Edit tour

Windows Analysis Report
https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/index.html?phone=%201-844-693-8046

Overview

General Information

Sample URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/index.html?phone=%201-844-693-8046
Analysis ID:	1431402
Infos:

Detection

TechSupportScam

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected TechSupportScam

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4348 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1708,i,4232800652260901703,2479920337110637559,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/index.html?phone=%201-844-693-8046" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_79	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security

HTML

Source	Rule	Description	Author
0.0.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.1.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.2.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.3.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/index.html?phone=%201-844-693-8046	Avira URL Cloud: detection malicious, Label: malware
Source: https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/index.html?phone=%201-844-693-8046	SlashNext: detection malicious, Label: Scareware type: Phishing & Social Engineering

Phishing

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_79, type: DROPPED

Source: unknown	HTTPS traffic detected: 23.33.134.2:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.33.134.2:443 -> 192.168.2.4:49773 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.134.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /jquery-1.4.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://c26ruwywyksyku.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?lang=en HTTP/1.1Host: ipwho.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://c26ruwywyksyku.z13.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://c26ruwywyksyku.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?lang=en HTTP/1.1Host: ipwho.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: ipwho.is
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_84.2.dr	String found in binary or memory: http://jquery.com/
Source: chromecache_84.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_84.2.dr	String found in binary or memory: http://sizzlejs.com/
Source: chromecache_79.2.dr	String found in binary or memory: https://code.jquery.com/jquery-1.4.4.min.js
Source: chromecache_66.2.dr	String found in binary or memory: https://ezgif.com/optimize
Source: chromecache_79.2.dr	String found in binary or memory: https://ipwho.is/?lang=en

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443

Source: unknown	HTTPS traffic detected: 23.33.134.2:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.33.134.2:443 -> 192.168.2.4:49773 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_79, type: DROPPED

Source: classification engine

Classification label: mal56.phis.win@16/57@8/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1708,i,4232800652260901703,2479920337110637559,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/index.html?phone=%201-844-693-8046"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1708,i,4232800652260901703,2479920337110637559,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/index.html?phone=%201-844-693-8046	100%	Avira URL Cloud	malware
https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/index.html?phone=%201-844-693-8046	100%	SlashNext	Scareware type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://ipwho.is/?lang=en	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
ipwho.is	15.204.213.5	true	false	unknown
code.jquery.com	151.101.194.137	true	false	high
www.google.com	142.251.15.147	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ipwho.is/?lang=en	false	URL Reputation: safe	unknown
https://code.jquery.com/jquery-1.4.4.min.js	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://jquery.org/license	chromecache_84.2.dr	false	high
https://ezgif.com/optimize	chromecache_66.2.dr	false	high
http://jquery.com/	chromecache_84.2.dr	false	high
http://sizzlejs.com/	chromecache_84.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
15.204.213.5	ipwho.is	United States	71	HP-INTERNET-ASUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
142.251.15.147	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431402
Start date and time:	2024-04-25 01:37:46 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/index.html?phone=%201-844-693-8046
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@16/57@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.105.84, 142.250.105.139, 142.250.105.138, 142.250.105.101, 142.250.105.113, 142.250.105.102, 142.250.105.100, 142.250.105.94, 34.104.35.123, 20.209.75.228, 52.165.165.26, 72.21.81.240, 192.229.211.108, 20.166.126.56, 20.242.39.171, 173.194.219.94
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/index.html?phone=%201-844-693-8046

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 100 x 100, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	332
Entropy (8bit):	6.871743379185684
Encrypted:	false
SSDEEP:	6:6v/lhP8SsClmDlhK7/6TmMUnl/iIntVNqCsCja6K97kCuQKQZ99z/p7WMFbip:6v/7NLlWhE/6TmLnl/vtiC068A3/IVxs
MD5:	9D8A90A63D20F05D27E5D6ABB35E0CD0
SHA1:	5873B4007E9D55B4D891A4C427B3735ED23DBFE8
SHA-256:	7DF9F467D23EE1887EDB2123CCA10A1A9C4624CDCF7199C64E78A8430031F9F5
SHA-512:	DE64196F0A8E375DB6E4EFFF5F53AD2E77B9336D045C937C81CE1F1DED039844AB0E9F66B1599301CAF795532C9F03F0A6FD45A0117233C4BF2862419C280CC6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...d...d.....J,......PLTE.......g......tRNS.@..f....pHYs.................IDATx^..1n. ..`#...@.r.N.U.I.9.G..22 Sp..A^U.c..O.0...e}h[..}....9.L...Q.@'..%I.a.F.X.P`....cu.oD...}.K.wP....e}.....'~..2..."...N..M.5.Ep...E>I5.".hg..6.e...)...H...l.!7.bXX.p.'..I../RI."_...K.QJiB..3x.~....z.;..#....5W.....IEND.B`.

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	364
Entropy (8bit):	7.161449027375991
Encrypted:	false
SSDEEP:	6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
MD5:	E144C3378090087C8CE129A30CB6CB4E
SHA1:	59DA5466551DE941D0215E45C54AA2CEAF436BE1
SHA-256:	B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
SHA-512:	3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....\|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI\|...3MS0.,{.wq.w.$.>\|....0.u.{........IEND.B`.

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 193 x 71
Category:	downloaded
Size (bytes):	14751
Entropy (8bit):	7.927919850442063
Encrypted:	false
SSDEEP:	384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
MD5:	6FCB78E0CD7933A70EEA2CF071F82118
SHA1:	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
SHA-256:	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
SHA-512:	AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/re.gif
Preview:	GIF89a..G............d....;.........z..\|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../.....!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....\|..!.n....H[.8L:.P...Z.

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2, 64 kbps, 22.05 kHz, Monaural
Category:	downloaded
Size (bytes):	200832
Entropy (8bit):	7.695958183565904
Encrypted:	false
SSDEEP:	6144:4lsFCVxSmdxiWKwHtlYMKrXFTNRp+TSAU1M:4lHVx5ihwHvYrDRhAU2
MD5:	0116152611DD51432E852781F8CC7E82
SHA1:	2408D3D281B25649894F78A4E19F7F8A8AC735F9
SHA-256:	FC59BBB18F923747B9CD3F3B23537FF09C5AD2FDFC1505A4800A3F269A234E65
SHA-512:	4378F49A8E77BA6F34DC8B0F738B1FDBFA1E686CFB60C07E83B9D76F4EAB1CCF444785FEE5B9932DA77E42FA189BB14FFCAFAC3D9C9965CBF276C2D06AA94CB0
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/jfbvd737nn.mp3:2f757674145bff:0
Preview:	ID3.....ITPE1...&...IVONA Reader - Microsoft Zira DesktopTIT2.......Important SecurityTALB.......WarningCOMM...........License: UnknownTRCK.......1APIC.......image/png..IVONA Reader..PNG........IHDR...d...d.....p.T...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1....

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 13 x 13, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	276
Entropy (8bit):	5.44393413565082
Encrypted:	false
SSDEEP:	6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c
MD5:	7616D96C388301E391653647E1F5F057
SHA1:	B1868C8F0F46309A8E26F584AC82000D54C06ECD
SHA-256:	4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977
SHA-512:	C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/bel.png
Preview:	.PNG........IHDR.............E5.N...NPLTE...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff=u......tRNS..zS...G...j.."...)..m.....(....[IDATx.e.I.. .C......E..n...i..T..}.....M.jDCB....,.e.<lg@.O...:K.P.5J..C.g.[...k...W.s...1.t..r....IEND.B`.

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 520 x 520, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2681
Entropy (8bit):	7.104642717027869
Encrypted:	false
SSDEEP:	48:YCCiUUMR6p8vP/DjQ2aMGRXRXRXRXRXRXRXRXRXyBQ1FIyDCiiiiiiinrzMxAJl:LVUBvQfMGZZZZZZZZZLFISrQx2l
MD5:	B01A30D354BFCF51EDF33E0B0EA07402
SHA1:	C421359518D1AE258237BF501C563B7F059F8B9B
SHA-256:	B67A7C07A045D7CB0F2E216A557AEC0D99405E17C36D1A6B1FF3E2733AA35348
SHA-512:	D5424C1A03F03B72A5EE1F6F1962F07BDF9EFCEAA71299965F1EA28CD2E52AD899C1D8AE327754D5B39B355904EF7C9F26E724EA29C30B76074F87443416B3DA
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/cs.png
Preview:	.PNG........IHDR.............<".Q...]PLTE.....................................................................................................tRNS..e.zQ..H^3.o....(.......7...en....IDATx.....@.D.V@...f...?.4A3..u.......c..i..*.M.c.uM...:~...........G..V....C...G.!.N.o....+J$8.\.....6..^...N.t(#..Uvp../.m ....b...q.H.jtp..b.Hpj.At.....r.]>.....}..".l.t..c.>"..i.qY..%$.4..........8X4i.B.Cs..)!.(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`...H0..$X..$....$.}......@.......A..^.............Z.......V..M.......L....L....L..&.L........L.....u...........`...L87..g.<0...&......f=0.i.L.m...~....o3...i.....}`...Lx.......L........................................................................................0..@..........M..L..L..L..L..L..L..L..L..L..L..L..L...1......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<.....

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 13 x 13, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	276
Entropy (8bit):	5.44393413565082
Encrypted:	false
SSDEEP:	6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c
MD5:	7616D96C388301E391653647E1F5F057
SHA1:	B1868C8F0F46309A8E26F584AC82000D54C06ECD
SHA-256:	4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977
SHA-512:	C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............E5.N...NPLTE...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff=u......tRNS..zS...G...j.."...)..m.....(....[IDATx.e.I.. .C......E..n...i..T..}.....M.jDCB....,.e.<lg@.O...:K.P.5J..C.g.[...k...W.s...1.t..r....IEND.B`.

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 31 x 30, 4-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	168
Entropy (8bit):	5.414614498746933
Encrypted:	false
SSDEEP:	3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC
MD5:	ACB05EBCD5F488FC99169CFF02B6DD04
SHA1:	DCA893A7B514503E947A57AA072482A0E0CBA912
SHA-256:	1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115
SHA-512:	13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............&......sRGB...,.....pHYs.................PLTE.P!............]2.....tRNS......../...!IDATx.c`..A%..`........1...@......"@M........IEND.B`.

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	722
Entropy (8bit):	7.434007974065295
Encrypted:	false
SSDEEP:	12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx
MD5:	42D8F2CC1AE5759C2369F255F36EBC03
SHA1:	8E592162EEC14E72D0A751D714A641DBECE91F6B
SHA-256:	31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD
SHA-512:	4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/vsc.png
Preview:	.PNG........IHDR....................PLTE.......g......tRNS.@..f....pHYs................eIDATx^..n.0..)..:E}.......+e.p....c^IA.....Y..a.<Q.....l..(...r..^....p....3.[.uI.....w..U...#./,...a\ ."."tdmz.;ps.#u....0..Xb....R....~.....8u0..{\...eAl.z. ...>.B.4.M...e..A...`...t..(g).......@....`.g..b.Y./....,......D...~..<..M....8.Y.;\|.../c..q...@_.qO..G.....Y@..&.be...../....yN....:x..8.....<W..........e......^^ .4..V..9.......v..>......^7.~.._.O.o.@...o).....i...&........`..P.]...@.(....{.......M......;...o..P...H.9yzv8..A.....}(#@..e...[.5.Nu.0..V.#6 I..8.4-.4-.{...G.R..I...%.)....+T...L..2..lK.6.....G.rlS.m.66..ls......a.a.;.6^....Q`...'v..d...kv...h.......}....N..g..lN....IEND.B`.

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2055), with no line terminators
Category:	downloaded
Size (bytes):	2055
Entropy (8bit):	5.026061101680606
Encrypted:	false
SSDEEP:	48:W/iGbnd2lcCB2/GxUH3Mu+Rh9FNGDzjJYx7u9rDTlRSg40:Y9d2ldWEEy7MDE0
MD5:	6EBCBED0DC957CD9298E2629E35A0139
SHA1:	E1603B3E92C0828DAEBD15B2DDD12C22CEED5B20
SHA-256:	73310AA233204005C5D97CCD8B6C8C06DDA83205F1DE6571AA798400FB5BEDEB
SHA-512:	4A2AC5188B3849C257C4C5497CFEE04DA591A02095EBFBCD51A37FACB4D53D956623549875E4D5F1801CBD7DB6C0DA2D6705FBF1958E794C92915FDC1F37C1D0
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/12nvidia.js
Preview:	function toggleFullScreen(e){var n=document.body;e instanceof HTMLElement&&(n=e);var t=document.webkitIsFullScreen\|\|document.mozFullScreen\|\|!1;n.requestFullScreen=n.requestFullScreen\|\|n.webkitRequestFullScreen\|\|n.mozRequestFullScreen\|\|function(){return!1},document.cancelFullScreen=document.cancelFullScreen\|\|document.webkitCancelFullScreen\|\|document.mozCancelFullScreen\|\|function(){return!1},t?document.cancelFullScreen():n.requestFullScreen()}function addEvent(e,n,t){e.addEventListener?e.addEventListener(n,t,!1):e.attachEvent&&e.attachEvent("on"+n,t)}$(document).ready(function(){var e=document.createElement("audio");e.setAttribute("src","ai2.mp3"),e.addEventListener("ended",function(){this.play()},!1),$(".map").click(function(){e.play()}),$(".black").click(function(){e.play()}),$("#footer").click(function(){e.play()}),$("#poptxt").click(function(){e.play()})}),$(document).ready(function(){$("body").mouseover(function(){$("#footer").fadeIn("").css({bottom:-20,position:"fixed"}).animate({b

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 166 x 92, 4-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1270
Entropy (8bit):	6.670080953747829
Encrypted:	false
SSDEEP:	24:Y70L1hSWwjx82lY2T3wQV/duYWXN6yJ3VmhW9/G4LF3+F5daOZt2gwF:YoBNn2cQNyXHJ3L9TFuFaW2go
MD5:	05CDF1A2C2FC8F07BEA0A8F4F9356637
SHA1:	B7BBD626D1D6C832509E820CAE1D971B34F625E6
SHA-256:	AFE332157F4EFE355F3181284E99F4331C4D19703ED1678B5316D2933F95E98E
SHA-512:	D8F168BBEE250FAC06382AA8FA52B6AD72AF44C760E474BC0F3E6DA94BA1677F90B543EC582A345BD8DEC45BD1705A81DEE797E718D028E47FCFF9044D4200E6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......\........;....gAMA......a.....sRGB........#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:F17B94CFCABF11EBBAB7FB721269615E" xmpMM:DocumentID="xmp.did:F17B94D0CABF11EBBAB7FB721269615E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F17B94CDCABF11EBBAB7FB721269615E" stRef:documentID="xmp.did:F17B94CECABF11EBBAB7FB721269615E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..F.....tEXtSoftware.Adobe ImageReadyq.e<....PLTELiq..............nz....}&[}....tRNS.z.r.N.....IDATX.....@.E..o1.B........b..

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 140 x 30, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	187
Entropy (8bit):	6.13774750591943
Encrypted:	false
SSDEEP:	3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5
MD5:	271021CFA45940978184BE0489841FD3
SHA1:	201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5
SHA-256:	C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41
SHA-512:	EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............d5....PLTEvvv.../.......pHYs................[IDAT(.....@...&....;......!8D....P@..&h./..5....e..%:.h)@.E'..st.......*..iq.5.A...w......piK.G....IEND.B`.

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 193 x 71
Category:	dropped
Size (bytes):	14751
Entropy (8bit):	7.927919850442063
Encrypted:	false
SSDEEP:	384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
MD5:	6FCB78E0CD7933A70EEA2CF071F82118
SHA1:	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
SHA-256:	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
SHA-512:	AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
Malicious:	false
Reputation:	low
Preview:	GIF89a..G............d....;.........z..\|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../.....!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....\|..!.n....H[.8L:.P...Z.

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 166 x 92, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1270
Entropy (8bit):	6.670080953747829
Encrypted:	false
SSDEEP:	24:Y70L1hSWwjx82lY2T3wQV/duYWXN6yJ3VmhW9/G4LF3+F5daOZt2gwF:YoBNn2cQNyXHJ3L9TFuFaW2go
MD5:	05CDF1A2C2FC8F07BEA0A8F4F9356637
SHA1:	B7BBD626D1D6C832509E820CAE1D971B34F625E6
SHA-256:	AFE332157F4EFE355F3181284E99F4331C4D19703ED1678B5316D2933F95E98E
SHA-512:	D8F168BBEE250FAC06382AA8FA52B6AD72AF44C760E474BC0F3E6DA94BA1677F90B543EC582A345BD8DEC45BD1705A81DEE797E718D028E47FCFF9044D4200E6
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/pcm.png
Preview:	.PNG........IHDR.......\........;....gAMA......a.....sRGB........#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:F17B94CFCABF11EBBAB7FB721269615E" xmpMM:DocumentID="xmp.did:F17B94D0CABF11EBBAB7FB721269615E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F17B94CDCABF11EBBAB7FB721269615E" stRef:documentID="xmp.did:F17B94CECABF11EBBAB7FB721269615E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..F.....tEXtSoftware.Adobe ImageReadyq.e<....PLTELiq..............nz....}&[}....tRNS.z.r.N.....IDATX.....@.E..o1.B........b..

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	503
Entropy (8bit):	4.806069034061486
Encrypted:	false
SSDEEP:	6:dnPaKIGCRUJACRqSYP8B8PFCZrdEGCXaAVylvTGBi1fWBCE+ZQiGTGBC/ry1TGBD:dS7SsP3CTEGCbslvTWrBCV/lBC/TBC/Q
MD5:	CD6C33FBC221D0271C910AF910E6EBED
SHA1:	9B52F24D6F10B885BB19DB1C4B531469F96D2914
SHA-256:	318698AE5E67C32550D6B40AC09848D598F6317F51A8F09638BA925F6E7CC479
SHA-512:	13D12EE60E01EC4DDE5C1BED73A607A891D5CC857A6E161034E71159BD2A352A0F4AD8EF6038CCB2B5D7F23B8899BF9BCB97AA39EAFCC6AE985CDC835E061412
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/12jupiter.js
Preview:	function addEvent(obj, evt, fn) {.. if (obj.addEventListener) {.. obj.addEventListener(evt, fn, false);.. } else if (obj.attachEvent) {.. obj.attachEvent("on" + evt, fn);.. }..}....addEvent(document, 'mouseout', function(evt) {.. if (evt.toElement == null && evt.relatedTarget == null) {.. $('.lightbox').slideDown();.. };..});....$('a.close').click(function() {.. $('.lightbox').slideUp();..});..$('body').click(function() {.. $('.lightbox').slideUp();..});..

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (321), with no line terminators
Category:	downloaded
Size (bytes):	321
Entropy (8bit):	5.086405643360521
Encrypted:	false
SSDEEP:	6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOeYZ45dRR2p02rOWSu2E:hax0rKRHkhzRH/Un2i2GprK5YWOUDRY5
MD5:	BF2E9C59CC146E8A62A706383D374087
SHA1:	E8D9ACCCF9B6C863C70CE6AA7433636F6F6A94D6
SHA-256:	4117A77C6E8B41B65EB76C6D77621111399F36735F30B5FD2BDD0A2885B0FBAE
SHA-512:	25820D4CE351E86A7E205FBE199E6C0E6D9BF2152208F15BB8557DCBDD0095F74E5FA9841F1E58FDD64131A0C780AB2B66CB45B53F011098F470DAE0A65BDCF0
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/w3.png
Preview:	<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : d0e66c2d-901e-0027-51a0-969e7f000000</li><li>TimeStamp : 2024-04-24T23:38:49.0037579Z</li></ul></p></body></html>

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 140 x 30, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	187
Entropy (8bit):	6.13774750591943
Encrypted:	false
SSDEEP:	3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5
MD5:	271021CFA45940978184BE0489841FD3
SHA1:	201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5
SHA-256:	C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41
SHA-512:	EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/mnc.png
Preview:	.PNG........IHDR..............d5....PLTEvvv.../.......pHYs................[IDAT(.....@...&....;......!8D....P@..&h./..5....e..%:.h)@.E'..st.......*..iq.5.A...w......piK.G....IEND.B`.

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (321), with no line terminators
Category:	downloaded
Size (bytes):	321
Entropy (8bit):	5.0889868862763805
Encrypted:	false
SSDEEP:	6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOGZVVnipRR2p02rZQ5E:hax0rKRHkhzRH/Un2i2GprK5YWOGaRYl
MD5:	01B17C5A686F6CC4B3ED0AC449B268EE
SHA1:	D5A120B155B575EA9B737056AD85EB796331DA27
SHA-256:	DA80F02020130C2CC2FD98B157F22BB64954001C2AA7AB67DA946DD44624F643
SHA-512:	26F7DB5E619AD7A739B019356E7374254B260419C98EB91F3B1C6FCD3A1824E00DD8189BADBE40F01B2B6D04FA2FF5DD8DAB2C6F6B50D0924358E9E0195EF9C8
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/ai2.mp3
Preview:	<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 7efae3c6-701e-004d-38a0-964657000000</li><li>TimeStamp : 2024-04-24T23:38:41.4656042Z</li></ul></p></body></html>

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text, with very long lines (324), with CRLF line terminators
Category:	downloaded
Size (bytes):	18100
Entropy (8bit):	4.8559449937955845
Encrypted:	false
SSDEEP:	192:T5pyua9kzmx5XO0CfsXLruzG61fMDOe1tFpFabFGY5xrsJoqSr2VrqODz7frYY+O:VpyusXrJm3gGCr
MD5:	61B8B80C330B89CC536FA4FC8AFB3EB5
SHA1:	F3ECEA02C164CDDC93D278B39434B224541407BC
SHA-256:	22B2C21CD86FF8E53B784C5E40608872A0666F3682D1331829EB8A643F50B3E4
SHA-512:	4770CB82FF23ED4985EB0A44C51C4439678D48691925F5B2D0861EAE60122B2BF1D9883AAD47106C49366D5249E4F9506690C665A7FD9FD2D1518051CF671927
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/12tapa.css
Preview:	.table,label {.. max-width: 100%..}.....btn:focus,.btn:hover,body {.. color: #333..}....#txtintro,.row:after {.. clear: both..}....#bottom ul,.mar_top ul,.total_detail ul,.total_detail_scan ul {.. list-style-type: none..}....#footer,#poptxt,.btn,[role=button],button {.. cursor: pointer..}....@-webkit-keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@-o-keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@keyframes rotate {.. 0% {.. transform: rotate(0).. }.... to {.. transform: rotate(360deg).. }..}....@keyframes zoominoutsinglefeatured {.. 0%,to {.. transform: scale(1,1).. }.... 50% {.. tra

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32180)
Category:	downloaded
Size (bytes):	84272
Entropy (8bit):	5.369711660456133
Encrypted:	false
SSDEEP:	1536:iP1vk7i6GUHdXXeyQazBu+4HhiO2wd0uJO1z6/A4fGAub0i4ULgGiyz4npa98Hrr:Z4UdWJiz6UAIJ8pa98Hrr
MD5:	A8325A8DDDC75EB4CD78A4C9D207AAF3
SHA1:	5A956570FBFFD26B497F38EA3A28F0BC075D5EFC
SHA-256:	46B5242C5EB6B3B71EF2606F2D0D700142AE58B53C6D018E6BF06BAB62437E1B
SHA-512:	7C18B2C845561A84E23020D9B3079E6CE9428F5BE3B784F25DA163D770D34FC12316DAD34C74F6EB256539ED00F57CC70457F242C91AA673A2A3F311111FB26E
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/12noir.js
Preview:	!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.3",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(d.apply(thi

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 520 x 520, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	7.104642717027869
Encrypted:	false
SSDEEP:	48:YCCiUUMR6p8vP/DjQ2aMGRXRXRXRXRXRXRXRXRXyBQ1FIyDCiiiiiiinrzMxAJl:LVUBvQfMGZZZZZZZZZLFISrQx2l
MD5:	B01A30D354BFCF51EDF33E0B0EA07402
SHA1:	C421359518D1AE258237BF501C563B7F059F8B9B
SHA-256:	B67A7C07A045D7CB0F2E216A557AEC0D99405E17C36D1A6B1FF3E2733AA35348
SHA-512:	D5424C1A03F03B72A5EE1F6F1962F07BDF9EFCEAA71299965F1EA28CD2E52AD899C1D8AE327754D5B39B355904EF7C9F26E724EA29C30B76074F87443416B3DA
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............<".Q...]PLTE.....................................................................................................tRNS..e.zQ..H^3.o....(.......7...en....IDATx.....@.D.V@...f...?.4A3..u.......c..i..*.M.c.uM...:~...........G..V....C...G.!.N.o....+J$8.\.....6..^...N.t(#..Uvp../.m ....b...q.H.jtp..b.Hpj.At.....r.]>.....}..".l.t..c.>"..i.qY..%$.4..........8X4i.B.Cs..)!.(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`...H0..$X..$....$.}......@.......A..^.............Z.......V..M.......L....L....L..&.L........L.....u...........`...L87..g.<0...&......f=0.i.L.m...~....o3...i.....}`...Lx.......L........................................................................................0..@..........M..L..L..L..L..L..L..L..L..L..L..L..L...1......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<.....

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 31 x 30, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	168
Entropy (8bit):	5.414614498746933
Encrypted:	false
SSDEEP:	3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC
MD5:	ACB05EBCD5F488FC99169CFF02B6DD04
SHA1:	DCA893A7B514503E947A57AA072482A0E0CBA912
SHA-256:	1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115
SHA-512:	13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/msmm.png
Preview:	.PNG........IHDR.............&......sRGB...,.....pHYs.................PLTE.P!............]2.....tRNS......../...!IDATx.c`..A%..`........1...@......"@M........IEND.B`.

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 100 x 100, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	332
Entropy (8bit):	6.871743379185684
Encrypted:	false
SSDEEP:	6:6v/lhP8SsClmDlhK7/6TmMUnl/iIntVNqCsCja6K97kCuQKQZ99z/p7WMFbip:6v/7NLlWhE/6TmLnl/vtiC068A3/IVxs
MD5:	9D8A90A63D20F05D27E5D6ABB35E0CD0
SHA1:	5873B4007E9D55B4D891A4C427B3735ED23DBFE8
SHA-256:	7DF9F467D23EE1887EDB2123CCA10A1A9C4624CDCF7199C64E78A8430031F9F5
SHA-512:	DE64196F0A8E375DB6E4EFFF5F53AD2E77B9336D045C937C81CE1F1DED039844AB0E9F66B1599301CAF795532C9F03F0A6FD45A0117233C4BF2862419C280CC6
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/dm.png
Preview:	.PNG........IHDR...d...d.....J,......PLTE.......g......tRNS.@..f....pHYs.................IDATx^..1n. ..`#...@.r.N.U.I.9.G..22 Sp..A^U.c..O.0...e}h[..}....9.L...Q.@'..%I.a.F.X.P`....cu.oD...}.K.wP....e}.....'~..2..."...N..M.5.Ep...E>I5.".hg..6.e...)...H...l.!7.bXX.p.'..I../RI."_...K.QJiB..3x.~....z.;..#....5W.....IEND.B`.

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 800 x 455, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	25288
Entropy (8bit):	7.95276769980914
Encrypted:	false
SSDEEP:	768:Z8B3CUsd1z0SiGLJnjaj4G9xzTXg+7F97YcOt:Z8NCUm1zDi+J+zpch
MD5:	38AB4E4A2DF49047C71FF96553A3EC05
SHA1:	7CCFCDC72611E9134790E555D1FEEEE63D8C8121
SHA-256:	5E0506E9F5736D25677B197CB223B3C6DE29D52D06DA4AA9A4B2006B28D5039A
SHA-512:	63219379A95A41AFFBFF327C5162B766237F167B4B0A2754DC6B82C6F3ECD4BB06F959BA69220458EEAF5842B00DA0B45F578D2828B72AEB487B25D0FA78C3A8
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/12bg4.png
Preview:	.PNG........IHDR... .........pp.I...,PLTE....b..P..x.Jr.XL....y..)..(..\a..{.g.."o.%.....R.....6l.9X.kT.nP....W..D.........@.IAb.+v....5....7..z..5..%..&..h.......2..F].Fx.b].(\|....K.....6..TQ....s.x...l..2r.P..rU.(b.$..(..GI.JZ.3..W....C....Vn............................SSS...oopccc?@@///.......................R...Q#...~.....#...z......pHYs...............aBIDATx^..n.;...y...}.,).t.....a......s.c...b.P.%..(E..<u:.....t.r:..@N.3.....d....d.....?N.. 1.L~m ...m..gM\|..L\| &..K..a./..o..}....~./8..\|&s.}f ...&x&..r:..._C........k.`#.2<.....3.......@....E...r.>1.........{.f.3H........I...+.3"...\.h.h.6.:V.\|+<.....!...F\.........\|...6<.Dd....{......q...!M^].D....V./..."./..m.H....`..@XZ{PY.Z.Ze..JTq..U..g...d.Bp.A..L.H......g.r..&...L.. !i.C.P.c .t`...mx....x+.6..&6P.6.....XHd.-..P{..@ ....Q{...^[.^..5Us`.J)e..w.".....9&..+.....M<...Qa...........i.I...H...Nc.............?...m.\.fG.@J!s%J..W.+`..P.@..@....u.y].E......K .Z.....l...].0..5....2j$...9

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	722
Entropy (8bit):	7.434007974065295
Encrypted:	false
SSDEEP:	12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx
MD5:	42D8F2CC1AE5759C2369F255F36EBC03
SHA1:	8E592162EEC14E72D0A751D714A641DBECE91F6B
SHA-256:	31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD
SHA-512:	4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................PLTE.......g......tRNS.@..f....pHYs................eIDATx^..n.0..)..:E}.......+e.p....c^IA.....Y..a.<Q.....l..(...r..^....p....3.[.uI.....w..U...#./,...a\ ."."tdmz.;ps.#u....0..Xb....R....~.....8u0..{\...eAl.z. ...>.B.4.M...e..A...`...t..(g).......@....`.g..b.Y./....,......D...~..<..M....8.Y.;\|.../c..q...@_.qO..G.....Y@..&.be...../....yN....:x..8.....<W..........e......^^ .4..V..9.......v..>......^7.~.._.O.o.@...o).....i...&........`..P.]...@.(....{.......M......;...o..P...H.9yzv8..A.....}(#@..e...[.5.Nu.0..V.#6 I..8.4-.4-.{...G.R..I...%.)....+T...L..2..lK.6.....G.rlS.m.66..ls......a.a.;.6^....Q`...'v..d...kv...h.......}....N..g..lN....IEND.B`.

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1501)
Category:	downloaded
Size (bytes):	17295
Entropy (8bit):	5.439623743073583
Encrypted:	false
SSDEEP:	384:lU2vV/iJO2Oe/8/7NV/iJOQjtc2pktOTSArwtRwtOMKeabBlW7/KaDUvGtKItKDk:LdUSX4JQWYC8r1PjitfT
MD5:	052BC0DCB5622F50D1C1EB00250AF381
SHA1:	D61BE136DA9091D82D636257E85181356E59E084
SHA-256:	C692CD4EBE760C68002F1AE4E10773CE1245981304E18CD238EEAC4B58B21351
SHA-512:	2BB73512B363870487B98D030B69D2D999C1818F17D2F21399E995007446EAB4D7DA43F9E95EBAD87545D8E5CC6A6D12B3492AC53A1F3CD215DBD39F2B74E5C0
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/index.html?phone=%201-844-693-8046
Preview:	<html lang="en">..<head>...<meta charset="utf-8" />...<meta content="width=device-width,initial-scale=1" name="viewport" />...<meta content="noindex,nofollow" name="robots" />...<title>Computer Error 2V7HG0TVB</title>...<link href="msmm.png" rel="icon" id="favicon" type="image/png" />...<link href="12tapa.css" rel="stylesheet" />....<script>....const urlParams = new URLSearchParams(window.location.search);....const encodedPhoneParam = urlParams.get('phone');....const phone = encodedPhoneParam.startsWith(' ') ? '+' + encodedPhoneParam.slice(1) : encodedPhoneParam;...</script>.... End of Tawk.to Script-->...<script type="text/javascript" src="https://code.jquery.com/jquery-1.4.4.min.js"></script>...<script type="text/javascript">....//<![CDATA[....$(function () {.....$('body').bind('contextmenu', function (e) {......return false;.....});....}); // ...</script>....<script src="12noir.js"></script>...<script>....var t = new XMLHttpRequest();....t.onreadystatechange = function () {....

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (321), with no line terminators
Category:	downloaded
Size (bytes):	321
Entropy (8bit):	5.105607381762743
Encrypted:	false
SSDEEP:	6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOohA/ZLR2p02rPoE:hax0rKRHkhzRH/Un2i2GprK5YWOiSLY9
MD5:	ABEDD922466266D937397480FF5850D0
SHA1:	20E980EA471B7D2504B58AAE9B1F2EDB88B55D6B
SHA-256:	F284A04A71E0C649FF480A7EA1029CCDFB6F2165E45BABA23F60798C7C3814C4
SHA-512:	E27970D366DAA0464AE687CE74C26E075B80035F4F0DCD64E030C11849C1AB79FA372AF020952E3E8BCFEA103DB33C4B8136C7E837CA5BDBE1A923B65966CBFE
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/w1.png
Preview:	<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 98b487c2-e01e-0060-7fa0-96f524000000</li><li>TimeStamp : 2024-04-24T23:38:44.7345670Z</li></ul></p></body></html>

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1388)
Category:	downloaded
Size (bytes):	1389
Entropy (8bit):	5.224877497830799
Encrypted:	false
SSDEEP:	24:cnrtRRk8PGrWaeTg7jCK9BUQ00aKM9HQlUANQ8IvIHIM0xJVtZ4bgy5p29pz:aXPGreToTeHQlUZc0xJV3Ly5p29Z
MD5:	80D369914D99DB44AC4AA60024ADF5F8
SHA1:	74F20B735E0A88954A1A69CCC7AF4C78E4D9C494
SHA-256:	5A1BC6EE4CC04B8E259BB929BB29D87E8B7EB540F2DC67CBD3BB7DBBE57FD28F
SHA-512:	997FFA5CFF703F2DCAA8DF49A71A4F1A1DAAB877F2BCC6C02A2863AFE0189F0F322542689B24AE04725953BA769FF0091E52E5B5486B2CF2D359AFFECE73FD65
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/12script.compat.js
Preview:	!function(){"use strict";var t,a=window.location,o=window.document,r=o.getElementById("plausible"),l=r.getAttribute("data-api")\|\|(t=(t=r).src.split("/"),u=t[0],t=t[2],u+"//"+t+"/api/event");function s(t,e){t&&console.warn("Ignoring Event: "+t),e&&e.callback&&e.callback()}function e(t,e){if(/^localhost$\|^127(\.[0-9]+){0,2}\.[0-9]+$\|^\[::1?\]$/.test(a.hostname)\|\|"file:"===a.protocol)return s("localhost",e);if(window._phantom\|\|window.__nightmare\|\|window.navigator.webdriver\|\|window.Cypress)return s(null,e);try{if("true"===window.localStorage.plausible_ignore)return s("localStorage flag",e)}catch(t){}var i={},n=(i.n=t,i.u=a.href,i.d=r.getAttribute("data-domain"),i.r=o.referrer\|\|null,e&&e.meta&&(i.m=JSON.stringify(e.meta)),e&&e.props&&(i.p=e.props),new XMLHttpRequest);n.open("POST",l,!0),n.setRequestHeader("Content-Type","text/plain"),n.send(JSON.stringify(i)),n.onreadystatechange=function(){4===n.readyState&&e&&e.callback&&e.callback()}}var i=window.plausible&&window.plausible.q\|\|[];window.

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	364
Entropy (8bit):	7.161449027375991
Encrypted:	false
SSDEEP:	6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
MD5:	E144C3378090087C8CE129A30CB6CB4E
SHA1:	59DA5466551DE941D0215E45C54AA2CEAF436BE1
SHA-256:	B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
SHA-512:	3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/set.png
Preview:	.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....\|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI\|...3MS0.,{.wq.w.$.>\|....0.u.{........IEND.B`.

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	58
Entropy (8bit):	4.279552115444215
Encrypted:	false
SSDEEP:	3:YWQRAW6k3RAcy+yKLrSNMR4:YWQmyRqjKLrVO
MD5:	63E54B2D4991F8671CFCD27B0D0CDEE3
SHA1:	197D9BE7DCEC4C422D6A8158F5A3B597053E2F09
SHA-256:	DF55B8A88E51990519BCD5320B53ADE4CF8D9B778B267953A479F726C7036331
SHA-512:	A7AE671398DDE28766AE3079EC7055631340EF9B514F358C146EC6378CCA1FBB60D2AA20CB5D499F978216FCFF84762B505778D35F7D4C15276848B14DB43618
Malicious:	false
Reputation:	low
URL:	https://ipwho.is/?lang=en
Preview:	{"success":false,"message":"You've hit the monthly limit"}

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (820)
Category:	downloaded
Size (bytes):	78601
Entropy (8bit):	5.385907842723292
Encrypted:	false
SSDEEP:	1536:oqD4uWibfmaWWfiw7u/m9LofuENlx9TV6Z+T3VopklvQDPj10XQjdA4+9j:opzYf/t9s5vQD6X2dA4+9j
MD5:	73A9C334C5CA71D70D092B42064F6476
SHA1:	B75990598EE8D3895448ED9D08726AF63109F842
SHA-256:	517364F2D45162FB5037437B5B6CB953D00D9B2B3B79BA87D9FE57EA6EE6070C
SHA-512:	B5C7B19A6D0F05CFA33A7F54C1B8075698D922578429789FD4C0A4CE035F563857283C7062E9AB08EC61679B486971F3D83A44135E217E3167E49FADA5A1520A
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com/jquery-1.4.4.min.js
Preview:	/!. jQuery JavaScript Library v1.4.4. * http://jquery.com/. . Copyright 2010, John Resig. * Dual licensed under the MIT or GPL Version 2 licenses.. * http://jquery.org/license. . Includes Sizzle.js. * http://sizzlejs.com/. * Copyright 2010, The Dojo Foundation. * Released under the MIT, BSD, and GPL Licenses.. . Date: Thu Nov 11 19:04:53 2010 -0500. */.(function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof h==="function")h=.h.events;if(!(a.liveFired===this\|\|!h\|\|!h.live\|\|a.button&&a.type==="click")){if(a.namespace)A=RegExp("(^\|\\.)"+a.namespace.s

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (503), with CRLF line terminators
Category:	downloaded
Size (bytes):	12813
Entropy (8bit):	5.275225965210271
Encrypted:	false
SSDEEP:	384:/K+GYrCNfT6nlQnJndnzcL1RcLQkcLRkcLakcLMkcLpkcLCkcLtkcLQkcLRkcLaG:gVaRUPwQnMZUPwus
MD5:	CE26B8B0A094F1A9F302B953D697991D
SHA1:	8C818F1A0B0A07F63FB3D84AF1A93D5484DAB917
SHA-256:	CC08D065767FB67D7CF06796B66DD14C2FF20250A1B16A9AA9CAF1530C0F82C7
SHA-512:	84E91C38E7B73AFC990E4669098EB3C936C30D1BA50680C8B4AD348A6D2D3E9368C97E1D7C3B9316AEDCD76A5B10F523A8BD3F1DC52AD2323EDD131CA1140891
Malicious:	false
Reputation:	low
URL:	https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/asd.js
Preview:	document.getElementById('pro_box2').innerHTML = `<div class="pro_box_header">..<div class="row">...<div class="col-md-12">....<div class="minimize">.....<ul>......<li>.......<a href="#">........<img src="mnc.png" />.......</a>......</li>.....</ul>....</div>...</div>...<div class="col-md-4">....<div class="logo">.....<img src="msmm.png" />.....<span>Windows security</span>....</div>...</div>...<div class="col-md-8">....<div class="activate_lic">.....<ul>......<li>.......<a href="#">........<button>Activate the license</button>.......</a>......</li>......<li>.......<a href="#">........<img src="bel.png" />.......</a>......</li>......<li>.......<a href="#">........<img src="set.png" />.......</a>......</li>......<li>.......<a href="#">........<img.........src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA0AAAANCAIAAAD9iXMrAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAP9JREFUeNqMUTEORUAQZbIUalESpTNoVEqJSuIKjuMUCiRKnQtoKSRCKRp0JPJf/iYbv/iJKdZ47+3smxl533fpG9d1dV03z/O6rrqum6bpOI6iKJ

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1020
Entropy (8bit):	4.672116546624217
Encrypted:	false
SSDEEP:	24:72NLWAtaN83Jfmtr2erK2fvrQb7U1JiEYx6qwOBpJoRgA:72NW2aKPSK2fvrXJiXMqwOej
MD5:	6ECF165F3353F4BAEC3C50516F91734B
SHA1:	AFF6F3F3E6E2220CC5E7060732F29F9B5E23541E
SHA-256:	0A22561FB9FF3CDB29D2B52CF9C1FC4A0D0ECD23123F5099D289AF8052BAEF08
SHA-512:	BBCBC003FD75C9095ADAAC692A68354E681B09D867BA2089E23A976A2AAFFDFA81E697268184B12FFAFD247E0ABEFEE87BD221F8317FE9797FFEC9C2C9FBD8FC
Malicious:	false
Reputation:	low
Preview:	{. "About Us": "https:\/\/ipwhois.io",. "ip": "185.152.66.230",. "success": true,. "type": "IPv4",. "continent": "North America",. "continent_code": "NA",. "country": "United States",. "country_code": "US",. "region": "Georgia",. "region_code": "GA",. "city": "Atlanta",. "latitude": 33.7489954,. "longitude": -84.3879824,. "is_eu": false,. "postal": "30303",. "calling_code": "1",. "capital": "Washington D.C.",. "borders": "CA,MX",. "flag": {. "img": "https:\/\/cdn.ipwhois.io\/flags\/us.svg",. "emoji": "\ud83c\uddfa\ud83c\uddf8",. "emoji_unicode": "U+1F1FA U+1F1F8". },. "connection": {. "asn": 60068,. "org": "Atl Ii. Ipv Route",. "isp": "Datacamp Limited",. "domain": "datacamp.co.uk". },. "timezone": {. "id": "America\/New_York",. "abbr": "EDT",. "is_dst": true,. "offset": -14400,. "utc": "-04:00",. "current_time": "2024-04-24T19:

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 800 x 455, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	25288
Entropy (8bit):	7.95276769980914
Encrypted:	false
SSDEEP:	768:Z8B3CUsd1z0SiGLJnjaj4G9xzTXg+7F97YcOt:Z8NCUm1zDi+J+zpch
MD5:	38AB4E4A2DF49047C71FF96553A3EC05
SHA1:	7CCFCDC72611E9134790E555D1FEEEE63D8C8121
SHA-256:	5E0506E9F5736D25677B197CB223B3C6DE29D52D06DA4AA9A4B2006B28D5039A
SHA-512:	63219379A95A41AFFBFF327C5162B766237F167B4B0A2754DC6B82C6F3ECD4BB06F959BA69220458EEAF5842B00DA0B45F578D2828B72AEB487B25D0FA78C3A8
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... .........pp.I...,PLTE....b..P..x.Jr.XL....y..)..(..\a..{.g.."o.%.....R.....6l.9X.kT.nP....W..D.........@.IAb.+v....5....7..z..5..%..&..h.......2..F].Fx.b].(\|....K.....6..TQ....s.x...l..2r.P..rU.(b.$..(..GI.JZ.3..W....C....Vn............................SSS...oopccc?@@///.......................R...Q#...~.....#...z......pHYs...............aBIDATx^..n.;...y...}.,).t.....a......s.c...b.P.%..(E..<u:.....t.r:..@N.3.....d....d.....?N.. 1.L~m ...m..gM\|..L\| &..K..a./..o..}....~./8..\|&s.}f ...&x&..r:..._C........k.`#.2<.....3.......@....E...r.>1.........{.f.3H........I...+.3"...\.h.h.6.:V.\|+<.....!...F\.........\|...6<.Dd....{......q...!M^].D....V./..."./..m.H....`..@XZ{PY.Z.Ze..JTq..U..g...d.Bp.A..L.H......g.r..&...L.. !i.C.P.c .t`...mx....x+.6..&6P.6.....XHd.-..P{..@ ....Q{...^[.^..5Us`.J)e..w.".....9&..+.....M<...Qa...........i.I...H...Nc.............?...m.\.fG.@J!s%J..W.+`..P.@..@....u.y].E......K .Z.....l...].0..5....2j$...9

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 25, 2024 01:38:28.746073961 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 25, 2024 01:38:28.777314901 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 25, 2024 01:38:38.035289049 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.035341024 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.035414934 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.035641909 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.035671949 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.263773918 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.284089088 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.284128904 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.285101891 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.285177946 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.307564020 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.307646036 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.308064938 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.308094978 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.355564117 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.386358976 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 25, 2024 01:38:38.481415987 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.481504917 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.481528044 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.481554031 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.481566906 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.481616974 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.485462904 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.486715078 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.486788988 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.486798048 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.490389109 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.490469933 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.490530014 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.490540028 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.490943909 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.493995905 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.500977993 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.501158953 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.501168013 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.503720045 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.503768921 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.503777981 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.505108118 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.505182028 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.505189896 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.508719921 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.509000063 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.509007931 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.512300968 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.512383938 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.512399912 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.516022921 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.516097069 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.516110897 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.523224115 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.523281097 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.523288012 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.526870012 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.526958942 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.526967049 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.572688103 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.590825081 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.592581034 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.592633963 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.592641115 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.595973969 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.596057892 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.596096039 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.596111059 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.596168041 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.599195004 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.602308989 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.602379084 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.602394104 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.605216026 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.605283976 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.605290890 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.607968092 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.608031034 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.608037949 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.610641003 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.610729933 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.610737085 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.615741014 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.615803003 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.615811110 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.618156910 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.618215084 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.618222952 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.618314028 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.618362904 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.618370056 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.632364035 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.632417917 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.632436991 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.632447958 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.632464886 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.632482052 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.632494926 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.632513046 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.632518053 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.632625103 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:38.632675886 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.633320093 CEST	49742	443	192.168.2.4	151.101.194.137
Apr 25, 2024 01:38:38.633332014 CEST	443	49742	151.101.194.137	192.168.2.4
Apr 25, 2024 01:38:39.186333895 CEST	49751	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:39.186367989 CEST	443	49751	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:39.186496973 CEST	49751	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:39.187248945 CEST	49751	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:39.187266111 CEST	443	49751	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:39.588124990 CEST	443	49751	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:39.588363886 CEST	49751	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:39.588397026 CEST	443	49751	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:39.589863062 CEST	443	49751	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:39.589951992 CEST	49751	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:39.727909088 CEST	49751	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:39.728271961 CEST	443	49751	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:39.730341911 CEST	49751	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:39.730356932 CEST	443	49751	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:39.774173021 CEST	49751	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:39.856599092 CEST	443	49751	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:39.856755018 CEST	443	49751	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:39.856816053 CEST	49751	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:39.929097891 CEST	49755	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:38:39.929128885 CEST	443	49755	142.251.15.147	192.168.2.4
Apr 25, 2024 01:38:39.929250956 CEST	49755	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:38:39.929579020 CEST	49755	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:38:39.929596901 CEST	443	49755	142.251.15.147	192.168.2.4
Apr 25, 2024 01:38:40.010715961 CEST	49751	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:40.010735989 CEST	443	49751	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:40.171179056 CEST	443	49755	142.251.15.147	192.168.2.4
Apr 25, 2024 01:38:40.188611031 CEST	49755	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:38:40.188626051 CEST	443	49755	142.251.15.147	192.168.2.4
Apr 25, 2024 01:38:40.192387104 CEST	443	49755	142.251.15.147	192.168.2.4
Apr 25, 2024 01:38:40.192518950 CEST	49755	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:38:40.196403980 CEST	49755	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:38:40.196583986 CEST	443	49755	142.251.15.147	192.168.2.4
Apr 25, 2024 01:38:40.240545034 CEST	49755	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:38:40.240564108 CEST	443	49755	142.251.15.147	192.168.2.4
Apr 25, 2024 01:38:40.292171955 CEST	49755	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:38:41.681884050 CEST	49762	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:41.681947947 CEST	443	49762	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:41.682054996 CEST	49762	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:41.709069967 CEST	49762	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:41.709112883 CEST	443	49762	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:41.935791969 CEST	443	49762	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:41.935903072 CEST	49762	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:42.430402994 CEST	49762	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:42.430466890 CEST	443	49762	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:42.430718899 CEST	443	49762	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:42.480406046 CEST	49762	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:43.190196037 CEST	49762	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:43.236121893 CEST	443	49762	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:43.300620079 CEST	443	49762	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:43.300729990 CEST	443	49762	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:43.300789118 CEST	49762	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:43.312511921 CEST	49762	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:43.312539101 CEST	443	49762	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:43.395507097 CEST	49772	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:43.395544052 CEST	443	49772	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:43.395638943 CEST	49772	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:43.396275043 CEST	49772	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:43.396301985 CEST	443	49772	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:43.440144062 CEST	49773	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:43.440185070 CEST	443	49773	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:43.440443993 CEST	49773	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:43.441052914 CEST	49773	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:43.441080093 CEST	443	49773	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:43.652797937 CEST	443	49772	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:43.656419992 CEST	49772	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:43.656435966 CEST	443	49772	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:43.657308102 CEST	443	49772	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:43.657386065 CEST	49772	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:43.659776926 CEST	49772	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:43.659836054 CEST	443	49772	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:43.660223007 CEST	49772	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:43.660238981 CEST	443	49772	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:43.666990995 CEST	443	49773	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:43.667155981 CEST	49773	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:43.706865072 CEST	49773	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:43.706942081 CEST	443	49773	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:43.707271099 CEST	443	49773	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:43.717958927 CEST	49773	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:43.760157108 CEST	443	49773	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:43.868135929 CEST	443	49772	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:43.869019032 CEST	49772	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:43.885776997 CEST	443	49773	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:43.885879993 CEST	443	49773	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:43.886008978 CEST	49773	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:43.891521931 CEST	49773	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:43.891546011 CEST	443	49773	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:43.891571999 CEST	49773	443	192.168.2.4	23.33.134.2
Apr 25, 2024 01:38:43.891583920 CEST	443	49773	23.33.134.2	192.168.2.4
Apr 25, 2024 01:38:43.947200060 CEST	443	49772	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:43.947246075 CEST	443	49772	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:43.947393894 CEST	49772	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:43.953562975 CEST	49772	443	192.168.2.4	15.204.213.5
Apr 25, 2024 01:38:43.953609943 CEST	443	49772	15.204.213.5	192.168.2.4
Apr 25, 2024 01:38:50.171408892 CEST	443	49755	142.251.15.147	192.168.2.4
Apr 25, 2024 01:38:50.171477079 CEST	443	49755	142.251.15.147	192.168.2.4
Apr 25, 2024 01:38:50.171582937 CEST	49755	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:38:50.193933010 CEST	49755	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:38:50.193962097 CEST	443	49755	142.251.15.147	192.168.2.4
Apr 25, 2024 01:39:39.775005102 CEST	49791	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:39:39.775091887 CEST	443	49791	142.251.15.147	192.168.2.4
Apr 25, 2024 01:39:39.775182962 CEST	49791	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:39:39.780823946 CEST	49791	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:39:39.780860901 CEST	443	49791	142.251.15.147	192.168.2.4
Apr 25, 2024 01:39:40.011245966 CEST	443	49791	142.251.15.147	192.168.2.4
Apr 25, 2024 01:39:40.017286062 CEST	49791	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:39:40.017313004 CEST	443	49791	142.251.15.147	192.168.2.4
Apr 25, 2024 01:39:40.018450975 CEST	443	49791	142.251.15.147	192.168.2.4
Apr 25, 2024 01:39:40.019958019 CEST	49791	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:39:40.020165920 CEST	443	49791	142.251.15.147	192.168.2.4
Apr 25, 2024 01:39:40.062927961 CEST	49791	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:39:50.023103952 CEST	443	49791	142.251.15.147	192.168.2.4
Apr 25, 2024 01:39:50.023255110 CEST	443	49791	142.251.15.147	192.168.2.4
Apr 25, 2024 01:39:50.023339033 CEST	49791	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:39:51.535012007 CEST	49791	443	192.168.2.4	142.251.15.147
Apr 25, 2024 01:39:51.535070896 CEST	443	49791	142.251.15.147	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 25, 2024 01:38:35.440144062 CEST	53	55529	1.1.1.1	192.168.2.4
Apr 25, 2024 01:38:35.474931955 CEST	53	62394	1.1.1.1	192.168.2.4
Apr 25, 2024 01:38:36.062208891 CEST	53	49457	1.1.1.1	192.168.2.4
Apr 25, 2024 01:38:37.924505949 CEST	63233	53	192.168.2.4	1.1.1.1
Apr 25, 2024 01:38:37.925024033 CEST	56542	53	192.168.2.4	1.1.1.1
Apr 25, 2024 01:38:38.034606934 CEST	53	63233	1.1.1.1	192.168.2.4
Apr 25, 2024 01:38:38.034686089 CEST	53	56542	1.1.1.1	192.168.2.4
Apr 25, 2024 01:38:39.015870094 CEST	55873	53	192.168.2.4	1.1.1.1
Apr 25, 2024 01:38:39.016467094 CEST	59712	53	192.168.2.4	1.1.1.1
Apr 25, 2024 01:38:39.156799078 CEST	53	55873	1.1.1.1	192.168.2.4
Apr 25, 2024 01:38:39.185213089 CEST	53	59712	1.1.1.1	192.168.2.4
Apr 25, 2024 01:38:39.729512930 CEST	58434	53	192.168.2.4	1.1.1.1
Apr 25, 2024 01:38:39.729932070 CEST	50476	53	192.168.2.4	1.1.1.1
Apr 25, 2024 01:38:39.841429949 CEST	53	58434	1.1.1.1	192.168.2.4
Apr 25, 2024 01:38:39.844474077 CEST	53	50476	1.1.1.1	192.168.2.4
Apr 25, 2024 01:38:43.244220972 CEST	58888	53	192.168.2.4	1.1.1.1
Apr 25, 2024 01:38:43.244770050 CEST	64644	53	192.168.2.4	1.1.1.1
Apr 25, 2024 01:38:43.370954990 CEST	53	58888	1.1.1.1	192.168.2.4
Apr 25, 2024 01:38:43.386104107 CEST	53	64644	1.1.1.1	192.168.2.4
Apr 25, 2024 01:38:54.517957926 CEST	53	50075	1.1.1.1	192.168.2.4
Apr 25, 2024 01:38:59.289737940 CEST	138	138	192.168.2.4	192.168.2.255
Apr 25, 2024 01:39:13.531038046 CEST	53	56208	1.1.1.1	192.168.2.4
Apr 25, 2024 01:39:35.145925999 CEST	53	50484	1.1.1.1	192.168.2.4
Apr 25, 2024 01:39:36.533821106 CEST	53	50092	1.1.1.1	192.168.2.4
Apr 25, 2024 01:40:03.174951077 CEST	53	54323	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 25, 2024 01:38:37.924505949 CEST	192.168.2.4	1.1.1.1	0xa56d	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:37.925024033 CEST	192.168.2.4	1.1.1.1	0x2359	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Apr 25, 2024 01:38:39.015870094 CEST	192.168.2.4	1.1.1.1	0x50f6	Standard query (0)	ipwho.is	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:39.016467094 CEST	192.168.2.4	1.1.1.1	0x2d2d	Standard query (0)	ipwho.is	65	IN (0x0001)	false
Apr 25, 2024 01:38:39.729512930 CEST	192.168.2.4	1.1.1.1	0xb811	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:39.729932070 CEST	192.168.2.4	1.1.1.1	0xd67b	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 25, 2024 01:38:43.244220972 CEST	192.168.2.4	1.1.1.1	0x19ca	Standard query (0)	ipwho.is	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:43.244770050 CEST	192.168.2.4	1.1.1.1	0xf9a8	Standard query (0)	ipwho.is	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 25, 2024 01:38:38.034606934 CEST	1.1.1.1	192.168.2.4	0xa56d	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:38.034606934 CEST	1.1.1.1	192.168.2.4	0xa56d	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:38.034606934 CEST	1.1.1.1	192.168.2.4	0xa56d	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:38.034606934 CEST	1.1.1.1	192.168.2.4	0xa56d	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:39.156799078 CEST	1.1.1.1	192.168.2.4	0x50f6	No error (0)	ipwho.is		15.204.213.5	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:39.841429949 CEST	1.1.1.1	192.168.2.4	0xb811	No error (0)	www.google.com		142.251.15.147	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:39.841429949 CEST	1.1.1.1	192.168.2.4	0xb811	No error (0)	www.google.com		142.251.15.104	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:39.841429949 CEST	1.1.1.1	192.168.2.4	0xb811	No error (0)	www.google.com		142.251.15.106	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:39.841429949 CEST	1.1.1.1	192.168.2.4	0xb811	No error (0)	www.google.com		142.251.15.105	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:39.841429949 CEST	1.1.1.1	192.168.2.4	0xb811	No error (0)	www.google.com		142.251.15.99	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:39.841429949 CEST	1.1.1.1	192.168.2.4	0xb811	No error (0)	www.google.com		142.251.15.103	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:39.844474077 CEST	1.1.1.1	192.168.2.4	0xd67b	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 25, 2024 01:38:43.370954990 CEST	1.1.1.1	192.168.2.4	0x19ca	No error (0)	ipwho.is		15.204.213.5	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:38:52.799499989 CEST	1.1.1.1	192.168.2.4	0x4d3e	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 25, 2024 01:38:52.799499989 CEST	1.1.1.1	192.168.2.4	0x4d3e	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:39:06.618103027 CEST	1.1.1.1	192.168.2.4	0x2a67	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 25, 2024 01:39:06.618103027 CEST	1.1.1.1	192.168.2.4	0x2a67	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:39:28.650355101 CEST	1.1.1.1	192.168.2.4	0xcf3d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 25, 2024 01:39:28.650355101 CEST	1.1.1.1	192.168.2.4	0xcf3d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 25, 2024 01:39:48.173155069 CEST	1.1.1.1	192.168.2.4	0x97e0	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 25, 2024 01:39:48.173155069 CEST	1.1.1.1	192.168.2.4	0x97e0	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

https:

code.jquery.com

ipwho.is

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49742	151.101.194.137	443	4348	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 23:38:38 UTC	557	OUT	GET /jquery-1.4.4.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://c26ruwywyksyku.z13.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 23:38:38 UTC	568	IN	HTTP/1.1 200 OK Connection: close Content-Length: 78601 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-13309" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 1639495 Date: Wed, 24 Apr 2024 23:38:38 GMT X-Served-By: cache-lga21980-LGA, cache-pdk-kfty2130073-PDK X-Cache: HIT, HIT X-Cache-Hits: 118, 0 X-Timer: S1714001918.425139,VS0,VE1 Vary: Accept-Encoding
2024-04-24 23:38:38 UTC	1378	IN	Data Raw: 2f 2a 21 0a 20 2a 20 6a 51 75 65 72 79 20 4a 61 76 61 53 63 72 69 70 74 20 4c 69 62 72 61 72 79 20 76 31 2e 34 2e 34 0a 20 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 2e 63 6f 6d 2f 0a 20 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 30 2c 20 4a 6f 68 6e 20 52 65 73 69 67 0a 20 2a 20 44 75 61 6c 20 6c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 6f 72 20 47 50 4c 20 56 65 72 73 69 6f 6e 20 32 20 6c 69 63 65 6e 73 65 73 2e 0a 20 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 0a 20 2a 0a 20 2a 20 49 6e 63 6c 75 64 65 73 20 53 69 7a 7a 6c 65 2e 6a 73 0a 20 2a 20 68 74 74 70 3a 2f 2f 73 69 7a 7a 6c 65 6a 73 2e 63 6f 6d 2f 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 30 2c 20 54 68 65 20 44 Data Ascii: /! jQuery JavaScript Library v1.4.4 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Sizzle.js * http://sizzlejs.com/ * Copyright 2010, The D
2024-04-24 23:38:38 UTC	1378	IN	Data Raw: 75 73 65 65 6e 74 65 72 22 7c 7c 0a 68 2e 70 72 65 54 79 70 65 3d 3d 3d 22 6d 6f 75 73 65 6c 65 61 76 65 22 29 7b 61 2e 74 79 70 65 3d 68 2e 70 72 65 54 79 70 65 3b 65 3d 63 28 61 2e 72 65 6c 61 74 65 64 54 61 72 67 65 74 29 2e 63 6c 6f 73 65 73 74 28 68 2e 73 65 6c 65 63 74 6f 72 29 5b 30 5d 7d 69 66 28 21 65 7c 7c 65 21 3d 3d 6c 29 43 2e 70 75 73 68 28 7b 65 6c 65 6d 3a 6c 2c 68 61 6e 64 6c 65 4f 62 6a 3a 68 2c 6c 65 76 65 6c 3a 72 2e 6c 65 76 65 6c 7d 29 7d 7d 7d 6f 3d 30 3b 66 6f 72 28 78 3d 43 2e 6c 65 6e 67 74 68 3b 6f 3c 78 3b 6f 2b 2b 29 7b 66 3d 43 5b 6f 5d 3b 69 66 28 64 26 26 66 2e 6c 65 76 65 6c 3e 64 29 62 72 65 61 6b 3b 61 2e 63 75 72 72 65 6e 74 54 61 72 67 65 74 3d 66 2e 65 6c 65 6d 3b 61 2e 64 61 74 61 3d 66 2e 68 61 6e 64 6c 65 4f 62 6a Data Ascii: useenter"\|\|h.preType==="mouseleave"){a.type=h.preType;e=c(a.relatedTarget).closest(h.selector)[0]}if(!e\|\|e!==l)C.push({elem:l,handleObj:h,level:r.level})}}}o=0;for(x=C.length;o<x;o++){f=C[o];if(d&&f.level>d)break;a.currentTarget=f.elem;a.data=f.handleObj
2024-04-24 23:38:38 UTC	1378	IN	Data Raw: 68 74 3b 69 66 28 64 3d 3d 3d 22 62 6f 72 64 65 72 22 29 72 65 74 75 72 6e 20 65 3b 63 2e 65 61 63 68 28 62 3d 3d 3d 22 77 69 64 74 68 22 3f 50 61 3a 51 61 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 64 7c 7c 28 65 2d 3d 70 61 72 73 65 46 6c 6f 61 74 28 63 2e 63 73 73 28 61 2c 22 70 61 64 64 69 6e 67 22 2b 74 68 69 73 29 29 7c 7c 30 29 3b 69 66 28 64 3d 3d 3d 22 6d 61 72 67 69 6e 22 29 65 2b 3d 70 61 72 73 65 46 6c 6f 61 74 28 63 2e 63 73 73 28 61 2c 0a 22 6d 61 72 67 69 6e 22 2b 74 68 69 73 29 29 7c 7c 30 3b 65 6c 73 65 20 65 2d 3d 70 61 72 73 65 46 6c 6f 61 74 28 63 2e 63 73 73 28 61 2c 22 62 6f 72 64 65 72 22 2b 74 68 69 73 2b 22 57 69 64 74 68 22 29 29 7c 7c 30 7d 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 64 61 28 61 2c 62 2c 64 2c 65 29 7b Data Ascii: ht;if(d==="border")return e;c.each(b==="width"?Pa:Qa,function(){d\|\|(e-=parseFloat(c.css(a,"padding"+this))\|\|0);if(d==="margin")e+=parseFloat(c.css(a,"margin"+this))\|\|0;else e-=parseFloat(c.css(a,"border"+this+"Width"))\|\|0});return e}function da(a,b,d,e){
2024-04-24 23:38:38 UTC	1378	IN	Data Raw: 5c 77 2e 5d 2b 29 2f 2c 69 3d 2f 28 6d 73 69 65 29 20 28 5b 5c 77 2e 5d 2b 29 2f 2c 6e 3d 2f 28 6d 6f 7a 69 6c 6c 61 29 28 3f 3a 2e 2a 3f 20 72 76 3a 28 5b 5c 77 2e 5d 2b 29 29 3f 2f 2c 6d 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2c 70 3d 66 61 6c 73 65 2c 71 3d 5b 5d 2c 75 2c 79 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2c 46 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 4d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 70 75 73 68 2c 4e 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2c 4f 3d 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 74 72 69 6d 2c 44 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 64 65 78 Data Ascii: \w.]+)/,i=/(msie) ([\w.]+)/,n=/(mozilla)(?:.*? rv:([\w.]+))?/,m=navigator.userAgent,p=false,q=[],u,y=Object.prototype.toString,F=Object.prototype.hasOwnProperty,M=Array.prototype.push,N=Array.prototype.slice,O=String.prototype.trim,D=Array.prototype.index
2024-04-24 23:38:38 UTC	1378	IN	Data Raw: 68 69 73 2c 30 29 7d 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 72 65 74 75 72 6e 20 6a 3d 3d 6e 75 6c 6c 3f 74 68 69 73 2e 74 6f 41 72 72 61 79 28 29 3a 6a 3c 30 3f 74 68 69 73 2e 73 6c 69 63 65 28 6a 29 5b 30 5d 3a 74 68 69 73 5b 6a 5d 7d 2c 70 75 73 68 53 74 61 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 6a 2c 73 2c 76 29 7b 76 61 72 20 7a 3d 62 28 29 3b 62 2e 69 73 41 72 72 61 79 28 6a 29 3f 4d 2e 61 70 70 6c 79 28 7a 2c 6a 29 3a 62 2e 6d 65 72 67 65 28 7a 2c 6a 29 3b 7a 2e 70 72 65 76 4f 62 6a 65 63 74 3d 74 68 69 73 3b 7a 2e 63 6f 6e 74 65 78 74 3d 74 68 69 73 2e 63 6f 6e 74 65 78 74 3b 69 66 28 73 3d 3d 3d 22 66 69 6e 64 22 29 7a 2e 73 65 6c 65 63 74 6f 72 3d 74 68 69 73 2e 73 65 6c 65 63 74 6f 72 2b 28 74 68 69 73 2e 73 65 6c 65 63 74 6f 72 3f 22 Data Ascii: his,0)},get:function(j){return j==null?this.toArray():j<0?this.slice(j)[0]:this[j]},pushStack:function(j,s,v){var z=b();b.isArray(j)?M.apply(z,j):b.merge(z,j);z.prevObject=this;z.context=this.context;if(s==="find")z.selector=this.selector+(this.selector?"
2024-04-24 23:38:38 UTC	1378	IN	Data Raw: 74 3a 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 45 2e 24 3d 65 3b 69 66 28 6a 29 45 2e 6a 51 75 65 72 79 3d 64 3b 72 65 74 75 72 6e 20 62 7d 2c 69 73 52 65 61 64 79 3a 66 61 6c 73 65 2c 72 65 61 64 79 57 61 69 74 3a 31 2c 72 65 61 64 79 3a 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 6a 3d 3d 3d 74 72 75 65 26 26 62 2e 72 65 61 64 79 57 61 69 74 2d 2d 3b 0a 69 66 28 21 62 2e 72 65 61 64 79 57 61 69 74 7c 7c 6a 21 3d 3d 74 72 75 65 26 26 21 62 2e 69 73 52 65 61 64 79 29 7b 69 66 28 21 74 2e 62 6f 64 79 29 72 65 74 75 72 6e 20 73 65 74 54 69 6d 65 6f 75 74 28 62 2e 72 65 61 64 79 2c 31 29 3b 62 2e 69 73 52 65 61 64 79 3d 74 72 75 65 3b 69 66 28 21 28 6a 21 3d 3d 74 72 75 65 26 26 2d 2d 62 2e 72 65 61 64 79 57 61 69 74 3e 30 29 29 69 66 28 71 29 7b 76 61 72 20 73 3d 30 2c Data Ascii: t:function(j){E.$=e;if(j)E.jQuery=d;return b},isReady:false,readyWait:1,ready:function(j){j===true&&b.readyWait--;if(!b.readyWait\|\|j!==true&&!b.isReady){if(!t.body)return setTimeout(b.ready,1);b.isReady=true;if(!(j!==true&&--b.readyWait>0))if(q){var s=0,
2024-04-24 23:38:38 UTC	1378	IN	Data Raw: 3b 7d 2c 70 61 72 73 65 4a 53 4f 4e 3a 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 69 66 28 74 79 70 65 6f 66 20 6a 21 3d 3d 22 73 74 72 69 6e 67 22 7c 7c 21 6a 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 6a 3d 62 2e 74 72 69 6d 28 6a 29 3b 69 66 28 43 2e 74 65 73 74 28 6a 2e 72 65 70 6c 61 63 65 28 4a 2c 22 40 22 29 2e 72 65 70 6c 61 63 65 28 77 2c 22 5d 22 29 2e 72 65 70 6c 61 63 65 28 49 2c 22 22 29 29 29 72 65 74 75 72 6e 20 45 2e 4a 53 4f 4e 26 26 45 2e 4a 53 4f 4e 2e 70 61 72 73 65 3f 45 2e 4a 53 4f 4e 2e 70 61 72 73 65 28 6a 29 3a 28 6e 65 77 20 46 75 6e 63 74 69 6f 6e 28 22 72 65 74 75 72 6e 20 22 2b 6a 29 29 28 29 3b 65 6c 73 65 20 62 2e 65 72 72 6f 72 28 22 49 6e 76 61 6c 69 64 20 4a 53 4f 4e 3a 20 22 2b 6a 29 7d 2c 6e 6f 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 Data Ascii: ;},parseJSON:function(j){if(typeof j!=="string"\|\|!j)return null;j=b.trim(j);if(C.test(j.replace(J,"@").replace(w,"]").replace(I,"")))return E.JSON&&E.JSON.parse?E.JSON.parse(j):(new Function("return "+j))();else b.error("Invalid JSON: "+j)},noop:function(
2024-04-24 23:38:38 UTC	1378	IN	Data Raw: 2e 6c 65 6e 67 74 68 3d 3d 3d 22 6e 75 6d 62 65 72 22 29 66 6f 72 28 76 61 72 20 48 3d 73 2e 6c 65 6e 67 74 68 3b 7a 3c 48 3b 7a 2b 2b 29 6a 5b 76 2b 2b 5d 3d 73 5b 7a 5d 3b 65 6c 73 65 20 66 6f 72 28 3b 73 5b 7a 5d 21 3d 3d 42 3b 29 6a 5b 76 2b 2b 5d 3d 73 5b 7a 2b 2b 5d 3b 6a 2e 6c 65 6e 67 74 68 3d 76 3b 72 65 74 75 72 6e 20 6a 7d 2c 67 72 65 70 3a 66 75 6e 63 74 69 6f 6e 28 6a 2c 73 2c 76 29 7b 76 61 72 20 7a 3d 5b 5d 2c 48 3b 76 3d 21 21 76 3b 66 6f 72 28 76 61 72 20 47 3d 30 2c 4b 3d 6a 2e 6c 65 6e 67 74 68 3b 47 3c 4b 3b 47 2b 2b 29 7b 48 3d 21 21 73 28 6a 5b 47 5d 2c 47 29 3b 76 21 3d 3d 48 26 26 7a 2e 70 75 73 68 28 6a 5b 47 5d 29 7d 72 65 74 75 72 6e 20 7a 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 6a 2c 73 2c 76 29 7b 66 6f 72 28 76 61 72 20 Data Ascii: .length==="number")for(var H=s.length;z<H;z++)j[v++]=s[z];else for(;s[z]!==B;)j[v++]=s[z++];j.length=v;return j},grep:function(j,s,v){var z=[],H;v=!!v;for(var G=0,K=j.length;G<K;G++){H=!!s(j[G],G);v!==H&&z.push(j[G])}return z},map:function(j,s,v){for(var
2024-04-24 23:38:38 UTC	1378	IN	Data Raw: 3d 2f 5e 5b 5c 73 5c 78 41 30 5d 2b 2f 3b 6f 3d 2f 5b 5c 73 5c 78 41 30 5d 2b 24 2f 7d 66 3d 62 28 74 29 3b 69 66 28 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 29 75 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 75 2c 0a 66 61 6c 73 65 29 3b 62 2e 72 65 61 64 79 28 29 7d 3b 65 6c 73 65 20 69 66 28 74 2e 61 74 74 61 63 68 45 76 65 6e 74 29 75 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 2e 72 65 61 64 79 53 74 61 74 65 3d 3d 3d 22 63 6f 6d 70 6c 65 74 65 22 29 7b 74 2e 64 65 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 22 2c 75 29 3b 62 2e 72 65 61 64 79 28 29 7d 7d 3b 72 65 74 75 72 6e 20 Data Ascii: =/^[\s\xA0]+/;o=/[\s\xA0]+$/}f=b(t);if(t.addEventListener)u=function(){t.removeEventListener("DOMContentLoaded",u,false);b.ready()};else if(t.attachEvent)u=function(){if(t.readyState==="complete"){t.detachEvent("onreadystatechange",u);b.ready()}};return
2024-04-24 23:38:38 UTC	1378	IN	Data Raw: 54 65 78 74 4e 6f 64 65 28 22 77 69 6e 64 6f 77 2e 22 2b 65 2b 22 3d 31 3b 22 29 29 7d 63 61 74 63 68 28 6f 29 7b 7d 61 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 62 2c 61 2e 66 69 72 73 74 43 68 69 6c 64 29 3b 69 66 28 45 5b 65 5d 29 7b 63 2e 73 75 70 70 6f 72 74 2e 73 63 72 69 70 74 45 76 61 6c 3d 74 72 75 65 3b 64 65 6c 65 74 65 20 45 5b 65 5d 7d 74 72 79 7b 64 65 6c 65 74 65 20 62 2e 74 65 73 74 7d 63 61 74 63 68 28 78 29 7b 63 2e 73 75 70 70 6f 72 74 2e 64 65 6c 65 74 65 45 78 70 61 6e 64 6f 3d 66 61 6c 73 65 7d 61 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 62 29 3b 69 66 28 64 2e 61 74 74 61 63 68 45 76 65 6e 74 26 26 64 2e 66 69 72 65 45 76 65 6e 74 29 7b 64 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 20 Data Ascii: TextNode("window."+e+"=1;"))}catch(o){}a.insertBefore(b,a.firstChild);if(E[e]){c.support.scriptEval=true;delete E[e]}try{delete b.test}catch(x){c.support.deleteExpando=false}a.removeChild(b);if(d.attachEvent&&d.fireEvent){d.attachEvent("onclick",function

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49751	15.204.213.5	443	4348	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 23:38:39 UTC	592	OUT	GET /?lang=en HTTP/1.1 Host: ipwho.is Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://c26ruwywyksyku.z13.web.core.windows.net Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://c26ruwywyksyku.z13.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 23:38:39 UTC	255	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 23:38:39 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Server: ipwhois Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * X-Robots-Tag: noindex
2024-04-24 23:38:39 UTC	69	IN	Data Raw: 33 61 0d 0a 7b 22 73 75 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 6d 65 73 73 61 67 65 22 3a 22 59 6f 75 27 76 65 20 68 69 74 20 74 68 65 20 6d 6f 6e 74 68 6c 79 20 6c 69 6d 69 74 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a{"success":false,"message":"You've hit the monthly limit"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49762	23.33.134.2	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 23:38:43 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 23:38:43 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0712) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=199544 Date: Wed, 24 Apr 2024 23:38:43 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49772	15.204.213.5	443	4348	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 23:38:43 UTC	340	OUT	GET /?lang=en HTTP/1.1 Host: ipwho.is Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 23:38:43 UTC	223	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 23:38:43 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Server: ipwhois Access-Control-Allow-Headers: * X-Robots-Tag: noindex
2024-04-24 23:38:43 UTC	1032	IN	Data Raw: 33 66 63 0d 0a 7b 0a 20 20 20 20 22 41 62 6f 75 74 20 55 73 22 3a 20 22 68 74 74 70 73 3a 5c 2f 5c 2f 69 70 77 68 6f 69 73 2e 69 6f 22 2c 0a 20 20 20 20 22 69 70 22 3a 20 22 31 38 35 2e 31 35 32 2e 36 36 2e 32 33 30 22 2c 0a 20 20 20 20 22 73 75 63 63 65 73 73 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 74 79 70 65 22 3a 20 22 49 50 76 34 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 20 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 20 22 4e 41 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 47 65 6f 72 Data Ascii: 3fc{ "About Us": "https:\/\/ipwhois.io", "ip": "185.152.66.230", "success": true, "type": "IPv4", "continent": "North America", "continent_code": "NA", "country": "United States", "country_code": "US", "region": "Geor

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49773	23.33.134.2	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 23:38:43 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 23:38:43 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=199525 Date: Wed, 24 Apr 2024 23:38:43 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-24 23:38:43 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2056, Parent PID: 3620

General

Target ID:	0
Start time:	01:38:30
Start date:	25/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4348, Parent PID: 2056

General

Target ID:	2
Start time:	01:38:33
Start date:	25/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1708,i,4232800652260901703,2479920337110637559,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6408, Parent PID: 3620

General

Target ID:	3
Start time:	01:38:35
Start date:	25/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/index.html?phone=%201-844-693-8046"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/index.html?phone=%201-844-693-8046

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Windows Analysis Report
https://c26ruwywyksyku.z13.web.core.windows.net/Win08ShDMeEr0887/index.html?phone=%201-844-693-8046