Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://tronfwo8b.z13.web.core.windows.net/

Overview

General Information

Sample URL:https://tronfwo8b.z13.web.core.windows.net/
Analysis ID:1428990
Infos:

Detection

TechSupportScam
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected TechSupportScam
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 1520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2492,i,18068313473258052288,12623990746879654558,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 7092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tronfwo8b.z13.web.core.windows.net/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_90JoeSecurity_TechSupportScamYara detected TechSupportScamJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    0.2.pages.csvJoeSecurity_TechSupportScamYara detected TechSupportScamJoe Security
      0.0.pages.csvJoeSecurity_TechSupportScamYara detected TechSupportScamJoe Security
        0.3.pages.csvJoeSecurity_TechSupportScamYara detected TechSupportScamJoe Security
          0.1.pages.csvJoeSecurity_TechSupportScamYara detected TechSupportScamJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: https://tronfwo8b.z13.web.core.windows.net/SlashNext: detection malicious, Label: Scareware type: Phishing & Social Engineering

            Phishing

            barindex
            Yara detected TechSupportScam
            Source: Yara matchFile source: 0.2.pages.csv, type: HTML
            Source: Yara matchFile source: 0.0.pages.csv, type: HTML
            Source: Yara matchFile source: 0.3.pages.csv, type: HTML
            Source: Yara matchFile source: 0.1.pages.csv, type: HTML
            Source: Yara matchFile source: dropped/chromecache_90, type: DROPPED
            Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49764 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 23.216.69.213:443 -> 192.168.2.5:49735 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 23.216.69.213:443 -> 192.168.2.5:49739 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49764 version: TLS 1.0
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.216.69.213
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /?lang=en HTTP/1.1Host: ipwho.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://tronfwo8b.z13.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://tronfwo8b.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /get/script.js?referrer=https://tronfwo8b.z13.web.core.windows.net/ HTTP/1.1Host: userstatics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tronfwo8b.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
            Source: global trafficHTTP traffic detected: GET /?lang=en HTTP/1.1Host: ipwho.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: chromecache_92.2.drString found in binary or memory: Math.round(p);v["gtm.videoCurrentTime"]=Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},Ij:function(){e=zb()},pd:function(){d()}}};var dc=ia(["data-gtm-yt-inspected-"]),xC=["www.youtube.com","www.youtube-nocookie.com"],yC,zC=!1; equals www.youtube.com (Youtube)
            Source: chromecache_92.2.drString found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var h=jA(a,c,e);M(121);if("https://www.facebook.com/tr/"===h["gtm.elementUrl"])return M(122),!0;if(d&&f){for(var m=Jb(b,g.length),n=0;n<g.length;++n)g[n](h,m);return m.done}for(var p=0;p<g.length;++p)g[p](h,function(){});return!0},mA=function(){var a=[],b=function(c){return pb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
            Source: chromecache_92.2.drString found in binary or memory: e||f||g.length||h.length))return;var n={Tg:d,Rg:e,Sg:f,Dh:g,Eh:h,xe:m,zb:b},p=D.YT,q=function(){FC(n)};if(p)return p.ready&&p.ready(q),b;var r=D.onYouTubeIframeAPIReady;D.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(IC(w,"iframe_api")||IC(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!zC&&GC(x[A],n.xe))return Ic("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
            Source: chromecache_92.2.drString found in binary or memory: var KB=function(a,b,c,d,e){var f=Kz("fsl",c?"nv.mwt":"mwt",0),g;g=c?Kz("fsl","nv.ids",[]):Kz("fsl","ids",[]);if(!g.length)return!0;var h=Gz(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);M(121);if("https://www.facebook.com/tr/"===m)return M(122),!0;h["gtm.elementUrl"]=m;h["gtm.formCanceled"]=c;null!=a.getAttribute("name")&&(h["gtm.interactedFormName"]=a.getAttribute("name"));e&&(h["gtm.formSubmitElement"]=e,h["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!vy(h,wy(b, equals www.facebook.com (Facebook)
            Source: unknownDNS traffic detected: queries for: ipwho.is
            Source: unknownHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1713566518084&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
            Source: chromecache_100.2.drString found in binary or memory: http://jquery.com/
            Source: chromecache_100.2.drString found in binary or memory: http://jquery.org/license
            Source: chromecache_100.2.drString found in binary or memory: http://sizzlejs.com/
            Source: chromecache_92.2.drString found in binary or memory: https://adservice.google.com/pagead/regclk
            Source: chromecache_92.2.drString found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
            Source: chromecache_92.2.drString found in binary or memory: https://cct.google/taggy/agent.js
            Source: chromecache_77.2.drString found in binary or memory: https://ezgif.com/optimize
            Source: chromecache_90.2.drString found in binary or memory: https://ipwho.is/?lang=en
            Source: chromecache_92.2.drString found in binary or memory: https://pagead2.googlesyndication.com
            Source: chromecache_92.2.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
            Source: chromecache_92.2.drString found in binary or memory: https://stats.g.doubleclick.net/g/collect
            Source: chromecache_92.2.drString found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
            Source: chromecache_92.2.drString found in binary or memory: https://td.doubleclick.net
            Source: chromecache_92.2.drString found in binary or memory: https://www.google.com
            Source: chromecache_92.2.drString found in binary or memory: https://www.googleadservices.com
            Source: chromecache_92.2.drString found in binary or memory: https://www.googletagmanager.com
            Source: chromecache_90.2.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-8SZJPQT3Z4
            Source: chromecache_92.2.drString found in binary or memory: https://www.merchant-center-analytics.goog
            Source: chromecache_92.2.drString found in binary or memory: https://www.youtube.com/iframe_api
            Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownHTTPS traffic detected: 23.216.69.213:443 -> 192.168.2.5:49735 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 23.216.69.213:443 -> 192.168.2.5:49739 version: TLS 1.2

            Spam, unwanted Advertisements and Ransom Demands

            barindex
            Yara detected TechSupportScam
            Source: Yara matchFile source: 0.2.pages.csv, type: HTML
            Source: Yara matchFile source: 0.0.pages.csv, type: HTML
            Source: Yara matchFile source: 0.3.pages.csv, type: HTML
            Source: Yara matchFile source: 0.1.pages.csv, type: HTML
            Source: Yara matchFile source: dropped/chromecache_90, type: DROPPED
            Source: classification engineClassification label: mal56.phis.win@16/68@8/5
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2492,i,18068313473258052288,12623990746879654558,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tronfwo8b.z13.web.core.windows.net/"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2492,i,18068313473258052288,12623990746879654558,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            Registry Run Keys / Startup Folder            		1
            Process Injection            		1
            Masquerading            		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Registry Run Keys / Startup Folder            		1
            Process Injection            		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
            Ingress Tool Transfer            		Traffic DuplicationData Destruction

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            https://tronfwo8b.z13.web.core.windows.net/100%SlashNextScareware type: Phishing & Social Engineering

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://ipwho.is/?lang=en0%URL Reputationsafe
            https://www.merchant-center-analytics.goog0%URL Reputationsafe
            https://cct.google/taggy/agent.js0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            ipwho.is
            		15.204.213.5
            		truefalse
              		unknown
              userstatics.com
              		104.21.53.38
              		truefalse
                		unknown
                www.google.com
                		74.125.136.105
                		truefalse
                  		high
                  fp2e7a.wpc.phicdn.net
                  		192.229.211.108
                  		truefalse
                    		unknown
                    windowsupdatebg.s.llnwi.net
                    		69.164.42.0
                    		truefalse
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://ipwho.is/?lang=enfalse
                      • URL Reputation: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://www.google.comchromecache_92.2.drfalse
                        		high
                        https://www.youtube.com/iframe_apichromecache_92.2.drfalse
                          		high
                          https://stats.g.doubleclick.net/g/collectchromecache_92.2.drfalse
                            		high
                            http://jquery.org/licensechromecache_100.2.drfalse
                              		high
                              https://td.doubleclick.netchromecache_92.2.drfalse
                                		high
                                http://sizzlejs.com/chromecache_100.2.drfalse
                                  		high
                                  https://www.merchant-center-analytics.googchromecache_92.2.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://stats.g.doubleclick.net/g/collect?v=2&chromecache_92.2.drfalse
                                    		high
                                    https://adservice.google.com/pagead/regclkchromecache_92.2.drfalse
                                      		high
                                      https://cct.google/taggy/agent.jschromecache_92.2.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://ezgif.com/optimizechromecache_77.2.drfalse
                                        		high
                                        http://jquery.com/chromecache_100.2.drfalse
                                          		high

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          74.125.136.105
                                          		www.google.comUnited States
                                          		15169GOOGLEUSfalse
                                          15.204.213.5
                                          		ipwho.isUnited States
                                          		71HP-INTERNET-ASUSfalse
                                          239.255.255.250
                                          		unknownReserved
                                          		unknownunknownfalse
                                          104.21.53.38
                                          		userstatics.comUnited States
                                          		13335CLOUDFLARENETUSfalse

                                          Private

                                          IP
                                          192.168.2.5

                                          General Information

                                          Joe Sandbox version:40.0.0 Tourmaline
                                          Analysis ID:1428990
                                          Start date and time:2024-04-20 00:41:24 +02:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 3m 15s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:browseurl.jbs
                                          Sample URL:https://tronfwo8b.z13.web.core.windows.net/
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:7
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal56.phis.win@16/68@8/5
                                          EGA Information:Failed
                                          HCA Information:
                                          • Successful, ratio: 100%
                                          • Number of executed functions: 0
                                          • Number of non-executed functions: 0

                                          Warnings

                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                          • Excluded IPs from analysis (whitelisted): 142.250.9.94, 64.233.176.84, 64.233.176.100, 64.233.176.102, 64.233.176.113, 64.233.176.138, 64.233.176.139, 64.233.176.101, 34.104.35.123, 52.239.221.33, 64.233.177.97, 13.85.23.86, 69.164.42.0, 192.229.211.108, 20.242.39.171, 74.125.136.94, 72.21.81.240
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                          • VT rate limit hit for: https://tronfwo8b.z13.web.core.windows.net/

                                          Simulations

                                          Behavior and APIs

                                          No simulations

                                          Joe Sandbox View / Context

                                          IPs

                                          No context

                                          Domains

                                          No context

                                          ASNs

                                          No context

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 21:42:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2677
                                          Entropy (8bit):3.9820202261384487
                                          Encrypted:false
                                          SSDEEP:48:8Nd0T4KjBHHDidAKZdA19ehwiZUklqehyy+3:80Tjzdy
                                          MD5:8047B84BC17EF29ED09EBF7FA04CB2D5
                                          SHA1:2375A572071469A70486F770416BB4701FA69F7D
                                          SHA-256:01D61F25628F4A26AA0E86F3D593EA8427EC9003116CC446F0BB719D4A373A3B
                                          SHA-512:BF9751B22A62FE6555E9821D7D1BF696680231AECF64C908C1700D17D44F0D40F65ED80669F99677033589C020098975A162B0571332E017D1277A0C928D830D
                                          Malicious:false
                                          Reputation:low
                                          Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XE.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XE.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XE.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XE............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XH............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 21:42:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2679
                                          Entropy (8bit):3.995718349685875
                                          Encrypted:false
                                          SSDEEP:48:82d0T4KjBHHDidAKZdA1weh/iZUkAQkqehNy+2:8tTjB9Qoy
                                          MD5:237721A7DD95A2609FEE1254E755A242
                                          SHA1:1B5BD361A03CF7EEE83A98B721059CD4D9110359
                                          SHA-256:CD241F592B699EEEDBDD2528FA6DD6D18AC514E67612D2D5E2F66D0E0F79B3C1
                                          SHA-512:2D37C03119980EEA1CA00A076F8214B39AA4ED8CFF8DD347334C0E6EFB7DBBF529FDFC739A89007514656AC0A44A063FCBE2E73EE3DED1F50B7E9A40FDB284FA
                                          Malicious:false
                                          Reputation:low
                                          Preview:L..................F.@.. ...$+.,....M......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XE.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XE.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XE.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XE............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XH............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2693
                                          Entropy (8bit):4.006183912271123
                                          Encrypted:false
                                          SSDEEP:48:8xhd0T4KjsHHDidAKZdA14tseh7sFiZUkmgqeh7sDy+BX:8xoTjWn5y
                                          MD5:E2660BC2318C1BB84DAE9568593AD29F
                                          SHA1:6D3D264138BF8C46ACFF4128CB53B84E3AD897C1
                                          SHA-256:ED7C0C62F9592A709316E6D18306CE2A458FF501AD314665A955B825591D6F26
                                          SHA-512:E6F77FF46CB0914417B0873F0E6B0D188DF62AF779210F7753F88873C7C4D1059C26492CA57972CF1A0C36B78DE4CF1B6B8E1198A9ACBA1E067B68BFE944F596
                                          Malicious:false
                                          Reputation:low
                                          Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XE.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XE.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XE.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XE............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 21:42:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2681
                                          Entropy (8bit):3.992204687429037
                                          Encrypted:false
                                          SSDEEP:48:8Hvd0T4KjBHHDidAKZdA1vehDiZUkwqehBy+R:8H6TjiLy
                                          MD5:3602944D04A8075CE27735B448AAE149
                                          SHA1:4D515FA3FD52006F761A8C68FE6E1EC2CB992C19
                                          SHA-256:9864CFD5C3B2CD265BE2FAF86B5FF069F54EC27226571FAF6B99271D206E0B55
                                          SHA-512:570C5FB9778679EBAC70C5BD238AEF55C418CA5C22FC04CFFDC2DD10E8F7F7A3409B05FEA1535A4CF2C9CD21F2E10805A6D404666565B8AC576DE55A1F82EF31
                                          Malicious:false
                                          Reputation:low
                                          Preview:L..................F.@.. ...$+.,....o......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XE.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XE.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XE.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XE............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XH............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 21:42:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2681
                                          Entropy (8bit):3.9835448531135444
                                          Encrypted:false
                                          SSDEEP:48:8Ad0T4KjBHHDidAKZdA1hehBiZUk1W1qeh/y+C:8jTjS9fy
                                          MD5:424AD9F4FCA822067AD5CD7563E645C9
                                          SHA1:D0CD02EE5C286FDC1D5A2FDE69519B766115B28A
                                          SHA-256:CBFD2931A29761E7DCC366700BCCFFA4721BD69C2537B3A6A0C35ADCB27F53DB
                                          SHA-512:A7BD49CE432666C071C70D362E0EAEF6C5692B9C1A4398409ABA85DB6B88C6569961A9F008117B934473A9023E23688036A73655E0B9D665E1543574827A1163
                                          Malicious:false
                                          Reputation:low
                                          Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XE.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XE.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XE.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XE............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XH............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 21:42:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2683
                                          Entropy (8bit):3.9938115541648136
                                          Encrypted:false
                                          SSDEEP:48:8Xd0T4KjBHHDidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb5y+yT+:8CTjMT/TbxWOvTb5y7T
                                          MD5:0C17FA29E21D9BECC27A3EAC761D893B
                                          SHA1:1595A5550F5A2644339DCF28E83013DE62EF24C8
                                          SHA-256:97B29AA7F92CB35F9361C352FFFAB2D6A2DC08FAF71AC76ED497A85996042FCA
                                          SHA-512:3491DC3B0DC809CAC8FCEB26EA3B87A785BF6478362C61FE8B9155DD9830B4FB3AED5C7A2E864A80BF182E9CAD585C3608AC7EC9BAD53D6F8493D99D0E21955E
                                          Malicious:false
                                          Reputation:low
                                          Preview:L..................F.@.. ...$+.,....uL.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XE.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XE.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XE.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XE............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XH............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          Chrome Cache Entry: 100

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (820)
                                          Category:downloaded
                                          Size (bytes):79064
                                          Entropy (8bit):5.3886285065472075
                                          Encrypted:false
                                          SSDEEP:1536:oqD4uWibfmaWWfiw7uOm9LofuENlx9TV6p+T3VopklvQDPj10XQjdA4+9T:opzYf/c9E5vQD6X2dA4+9T
                                          MD5:2130B7ED48A1006F774734218D916DEE
                                          SHA1:86D0AAF4ECB3EAD31C3C2739853C089D8D1DC619
                                          SHA-256:D8AF41D20B1AF69B8C2A8E0776D181A8224F17D314FC2479C8A389A9E79D0542
                                          SHA-512:6F86E053FD15052FB86228F94B06EDF586BBA0EA68C11D2F8B688A37C2379683DC7D83A6B77D81381703B5E12B28967DFD21A243AA41DBB313682D7ADBA22C93
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/js/jquery-1.4.4.min.js
                                          Preview:/*!. * jQuery JavaScript Library v1.4.4. * http://jquery.com/. *. * Copyright 2010, John Resig. * Dual licensed under the MIT or GPL Version 2 licenses.. * http://jquery.org/license. *. * Includes Sizzle.js. * http://sizzlejs.com/. * Copyright 2010, The Dojo Foundation. * Released under the MIT, BSD, and GPL Licenses.. *. * Date: Thu Nov 11 19:04:53 2010 -0500. */.(function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof h==="function")h=.h.events;if(!(a.liveFired===this||!h||!h.live||a.button&&a.type==="click")){if(a.namespace)A=RegExp("(^|\\.)"+a.namespace.s

                                          Chrome Cache Entry: 101

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 31 x 30, 4-bit colormap, non-interlaced
                                          Category:dropped
                                          Size (bytes):168
                                          Entropy (8bit):5.414614498746933
                                          Encrypted:false
                                          SSDEEP:3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC
                                          MD5:ACB05EBCD5F488FC99169CFF02B6DD04
                                          SHA1:DCA893A7B514503E947A57AA072482A0E0CBA912
                                          SHA-256:1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115
                                          SHA-512:13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E
                                          Malicious:false
                                          Reputation:low
                                          Preview:.PNG........IHDR.............&......sRGB...,.....pHYs.................PLTE.P!............]2.....tRNS......../...!IDATx.c`..A%..`........1...@......"@M........IEND.B`.

                                          Chrome Cache Entry: 102

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text, with very long lines (321), with no line terminators
                                          Category:downloaded
                                          Size (bytes):321
                                          Entropy (8bit):5.065810914187022
                                          Encrypted:false
                                          SSDEEP:6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOHWIoBBR2p02ZRXWVK5E:hax0rKRHkhzRH/Un2i2GprK5YWOeoWj
                                          MD5:5BA3A6C1A79BAE728867F6CA1FB021E5
                                          SHA1:6C6ED43453954BDFF9B011A815E558FBBE305DF2
                                          SHA-256:1DFA800DC887F24F76112911891CD8CB5E129E9D715F711F23AA4139C0D37A7A
                                          SHA-512:F009EF327BA654DC7A541191B1E7A882B0528D767085381FDFD3BAA16959552BCAAA9F1512341ECE7AC6777D5D661960ACBAE26752CED32530BD64223F66ADE7
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/ai2.mp3
                                          Preview:<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 772dbed8-901e-00f1-05aa-92079b000000</li><li>TimeStamp : 2024-04-19T22:42:18.8530141Z</li></ul></p></body></html>

                                          Chrome Cache Entry: 103

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 166 x 92, 4-bit colormap, non-interlaced
                                          Category:dropped
                                          Size (bytes):1270
                                          Entropy (8bit):6.670080953747829
                                          Encrypted:false
                                          SSDEEP:24:Y70L1hSWwjx82lY2T3wQV/duYWXN6yJ3VmhW9/G4LF3+F5daOZt2gwF:YoBNn2cQNyXHJ3L9TFuFaW2go
                                          MD5:05CDF1A2C2FC8F07BEA0A8F4F9356637
                                          SHA1:B7BBD626D1D6C832509E820CAE1D971B34F625E6
                                          SHA-256:AFE332157F4EFE355F3181284E99F4331C4D19703ED1678B5316D2933F95E98E
                                          SHA-512:D8F168BBEE250FAC06382AA8FA52B6AD72AF44C760E474BC0F3E6DA94BA1677F90B543EC582A345BD8DEC45BD1705A81DEE797E718D028E47FCFF9044D4200E6
                                          Malicious:false
                                          Reputation:low
                                          Preview:.PNG........IHDR.......\........;....gAMA......a.....sRGB........#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:F17B94CFCABF11EBBAB7FB721269615E" xmpMM:DocumentID="xmp.did:F17B94D0CABF11EBBAB7FB721269615E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F17B94CDCABF11EBBAB7FB721269615E" stRef:documentID="xmp.did:F17B94CECABF11EBBAB7FB721269615E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..F.....tEXtSoftware.Adobe ImageReadyq.e<....PLTELiq..............nz....}&[}....tRNS.z.r.N.....IDATX.....@.E..o1.B........b..

                                          Chrome Cache Entry: 104

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
                                          Category:downloaded
                                          Size (bytes):462770
                                          Entropy (8bit):7.96289736720607
                                          Encrypted:false
                                          SSDEEP:12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
                                          MD5:AB996ED3B126F2B5F0C1F214B96AFE7A
                                          SHA1:77223F12976D20E06058FE40040E261BD5688F39
                                          SHA-256:4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
                                          SHA-512:821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/images/bg.png
                                          Preview:.PNG........IHDR.............*.Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...|..P...O....l?.T...<........[A.L....xG.O&..|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....*P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

                                          Chrome Cache Entry: 105

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:JSON data
                                          Category:downloaded
                                          Size (bytes):720
                                          Entropy (8bit):5.094620624197471
                                          Encrypted:false
                                          SSDEEP:12:YS4YhZImV+xaNmd6wpHb2WJHXmjCM2L+sHi3y2ARQDosJDNCFaq/Pe5sj+VkolY:YL0RNMhHbVJ3mjP2SC21RCFrnjaVlY
                                          MD5:4251CA875083CCC249E5C060335C3097
                                          SHA1:35937716E34AC744667C2FB73A27F5B35DBAB12B
                                          SHA-256:7D62D838C660A9E782AF0B3576BD1DB9132AC114653A03BB92F014B3D48AB8D7
                                          SHA-512:8266201464CFD082F082FD784EF074BCA125471BF75EE90C2424441A1E81E33EE4DEE3162B01B5AE552A3489B5E75A5D183DFB6922E5B85F7375C1FBAEDE3AA7
                                          Malicious:false
                                          Reputation:low
                                          URL:https://ipwho.is/?lang=en
                                          Preview:{"ip":"81.181.57.52","success":true,"type":"IPv4","continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"Georgia","region_code":"GA","city":"Atlanta","latitude":33.7489954,"longitude":-84.3879824,"is_eu":false,"postal":"30303","calling_code":"1","capital":"Washington D.C.","borders":"CA,MX","flag":{"img":"https:\/\/cdn.ipwhois.io\/flags\/us.svg","emoji":"\ud83c\uddfa\ud83c\uddf8","emoji_unicode":"U+1F1FA U+1F1F8"},"connection":{"asn":212238,"org":"Binbox Global Services SRL","isp":"Datacamp Limited","domain":"cogentco.com"},"timezone":{"id":"America\/New_York","abbr":"EDT","is_dst":true,"offset":-14400,"utc":"-04:00","current_time":"2024-04-19T18:42:16-04:00"}}

                                          Chrome Cache Entry: 106

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1026
                                          Entropy (8bit):4.680409963583357
                                          Encrypted:false
                                          SSDEEP:24:7XNLWAtaN83Jfmtr2erK2fvrQbqUbFdJisxYx6qwOBkA:7XNW2aKPSK2fvrdYbJisCMqwOJ
                                          MD5:CDE037A43B5901CF1C5F8DF2B688F36F
                                          SHA1:A68408CFBB0B083BF0F466D14C28EA6678380FEC
                                          SHA-256:E0A585D1B34D98010B1FD354592319D8CF196E5110A6F7003A79C7B4E9ECC738
                                          SHA-512:63EF63284F55B9D56EA06EEC1DDF518A44A636DF811B8A1AFD54AFA04FB40BF28498A6C459FF92967108F9B01A2BFE79FC7662F923B126F8C782203F10603D5D
                                          Malicious:false
                                          Reputation:low
                                          Preview:{. "About Us": "https:\/\/ipwhois.io",. "ip": "81.181.57.52",. "success": true,. "type": "IPv4",. "continent": "North America",. "continent_code": "NA",. "country": "United States",. "country_code": "US",. "region": "Georgia",. "region_code": "GA",. "city": "Atlanta",. "latitude": 33.7489954,. "longitude": -84.3879824,. "is_eu": false,. "postal": "30303",. "calling_code": "1",. "capital": "Washington D.C.",. "borders": "CA,MX",. "flag": {. "img": "https:\/\/cdn.ipwhois.io\/flags\/us.svg",. "emoji": "\ud83c\uddfa\ud83c\uddf8",. "emoji_unicode": "U+1F1FA U+1F1F8". },. "connection": {. "asn": 212238,. "org": "Binbox Global Services SRL",. "isp": "Datacamp Limited",. "domain": "cogentco.com". },. "timezone": {. "id": "America\/New_York",. "abbr": "EDT",. "is_dst": true,. "offset": -14400,. "utc": "-04:00",. "current_time": "2024-04-

                                          Chrome Cache Entry: 107

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 520 x 520, 8-bit colormap, non-interlaced
                                          Category:downloaded
                                          Size (bytes):2681
                                          Entropy (8bit):7.104642717027869
                                          Encrypted:false
                                          SSDEEP:48:YCCiUUMR6p8vP/DjQ2aMGRXRXRXRXRXRXRXRXRXyBQ1FIyDCiiiiiiinrzMxAJl:LVUBvQfMGZZZZZZZZZLFISrQx2l
                                          MD5:B01A30D354BFCF51EDF33E0B0EA07402
                                          SHA1:C421359518D1AE258237BF501C563B7F059F8B9B
                                          SHA-256:B67A7C07A045D7CB0F2E216A557AEC0D99405E17C36D1A6B1FF3E2733AA35348
                                          SHA-512:D5424C1A03F03B72A5EE1F6F1962F07BDF9EFCEAA71299965F1EA28CD2E52AD899C1D8AE327754D5B39B355904EF7C9F26E724EA29C30B76074F87443416B3DA
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/images/cs.png
                                          Preview:.PNG........IHDR.............<".Q...]PLTE.....................................................................................................tRNS..e.zQ..H^3.o....(.......7...en....IDATx.....@.D.V@...f...?.4A3..u.......c..i..*.M.c.uM...:~...........G..V....C...G.!.N.o....+J$8.\.....6..^...N.t(#..Uvp../.m ....b...q.H.jtp..b.Hpj.At.....r.]>.....}..".l.t..c.>"..i.qY..%$.4..........8X4i.B.Cs..)!.(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`...H0..$X..$....$.}......@.......A..^.............Z.......V..M.......L....L....L..&.L........L.....u...........`...L87..g.<0...&......f=0.i.L.m...~....o3...i.....}`...Lx.......L........................................................................................0..@..........M..L..L..L..L..L..L..L..L..L..L..L..L...1......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<.....

                                          Chrome Cache Entry: 108

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 166 x 92, 4-bit colormap, non-interlaced
                                          Category:downloaded
                                          Size (bytes):1270
                                          Entropy (8bit):6.670080953747829
                                          Encrypted:false
                                          SSDEEP:24:Y70L1hSWwjx82lY2T3wQV/duYWXN6yJ3VmhW9/G4LF3+F5daOZt2gwF:YoBNn2cQNyXHJ3L9TFuFaW2go
                                          MD5:05CDF1A2C2FC8F07BEA0A8F4F9356637
                                          SHA1:B7BBD626D1D6C832509E820CAE1D971B34F625E6
                                          SHA-256:AFE332157F4EFE355F3181284E99F4331C4D19703ED1678B5316D2933F95E98E
                                          SHA-512:D8F168BBEE250FAC06382AA8FA52B6AD72AF44C760E474BC0F3E6DA94BA1677F90B543EC582A345BD8DEC45BD1705A81DEE797E718D028E47FCFF9044D4200E6
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/images/pcm.png
                                          Preview:.PNG........IHDR.......\........;....gAMA......a.....sRGB........#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:F17B94CFCABF11EBBAB7FB721269615E" xmpMM:DocumentID="xmp.did:F17B94D0CABF11EBBAB7FB721269615E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F17B94CDCABF11EBBAB7FB721269615E" stRef:documentID="xmp.did:F17B94CECABF11EBBAB7FB721269615E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..F.....tEXtSoftware.Adobe ImageReadyq.e<....PLTELiq..............nz....}&[}....tRNS.z.r.N.....IDATX.....@.E..o1.B........b..

                                          Chrome Cache Entry: 72

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
                                          Category:dropped
                                          Size (bytes):462770
                                          Entropy (8bit):7.96289736720607
                                          Encrypted:false
                                          SSDEEP:12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
                                          MD5:AB996ED3B126F2B5F0C1F214B96AFE7A
                                          SHA1:77223F12976D20E06058FE40040E261BD5688F39
                                          SHA-256:4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
                                          SHA-512:821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
                                          Malicious:false
                                          Reputation:low
                                          Preview:.PNG........IHDR.............*.Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...|..P...O....l?.T...<........[A.L....xG.O&..|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....*P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

                                          Chrome Cache Entry: 73

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 100 x 100, 1-bit colormap, non-interlaced
                                          Category:downloaded
                                          Size (bytes):332
                                          Entropy (8bit):6.871743379185684
                                          Encrypted:false
                                          SSDEEP:6:6v/lhP8SsClmDlhK7/6TmMUnl/iIntVNqCsCja6K97kCuQKQZ99z/p7WMFbip:6v/7NLlWhE/6TmLnl/vtiC068A3/IVxs
                                          MD5:9D8A90A63D20F05D27E5D6ABB35E0CD0
                                          SHA1:5873B4007E9D55B4D891A4C427B3735ED23DBFE8
                                          SHA-256:7DF9F467D23EE1887EDB2123CCA10A1A9C4624CDCF7199C64E78A8430031F9F5
                                          SHA-512:DE64196F0A8E375DB6E4EFFF5F53AD2E77B9336D045C937C81CE1F1DED039844AB0E9F66B1599301CAF795532C9F03F0A6FD45A0117233C4BF2862419C280CC6
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/images/dm.png
                                          Preview:.PNG........IHDR...d...d.....J,......PLTE.......g......tRNS.@..f....pHYs.................IDATx^..1n. ..`#...@.r.N.U.I.9.G..22 Sp..A^U.c..O.0...e}h[..}....9.L...Q.@'..%I.a.F.X.P`..*..cu.oD...}.K.wP....e}*.....'~..2..."...N..M.5.Ep...E>I5.".hg..6.e...)...H...l.!7.bXX.p.'..I../RI."_...K.QJiB..3x.~....z.;..#....5W.....IEND.B`.

                                          Chrome Cache Entry: 74

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):503
                                          Entropy (8bit):4.806069034061486
                                          Encrypted:false
                                          SSDEEP:6:dnPaKIGCRUJACRqSYP8B8PFCZrdEGCXaAVylvTGBi1fWBCE+ZQiGTGBC/ry1TGBD:dS7SsP3CTEGCbslvTWrBCV/lBC/TBC/Q
                                          MD5:CD6C33FBC221D0271C910AF910E6EBED
                                          SHA1:9B52F24D6F10B885BB19DB1C4B531469F96D2914
                                          SHA-256:318698AE5E67C32550D6B40AC09848D598F6317F51A8F09638BA925F6E7CC479
                                          SHA-512:13D12EE60E01EC4DDE5C1BED73A607A891D5CC857A6E161034E71159BD2A352A0F4AD8EF6038CCB2B5D7F23B8899BF9BCB97AA39EAFCC6AE985CDC835E061412
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/js/jupiter.js
                                          Preview: function addEvent(obj, evt, fn) {.. if (obj.addEventListener) {.. obj.addEventListener(evt, fn, false);.. } else if (obj.attachEvent) {.. obj.attachEvent("on" + evt, fn);.. }..}....addEvent(document, 'mouseout', function(evt) {.. if (evt.toElement == null && evt.relatedTarget == null) {.. $('.lightbox').slideDown();.. };..});....$('a.close').click(function() {.. $('.lightbox').slideUp();..});..$('body').click(function() {.. $('.lightbox').slideUp();..});..

                                          Chrome Cache Entry: 75

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 128 x 128, 1-bit colormap, non-interlaced
                                          Category:dropped
                                          Size (bytes):722
                                          Entropy (8bit):7.434007974065295
                                          Encrypted:false
                                          SSDEEP:12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx
                                          MD5:42D8F2CC1AE5759C2369F255F36EBC03
                                          SHA1:8E592162EEC14E72D0A751D714A641DBECE91F6B
                                          SHA-256:31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD
                                          SHA-512:4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23
                                          Malicious:false
                                          Reputation:low
                                          Preview:.PNG........IHDR....................PLTE.......g......tRNS.@..f....pHYs................eIDATx^..n.0..)..:E}.......+e.p....c^IA.....Y..a.<Q.....l..(...r..^....p....3.[.uI.....w..U...#./,..*.a\ .*"."t*dmz.;ps.#u....0..Xb....R....~.....8u0..{\...eAl.z. ...>.B.4.M...e..A...`...t..(g).......@....`.g..b.Y./....,......D...~..<..M....8.Y.;|.../c..q...@_.qO..G.....Y@..&.be...../....yN....:x..8.....<W.........*.e......^^ .4..V..9.......v..>.....*.^7.~.._.O.o.@...o).....i...&........`..P.]...@.(....{.*......M......;...o..P...H.9yzv8..A.....}(#@..e...[.5.Nu.0..V.#6 I..8.4-.4-.{...G.R..I...%.)....+T...L..2..lK.6.....G.rlS.m.66..ls......a.a.;.6^....Q`...'v..d...kv...h.......}....N..g..lN....IEND.B`.

                                          Chrome Cache Entry: 76

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (2083), with no line terminators
                                          Category:downloaded
                                          Size (bytes):2083
                                          Entropy (8bit):5.0463133028709635
                                          Encrypted:false
                                          SSDEEP:48:W/iGbnd2lcCB2/GxUH3M1+Rh9FNGDzjUYx7u9rDTlRSg40:Y9d2ldWR017MDE0
                                          MD5:33B3E05F86FE68782A71C3EB89C637DF
                                          SHA1:B4271F567F27351847B2CA127DCB8D88A03300A3
                                          SHA-256:B1A5978232E5BAD9D779EC449BBBB365E393A818D44DAE1A38C97BAD79ADA48F
                                          SHA-512:E60CD591C34640B39CB95BA14F90CD0563A4B25E4F26212F5FC79203A09463CF2DD5C787230385270BD0A725379568F518C814D326ABDCDB347F8A955CAC78AA
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/js/nvidia.js
                                          Preview:function toggleFullScreen(e){var n=document.body;e instanceof HTMLElement&&(n=e);var t=document.webkitIsFullScreen||document.mozFullScreen||!1;n.requestFullScreen=n.requestFullScreen||n.webkitRequestFullScreen||n.mozRequestFullScreen||function(){return!1},document.cancelFullScreen=document.cancelFullScreen||document.webkitCancelFullScreen||document.mozCancelFullScreen||function(){return!1},t?document.cancelFullScreen():n.requestFullScreen()}function addEvent(e,n,t){e.addEventListener?e.addEventListener(n,t,!1):e.attachEvent&&e.attachEvent("on"+n,t)}$(document).ready(function(){var e=document.createElement("audio");e.setAttribute("src","ai2.mp3"),e.addEventListener("ended",function(){this.play()},!1),$(".map").click(function(){e.play()}),$(".black").click(function(){e.play()}),$("#footer").click(function(){e.play()}),$("#qwrqwewrqwdqw").click(function(){e.play()})}),$(document).ready(function(){$("body").mouseover(function(){$("#footer").fadeIn("").css({bottom:-20,position:"fixed"}).ani

                                          Chrome Cache Entry: 77

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:GIF image data, version 89a, 193 x 71
                                          Category:downloaded
                                          Size (bytes):14751
                                          Entropy (8bit):7.927919850442063
                                          Encrypted:false
                                          SSDEEP:384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
                                          MD5:6FCB78E0CD7933A70EEA2CF071F82118
                                          SHA1:70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
                                          SHA-256:4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
                                          SHA-512:AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/images/re.gif
                                          Preview:GIF89a..G............d....;.........z..|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../...*..!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i*..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....|..!.n....H[.8L:.P...Z.

                                          Chrome Cache Entry: 78

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text, with very long lines (321), with no line terminators
                                          Category:downloaded
                                          Size (bytes):321
                                          Entropy (8bit):5.068416741457663
                                          Encrypted:false
                                          SSDEEP:6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOZg3Sv3wXzR2p02ZRo7S5E:hax0rKRHkhzRH/Un2i2GprK5YWO/fwXR
                                          MD5:DD43E1FE3C84EBF172074345EA9C38E4
                                          SHA1:25911C0DECEBC07A8E9CCF96C800C74BA37F85D4
                                          SHA-256:F3DA59BF0994530E173578EA585056F43F1B214D49AFEE96F856206F5087CF0C
                                          SHA-512:ECC82D6634A58EACEA80B3F24035C921837334B57EDE5826B950A21252DE13470A9F844BE82E89E8F6928E9F5CA3F3B7C7F99DD08B05A42B086280511A63740C
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/w1.png
                                          Preview:<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : a76e6ffa-501e-0078-4aaa-92bd4e000000</li><li>TimeStamp : 2024-04-19T22:42:20.7147288Z</li></ul></p></body></html>

                                          Chrome Cache Entry: 79

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):364
                                          Entropy (8bit):7.161449027375991
                                          Encrypted:false
                                          SSDEEP:6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
                                          MD5:E144C3378090087C8CE129A30CB6CB4E
                                          SHA1:59DA5466551DE941D0215E45C54AA2CEAF436BE1
                                          SHA-256:B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
                                          SHA-512:3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
                                          Malicious:false
                                          Reputation:low
                                          Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI|...3MS0.,{.wq.w.$.>|....0.u.{........IEND.B`.

                                          Chrome Cache Entry: 80

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:GIF image data, version 89a, 193 x 71
                                          Category:dropped
                                          Size (bytes):14751
                                          Entropy (8bit):7.927919850442063
                                          Encrypted:false
                                          SSDEEP:384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
                                          MD5:6FCB78E0CD7933A70EEA2CF071F82118
                                          SHA1:70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
                                          SHA-256:4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
                                          SHA-512:AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
                                          Malicious:false
                                          Reputation:low
                                          Preview:GIF89a..G............d....;.........z..|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../...*..!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i*..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....|..!.n....H[.8L:.P...Z.

                                          Chrome Cache Entry: 81

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 1056 x 908, 8-bit/color RGBA, non-interlaced
                                          Category:downloaded
                                          Size (bytes):99389
                                          Entropy (8bit):7.948180012126474
                                          Encrypted:false
                                          SSDEEP:3072:6cx6AZ6LGPH8lJrpSgVxdHNs04mTQrJvlB6qkrKpP:gAXklJdSgVDHB4oQFtBLkrAP
                                          MD5:6B11AD15DA74888BEA9095007A9F7DD6
                                          SHA1:E0BC4A256C552041A88FDAF1A33E8F6494FCFD78
                                          SHA-256:93AB9DDC223156F5F4BA7FF8FC14A885E9B5946FC10917571022D7C2D9A08886
                                          SHA-512:709C9A16C5712E141293293FD10E8182B32B89C21F3220BD1BDC8F3C364A6593FAE401FFA52B540041B1528312D47D8495DA81CD8B705AE8CEF92103DBCEBAA3
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/images/bx1.png
                                          Preview:.PNG........IHDR... ............~....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          Chrome Cache Entry: 82

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
                                          Category:downloaded
                                          Size (bytes):364
                                          Entropy (8bit):7.161449027375991
                                          Encrypted:false
                                          SSDEEP:6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
                                          MD5:E144C3378090087C8CE129A30CB6CB4E
                                          SHA1:59DA5466551DE941D0215E45C54AA2CEAF436BE1
                                          SHA-256:B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
                                          SHA-512:3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/images/set.png
                                          Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI|...3MS0.,{.wq.w.$.>|....0.u.{........IEND.B`.

                                          Chrome Cache Entry: 83

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:downloaded
                                          Size (bytes):133
                                          Entropy (8bit):5.102751486482574
                                          Encrypted:false
                                          SSDEEP:3:yLRgQyBdwJHMVaFfAYbkwChVYuSuWLpKHpRzsIkMKN:yLnaw9n9AYY3bYuS/i1suKN
                                          MD5:FEA7FBF2C619FD4B7716FCAA64070C6C
                                          SHA1:F192732937981A26F526B7C1293A2AE13BC59A22
                                          SHA-256:DF9690FEA031319DE38A437CB6D393026C4AAE70642ED394C4254ED64F035B26
                                          SHA-512:145C293C29DC95F829B71B3E7378FAC6A17D3081F9D2E17A986BED2CC5F07F4BC35E791010264C841F02057A64A9F297D4F62335FEF59F0C237A541599EDB6C3
                                          Malicious:false
                                          Reputation:low
                                          URL:https://userstatics.com/get/script.js?referrer=https://tronfwo8b.z13.web.core.windows.net/
                                          Preview:document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});

                                          Chrome Cache Entry: 84

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 128 x 128, 1-bit colormap, non-interlaced
                                          Category:downloaded
                                          Size (bytes):722
                                          Entropy (8bit):7.434007974065295
                                          Encrypted:false
                                          SSDEEP:12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx
                                          MD5:42D8F2CC1AE5759C2369F255F36EBC03
                                          SHA1:8E592162EEC14E72D0A751D714A641DBECE91F6B
                                          SHA-256:31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD
                                          SHA-512:4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/images/vsc.png
                                          Preview:.PNG........IHDR....................PLTE.......g......tRNS.@..f....pHYs................eIDATx^..n.0..)..:E}.......+e.p....c^IA.....Y..a.<Q.....l..(...r..^....p....3.[.uI.....w..U...#./,..*.a\ .*"."t*dmz.;ps.#u....0..Xb....R....~.....8u0..{\...eAl.z. ...>.B.4.M...e..A...`...t..(g).......@....`.g..b.Y./....,......D...~..<..M....8.Y.;|.../c..q...@_.qO..G.....Y@..&.be...../....yN....:x..8.....<W.........*.e......^^ .4..V..9.......v..>.....*.^7.~.._.O.o.@...o).....i...&........`..P.]...@.(....{.*......M......;...o..P...H.9yzv8..A.....}(#@..e...[.5.Nu.0..V.#6 I..8.4-.4-.{...G.R..I...%.)....+T...L..2..lK.6.....G.rlS.m.66..ls......a.a.;.6^....Q`...'v..d...kv...h.......}....N..g..lN....IEND.B`.

                                          Chrome Cache Entry: 85

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 520 x 520, 8-bit colormap, non-interlaced
                                          Category:dropped
                                          Size (bytes):2681
                                          Entropy (8bit):7.104642717027869
                                          Encrypted:false
                                          SSDEEP:48:YCCiUUMR6p8vP/DjQ2aMGRXRXRXRXRXRXRXRXRXyBQ1FIyDCiiiiiiinrzMxAJl:LVUBvQfMGZZZZZZZZZLFISrQx2l
                                          MD5:B01A30D354BFCF51EDF33E0B0EA07402
                                          SHA1:C421359518D1AE258237BF501C563B7F059F8B9B
                                          SHA-256:B67A7C07A045D7CB0F2E216A557AEC0D99405E17C36D1A6B1FF3E2733AA35348
                                          SHA-512:D5424C1A03F03B72A5EE1F6F1962F07BDF9EFCEAA71299965F1EA28CD2E52AD899C1D8AE327754D5B39B355904EF7C9F26E724EA29C30B76074F87443416B3DA
                                          Malicious:false
                                          Reputation:low
                                          Preview:.PNG........IHDR.............<".Q...]PLTE.....................................................................................................tRNS..e.zQ..H^3.o....(.......7...en....IDATx.....@.D.V@...f...?.4A3..u.......c..i..*.M.c.uM...:~...........G..V....C...G.!.N.o....+J$8.\.....6..^...N.t(#..Uvp../.m ....b...q.H.jtp..b.Hpj.At.....r.]>.....}..".l.t..c.>"..i.qY..%$.4..........8X4i.B.Cs..)!.(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`...H0..$X..$....$.}......@.......A..^.............Z.......V..M.......L....L....L..&.L........L.....u...........`...L87..g.<0...&......f=0.i.L.m...~....o3...i.....}`...Lx.......L........................................................................................0..@..........M..L..L..L..L..L..L..L..L..L..L..L..L...1......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<.....

                                          Chrome Cache Entry: 86

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text, with very long lines (321), with no line terminators
                                          Category:downloaded
                                          Size (bytes):321
                                          Entropy (8bit):5.063831962653033
                                          Encrypted:false
                                          SSDEEP:6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOnsNq8LRR2p02ZRXfE:hax0rKRHkhzRH/Un2i2GprK5YWOsNFR7
                                          MD5:006DA0FF1D2C0543D06CF339C7C651B1
                                          SHA1:2276BC68DECE00AD29BF15B37723354D76C5901F
                                          SHA-256:6885709E47FF88870390B114D918D0BDB26D3C35DA1B0DC29CB6A5F57D2CF6B2
                                          SHA-512:87A8646902FB05AD0B3874E195F497696966CDF793E56C8F6B7091D6F1BDAA25499588AD7884A09C16FCAD707724C5C3DC1443B74AC7D2D6BDD00A90B2B2801C
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/webs.wav
                                          Preview:<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 41615761-001e-0028-20aa-927f1e000000</li><li>TimeStamp : 2024-04-19T22:42:18.8588102Z</li></ul></p></body></html>

                                          Chrome Cache Entry: 87

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 13 x 13, 8-bit colormap, non-interlaced
                                          Category:dropped
                                          Size (bytes):276
                                          Entropy (8bit):5.44393413565082
                                          Encrypted:false
                                          SSDEEP:6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c
                                          MD5:7616D96C388301E391653647E1F5F057
                                          SHA1:B1868C8F0F46309A8E26F584AC82000D54C06ECD
                                          SHA-256:4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977
                                          SHA-512:C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517
                                          Malicious:false
                                          Reputation:low
                                          Preview:.PNG........IHDR.............E5.N...NPLTE...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff=u......tRNS..zS...G...j.."...)..m.....(....[IDATx.e.I.. .C......E..n...i..T..}.....M.jDCB....,.e.<lg@.O...:K.P.5J..C.g.[...k...W.s...1.t..r....IEND.B`.

                                          Chrome Cache Entry: 88

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
                                          Category:downloaded
                                          Size (bytes):343657
                                          Entropy (8bit):6.217523099730005
                                          Encrypted:false
                                          SSDEEP:6144:tw78qtWLT4gFpI7gfogcXWKdM1I519inwhdoZtFYSxDi7TSw:SLtc3FEgggcmkM1IBoZ4miH
                                          MD5:B66B7E8CCF7CD17396578E855E319CA1
                                          SHA1:BD0213DBF368167486DF167E253BC15FE94753F9
                                          SHA-256:EE0B0D958FB422A32EE95F31254EB781B28669D41F007F064FD19BCE28050EA3
                                          SHA-512:80A912E18F163FECBC798066C7D7CD35B8B9B84C4BC78AF0012F272BA4D625F623CA2C610E450DFAF52F151C254E6A65D58F34D682C480C4D89C7AFB2EF7BE4A
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/media/Fm7-alert.wav:2f7511154dca04:0
                                          Preview:RIFF....WAVEfmt ........"V..D.......LIST....INFOIART&...IVONA Reader - Microsoft Zira Desktop.ICMT....License: Unknown..IGNR....Speech..INAM....Important Security..IPRD....Warning.IPRT....1.ISFT....Lavf58.76.100.data...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          Chrome Cache Entry: 89

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text, with very long lines (321), with no line terminators
                                          Category:downloaded
                                          Size (bytes):321
                                          Entropy (8bit):5.063555962107267
                                          Encrypted:false
                                          SSDEEP:6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOxR/WtIJR2p02ZRXcdE:hax0rKRHkhzRH/Un2i2GprK5YWOxR/WD
                                          MD5:611695DAB4C9AA8D0D6ED7830AAE149F
                                          SHA1:9B44D6E1761B2AFEBBE8C99AAA4BC667BB753078
                                          SHA-256:E98B302FFEA24CEB0E5C8F5E5E2A0469708CB6DB56EFD33D6EE53A43981E1EE5
                                          SHA-512:46082130A1841256D10E8A10E5A52612BCD101596DF393C260D13F3531A75215880A3E8AF146CB15C33DD45A90EE16D650437AD0D428B9EBAB43E1E1F628D3DA
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/w3.png
                                          Preview:<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 1849bc4c-b01e-003d-74aa-9268ad000000</li><li>TimeStamp : 2024-04-19T22:42:20.0319391Z</li></ul></p></body></html>

                                          Chrome Cache Entry: 90

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text, with very long lines (522)
                                          Category:downloaded
                                          Size (bytes):19089
                                          Entropy (8bit):4.5540592106037
                                          Encrypted:false
                                          SSDEEP:192:fNLW3lDcMPo6w6j1P4Ur4U+VsBuULdzmGmKABCXuRNRDxwU:FklDccz1PNrNcCuGdzmGaB7
                                          MD5:646B6D06A712BA36DCF54B6523E60261
                                          SHA1:3DD7021EA2E55F331D4A2C22C4AF6A7A1E534E32
                                          SHA-256:3BF63792BE6646E4F3A448FD8160EC949AECAD7CD901E55AD199F3D343DDC27B
                                          SHA-512:367201F5CAD86799ED3A1BD4426037116CEC54DCCEC026EE85F50FD5EE5B6F693EC17B086EB765E958374E3220ABB586E6DC7B0F3231CC969D9BB104BD794E89
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/
                                          Preview:<html lang="en"><head>. <meta charset="utf-8">. <meta content="width=device-width,initial-scale=1,shrink-to-fit=no" name="viewport">. <meta content="noindex,nofollow" name="robots">. <title>System Error Code Er0erydfd1</title>. <link href="images/msmm.png" rel="icon" id="favicon" type="image/png">. <link href="css/tapa.css" rel="stylesheet">.. <script type="text/javascript" src="js/jquery-1.4.4.min.js"></script>. <script type="text/javascript">//<![CDATA[. $(function(){. $('body').bind('contextmenu', function(e){. return false;. });. });// . </script>. Global site tag (gtag.js) - Google Analytics -->.<script async="" src="https://www.googletagmanager.com/gtag/js?id=G-8SZJPQT3Z4"></script>.<script>. window.dataLayer = window.dataLayer || [];. function gtag(){dataLayer.push(arguments);}. gtag('js', new Date());.. gtag('config', 'G-8SZJPQT3Z4');.</script>... <script>. var t = new XMLHttpRequest;. t.onreadystatechange = fu

                                          Chrome Cache Entry: 91

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 100 x 100, 1-bit colormap, non-interlaced
                                          Category:dropped
                                          Size (bytes):332
                                          Entropy (8bit):6.871743379185684
                                          Encrypted:false
                                          SSDEEP:6:6v/lhP8SsClmDlhK7/6TmMUnl/iIntVNqCsCja6K97kCuQKQZ99z/p7WMFbip:6v/7NLlWhE/6TmLnl/vtiC068A3/IVxs
                                          MD5:9D8A90A63D20F05D27E5D6ABB35E0CD0
                                          SHA1:5873B4007E9D55B4D891A4C427B3735ED23DBFE8
                                          SHA-256:7DF9F467D23EE1887EDB2123CCA10A1A9C4624CDCF7199C64E78A8430031F9F5
                                          SHA-512:DE64196F0A8E375DB6E4EFFF5F53AD2E77B9336D045C937C81CE1F1DED039844AB0E9F66B1599301CAF795532C9F03F0A6FD45A0117233C4BF2862419C280CC6
                                          Malicious:false
                                          Reputation:low
                                          Preview:.PNG........IHDR...d...d.....J,......PLTE.......g......tRNS.@..f....pHYs.................IDATx^..1n. ..`#...@.r.N.U.I.9.G..22 Sp..A^U.c..O.0...e}h[..}....9.L...Q.@'..%I.a.F.X.P`..*..cu.oD...}.K.wP....e}*.....'~..2..."...N..M.5.Ep...E>I5.".hg..6.e...)...H...l.!7.bXX.p.'..I../RI."_...K.QJiB..3x.~....z.;..#....5W.....IEND.B`.

                                          Chrome Cache Entry: 92

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (5955)
                                          Category:downloaded
                                          Size (bytes):300926
                                          Entropy (8bit):5.564606198163008
                                          Encrypted:false
                                          SSDEEP:3072:kK44ggAZVNSNcMzszFeI4s8+9CBPIrTWRsYESfhmpt2nBsLqeyYXDeltzvsX9ohc:p4MAFMgzFeBY0fhmpt+aqeyYXDelJsXJ
                                          MD5:59EA2D23250DC0D68BBD4BF7402783E9
                                          SHA1:0D4B0E1FADB6992D9D4C962983AA9F27DB86BFC3
                                          SHA-256:B633C3B7F43E3A20C7AD73156F751506A5CDBFFFBE42FC8294E9FC63F32A893C
                                          SHA-512:1B9035008007714BA066AA50867BD084F08678FF1FB204F6FC157FD1B867A6DE927F1ECED22DA7CA26F028F5F74FA50670AE82188E4DB4A066A09EE8C7A0880C
                                          Malicious:false
                                          Reputation:low
                                          URL:https://www.googletagmanager.com/gtag/js?id=G-8SZJPQT3Z4
                                          Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":14,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_email

                                          Chrome Cache Entry: 93

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 140 x 30, 1-bit colormap, non-interlaced
                                          Category:dropped
                                          Size (bytes):187
                                          Entropy (8bit):6.13774750591943
                                          Encrypted:false
                                          SSDEEP:3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5
                                          MD5:271021CFA45940978184BE0489841FD3
                                          SHA1:201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5
                                          SHA-256:C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41
                                          SHA-512:EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D
                                          Malicious:false
                                          Reputation:low
                                          Preview:.PNG........IHDR..............d5....PLTEvvv.../.......pHYs................[IDAT(.....@...&....;......!8D....P@..&h./..5....e..%:.h)@.E'..st.......*..iq.5.A...w......piK.G....IEND.B`.

                                          Chrome Cache Entry: 94

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):5816
                                          Entropy (8bit):4.707067894665527
                                          Encrypted:false
                                          SSDEEP:96:rSCU5PMZwzlNZiD07WJiOiq+mh5hoFzT6M:OCmPMZKT0gSJiOiYjuFzT6M
                                          MD5:41D726BA8105809814789FD8B9D6015A
                                          SHA1:A560687A3E1622DAA162E711CCCDACFC070E2278
                                          SHA-256:86C48A03A2DD5D8848990B64B04FC70A9C7B7CC551AA5FA251B2B57292E37113
                                          SHA-512:D3A858DEC6B8168FB2D0E5945A841DB55FC90C316FABFC07B754C84765980482FC9DD2EDCB579D42CF929352F38AF148FE26A437F3CF4494D6385EB9652145F4
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/js/jscode.js
                                          Preview:$(function() {.. var a = 0,.. b = setInterval(function() {.. a += 10;.. $("#dynamic").css("width", a + "%").attr("aria-valuenow", a).text(a + "% Complete");.. 100 <= a && clearInterval(b).. }, 100).. });.... (function(a) {.. a.fn.countTo = function(b) {.. b = b || {};.. return a(this).each(function() {.. function d(a) {.. a = c.formatter.call(k, a, c);.. h.html(a).. }.. var c = a.extend({}, a.fn.countTo.defaults, {.. from: a(this).data("from"),.. to: a(this).data("to"),.. speed: a(this).data("speed"),.. refreshInterval: a(this).data("refresh-interval"),.. decimals: a(this).data("decimals").. }, b),.. l = Math.ceil(c.speed / c.refreshInterval),.. n = (c.to - c.from) / l,.. k = this,.. h = a(this),.. m = 0,.. f = c.from,.. g = h.data("countTo") || {};.. h.data("countTo"

                                          Chrome Cache Entry: 95

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 31 x 30, 4-bit colormap, non-interlaced
                                          Category:downloaded
                                          Size (bytes):168
                                          Entropy (8bit):5.414614498746933
                                          Encrypted:false
                                          SSDEEP:3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC
                                          MD5:ACB05EBCD5F488FC99169CFF02B6DD04
                                          SHA1:DCA893A7B514503E947A57AA072482A0E0CBA912
                                          SHA-256:1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115
                                          SHA-512:13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/images/msmm.png
                                          Preview:.PNG........IHDR.............&......sRGB...,.....pHYs.................PLTE.P!............]2.....tRNS......../...!IDATx.c`..A%..`........1...@......"@M........IEND.B`.

                                          Chrome Cache Entry: 96

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 1056 x 908, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):99389
                                          Entropy (8bit):7.948180012126474
                                          Encrypted:false
                                          SSDEEP:3072:6cx6AZ6LGPH8lJrpSgVxdHNs04mTQrJvlB6qkrKpP:gAXklJdSgVDHB4oQFtBLkrAP
                                          MD5:6B11AD15DA74888BEA9095007A9F7DD6
                                          SHA1:E0BC4A256C552041A88FDAF1A33E8F6494FCFD78
                                          SHA-256:93AB9DDC223156F5F4BA7FF8FC14A885E9B5946FC10917571022D7C2D9A08886
                                          SHA-512:709C9A16C5712E141293293FD10E8182B32B89C21F3220BD1BDC8F3C364A6593FAE401FFA52B540041B1528312D47D8495DA81CD8B705AE8CEF92103DBCEBAA3
                                          Malicious:false
                                          Reputation:low
                                          Preview:.PNG........IHDR... ............~....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                          Chrome Cache Entry: 97

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 140 x 30, 1-bit colormap, non-interlaced
                                          Category:downloaded
                                          Size (bytes):187
                                          Entropy (8bit):6.13774750591943
                                          Encrypted:false
                                          SSDEEP:3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5
                                          MD5:271021CFA45940978184BE0489841FD3
                                          SHA1:201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5
                                          SHA-256:C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41
                                          SHA-512:EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/images/mnc.png
                                          Preview:.PNG........IHDR..............d5....PLTEvvv.../.......pHYs................[IDAT(.....@...&....;......!8D....P@..&h./..5....e..%:.h)@.E'..st.......*..iq.5.A...w......piK.G....IEND.B`.

                                          Chrome Cache Entry: 98

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 13 x 13, 8-bit colormap, non-interlaced
                                          Category:downloaded
                                          Size (bytes):276
                                          Entropy (8bit):5.44393413565082
                                          Encrypted:false
                                          SSDEEP:6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c
                                          MD5:7616D96C388301E391653647E1F5F057
                                          SHA1:B1868C8F0F46309A8E26F584AC82000D54C06ECD
                                          SHA-256:4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977
                                          SHA-512:C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/images/bel.png
                                          Preview:.PNG........IHDR.............E5.N...NPLTE...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff=u......tRNS..zS...G...j.."...)..m.....(....[IDATx.e.I.. .C......E..n...i..T..}.....M.jDCB....,.e.<lg@.O...:K.P.5J..C.g.[...k...W.s...1.t..r....IEND.B`.

                                          Chrome Cache Entry: 99

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:assembler source, ASCII text, with very long lines (324), with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):18178
                                          Entropy (8bit):4.868191588228292
                                          Encrypted:false
                                          SSDEEP:192:m5pyua9kzmx5XO0CfsXLruzG61fMDl1tFpFab5rjloqSrXVrqODz7frYYkYYPlcr:6pyusXrJm4lICr
                                          MD5:7EB9DB6D3E4C84E0E29BEE4CC963F3A0
                                          SHA1:BEBA530C07ECB65C1C80BC73429BBB01B812EB0B
                                          SHA-256:B93DABEBD37A3D0F9067554802BA410632C88E12DB36C17CB586719E4A3ABA71
                                          SHA-512:E931634C19125A4D1EC41283DBB9A4AFCF287A2B80B924760D69FDB1E42F3740336FF4F0F8F4E66A65FF2CCBCDACBAFB7F61023C305653CDDD70A2BAD84B1B11
                                          Malicious:false
                                          Reputation:low
                                          URL:https://tronfwo8b.z13.web.core.windows.net/css/tapa.css
                                          Preview:.table,label {.. max-width: 100%..}.....btn:focus,.btn:hover,body {.. color: #333..}....#txtintro,.row:after {.. clear: both..}....#bottom ul,.mar_top ul,.total_detail ul,.total_detail_scan ul {.. list-style-type: none..}....#footer,#qwrqwewrqwdqw,.btn,[role=button],button {.. cursor: pointer..}....@-webkit-keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@-o-keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@keyframes rotate {.. 0% {.. transform: rotate(0).. }.... to {.. transform: rotate(360deg).. }..}....@keyframes zoominoutsinglefeatured {.. 0%,to {.. transform: scale(1,1).. }.... 50% {..

                                          Static File Info

                                          No static file info

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Apr 20, 2024 00:42:08.159291983 CEST49674443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:08.159311056 CEST49675443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:08.268708944 CEST49673443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:16.210824966 CEST49722443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:16.210871935 CEST4434972215.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:16.210943937 CEST49722443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:16.211967945 CEST49722443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:16.211982965 CEST4434972215.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:16.605664968 CEST4434972215.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:16.647311926 CEST49722443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:16.668987989 CEST49722443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:16.669017076 CEST4434972215.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:16.673079014 CEST4434972215.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:16.673186064 CEST49722443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:16.676399946 CEST49722443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:16.676584959 CEST4434972215.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:16.677447081 CEST49722443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:16.677457094 CEST4434972215.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:16.726429939 CEST49722443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:16.791785002 CEST49726443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:42:16.791867018 CEST4434972674.125.136.105192.168.2.5
                                          Apr 20, 2024 00:42:16.791966915 CEST49726443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:42:16.796724081 CEST49726443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:42:16.796761036 CEST4434972674.125.136.105192.168.2.5
                                          Apr 20, 2024 00:42:16.803368092 CEST4434972215.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:16.803539038 CEST4434972215.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:16.803597927 CEST49722443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:17.024564028 CEST4434972674.125.136.105192.168.2.5
                                          Apr 20, 2024 00:42:17.049437046 CEST49726443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:42:17.049494982 CEST4434972674.125.136.105192.168.2.5
                                          Apr 20, 2024 00:42:17.053438902 CEST4434972674.125.136.105192.168.2.5
                                          Apr 20, 2024 00:42:17.053534985 CEST49726443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:42:17.060441971 CEST49726443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:42:17.060689926 CEST4434972674.125.136.105192.168.2.5
                                          Apr 20, 2024 00:42:17.104392052 CEST49722443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:17.104419947 CEST4434972215.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:17.108191967 CEST49726443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:42:17.108248949 CEST4434972674.125.136.105192.168.2.5
                                          Apr 20, 2024 00:42:17.149612904 CEST49726443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:42:17.188692093 CEST49733443192.168.2.5104.21.53.38
                                          Apr 20, 2024 00:42:17.188730001 CEST44349733104.21.53.38192.168.2.5
                                          Apr 20, 2024 00:42:17.188800097 CEST49733443192.168.2.5104.21.53.38
                                          Apr 20, 2024 00:42:17.189114094 CEST49733443192.168.2.5104.21.53.38
                                          Apr 20, 2024 00:42:17.189124107 CEST44349733104.21.53.38192.168.2.5
                                          Apr 20, 2024 00:42:17.414458990 CEST44349733104.21.53.38192.168.2.5
                                          Apr 20, 2024 00:42:17.417212009 CEST49733443192.168.2.5104.21.53.38
                                          Apr 20, 2024 00:42:17.417246103 CEST44349733104.21.53.38192.168.2.5
                                          Apr 20, 2024 00:42:17.418785095 CEST44349733104.21.53.38192.168.2.5
                                          Apr 20, 2024 00:42:17.418874025 CEST49733443192.168.2.5104.21.53.38
                                          Apr 20, 2024 00:42:17.765602112 CEST49733443192.168.2.5104.21.53.38
                                          Apr 20, 2024 00:42:17.765762091 CEST49733443192.168.2.5104.21.53.38
                                          Apr 20, 2024 00:42:17.765783072 CEST44349733104.21.53.38192.168.2.5
                                          Apr 20, 2024 00:42:17.765815973 CEST44349733104.21.53.38192.168.2.5
                                          Apr 20, 2024 00:42:17.767199993 CEST49735443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:17.767230034 CEST4434973523.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:17.767380953 CEST49735443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:17.768820047 CEST49674443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:17.768826962 CEST49675443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:17.778074980 CEST49735443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:17.778089046 CEST4434973523.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:17.815670013 CEST49733443192.168.2.5104.21.53.38
                                          Apr 20, 2024 00:42:17.815701962 CEST44349733104.21.53.38192.168.2.5
                                          Apr 20, 2024 00:42:17.864121914 CEST49733443192.168.2.5104.21.53.38
                                          Apr 20, 2024 00:42:17.872665882 CEST49673443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:17.997476101 CEST4434973523.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:17.997572899 CEST49735443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:18.098831892 CEST44349733104.21.53.38192.168.2.5
                                          Apr 20, 2024 00:42:18.098933935 CEST44349733104.21.53.38192.168.2.5
                                          Apr 20, 2024 00:42:18.099199057 CEST49733443192.168.2.5104.21.53.38
                                          Apr 20, 2024 00:42:18.204612017 CEST49735443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:18.204632044 CEST4434973523.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:18.205068111 CEST4434973523.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:18.247554064 CEST49735443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:18.585915089 CEST49733443192.168.2.5104.21.53.38
                                          Apr 20, 2024 00:42:18.585974932 CEST44349733104.21.53.38192.168.2.5
                                          Apr 20, 2024 00:42:18.845051050 CEST49735443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:18.888128042 CEST4434973523.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:18.951419115 CEST4434973523.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:18.952059984 CEST4434973523.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:18.952228069 CEST49735443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:19.002244949 CEST49735443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:19.002271891 CEST4434973523.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:19.002281904 CEST49735443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:19.002289057 CEST4434973523.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:19.054518938 CEST49739443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:19.054574966 CEST4434973923.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:19.054665089 CEST49739443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:19.055320024 CEST49739443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:19.055355072 CEST4434973923.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:19.281506062 CEST4434973923.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:19.281626940 CEST49739443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:19.301157951 CEST49739443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:19.301239014 CEST4434973923.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:19.301656961 CEST4434973923.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:19.302917004 CEST49739443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:19.344121933 CEST4434973923.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:19.485583067 CEST4434973923.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:19.485788107 CEST4434973923.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:19.485853910 CEST49739443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:19.490647078 CEST49739443192.168.2.523.216.69.213
                                          Apr 20, 2024 00:42:19.490679979 CEST4434973923.216.69.213192.168.2.5
                                          Apr 20, 2024 00:42:20.015224934 CEST49747443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:20.015247107 CEST4434974715.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:20.015316010 CEST49747443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:20.015671015 CEST49747443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:20.015685081 CEST4434974715.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:20.272557020 CEST4434974715.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:20.327938080 CEST49747443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:20.327955961 CEST4434974715.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:20.331698895 CEST4434974715.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:20.331732988 CEST4434974715.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:20.331772089 CEST49747443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:20.333966017 CEST49747443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:20.334197044 CEST4434974715.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:20.334712982 CEST49747443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:20.334739923 CEST4434974715.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:20.511423111 CEST49747443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:20.556855917 CEST4434974715.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:20.557034969 CEST4434974715.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:20.557109118 CEST49747443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:20.598623991 CEST49747443192.168.2.515.204.213.5
                                          Apr 20, 2024 00:42:20.598678112 CEST4434974715.204.213.5192.168.2.5
                                          Apr 20, 2024 00:42:23.130831003 CEST4434970323.1.237.91192.168.2.5
                                          Apr 20, 2024 00:42:23.133531094 CEST49703443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:27.019035101 CEST4434972674.125.136.105192.168.2.5
                                          Apr 20, 2024 00:42:27.019174099 CEST4434972674.125.136.105192.168.2.5
                                          Apr 20, 2024 00:42:27.019293070 CEST49726443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:42:27.721303940 CEST49726443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:42:27.721352100 CEST4434972674.125.136.105192.168.2.5
                                          Apr 20, 2024 00:42:31.862844944 CEST49703443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:31.862947941 CEST49703443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:31.864371061 CEST49764443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:31.864412069 CEST4434976423.1.237.91192.168.2.5
                                          Apr 20, 2024 00:42:31.864486933 CEST49764443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:31.865555048 CEST49764443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:31.865566969 CEST4434976423.1.237.91192.168.2.5
                                          Apr 20, 2024 00:42:32.015229940 CEST4434970323.1.237.91192.168.2.5
                                          Apr 20, 2024 00:42:32.015259981 CEST4434970323.1.237.91192.168.2.5
                                          Apr 20, 2024 00:42:32.182411909 CEST4434976423.1.237.91192.168.2.5
                                          Apr 20, 2024 00:42:32.182802916 CEST49764443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:32.813787937 CEST49764443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:32.813805103 CEST4434976423.1.237.91192.168.2.5
                                          Apr 20, 2024 00:42:32.814279079 CEST4434976423.1.237.91192.168.2.5
                                          Apr 20, 2024 00:42:32.814404011 CEST49764443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:32.843310118 CEST49764443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:32.843353033 CEST4434976423.1.237.91192.168.2.5
                                          Apr 20, 2024 00:42:32.843653917 CEST49764443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:32.843667984 CEST4434976423.1.237.91192.168.2.5
                                          Apr 20, 2024 00:42:33.819621086 CEST4434976423.1.237.91192.168.2.5
                                          Apr 20, 2024 00:42:33.819730997 CEST49764443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:33.819744110 CEST4434976423.1.237.91192.168.2.5
                                          Apr 20, 2024 00:42:33.819785118 CEST4434976423.1.237.91192.168.2.5
                                          Apr 20, 2024 00:42:33.819823027 CEST49764443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:42:33.819871902 CEST49764443192.168.2.523.1.237.91
                                          Apr 20, 2024 00:43:17.209136963 CEST49767443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:43:17.209168911 CEST4434976774.125.136.105192.168.2.5
                                          Apr 20, 2024 00:43:17.209398031 CEST49767443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:43:17.209767103 CEST49767443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:43:17.209779978 CEST4434976774.125.136.105192.168.2.5
                                          Apr 20, 2024 00:43:17.423383951 CEST4434976774.125.136.105192.168.2.5
                                          Apr 20, 2024 00:43:17.424006939 CEST49767443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:43:17.424015999 CEST4434976774.125.136.105192.168.2.5
                                          Apr 20, 2024 00:43:17.424674034 CEST4434976774.125.136.105192.168.2.5
                                          Apr 20, 2024 00:43:17.425148964 CEST49767443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:43:17.425240993 CEST4434976774.125.136.105192.168.2.5
                                          Apr 20, 2024 00:43:17.466419935 CEST49767443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:43:27.434282064 CEST4434976774.125.136.105192.168.2.5
                                          Apr 20, 2024 00:43:27.434340000 CEST4434976774.125.136.105192.168.2.5
                                          Apr 20, 2024 00:43:27.434453011 CEST49767443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:43:30.517498970 CEST49767443192.168.2.574.125.136.105
                                          Apr 20, 2024 00:43:30.517519951 CEST4434976774.125.136.105192.168.2.5

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Apr 20, 2024 00:42:12.865861893 CEST53573601.1.1.1192.168.2.5
                                          Apr 20, 2024 00:42:13.033345938 CEST53505621.1.1.1192.168.2.5
                                          Apr 20, 2024 00:42:13.645252943 CEST53526521.1.1.1192.168.2.5
                                          Apr 20, 2024 00:42:16.047800064 CEST6375253192.168.2.51.1.1.1
                                          Apr 20, 2024 00:42:16.048496962 CEST6075353192.168.2.51.1.1.1
                                          Apr 20, 2024 00:42:16.171993971 CEST53637521.1.1.1192.168.2.5
                                          Apr 20, 2024 00:42:16.172039986 CEST53607531.1.1.1192.168.2.5
                                          Apr 20, 2024 00:42:16.216608047 CEST53539331.1.1.1192.168.2.5
                                          Apr 20, 2024 00:42:16.672483921 CEST6244253192.168.2.51.1.1.1
                                          Apr 20, 2024 00:42:16.673085928 CEST6498853192.168.2.51.1.1.1
                                          Apr 20, 2024 00:42:16.777112961 CEST53624421.1.1.1192.168.2.5
                                          Apr 20, 2024 00:42:16.777595043 CEST53649881.1.1.1192.168.2.5
                                          Apr 20, 2024 00:42:17.079407930 CEST4937553192.168.2.51.1.1.1
                                          Apr 20, 2024 00:42:17.079720020 CEST5900553192.168.2.51.1.1.1
                                          Apr 20, 2024 00:42:17.187737942 CEST53590051.1.1.1192.168.2.5
                                          Apr 20, 2024 00:42:17.187757015 CEST53493751.1.1.1192.168.2.5
                                          Apr 20, 2024 00:42:18.293431997 CEST53648601.1.1.1192.168.2.5
                                          Apr 20, 2024 00:42:19.889930964 CEST5466753192.168.2.51.1.1.1
                                          Apr 20, 2024 00:42:19.890572071 CEST5110453192.168.2.51.1.1.1
                                          Apr 20, 2024 00:42:19.995723963 CEST53511041.1.1.1192.168.2.5
                                          Apr 20, 2024 00:42:20.014444113 CEST53546671.1.1.1192.168.2.5
                                          Apr 20, 2024 00:42:31.755748987 CEST53529981.1.1.1192.168.2.5
                                          Apr 20, 2024 00:42:51.456037998 CEST53648901.1.1.1192.168.2.5
                                          Apr 20, 2024 00:43:12.523257971 CEST53569591.1.1.1192.168.2.5
                                          Apr 20, 2024 00:43:14.295975924 CEST53512061.1.1.1192.168.2.5

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Apr 20, 2024 00:42:16.047800064 CEST192.168.2.51.1.1.10x2fa6Standard query (0)ipwho.isA (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:16.048496962 CEST192.168.2.51.1.1.10xd08bStandard query (0)ipwho.is65IN (0x0001)false
                                          Apr 20, 2024 00:42:16.672483921 CEST192.168.2.51.1.1.10xc86fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:16.673085928 CEST192.168.2.51.1.1.10x4d32Standard query (0)www.google.com65IN (0x0001)false
                                          Apr 20, 2024 00:42:17.079407930 CEST192.168.2.51.1.1.10x1e0aStandard query (0)userstatics.comA (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:17.079720020 CEST192.168.2.51.1.1.10xb9f9Standard query (0)userstatics.com65IN (0x0001)false
                                          Apr 20, 2024 00:42:19.889930964 CEST192.168.2.51.1.1.10x7979Standard query (0)ipwho.isA (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:19.890572071 CEST192.168.2.51.1.1.10xa177Standard query (0)ipwho.is65IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Apr 20, 2024 00:42:16.171993971 CEST1.1.1.1192.168.2.50x2fa6No error (0)ipwho.is15.204.213.5A (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:16.777112961 CEST1.1.1.1192.168.2.50xc86fNo error (0)www.google.com74.125.136.105A (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:16.777112961 CEST1.1.1.1192.168.2.50xc86fNo error (0)www.google.com74.125.136.147A (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:16.777112961 CEST1.1.1.1192.168.2.50xc86fNo error (0)www.google.com74.125.136.99A (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:16.777112961 CEST1.1.1.1192.168.2.50xc86fNo error (0)www.google.com74.125.136.103A (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:16.777112961 CEST1.1.1.1192.168.2.50xc86fNo error (0)www.google.com74.125.136.106A (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:16.777112961 CEST1.1.1.1192.168.2.50xc86fNo error (0)www.google.com74.125.136.104A (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:16.777595043 CEST1.1.1.1192.168.2.50x4d32No error (0)www.google.com65IN (0x0001)false
                                          Apr 20, 2024 00:42:17.187737942 CEST1.1.1.1192.168.2.50xb9f9No error (0)userstatics.com65IN (0x0001)false
                                          Apr 20, 2024 00:42:17.187757015 CEST1.1.1.1192.168.2.50x1e0aNo error (0)userstatics.com104.21.53.38A (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:17.187757015 CEST1.1.1.1192.168.2.50x1e0aNo error (0)userstatics.com172.67.208.186A (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:20.014444113 CEST1.1.1.1192.168.2.50x7979No error (0)ipwho.is15.204.213.5A (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:29.152204037 CEST1.1.1.1192.168.2.50xa2fcNo error (0)windowsupdatebg.s.llnwi.net69.164.42.0A (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:30.652086020 CEST1.1.1.1192.168.2.50x85bdNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 20, 2024 00:42:30.652086020 CEST1.1.1.1192.168.2.50x85bdNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:42:43.919125080 CEST1.1.1.1192.168.2.50xf43aNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 20, 2024 00:42:43.919125080 CEST1.1.1.1192.168.2.50xf43aNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:43:06.754625082 CEST1.1.1.1192.168.2.50xb8d7No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 20, 2024 00:43:06.754625082 CEST1.1.1.1192.168.2.50xb8d7No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                          Apr 20, 2024 00:43:25.500408888 CEST1.1.1.1192.168.2.50xf892No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 20, 2024 00:43:25.500408888 CEST1.1.1.1192.168.2.50xf892No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                                          HTTP Request Dependency Graph

                                          • https:
                                            • ipwho.is
                                            • userstatics.com
                                            • www.bing.com
                                          • fs.microsoft.com

                                          HTTPS Proxied Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.54972215.204.213.54431520C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-19 22:42:16 UTC582OUTGET /?lang=en HTTP/1.1
                                          Host: ipwho.is
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: */*
                                          Origin: https://tronfwo8b.z13.web.core.windows.net
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Referer: https://tronfwo8b.z13.web.core.windows.net/
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          2024-04-19 22:42:16 UTC255INHTTP/1.1 200 OK
                                          Date: Fri, 19 Apr 2024 22:42:16 GMT
                                          Content-Type: application/json; charset=utf-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Server: ipwhois
                                          Access-Control-Allow-Origin: *
                                          Access-Control-Allow-Headers: *
                                          X-Robots-Tag: noindex
                                          2024-04-19 22:42:16 UTC732INData Raw: 32 64 30 0d 0a 7b 22 69 70 22 3a 22 38 31 2e 31 38 31 2e 35 37 2e 35 32 22 2c 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 74 79 70 65 22 3a 22 49 50 76 34 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 47 65 6f 72 67 69 61 22 2c 22 72 65 67 69 6f 6e 5f 63 6f 64 65 22 3a 22 47 41 22 2c 22 63 69 74 79 22 3a 22 41 74 6c 61 6e 74 61 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 33 33 2e 37 34 38 39 39 35 34 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 38 34 2e 33 38 37 39 38 32 34 2c 22 69 73
                                          Data Ascii: 2d0{"ip":"81.181.57.52","success":true,"type":"IPv4","continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"Georgia","region_code":"GA","city":"Atlanta","latitude":33.7489954,"longitude":-84.3879824,"is


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.549733104.21.53.384431520C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-19 22:42:17 UTC599OUTGET /get/script.js?referrer=https://tronfwo8b.z13.web.core.windows.net/ HTTP/1.1
                                          Host: userstatics.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          sec-ch-ua-platform: "Windows"
                                          Accept: */*
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: script
                                          Referer: https://tronfwo8b.z13.web.core.windows.net/
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          2024-04-19 22:42:18 UTC820INHTTP/1.1 200 OK
                                          Date: Fri, 19 Apr 2024 22:42:18 GMT
                                          Content-Type: text/html; charset=utf-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          X-Powered-By: PHP/8.2.1
                                          Access-Control-Allow-Origin: https://tronfwo8b.z13.web.core.windows.net
                                          Access-Control-Allow-Methods: GET, POST
                                          Access-Control-Allow-Headers: X-Requested-With,content-type
                                          Access-Control-Allow-Credentials: true
                                          CF-Cache-Status: DYNAMIC
                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yTYsm9ztqvM1dZb%2ByyGQ%2BCUvB4W0JyGRpJwjxegOCuOixUarCJD9iA%2BTE13xidQ5cEfwTu1gJqP8e5etkc2wVxPxIx6IfdX5Bql%2B34tp5s1%2F6xf%2Bi7GMthkg4jSYG1hjwCU%3D"}],"group":"cf-nel","max_age":604800}
                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                          Server: cloudflare
                                          CF-RAY: 8770682d5f0f6742-ATL
                                          alt-svc: h3=":443"; ma=86400
                                          2024-04-19 22:42:18 UTC139INData Raw: 38 35 0d 0a 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 73 63 72 69 70 74 22 29 2e 66 6f 72 45 61 63 68 28 65 3d 3e 7b 6e 65 77 20 52 65 67 45 78 70 28 61 74 6f 62 28 22 64 58 4e 6c 63 6e 4e 30 59 58 52 70 59 33 4d 75 59 32 39 74 22 29 29 2e 74 65 73 74 28 65 2e 73 72 63 29 26 26 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 65 29 7d 29 3b 0d 0a
                                          Data Ascii: 85document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});
                                          2024-04-19 22:42:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                          Data Ascii: 0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.54973523.216.69.213443
                                          TimestampBytes transferredDirectionData
                                          2024-04-19 22:42:18 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          Accept-Encoding: identity
                                          User-Agent: Microsoft BITS/7.8
                                          Host: fs.microsoft.com
                                          2024-04-19 22:42:18 UTC467INHTTP/1.1 200 OK
                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                          Content-Type: application/octet-stream
                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                          Server: ECAcc (chd/0758)
                                          X-CID: 11
                                          X-Ms-ApiVersion: Distribute 1.2
                                          X-Ms-Region: prod-eus-z1
                                          Cache-Control: public, max-age=116443
                                          Date: Fri, 19 Apr 2024 22:42:18 GMT
                                          Connection: close
                                          X-CID: 2


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.54973923.216.69.213443
                                          TimestampBytes transferredDirectionData
                                          2024-04-19 22:42:19 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          Accept-Encoding: identity
                                          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                          Range: bytes=0-2147483646
                                          User-Agent: Microsoft BITS/7.8
                                          Host: fs.microsoft.com
                                          2024-04-19 22:42:19 UTC531INHTTP/1.1 200 OK
                                          Content-Type: application/octet-stream
                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                          ApiVersion: Distribute 1.1
                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                          X-Azure-Ref: 0oq75YgAAAAAYL/6cwgY8QpNw2UWojohPQ0hHRURHRTE2MTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                                          Cache-Control: public, max-age=116482
                                          Date: Fri, 19 Apr 2024 22:42:19 GMT
                                          Content-Length: 55
                                          Connection: close
                                          X-CID: 2
                                          2024-04-19 22:42:19 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          4192.168.2.54974715.204.213.54431520C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2024-04-19 22:42:20 UTC340OUTGET /?lang=en HTTP/1.1
                                          Host: ipwho.is
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          2024-04-19 22:42:20 UTC223INHTTP/1.1 200 OK
                                          Date: Fri, 19 Apr 2024 22:42:20 GMT
                                          Content-Type: application/json; charset=utf-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Server: ipwhois
                                          Access-Control-Allow-Headers: *
                                          X-Robots-Tag: noindex
                                          2024-04-19 22:42:20 UTC1038INData Raw: 34 30 32 0d 0a 7b 0a 20 20 20 20 22 41 62 6f 75 74 20 55 73 22 3a 20 22 68 74 74 70 73 3a 5c 2f 5c 2f 69 70 77 68 6f 69 73 2e 69 6f 22 2c 0a 20 20 20 20 22 69 70 22 3a 20 22 38 31 2e 31 38 31 2e 35 37 2e 35 32 22 2c 0a 20 20 20 20 22 73 75 63 63 65 73 73 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 74 79 70 65 22 3a 20 22 49 50 76 34 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 20 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 20 22 4e 41 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 47 65 6f 72 67 69
                                          Data Ascii: 402{ "About Us": "https:\/\/ipwhois.io", "ip": "81.181.57.52", "success": true, "type": "IPv4", "continent": "North America", "continent_code": "NA", "country": "United States", "country_code": "US", "region": "Georgi


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          5192.168.2.54976423.1.237.91443
                                          TimestampBytes transferredDirectionData
                                          2024-04-19 22:42:32 UTC2148OUTPOST /threshold/xls.aspx HTTP/1.1
                                          Origin: https://www.bing.com
                                          Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                          Accept: */*
                                          Accept-Language: en-CH
                                          Content-type: text/xml
                                          X-Agent-DeviceId: 01000A410900D492
                                          X-BM-CBT: 1696428841
                                          X-BM-DateFormat: dd/MM/yyyy
                                          X-BM-DeviceDimensions: 784x984
                                          X-BM-DeviceDimensionsLogical: 784x984
                                          X-BM-DeviceScale: 100
                                          X-BM-DTZ: 120
                                          X-BM-Market: CH
                                          X-BM-Theme: 000000;0078d7
                                          X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                          X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22
                                          X-Device-isOptin: false
                                          X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                          X-Device-OSSKU: 48
                                          X-Device-Touch: false
                                          X-DeviceID: 01000A410900D492
                                          X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh
                                          X-MSEdge-ExternalExpType: JointCoord
                                          X-PositionerType: Desktop
                                          X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                          X-Search-CortanaAvailableCapabilities: None
                                          X-Search-SafeSearch: Moderate
                                          X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                                          X-UserAgeClass: Unknown
                                          Accept-Encoding: gzip, deflate, br
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                          Host: www.bing.com
                                          Content-Length: 2484
                                          Connection: Keep-Alive
                                          Cache-Control: no-cache
                                          Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1713566518084&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
                                          2024-04-19 22:42:32 UTC1OUTData Raw: 3c
                                          Data Ascii: <
                                          2024-04-19 22:42:32 UTC2483OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                                          Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                                          2024-04-19 22:42:33 UTC480INHTTP/1.1 204 No Content
                                          Access-Control-Allow-Origin: *
                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          X-MSEdge-Ref: Ref A: 9B62E1381AC74C7297F0FCAE272CA5C9 Ref B: LAX311000110005 Ref C: 2024-04-19T22:42:33Z
                                          Date: Fri, 19 Apr 2024 22:42:33 GMT
                                          Connection: close
                                          Alt-Svc: h3=":443"; ma=93600
                                          X-CDN-TraceID: 0.57ed0117.1713566552.1391d70a


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:00:42:08
                                          Start date:20/04/2024
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                          Imagebase:0x7ff715980000
                                          File size:3'242'272 bytes
                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:false

                                          General

                                          Target ID:2
                                          Start time:00:42:11
                                          Start date:20/04/2024
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2492,i,18068313473258052288,12623990746879654558,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                          Imagebase:0x7ff715980000
                                          File size:3'242'272 bytes
                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:false

                                          General

                                          Target ID:3
                                          Start time:00:42:13
                                          Start date:20/04/2024
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tronfwo8b.z13.web.core.windows.net/"
                                          Imagebase:0x7ff715980000
                                          File size:3'242'272 bytes
                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          Disassembly

                                          No disassembly