F4E3E40725ECAD048330E6117DE37E27963DB7
SHA-512:	CEF0A99D748F681AA3249016743933B3C0644684C326EB8BE6D04D2BE0E2C79CC3022AB4BBE7610DD6310EE7E46EF5BDDE8948A644A9E1A0C3919DA7A962C79F
Malicious:	false
Reputation:	unknown
URL:	https://web.archive.org/web/20170112013715im_/http://www.drnavingupta.com/wp-content/uploads/2009/07/p1010550s.JPG
Preview:	......JFIF.....H.H.....>Exif..II*...................................................................(...........1...........2.......................................@.......i...............Panasonic.DMC-FZ18.H.......H.......Adobe Photoshop 7.0.2009:07:12 06:51:02.PrintIM.0250..................d..........................................................................'.......'.......'.......'.......'..^....'.......'.......'.......'......................................................................................................... ........................."...........'.......}...........0221........................................................................................................Y.......................0100.................... ...................................................................................................................................................................................,...........2009:07:01 12:53:17.2009:07:01 12:53:17.............d...

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1121
Entropy (8bit):	7.714810774992958
Encrypted:	false
SSDEEP:
MD5:	15A53ECC6B3B047ABB9CB52831D59E92
SHA1:	983F4F58FD3B554B19839A55CC5A2982687353F2
SHA-256:	238DF31B63E4B492C6356685D5512CD213BCCFE62BBAC9DF04F52681079B12A8
SHA-512:	5FE2E03F45E91E8F756A7506B52DCF99C83F63091E028B89E7B9EF5E42D44DA4171F5AA722E10905EF74C65D8AC13F28A20837674A261325DF556A33D3FD0431
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....szz.....bKGD.......C......pHYs...#...#.x.?v....IDATXG.W.oLA......@ID"!A=...Q..l.v..DRB.../>H...V...V[M$^.R.mi\|.. ...].k.k..1g..v...{g.t._...3....g....8+F%......../A.A.._......U.(d.S.J......A......".........e..6....H..D..n. .AX.\..fc..m.3N.H>........B.."'B..X.l?c.E....D....@2.fB..":.G..p5....rc..,\_N.....$...3.X...q....7sP...#."...afV.L.8....y.F.1...n...0. H.R..%..(.....s..n<x.....&}.r..D..G.qF.........g.y..\|..PH....s.g...D.=.....E.6...zae.9hx..F".j.P...9.W`n.....'@0..d'P.\..8.Yd...U........uOa..K....,!I)$a.U.HG.^..qBfdz`......t.....I..cAn...h.s.A.n..$..\..@?...k.....\|...:._..(.o. O..#.&.....[.......T...{.kx...;H~TS.v1..Q.j.@.gt..;....9.i..an...0.%....{/aH...Ch...h......O?..MUd...`.......@....U\|..s.mi.C.....$r.[.9R.g`J.1..v.:..T...b..O%.(.rD..6.>xt.........[...~<.D..x..../D.=51.p[b."W...i!.R.M.(.\...W.KO.VB...\......).x..:..\..{,.h...i....#....N...&Z..b.`.........9..(............!.....g{!....}.-..ikN..U......l.bs%...c.0 n%..S~

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 180x180, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=8, description= , manufacturer=Canon, model=Canon PowerShot A3100 IS, datetime=2011:02:21 13:53:31], baseline, precision 8, 1024x534, components 3
Category:	dropped
Size (bytes):	80425
Entropy (8bit):	7.898204395965811
Encrypted:	false
SSDEEP:
MD5:	3CBE8F9A33FE65FEB89961429F8288FB
SHA1:	37A0B93EA7B8BC7EE4CD8E751A8E15058DD51FD2
SHA-256:	C6602851ED71E16B8AB65BFC373F90CD11E5D61F1BAF16F01E3F282F7630C098
SHA-512:	DEBA039B76100F16FFFD849978635A982C76E1D4CEF25C52416D6555A6C2100E8298EDB2B665495288DF548A4BA1F2BF0FCA35031BF47F7C8928914C4836CCE3
Malicious:	false
Reputation:	unknown
Preview:	......JFIF..............Exif..II*........... ...n...........................2......................;........................i............... .Canon.Canon PowerShot A3100 IS. 2011:02:21 13:53:31...........<...........D...'..........9........0221........L...........`.......................t...........\|...........................................................Y...............\|...............................0100....................................................................................................................................................................<...........2011:02:21 13:53:31.2011:02:21 13:53:31............. ...\... ...........\... ...8.............0...(...............................".............................................. ...............4...............&...1...............B...........J...................................J...................E...j..."...........#...........'...........(.......................-...............

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 800x462, components 3
Category:	dropped
Size (bytes):	52902
Entropy (8bit):	7.971925390315028
Encrypted:	false
SSDEEP:
MD5:	51C3BA14E909A0C78AA121DB5BC41517
SHA1:	C2DE6C7E68E4D17889CCAA6A52046E098A8B040A
SHA-256:	3ED721C139455F2B7F78E18C5FACD6E83F137D2E1A948B105E7F29F0576AFF84
SHA-512:	E706B7A1180948250D5489DEC1CB644661A8E8C50FD57FE5CA768222E1B0694810163466243BC2DC64BA864BCBD8010B7529BA7F23E6B26F479FE7084F45DD3C
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........ .."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..(..-.q;RR...Hj.).J..mB.,<.I.A.........?<.K..h;....4.N..JW.+...u ...XW.^..5.Z].......S2).F+#BA..D.9Ni.+.u.ST......=jI?............1...,C8.0rv@. 1N.$...:...Pq..SM\U. .S..=z..QR-D....I"..b.).sN._..?..~..v7X6.=..n.....v.....%.}+Ez.n...W.h.o...i.Cd.5U.y.o...k9!..)(.J.....J..rVZ.T......j0)A...{U.TA..x}...=.s..8.4.........E#t...QIK@....x.Zb...j}kLS..[]f.,Y...

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1202
Entropy (8bit):	7.744672120364459
Encrypted:	false
SSDEEP:
MD5:	44550D86D2C0C1C2967453C5D93C4CCE
SHA1:	C02345DFC50BE2F53EDD7A545E29BDC6FD7A1EB6
SHA-256:	EC22A5DEC062ECB523B1ABBECC919625F574477DF73126A1561B73B91D21E4A5
SHA-512:	84F7E859BD7711387DDE99E4AF65768E964F8ADE86A175A99980265629962D5B607749D50363DA5C507092DC68B858DEA49DD1D5484DED67557B202DC5C2BCD4
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....szz.....bKGD.......C......pHYs...#...#.x.?v...RIDATXG.W]h.W....A(........\|UZ........I......1-..."V..".D......I.D..M.ZJ-5.f.`.Dcv..=.s.....;.K.>..s...s.sG.+Z5..l...{.W.=.1D.c.....V.+.?.E..".. ...n..c."T.K.A.{.s?.D...s....F....N...'.,..c....!.......LJN2.?..]...v.....".%.D...!v.".BD.s.D@.Y.....ca.`.@m..v.......Z. 70...y.E,.}.;E... ...X..D.t+y8..D;..kBw`......y.;.09.$....I......u......F&?...3.....k."..A..B...dr....}..j..A\..^.V....$..zV,...@.....J-G8..?zatj.^.}..^y.ZY.h.a.N.Av...B....I.U.....#.:u.V...Q....E..PPi./....,..'......q3`e.9..#p...j..a..,t.o.90.?4.`..>h.J.`b.._$`...P......$....4AY.l...........Y._...~y.DxD N..7....gI.sH..`.&...:...c..a..W.p..%.M..})3.....d-.T....."..J[..Q:..}....#0...".....`=..3.F......?VA.....K." ..b}7b...vX...r7L......h%...J@\....<...q..Z.....}......../....R..g.@......0b.PG..r#.Up4l...{.`h..{.5(.X...h...g.......o.b.....[...C..0c.lv.k..J...7...Z...6._l....N..kO.Y.h......<..1.M.v>..F.......'n

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 2979
Category:	downloaded
Size (bytes):	1090
Entropy (8bit):	7.804652432007837
Encrypted:	false
SSDEEP:
MD5:	9EE96EC4FD00560884B5E2D4FD1330BD
SHA1:	DBF782E64263D0EE86D0A481F56A9A6DA49E9B65
SHA-256:	D52B700BA8D23F2DF881E28F21AB99C1ECFE55A41BECAA1179B5AD39234D6CD4
SHA-512:	84F71B703D368D67D52FF01AECD4B8B6DCEB0C0E27E6AC1750BEF4F5C5D9F977709A9B75E67FBB64100026B221AAF7C5917BE506187C70106211B4C83AFB7B20
Malicious:	false
Reputation:	unknown
URL:	http://drnavingupta.com/wp-content/themes/iconic-one/js/selectnav.js?ver=1.0
Preview:	...........RKo.F.>..b\|."Xt.....H] 1.CQ.kr(m..e.!Eh..;..z....b.;..u6..0..R!h......_..g.\|..U....BI...<..u..Xp.P.\c.......G.....7..`.a0.....5.-.>+'...p....S......o.K..&.........M;..[g....;/....>..V...6 .1........:&p2..1.6.:/..r..!x......s..;...=...N......W.....n.......9......5z.V.A.@~.-..1.;..(.J...~..`..}.u.N........nPbC.+m4V.cR.(...%.....U/.vt.L.q.....^..my3..K..:.m!.Fz.,..3.:.7.VB.$.......B..Q.y........$g......S.B.t..L..[{....fx9.I.\|.....J...#...Py.....,xm...N(.I....>~h<...$yBN....^T...T..".X/Q...&.........^.hM.8.o...;.>.....+..q.....".Gk/,.qh..hE..E.m.e...t.P._XQ..BJ.Gr.Y..k.2IJ..DK.....H......N,nE..Wo<..R..u.....W..\|..v.5.....l..I....v...q.. .x..{....h..Q<..h..e. .._.T.....*X.-...k.{.`..U..?....<J.~./....[/...............wx..=...nG..3nt^X?....=...L..RF.nJ..:.h.p..A.m.j.?#.A7^R.`.$....Ol.f@...[....T...O.(..UG...:6....PA....X.....8:....N....5.Rz..X.r.bM."A<...H...Is/.v$.v..eh..7M.R..=..R%..$C.d.i.S^,nE..7....p8../Fp..]jSD..m..y. ..

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 49414
Category:	downloaded
Size (bytes):	14252
Entropy (8bit):	7.978600646660454
Encrypted:	false
SSDEEP:
MD5:	EA28940AB9BB9B275FB081FA71310E2D
SHA1:	952274C0F9F76202EB420F31EE0276A972751703
SHA-256:	D0305D71DA51547DAFFD93BC80B6635221BD8D5F27E6B5E4711747BDB78F539D
SHA-512:	BBDEC7C586EE9B66300A2DDD0C87B91C6A0B4D0B20417689800627E1CF1B3CB8790CAC23600457D6F31409A2F2D87F0329CBBAFAA1F285962EF43F179A9E0CC8
Malicious:	false
Reputation:	unknown
URL:	http://drnavingupta.com/
Preview:	...........r.r.G..o1..!U...n........I.g...<.^.HT]T%.........1.1......O.7.. ...E.3.......s.=..oN....sR..........1y.......9I95f.0 ............."c....:..z..{"<.vv.?..B~.......0\..f..KIZPm..........%........$....).l1.`.R..K.0.,.<4).0h{.........r.8...0.....(..R..y\|9.q.F......+M..t.W..4Je._.\.4R..H......Co.I5S....3Ua3al.(....Y.J....{....)4...........O77g..0\|[.T....W"'O.9...d....%i.....my.O..Ik..v..!+i....vu...)Z.d..L.W0...OkC....QL.K.s.....Jg@.....\|n..g).L.X..w.....A.:...W...>..1....@~"...2.R.6.Kr.=r."..f.a.He.......G...g....f...5......^.L..A........w.c5f....2.j:.Fe..../.`..r^K.G7.P......8.....Y^i..(..!.q..FN.h"p\."..p2a..@...7.d.O..m.Z..G..x.}..{5i3p.._.......j.l....6>..Z....o......g..B..oM...4.0UP.sv6.: ...5...QP..k.kl.i$u.k.J....s....7...w.$J~..;..._........L..a.G...5 >.wY........-.5..~5..S.2..sd.....P...8......^..u.O....u...........A..Y.x\..2).YK.\|.PMd..x~N.m..h.....GS)%.}..#hYV..-...)9E..hBy.o..;.....0gVj.*....e..7.#c5...m.....

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 29752, version 1.0
Category:	downloaded
Size (bytes):	29752
Entropy (8bit):	7.991445623989535
Encrypted:	true
SSDEEP:
MD5:	AB1FC8621287E4EA9319A3136812CF80
SHA1:	FB4ED2E52E2A8D7AC50A7618A0C2EA5507A24EF3
SHA-256:	7C00752CE82D6ABAED0B9766D35B906B16675FACDBE24115B410D1FAB975EFFA
SHA-512:	B1EE9B00D9C8305521662756E6E1589F955491E5887C94C0A49D8FD41D0038CD42F929A0AB12F5FD44FEEF4DE296A6A43A6CA90767DF886FFF89BFEDA70DFBD7
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2
Preview:	wOF2......t8..........s...............................2.`..V........#........5..,...(.6.$..T. ..^..X...[..q'dG.%..w.."@.}.oQ.n..QL.}.Z.7Fk...i..$....ON.c.....U.z.....l.Y...@A+....d.5/FG....f.S.....G.}.&......p5..l.PT..............!f...2.g.......E..I..HO.T..m....W.;k.....B.%.T..U_..l..:..k..2N.r.Q.!..m.,\2...!...Ek.$...fA."_.......Fv`.;.._..n..Z.;P..V.=.9.9....G...]..........xYY.le.....jV...bx....c.mT.& .&..b4........~..........U]...3..t#......T.......h......My......i..)...)Z..5s....'i.....q7.+Y.Z.g<.xCp...=;+.9P..~...).d..$....n).g.@...G..9..\|~......`...._..1..U....{..K.......WpRD.-. .W.(.............i.......L:........).m.0...y..&.0...J...K#.\|q...p...2..!.'.C.>..rQ......1.-S...\...?.V.....).I.3...%...6.....b5@.li".G... &R..J..Q3{a.......U....g....B.D7.r....a.6.z.%.G...R.t.o........V&...R...ya.R.-y....-..RW..s`..A.$}....$.O.tO... .r.{`..t.i?....?...yFK.#.W.2.\|."".J....W....xI$..H...=.Y.S..._..n.=.....T..Mx<.Z..gS.BW...e....(*...

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 21462
Category:	downloaded
Size (bytes):	4532
Entropy (8bit):	7.950386506173356
Encrypted:	false
SSDEEP:
MD5:	10949C0170E1BAE9DF6AFB5C724344C8
SHA1:	B2EF6B4DC70A263DF9A73B40B9915DE467C7B055
SHA-256:	BC7ED1905FCCAB141FFF50E76E172A3132FDDE7B2C5EFA404FCDBA3BE8CBBCFC
SHA-512:	1E5E212869B7EDBBF449BD8A7E702412B5B03A81F33497FED24A6F7E9C0BD7BEE8A6C60DC4CD830222BF36955E58251083D1E1E14AFFFF5C625942E08D93C7A3
Malicious:	false
Reputation:	unknown
URL:	http://drnavingupta.com/wp-content/plugins/wp-plugin-hostgator/vendor/newfold-labs/wp-module-patterns/assets/build/utilities.css?ver=0.1.8
Preview:	...........R.n.8.}...u5...Zr.$. A...s&...HK.P$..o.....e.S...S.D...^{.\|.."...$....8.F~.... n...M.1..q.\|@.Ng..GuFH[d..v.Q]1.]..`@..........71....8.o..g...p....v...Q~.'.Wzt.m...`..q..P..Q. ......./G._..J........H.=.....l..z,..(....5..:.R....h.....\..2....1..JL.dh..G..iIR....H..})d...G:.`.`....r+S.}.W.....&w..\Q...r..}.#+e..ME.u\|..u5.....)..7.P.I.....@k?..s...P#Hg.Y.zk..P....A..K..pCT...x..M._..D.unN1&..a.>6..c..D(L.=4.......?....I.1.].u\|6i]8.3...#}.m7#m...~...k=..`dn..<l..f.q....@...Cun..[.....v....!...)...!.fT..r@...)...........l.o......b4.zw..'..P.a..../.M.....w...a&A.......\..e0e..~....I..nn.t../.+,W6X..^..........5nZ..7_d....v.}.=.gQ...........m.....~s<]K.V.Z..;......z.....^W......C.{._k..._%.qZ.....P..^(T}..&...0\H.......tEg..i........S..(...(..M.`..".%R.(..tY..Hu.]....`.<_*2'J.E."%.....<.2. C..}.8...R(....C,...(69.....E...g.......l....g.....[.9..P.1x.Q..l~.!&ud.T..(<t.8U.......a.(.....4..........b....&_"..D.L.......r=..x:E..._n'..`O

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 1024x757, components 3
Category:	dropped
Size (bytes):	178315
Entropy (8bit):	7.975410271374429
Encrypted:	false
SSDEEP:
MD5:	DF8D00C54680F973C6D28E4303DE3CE6
SHA1:	9E44B7E7FACB7E53D6C4FE06AE84D9DD0181B840
SHA-256:	74F7D77502C084EB3D21B239FCCC7B8A0677A0B147BBAC7F56EF1A31278F9C45
SHA-512:	60EC86EF92374F5CE6EEE341C7DF4A63DC29B2F556255B6EE02EA4EA866FF77EE0197F89ACF8AC09D67A92B79BDCDEFDA0B7386206E3970020714460ACA2C378
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R..(...(...(...(...t...QE..QE..P9...(...(.=.4.Rg.......\.2u.t5-'..?9...Wa..8.ZH".3.-...O....A....F.}.-/.<.r@w....k4....-0.x...VBT.........vG_....^E.....Ja.z...7..Q..N.)nqR.%...[.9.......t.(.(...f.....v.5..s.=Mzn./...i..9...-..#}.H.....(O.v...%.H.&.J.v<.....g._.o..[.......N. c....+..->...x&..,.X.

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 18692
Category:	downloaded
Size (bytes):	5344
Entropy (8bit):	7.946240336288137
Encrypted:	false
SSDEEP:
MD5:	5B746D0CD5584B8C5F3681F52E1CC25C
SHA1:	A385A8BAB45776CC493297A099DF45DB9852C15E
SHA-256:	A99E7E9B42520FEAC7B6C1C16FCA81BDAA227CC891B4A76303709347AEE823E8
SHA-512:	2128BF409D5DF23E2576006DBE984A67CB33FD1507CA552043CFEB4EA7EA5BF4AF14CB99B8634B1C540BE30F8E6E519762A486748ACC495EADCB34EE809630BC
Malicious:	false
Reputation:	unknown
URL:	http://drnavingupta.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.3
Preview:	...........Rks.8..>.B.n)....IQ..8.....L.....ho.@.f."u....../......G .}........:.{".'.i..+(......?.....b0....Y..C=.T......2{...............$wF[C.n..5...%w).ab\7....<....f.l.y.l..........a...2-.n#.XN..=...L.7e...fr'.rv^r...f..;....I.$.9......1..d.O3a.Wa..!..i...2.ts../._.&.$:...].XA.{.K.u<...YZM..\Z.T..IG.Fjo..P4.eh....`.S...Y..[..i.X'......w..Zr......8Y....f..1..)e.....P3.....W.....<.X..%w+....Z....nA.^^YiB.uu.d..ZN..;QV..eE.%.lv.3...F...n:1^X2y.t..{a......i..!h^.^J}T4.1.WWL}..X.l.6r..m..-.!.}M._n._.r.......wN.D.Y....a.RGy9p.$a...R.4..d2..jY..._.....h6VE..r...h..JE.$.{.TBJ.-.3PKrX.UZ.U[y...qSj.c1R..).(...MR;..>UB......$..S.#. .)d...br&.y[_..L\..,.Fy#........Lz.P.Z,.l.ac.T...).Q.@uNk0.Y,....._.}..&.].M(.r..)..I...\...........U@.x....vP.&......u..~.y.V.8.erm.-0.!.S...Ro..a+.F...P.s..yk6v.gr{.U...!....Z.tuI$k..\.k.J...3.>+..k.<..6.....O3z.....UY...*....k......8....xXz..q..l.av..'...P....\.)9-l..V.Uc..I.7I...XR[r+..+[A..bq_..:q.

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x600, components 3
Category:	dropped
Size (bytes):	82572
Entropy (8bit):	7.920641818666158
Encrypted:	false
SSDEEP:
MD5:	10365421D7FE962D83EDD67D617D7BBF
SHA1:	53C27FB18F815823AD9E1B59F142F0F6DB61E3A7
SHA-256:	9EACB8411196AC8B05F00E2A33AC875C327BB85DFE475459E0B844D4BE264B19
SHA-512:	EBBD271FEC9D3A59DD1C7AED2E68554B9D5E1D8D4BF1BA22457832A69EDD90AEC2BB9117FDD660BE7C4E239C9D3E5D7C8C9A222456F00577367BEA9631CADBD7
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....H.H.....C.....................................%...#... , #&'))..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......X. .."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....I.;.{.$vi.h....&x..7..:.O.N..C....f....6.M...MN..LO.......j.....1@...x4?.j......L##.H...{Si.M..E.'..(N..C..g..u...Ii.ZO.kr.......G.......j....`t...l`.VV'..O.T".......H.L.?..x.$..k...iiYv..J..@O.H.i..M..........P..IE.....AQ..(.....}....m...j....V.....Q`.......`.[..5...Y..F.iW.MKL..K.(`C`wY.........T.C....M..[P.M...j..zR.."...EK5.5.....e...i".d.*I.c#.A.l1

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x533, components 3
Category:	downloaded
Size (bytes):	72441
Entropy (8bit):	7.980244006388063
Encrypted:	false
SSDEEP:
MD5:	356AD06F1B858E7455BCCF2381D1A56B
SHA1:	1989E313D18B47EDCB5212DA6A87ACE48E60B037
SHA-256:	76F77DB86EB7E9F865C9F9F1ADA99C790CF097252372F82E3B58227C385049A1
SHA-512:	64F5B84E7ABEA59E5301BDB7809011C028FA41FF4B6DD2B1FAEFEE85535FC5CC9F14B81864CBF5F322556CAAC85C6C4362DB5908D4B412E5E476490F216C48BA
Malicious:	false
Reputation:	unknown
URL:	https://web.archive.org/web/20160914002125im_/http://www.drnavingupta.com/wp-content/uploads/2009/11/dr-sanjay-gupta-and-dr-navin-gupta-with-see-official-at-aao-2009_800x533.jpg
Preview:	......JFIF.............C..............................................!........."$".$.......C......................................................................... .."..................................................................................[,E..(..]}v.b.(..qkM..T\.G`.p...=...GC.<.wk...z.......@.KMp/........../....U?.t..t..G.Z..k.%2.4...;..dJ1.I..1..'...C.ws2J...C.$zG-.._~.u...i.g.wC9Qcg.P....{..nW...r:/"....^q'[s3.!.f...qS$.)m...<.N.g.^X...#K[.o...r..h.4...&AV..<....t...=....^..^I.]...E(.D.d..I..@......A.;P.3.I.$.$.$.I..^6.Ws(.V...............).>...f....i.Y.Fx...+..O..o...{?.{.(._~fI...3.:V.,2......8..z./....;^....A.oq.W..../I&$.$.$..)8.lu.M0s.. .......E.\M..I I I I$$...... ....A$.E..l.i$.$.>h....ed..$..........}-.:7x..0..sY..eBV..R...W..&.....{.............q).$rY..Y..j.$.W.gl..m...G.z.{.\|....Gg..a...$.I I BA..+..F.1..D.U.P.1Q..&L.8$.$.$.$....d...7..7vXdN.tfh..q....... [bl$..X;x}.....Lt...../....q..=.{;g..;mTX..)..gW..t_...r...a..y]

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 685x392, components 3
Category:	dropped
Size (bytes):	40791
Entropy (8bit):	7.970909497632828
Encrypted:	false
SSDEEP:
MD5:	BA4A92305ACC86F6132BADCEDA71EAFC
SHA1:	B92FF73157B2AE344F56AA389DFB494981C70897
SHA-256:	C14331D8580F195BCDBD46367737A9A3F105F033A499805E0518AB21EEBC8DB6
SHA-512:	E984BBF629C9BF16AFCE50645AB4078CFE37D3011E6BCB512BF01629CCB72B73C44FF10F276E63A121413AE61577C14AD4BE26B47EC84A53193096F067957FF6
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....H.qw..r=.....^.?.'...?..^`<..T.`....'..~.".?Rk.J..)\|F..1A.W..F.(.4.R.E. .PA......-0......u.. ......sF....c#...7.?.#.......z.uQ+.N.......Vt"X..S.G.N.!.....Kq.......6H.y.N.{.N..+...iRu...*$\.x..U.r.(.....t.E.3u.du..}j..@..Z>....Q....-..H8.Y..oS.>..IGW.~4...0.....A..._.x...G...xw.I....g...._.Wp...t#.qS ....a\|En...3...<x..`....`c.l..........N....{U

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	C78FC4C73991971736F95F00B7C09E4F
SHA1:	2BFE006346297E446B58308E3F37169A4BC29046
SHA-256:	C70E533105E5FE64092A52295354E975F8D6DDF470DA3F7AE4A6D4F3FC915283
SHA-512:	5F85D1EA2C4DB38DF3A6FC5414C03EDA186CF86A84F9D0E4C37053791060936B486A0493B54010319FCBA943ED4E95F58045C3EDD135952E69CED9EE87BD21F0
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAnB2F6LjOAGeRIFDbtXVmo=?alt=proto
Preview:	CgkKBw27V1ZqGgA=

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 772x591, components 3
Category:	downloaded
Size (bytes):	81850
Entropy (8bit):	7.972939050926088
Encrypted:	false
SSDEEP:
MD5:	C9FB245C38E2C579635E6C749F5396DD
SHA1:	90239DBB2B6AD0A05A2ADC557D079D6EA79466ED
SHA-256:	55AACA51CC94C313DE4152EB54F892371C8DCB6812223DD958B099CCBB4B67B4
SHA-512:	1ED0A3C7B5C1366BF838B7FFEED36FCC92DC7019A1FD412254752B21DE098A6316312106D82030631BA8F13FAEB466F44076C5EB20B8482A0A04301F19AB5BD2
Malicious:	false
Reputation:	unknown
URL:	https://web.archive.org/web/20170112060054im_/http://www.drnavingupta.com/wp-content/uploads/2009/02/clinic25.jpg
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......O...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...._..m.w.z..j.....?.Py.r.WW7..F.S..u..T...k..Hn..H.&..5...G.G.y...3.+.........E..obKD.r1....%+.1KIKM.QE.@.W..:O.....,.e.bYKD..l.....7.>...6.1i..<.......~j.j.I.'..s.jzJ..~)zv.k.+3T....I....w..*...A?.T.]X..k.F\|.....y..d.j...hFp1.......g....m.4..O..p.\@z.o.wA.C....Bv<.v.g.VB..c....x..M...}.....0f.%z....M.....X..L8.~.u..RH..Q...1..1..".C=....2.G...<...

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 110147
Category:	downloaded
Size (bytes):	20707
Entropy (8bit):	7.978057412127138
Encrypted:	false
SSDEEP:
MD5:	293009C8850F87CC6663F06E92DB8DC8
SHA1:	AB16AE8B2217F2B0A469ED15138E9AC3BB076D8E
SHA-256:	54084E189F75B97DFF3050B5EA81F875426DB63A2ABB25465E35577B34438891
SHA-512:	BA439168F41D5039AB916B7A96CD8E18C3CA9A9780554280DBA8A4924F06BE18C063A7B9E7F34E940B357F00AE28A7AA5E38D2C7EF1FDBBF5A07AB7B24F2371C
Malicious:	false
Reputation:	unknown
URL:	http://drnavingupta.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3
Preview:	.............8.-..>.:..kg...3....40O0..A!...-iWP..I.#...5.....o.a;.]}.nd.,.{...Z.G.3m.._.....$._..$.P.+a:.q.......2....4q'o...kUr5..`1...).[P_.Y?e..Z....f.......A.E.>._:b.3....k.sK..mO6.+..}.H1KXiQ.`:C.U..C.u'V.t...^s;.p%3.6.waX..}..7..q.P....Z.T.(MK..>.Rg.^R........5.W.980.d...tc.f.?x...4..;.u..f.+C..?...>g.RT.Q.8o.H.H....'(....r>...xtww.:k%..(...<...?.]...}..gp..]P.n/.{....Q..I.2...h......X.I.q.TI.$..!....\|...#....wo.p..`....@.1.k.Xy.....~.==.?0.!.....8.C3...}:u...:..T.....a...b..LA[t$..w%.A.Wc.....e..Z`.G.4..}.....:V..&.q....'IE.j.M..E.....I.7#8.."...`o.^..-R.N.y`.@...s...=>>A..GwwwP\.Je....banI..........&.. .?..+.Y.iUI~...h...].Z.)Y.>..e.!...Cg9h.&.!.$.f.mNQ.E&.D..o..{.eU..\.7G..\.O.M...YnwG.....+WQ.N.N.7F@...?.......A...wF\|..;S>..!.;mFh.....:.0'.5$....7U!....{K.3.r9.^.Lg(.]i....]s4.`.. ..wQ....PI.. -..2.SG.!.w.......e.......I...s!d.@..k...:..\|@.Y~@8..l...hJ..L....=.[.=.~z'...%..DT;8...;*..o.u.e7.v.mmS0.a.EYeU..........8.o

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 42220
Category:	downloaded
Size (bytes):	13471
Entropy (8bit):	7.973943229476792
Encrypted:	false
SSDEEP:
MD5:	A846D21C21651945F2DCBA2F52E12447
SHA1:	48EB321F448CD7F7C4A3072C2092326B02ACFD17
SHA-256:	E2769E43FCFA6AC0FBDEAAAF1D34FEF97F9E42292107333E568A7A7B336FE132
SHA-512:	D72EF28A147CEDBFF44386DA79669AD24A72E6DF08E3ADB5A619D88A4401895C5FF8F37561D6956349731189D4A34CCF35F3E10192A9C199D357C2AC580ECB49
Malicious:	false
Reputation:	unknown
URL:	http://drnavingupta.com/wp-content/themes/iconic-one/style.css?ver=2.4
Preview:	.............r..-..T.w@F.{l}"E./IT97..s>...;9.N.\...$.....j....k.'......fkf.\|......k.....8.{......2.m.$/._%...\|.mFjk[...Z,...P.-....p{q.......{.1TN..8...B..r%..7..VC....Q..X.f.mMZ.....K(,..VU....P...i.3H0../..D>..`=.. <.Bi .$......4.....$.p$.......d.:M..b.B.A4.O..U=..E[jy.z.o...Cpo....:...%.}...x6..-H.......~(.B...M.".l.:qz..$....s.[..P..t.P..^.uC..x.%9-..:.U(...j..../....8....).0~....+j.+.hC...w...n..r......Y.....dyC....`.4C..(..e'.....4`...G....`.WB(.dH..#..\|..!.Fq@..m...R...Z..$....]w.<.v.p{C....t..Tb`.\..L.................6...^....K....)..E\|7...?...e<.......H.........(.FW......#.3..9........f...z.W....nExon.VD.8.k..dJ+...cr..B....yC.Z..1^.cn#......r..-.g..!D....:...-.Z....V....\G........c)......(..a5...;........N.E..p...x.D.28..u.X...l.Dw......Y.b.TC9...gv..\._..EY4.[_#......3...`....6...2..h........5...,&.....O...`}.!0D..)....KL.eD..Q...w.P....01..0...K.V...6.C.c...=c........PSSS.D~@....}.........o.~i...;..(5...q.o..~

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x674, components 3
Category:	downloaded
Size (bytes):	96989
Entropy (8bit):	7.983846933528986
Encrypted:	false
SSDEEP:
MD5:	1A32F546B01E563C54ADFEB83023BDC1
SHA1:	7614CF122AF1B2BECADBFE7C0A055488F93D1E88
SHA-256:	31C9188537C927D7F8B9CC4A4625CF7285937B2F7D33DB6152116E80A2FD162B
SHA-512:	56BABA5A64ECA62E41E2CD82F156E500ACACE11A312C9B20AB102F628F3C33EA7170AB6F50C1CDEFF4FBEF1C8C533B6FDD83AE81F1E408E6126B73C7B36E08F8
Malicious:	false
Reputation:	unknown
URL:	http://drnavingupta.com/wp-content/uploads/2017/05/Hematology-Doctors-in-Dubai-1.jpg
Preview:	......JFIF.....H.H.....C..............................................!........."$".$.......C............................................................................"................................................................................@ ...b...\|.C..q..$.t.$.$.$....H.;13.,.i3."..;<.I.$.....t..c.r...(...$.)....@.@......9... L..&.c.xns...........K..BJ....f$.2t...3.f$(.FdA3.X-3T......L6"....:..eJY..Y..GF..hT....#iD"..PEf&.Ar...[...S.!......'5`.L....................ozjS..TE.......3..@...hZ.f.5#F.2....U....i.P.6I.....S+\64q5&.G..fA....GPc..e.D....H%x\'(.&x.R q..4.....W....f......ZcYJ2........!B$(...B.. L....#.1U.n..l.H....c..`b.i.^.._zd..qU.t.bA.<S....m.c(..s..Z...]..eMJN(".m.zj.!l.6.b.&)....5.L...y..V..;b.x..V..0...{%.$.fF.8h5M.-h,.....!...Z#.....4..V..I.V.C."..\|..K...Q.`!.I.F.0..$l)....&...al..ZU.,.T.F.Qb.T\.b.e....c6..T...0Yj...g..]....aWAa.Aa@.u..e..H.00....v.<:...D.R1.z.=..5Z..b4.qX.g;h.;.!..z..?_........2.....t..F....jH.4wN.1...R.v.gL

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://drnavingupta.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 117

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 96

Chrome Cache Entry: 97

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
http://drnavingupta.com