Edit tour

Windows Analysis Report
https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html

Overview

General Information

Sample URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html
Analysis ID:	1431910
Infos:

Detection

TechSupportScam

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected TechSupportScam

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2016,i,13252386866944281913,3936590754656706084,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_92	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security

HTML

Source	Rule	Description	Author
0.0.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.2.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.1.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.3.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html

SlashNext: detection malicious, Label: Scareware type: Phishing & Social Engineering

Phishing

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_92, type: DROPPED

Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49770 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?lang=en HTTP/1.1Host: ipwho.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://tron2qk6vdl.z13.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://tron2qk6vdl.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get/script.js?referrer=https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html HTTP/1.1Host: userstatics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tron2qk6vdl.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?lang=en HTTP/1.1Host: ipwho.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_75.2.dr	String found in binary or memory: Math.round(p);v["gtm.videoCurrentTime"]=Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},Qj:function(){e=zb()},sd:function(){d()}}};var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)
Source: chromecache_75.2.dr	String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var h=iA(a,c,e);M(121);if("https://www.facebook.com/tr/"===h["gtm.elementUrl"])return M(122),!0;if(d&&f){for(var m=Jb(b,g.length),n=0;n<g.length;++n)g[n](h,m);return m.done}for(var p=0;p<g.length;++p)g[p](h,function(){});return!0},lA=function(){var a=[],b=function(c){return pb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_75.2.dr	String found in binary or memory: e\|\|f\|\|g.length\|\|h.length))return;var n={Xg:d,Vg:e,Wg:f,Ih:g,Jh:h,ye:m,Ab:b},p=D.YT,q=function(){IC(n)};if(p)return p.ready&&p.ready(q),b;var r=D.onYouTubeIframeAPIReady;D.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(LC(w,"iframe_api")\|\|LC(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!CC&&JC(x[A],n.ye))return tc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_75.2.dr	String found in binary or memory: var NB=function(a,b,c,d,e){var f=Jz("fsl",c?"nv.mwt":"mwt",0),g;g=c?Jz("fsl","nv.ids",[]):Jz("fsl","ids",[]);if(!g.length)return!0;var h=Fz(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);M(121);if("https://www.facebook.com/tr/"===m)return M(122),!0;h["gtm.elementUrl"]=m;h["gtm.formCanceled"]=c;null!=a.getAttribute("name")&&(h["gtm.interactedFormName"]=a.getAttribute("name"));e&&(h["gtm.formSubmitElement"]=e,h["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!uy(h,vy(b, equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: ipwho.is
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: userstatics.com

Source: chromecache_68.2.dr	String found in binary or memory: http://jquery.com/
Source: chromecache_68.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_68.2.dr	String found in binary or memory: http://sizzlejs.com/
Source: chromecache_75.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_75.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_75.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_88.2.dr	String found in binary or memory: https://ezgif.com/optimize
Source: chromecache_92.2.dr	String found in binary or memory: https://ipwho.is/?lang=en
Source: chromecache_75.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_75.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_75.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_75.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_75.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_75.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_75.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_75.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_92.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-8SZJPQT3Z4
Source: chromecache_75.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_75.2.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49770 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_92, type: DROPPED

Source: classification engine

Classification label: mal56.phis.win@16/64@8/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2016,i,13252386866944281913,3936590754656706084,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2016,i,13252386866944281913,3936590754656706084,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html	0%	Avira URL Cloud	safe
https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html	100%	SlashNext	Scareware type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://ipwho.is/?lang=en	0%	URL Reputation	safe
https://www.merchant-center-analytics.goog	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
ipwho.is	15.204.213.5	true	false	unknown
userstatics.com	104.21.53.38	true	false	unknown
www.google.com	192.178.50.68	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ipwho.is/?lang=en	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com	chromecache_75.2.dr	false		high
https://www.youtube.com/iframe_api	chromecache_75.2.dr	false		high
https://stats.g.doubleclick.net/g/collect	chromecache_75.2.dr	false		high
http://jquery.org/license	chromecache_68.2.dr	false		high
https://td.doubleclick.net	chromecache_75.2.dr	false		high
http://sizzlejs.com/	chromecache_68.2.dr	false		high
https://www.merchant-center-analytics.goog	chromecache_75.2.dr	false	URL Reputation: safe	unknown
https://stats.g.doubleclick.net/g/collect?v=2&	chromecache_75.2.dr	false		high
https://adservice.google.com/pagead/regclk	chromecache_75.2.dr	false		high
https://cct.google/taggy/agent.js	chromecache_75.2.dr	false	URL Reputation: safe	unknown
https://ezgif.com/optimize	chromecache_88.2.dr	false		high
http://jquery.com/	chromecache_68.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.178.50.68	www.google.com	United States	15169	GOOGLEUS	false
15.204.213.5	ipwho.is	United States	71	HP-INTERNET-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.53.38	userstatics.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431910
Start date and time:	2024-04-26 00:31:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@16/64@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.178.50.35, 142.250.217.174, 74.125.139.84, 34.104.35.123, 52.239.221.65, 142.250.217.200, 142.250.189.142, 13.85.23.86, 72.21.81.240, 192.229.211.108, 20.242.39.171, 20.3.187.198, 142.250.217.163
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 100 x 100, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	332
Entropy (8bit):	6.871743379185684
Encrypted:	false
SSDEEP:	6:6v/lhP8SsClmDlhK7/6TmMUnl/iIntVNqCsCja6K97kCuQKQZ99z/p7WMFbip:6v/7NLlWhE/6TmLnl/vtiC068A3/IVxs
MD5:	9D8A90A63D20F05D27E5D6ABB35E0CD0
SHA1:	5873B4007E9D55B4D891A4C427B3735ED23DBFE8
SHA-256:	7DF9F467D23EE1887EDB2123CCA10A1A9C4624CDCF7199C64E78A8430031F9F5
SHA-512:	DE64196F0A8E375DB6E4EFFF5F53AD2E77B9336D045C937C81CE1F1DED039844AB0E9F66B1599301CAF795532C9F03F0A6FD45A0117233C4BF2862419C280CC6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...d...d.....J,......PLTE.......g......tRNS.@..f....pHYs.................IDATx^..1n. ..`#...@.r.N.U.I.9.G..22 Sp..A^U.c..O.0...e}h[..}....9.L...Q.@'..%I.a.F.X.P`....cu.oD...}.K.wP....e}.....'~..2..."...N..M.5.Ep...E>I5.".hg..6.e...)...H...l.!7.bXX.p.'..I../RI."_...K.QJiB..3x.~....z.;..#....5W.....IEND.B`.

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 193 x 71
Category:	dropped
Size (bytes):	14751
Entropy (8bit):	7.927919850442063
Encrypted:	false
SSDEEP:	384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
MD5:	6FCB78E0CD7933A70EEA2CF071F82118
SHA1:	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
SHA-256:	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
SHA-512:	AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
Malicious:	false
Reputation:	low
Preview:	GIF89a..G............d....;.........z..\|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../.....!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....\|..!.n....H[.8L:.P...Z.

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	364
Entropy (8bit):	7.161449027375991
Encrypted:	false
SSDEEP:	6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
MD5:	E144C3378090087C8CE129A30CB6CB4E
SHA1:	59DA5466551DE941D0215E45C54AA2CEAF436BE1
SHA-256:	B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
SHA-512:	3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....\|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI\|...3MS0.,{.wq.w.$.>\|....0.u.{........IEND.B`.

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (321), with no line terminators
Category:	downloaded
Size (bytes):	321
Entropy (8bit):	5.099104409430741
Encrypted:	false
SSDEEP:	6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOL6ArUgbR2p06AjfS5E:hax0rKRHkhzRH/Un2i2GprK5YWO+ArPv
MD5:	E8214163BDBD438C3747DE521E6DCE0A
SHA1:	6594226A8E94F6641E932754B056BF3283757B16
SHA-256:	C822F4431360C299AA29731C919F1EDC51C9585FE6BEB45E536B5BBDB0F3885F
SHA-512:	8D6CF270616808BC0F660209BC154283A724C3AD244A2EA36963CD2EE6D8AF707A77B6740F82B2B65CD13A5677809268688F88AC7829EA4CBEC6DB57A4B698C4
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/w3.png
Preview:	<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 31d29f7c-d01e-003b-1560-976e7b000000</li><li>TimeStamp : 2024-04-25T22:32:14.2509486Z</li></ul></p></body></html>

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	722
Entropy (8bit):	7.434007974065295
Encrypted:	false
SSDEEP:	12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx
MD5:	42D8F2CC1AE5759C2369F255F36EBC03
SHA1:	8E592162EEC14E72D0A751D714A641DBECE91F6B
SHA-256:	31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD
SHA-512:	4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/images/vsc.png
Preview:	.PNG........IHDR....................PLTE.......g......tRNS.@..f....pHYs................eIDATx^..n.0..)..:E}.......+e.p....c^IA.....Y..a.<Q.....l..(...r..^....p....3.[.uI.....w..U...#./,...a\ ."."tdmz.;ps.#u....0..Xb....R....~.....8u0..{\...eAl.z. ...>.B.4.M...e..A...`...t..(g).......@....`.g..b.Y./....,......D...~..<..M....8.Y.;\|.../c..q...@_.qO..G.....Y@..&.be...../....yN....:x..8.....<W..........e......^^ .4..V..9.......v..>......^7.~.._.O.o.@...o).....i...&........`..P.]...@.(....{.......M......;...o..P...H.9yzv8..A.....}(#@..e...[.5.Nu.0..V.#6 I..8.4-.4-.{...G.R..I...%.)....+T...L..2..lK.6.....G.rlS.m.66..ls......a.a.;.6^....Q`...'v..d...kv...h.......}....N..g..lN....IEND.B`.

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	722
Entropy (8bit):	7.434007974065295
Encrypted:	false
SSDEEP:	12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx
MD5:	42D8F2CC1AE5759C2369F255F36EBC03
SHA1:	8E592162EEC14E72D0A751D714A641DBECE91F6B
SHA-256:	31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD
SHA-512:	4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................PLTE.......g......tRNS.@..f....pHYs................eIDATx^..n.0..)..:E}.......+e.p....c^IA.....Y..a.<Q.....l..(...r..^....p....3.[.uI.....w..U...#./,...a\ ."."tdmz.;ps.#u....0..Xb....R....~.....8u0..{\...eAl.z. ...>.B.4.M...e..A...`...t..(g).......@....`.g..b.Y./....,......D...~..<..M....8.Y.;\|.../c..q...@_.qO..G.....Y@..&.be...../....yN....:x..8.....<W..........e......^^ .4..V..9.......v..>......^7.~.._.O.o.@...o).....i...&........`..P.]...@.(....{.......M......;...o..P...H.9yzv8..A.....}(#@..e...[.5.Nu.0..V.#6 I..8.4-.4-.{...G.R..I...%.)....+T...L..2..lK.6.....G.rlS.m.66..ls......a.a.;.6^....Q`...'v..d...kv...h.......}....N..g..lN....IEND.B`.

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	462770
Entropy (8bit):	7.96289736720607
Encrypted:	false
SSDEEP:	12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
MD5:	AB996ED3B126F2B5F0C1F214B96AFE7A
SHA1:	77223F12976D20E06058FE40040E261BD5688F39
SHA-256:	4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
SHA-512:	821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...\|..P...O....l?.T...<........[A.L....xG.O&..\|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.\|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 166 x 92, 4-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1270
Entropy (8bit):	6.670080953747829
Encrypted:	false
SSDEEP:	24:Y70L1hSWwjx82lY2T3wQV/duYWXN6yJ3VmhW9/G4LF3+F5daOZt2gwF:YoBNn2cQNyXHJ3L9TFuFaW2go
MD5:	05CDF1A2C2FC8F07BEA0A8F4F9356637
SHA1:	B7BBD626D1D6C832509E820CAE1D971B34F625E6
SHA-256:	AFE332157F4EFE355F3181284E99F4331C4D19703ED1678B5316D2933F95E98E
SHA-512:	D8F168BBEE250FAC06382AA8FA52B6AD72AF44C760E474BC0F3E6DA94BA1677F90B543EC582A345BD8DEC45BD1705A81DEE797E718D028E47FCFF9044D4200E6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......\........;....gAMA......a.....sRGB........#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:F17B94CFCABF11EBBAB7FB721269615E" xmpMM:DocumentID="xmp.did:F17B94D0CABF11EBBAB7FB721269615E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F17B94CDCABF11EBBAB7FB721269615E" stRef:documentID="xmp.did:F17B94CECABF11EBBAB7FB721269615E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..F.....tEXtSoftware.Adobe ImageReadyq.e<....PLTELiq..............nz....}&[}....tRNS.z.r.N.....IDATX.....@.E..o1.B........b..

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (321), with no line terminators
Category:	downloaded
Size (bytes):	321
Entropy (8bit):	5.09563536079199
Encrypted:	false
SSDEEP:	6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOifPg9bR2p06rE:hax0rKRHkhzRH/Un2i2GprK5YWOiXU04
MD5:	8CBD5A0BA592D85ECABDED6001D30E06
SHA1:	3C1D870F68ADA9E6B24E1613ED7E08B5DA6B6798
SHA-256:	21547B63D6366CFAA3C3F0301441119CAE357BE505439586676EC3726CE07576
SHA-512:	C7C70D9121B66A5A2AEC21B1AE7D635D21846F2CADF0FC8A13AADDC16722F3BB90018D78643DA82B32C4CC83ACD977210F609D73D3A98649EF5DB1335520E47C
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/ai2.mp3
Preview:	<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 2dc15860-901e-0077-2160-97fe4b000000</li><li>TimeStamp : 2024-04-25T22:32:11.9621937Z</li></ul></p></body></html>

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 140 x 30, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	187
Entropy (8bit):	6.13774750591943
Encrypted:	false
SSDEEP:	3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5
MD5:	271021CFA45940978184BE0489841FD3
SHA1:	201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5
SHA-256:	C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41
SHA-512:	EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............d5....PLTEvvv.../.......pHYs................[IDAT(.....@...&....;......!8D....P@..&h./..5....e..%:.h)@.E'..st.......*..iq.5.A...w......piK.G....IEND.B`.

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 166 x 92, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1270
Entropy (8bit):	6.670080953747829
Encrypted:	false
SSDEEP:	24:Y70L1hSWwjx82lY2T3wQV/duYWXN6yJ3VmhW9/G4LF3+F5daOZt2gwF:YoBNn2cQNyXHJ3L9TFuFaW2go
MD5:	05CDF1A2C2FC8F07BEA0A8F4F9356637
SHA1:	B7BBD626D1D6C832509E820CAE1D971B34F625E6
SHA-256:	AFE332157F4EFE355F3181284E99F4331C4D19703ED1678B5316D2933F95E98E
SHA-512:	D8F168BBEE250FAC06382AA8FA52B6AD72AF44C760E474BC0F3E6DA94BA1677F90B543EC582A345BD8DEC45BD1705A81DEE797E718D028E47FCFF9044D4200E6
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/images/pcm.png
Preview:	.PNG........IHDR.......\........;....gAMA......a.....sRGB........#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)" xmpMM:InstanceID="xmp.iid:F17B94CFCABF11EBBAB7FB721269615E" xmpMM:DocumentID="xmp.did:F17B94D0CABF11EBBAB7FB721269615E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F17B94CDCABF11EBBAB7FB721269615E" stRef:documentID="xmp.did:F17B94CECABF11EBBAB7FB721269615E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..F.....tEXtSoftware.Adobe ImageReadyq.e<....PLTELiq..............nz....}&[}....tRNS.z.r.N.....IDATX.....@.E..o1.B........b..

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 520 x 520, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2681
Entropy (8bit):	7.104642717027869
Encrypted:	false
SSDEEP:	48:YCCiUUMR6p8vP/DjQ2aMGRXRXRXRXRXRXRXRXRXyBQ1FIyDCiiiiiiinrzMxAJl:LVUBvQfMGZZZZZZZZZLFISrQx2l
MD5:	B01A30D354BFCF51EDF33E0B0EA07402
SHA1:	C421359518D1AE258237BF501C563B7F059F8B9B
SHA-256:	B67A7C07A045D7CB0F2E216A557AEC0D99405E17C36D1A6B1FF3E2733AA35348
SHA-512:	D5424C1A03F03B72A5EE1F6F1962F07BDF9EFCEAA71299965F1EA28CD2E52AD899C1D8AE327754D5B39B355904EF7C9F26E724EA29C30B76074F87443416B3DA
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/images/cs.png
Preview:	.PNG........IHDR.............<".Q...]PLTE.....................................................................................................tRNS..e.zQ..H^3.o....(.......7...en....IDATx.....@.D.V@...f...?.4A3..u.......c..i..*.M.c.uM...:~...........G..V....C...G.!.N.o....+J$8.\.....6..^...N.t(#..Uvp../.m ....b...q.H.jtp..b.Hpj.At.....r.]>.....}..".l.t..c.>"..i.qY..%$.4..........8X4i.B.Cs..)!.(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`...H0..$X..$....$.}......@.......A..^.............Z.......V..M.......L....L....L..&.L........L.....u...........`...L87..g.<0...&......f=0.i.L.m...~....o3...i.....}`...Lx.......L........................................................................................0..@..........M..L..L..L..L..L..L..L..L..L..L..L..L...1......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<.....

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 4340, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	462770
Entropy (8bit):	7.96289736720607
Encrypted:	false
SSDEEP:	12288:DXMwroWYpUUd9hSjXrTM3RR1tTmtGOqxcBt:D8gId/sXrAP/4GOccX
MD5:	AB996ED3B126F2B5F0C1F214B96AFE7A
SHA1:	77223F12976D20E06058FE40040E261BD5688F39
SHA-256:	4EAF7B7F53EA1A27A22BAE168F560D9DC78DC2E2185162BE9EE4DB59E1E1065A
SHA-512:	821C654BC048F4AA5E0B563A91D0047EACA7F1EF2AC5C481481507F1B13EE539322B82BDFB30E23064BAB6405E3F69B2B951672EFD772535BE790D8E96D0E22D
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/images/bg.png
Preview:	.PNG........IHDR..............Wc....PLTE.........$..3..+w.H[....4n.lS.Ab....Js.&..TQ.......YK.__.......6....)...'..Yc....4......h.......a``...S.'(2......A{..................................................................yP.................-%...............bN.................................]( .j........D'..............TUV"i........................................................n..W.$.f..............CC<.......................n_R...V...e"......%..zk^...Qm..........................VnowwN5..t...yd../4>. ILMm>&.l...h....c....f.......:@P(..\F;.R..tn.}...\|..P...O....l?.T...<........[A.L....xG.O&..\|..a......hX[I..~a....P..t...Y(-O#Gzr}...E..bL.\|.......gn......6P@s[....t..r....4J.n.?J.f...r..d....Y...6..v...R.C.QK...Gb.#...0.\9T.g.s4..W.7.b...@.M....mIDATx.....0...w.....P#..u......f...6.........>t...................+.....3.A.3s.....W..<E.7;...4...7.z.C..... ....=..^..)D...^."=h G.".......e...UTVE....9.f.%.O....M.wS...m..

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (820)
Category:	downloaded
Size (bytes):	79064
Entropy (8bit):	5.3886285065472075
Encrypted:	false
SSDEEP:	1536:oqD4uWibfmaWWfiw7uOm9LofuENlx9TV6p+T3VopklvQDPj10XQjdA4+9T:opzYf/c9E5vQD6X2dA4+9T
MD5:	2130B7ED48A1006F774734218D916DEE
SHA1:	86D0AAF4ECB3EAD31C3C2739853C089D8D1DC619
SHA-256:	D8AF41D20B1AF69B8C2A8E0776D181A8224F17D314FC2479C8A389A9E79D0542
SHA-512:	6F86E053FD15052FB86228F94B06EDF586BBA0EA68C11D2F8B688A37C2379683DC7D83A6B77D81381703B5E12B28967DFD21A243AA41DBB313682D7ADBA22C93
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/js/jquery-1.4.4.min.js
Preview:	/!. jQuery JavaScript Library v1.4.4. * http://jquery.com/. . Copyright 2010, John Resig. * Dual licensed under the MIT or GPL Version 2 licenses.. * http://jquery.org/license. . Includes Sizzle.js. * http://sizzlejs.com/. * Copyright 2010, The Dojo Foundation. * Released under the MIT, BSD, and GPL Licenses.. . Date: Thu Nov 11 19:04:53 2010 -0500. */.(function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof h==="function")h=.h.events;if(!(a.liveFired===this\|\|!h\|\|!h.live\|\|a.button&&a.type==="click")){if(a.namespace)A=RegExp("(^\|\\.)"+a.namespace.s

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	503
Entropy (8bit):	4.806069034061486
Encrypted:	false
SSDEEP:	6:dnPaKIGCRUJACRqSYP8B8PFCZrdEGCXaAVylvTGBi1fWBCE+ZQiGTGBC/ry1TGBD:dS7SsP3CTEGCbslvTWrBCV/lBC/TBC/Q
MD5:	CD6C33FBC221D0271C910AF910E6EBED
SHA1:	9B52F24D6F10B885BB19DB1C4B531469F96D2914
SHA-256:	318698AE5E67C32550D6B40AC09848D598F6317F51A8F09638BA925F6E7CC479
SHA-512:	13D12EE60E01EC4DDE5C1BED73A607A891D5CC857A6E161034E71159BD2A352A0F4AD8EF6038CCB2B5D7F23B8899BF9BCB97AA39EAFCC6AE985CDC835E061412
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/js/jupiter.js
Preview:	function addEvent(obj, evt, fn) {.. if (obj.addEventListener) {.. obj.addEventListener(evt, fn, false);.. } else if (obj.attachEvent) {.. obj.attachEvent("on" + evt, fn);.. }..}....addEvent(document, 'mouseout', function(evt) {.. if (evt.toElement == null && evt.relatedTarget == null) {.. $('.lightbox').slideDown();.. };..});....$('a.close').click(function() {.. $('.lightbox').slideUp();..});..$('body').click(function() {.. $('.lightbox').slideUp();..});..

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	6.369376222974668
Encrypted:	false
SSDEEP:	24576:SLtxnmk0GMhBmqdw4rEku8E45ZGgkFuuz:SvWlhBmqO4E45/on
MD5:	426A015FB7DA302DA0DC15C511D467CA
SHA1:	1FDF3D89E244F2380D834FDA33601F67C5F4F9E0
SHA-256:	981D3A5CA3FC422E928678C7412C13C34160E31E36C2A001634FBB5B525B2ECE
SHA-512:	93D06A8D47359BADC3C60983BA5F31E55C26F2D456675B88AA0EF0B82216A90580F70A6DD95D19D6C609BFEF2B393E34951938CD38B7557F7F56060B55CC03C2
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/media/Fm7-alert.wav:2f7589a4197190:0
Preview:	RIFF....WAVEfmt ........"V..D.......LIST....INFOIART&...IVONA Reader - Microsoft Zira Desktop.ICMT....License: Unknown..IGNR....Speech..INAM....Important Security..IPRD....Warning.IPRT....1.ISFT....Lavf58.76.100.data...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 520 x 520, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	7.104642717027869
Encrypted:	false
SSDEEP:	48:YCCiUUMR6p8vP/DjQ2aMGRXRXRXRXRXRXRXRXRXyBQ1FIyDCiiiiiiinrzMxAJl:LVUBvQfMGZZZZZZZZZLFISrQx2l
MD5:	B01A30D354BFCF51EDF33E0B0EA07402
SHA1:	C421359518D1AE258237BF501C563B7F059F8B9B
SHA-256:	B67A7C07A045D7CB0F2E216A557AEC0D99405E17C36D1A6B1FF3E2733AA35348
SHA-512:	D5424C1A03F03B72A5EE1F6F1962F07BDF9EFCEAA71299965F1EA28CD2E52AD899C1D8AE327754D5B39B355904EF7C9F26E724EA29C30B76074F87443416B3DA
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............<".Q...]PLTE.....................................................................................................tRNS..e.zQ..H^3.o....(.......7...en....IDATx.....@.D.V@...f...?.4A3..u.......c..i..*.M.c.uM...:~...........G..V....C...G.!.N.o....+J$8.\.....6..^...N.t(#..Uvp../.m ....b...q.H.jtp..b.Hpj.At.....r.]>.....}..".l.t..c.>"..i.qY..%$.4..........8X4i.B.Cs..)!.(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`.p.....$.%. .(...F..H0J8@.Q.......`...H0..$X..$....$.}......@.......A..^.............Z.......V..M.......L....L....L..&.L........L.....u...........`...L87..g.<0...&......f=0.i.L.m...~....o3...i.....}`...Lx.......L........................................................................................0..@..........M..L..L..L..L..L..L..L..L..L..L..L..L...1......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<......b..1....AL. &x..<.....

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (321), with no line terminators
Category:	downloaded
Size (bytes):	321
Entropy (8bit):	5.065698786105271
Encrypted:	false
SSDEEP:	6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWO21ActTR2p06DNiE:hax0rKRHkhzRH/Un2i2GprK5YWO2J0Dx
MD5:	6E5A92DD95B983F1699B2CEE3C707DE1
SHA1:	B36CFEC514A81E3CA0CADE7191F331F8722C988B
SHA-256:	51E5F89E2532C2F9849A15606EC119E4697DE054CFBE3CBE5E20B3BE7961CD0F
SHA-512:	D9C779177F27568C065A4E7BFC415C31C2C83E439CC2BFB93F5A838652738C6EE04A9F44C5482B669B2E725027329A40E0B7C72AEF9AC613879884A5556F0E8B
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/w1.png
Preview:	<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 62ebbc40-d01e-0014-6960-9763b0000000</li><li>TimeStamp : 2024-04-25T22:32:13.2118149Z</li></ul></p></body></html>

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (321), with no line terminators
Category:	downloaded
Size (bytes):	321
Entropy (8bit):	5.120494796813912
Encrypted:	false
SSDEEP:	6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOd2DVzR2p06Vcv2E:hax0rKRHkhzRH/Un2i2GprK5YWOdGVzJ
MD5:	9864F5E54289E83AF9F7FA850265C2EA
SHA1:	D2A1D3B4DF759F2AC9749488E9FB9EA681887B81
SHA-256:	ACFCA6C13F54F3180AF49552E9F753073BB4D27DCA3825BEB245EB3E2E88FEBC
SHA-512:	B086174EEC2A66163120D6DAE7AA77351AF72BCFBB707B28D59285B6C5BB761F34E40744D1A2724C058F27281D867A82E2490D99F5CD4D8884C040AA8FB6A095
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/webs.wav
Preview:	<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 4a545f15-801e-0026-3060-9763c7000000</li><li>TimeStamp : 2024-04-25T22:32:11.9678652Z</li></ul></p></body></html>

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text, with very long lines (324), with CRLF line terminators
Category:	downloaded
Size (bytes):	18178
Entropy (8bit):	4.868191588228292
Encrypted:	false
SSDEEP:	192:m5pyua9kzmx5XO0CfsXLruzG61fMDl1tFpFab5rjloqSrXVrqODz7frYYkYYPlcr:6pyusXrJm4lICr
MD5:	7EB9DB6D3E4C84E0E29BEE4CC963F3A0
SHA1:	BEBA530C07ECB65C1C80BC73429BBB01B812EB0B
SHA-256:	B93DABEBD37A3D0F9067554802BA410632C88E12DB36C17CB586719E4A3ABA71
SHA-512:	E931634C19125A4D1EC41283DBB9A4AFCF287A2B80B924760D69FDB1E42F3740336FF4F0F8F4E66A65FF2CCBCDACBAFB7F61023C305653CDDD70A2BAD84B1B11
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/css/tapa.css
Preview:	.table,label {.. max-width: 100%..}.....btn:focus,.btn:hover,body {.. color: #333..}....#txtintro,.row:after {.. clear: both..}....#bottom ul,.mar_top ul,.total_detail ul,.total_detail_scan ul {.. list-style-type: none..}....#footer,#qwrqwewrqwdqw,.btn,[role=button],button {.. cursor: pointer..}....@-webkit-keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@-o-keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@keyframes rotate {.. 0% {.. transform: rotate(0).. }.... to {.. transform: rotate(360deg).. }..}....@keyframes zoominoutsinglefeatured {.. 0%,to {.. transform: scale(1,1).. }.... 50% {..

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5945)
Category:	downloaded
Size (bytes):	301564
Entropy (8bit):	5.568173589026324
Encrypted:	false
SSDEEP:	6144:X4nQX5NzJlYLceF+qKXjXP9RIMEQ85YDSY:on+xJsNy2Y
MD5:	8184ECD2A274DF8C3B6B9D1C5631889A
SHA1:	C4C37D26A0DC724D7634CB3B3CE2241DB10B3D41
SHA-256:	A9C4C040C92F18029926A3E57208ED15D406A85F242F5D43EB8D144771AFD5C8
SHA-512:	1CC424832528A783DFDE6233142825A61E790477B01CB5CE7CE001ADA555595C05C0E5438D638DFA498849247FF7402A0F4FF1E0DD570931F4791DA2A9F22E2F
Malicious:	false
Reputation:	low
URL:	https://www.googletagmanager.com/gtag/js?id=G-8SZJPQT3Z4
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":14,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_email

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	133
Entropy (8bit):	5.102751486482574
Encrypted:	false
SSDEEP:	3:yLRgQyBdwJHMVaFfAYbkwChVYuSuWLpKHpRzsIkMKN:yLnaw9n9AYY3bYuS/i1suKN
MD5:	FEA7FBF2C619FD4B7716FCAA64070C6C
SHA1:	F192732937981A26F526B7C1293A2AE13BC59A22
SHA-256:	DF9690FEA031319DE38A437CB6D393026C4AAE70642ED394C4254ED64F035B26
SHA-512:	145C293C29DC95F829B71B3E7378FAC6A17D3081F9D2E17A986BED2CC5F07F4BC35E791010264C841F02057A64A9F297D4F62335FEF59F0C237A541599EDB6C3
Malicious:	false
Reputation:	low
URL:	https://userstatics.com/get/script.js?referrer=https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html
Preview:	document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	5816
Entropy (8bit):	4.707067894665527
Encrypted:	false
SSDEEP:	96:rSCU5PMZwzlNZiD07WJiOiq+mh5hoFzT6M:OCmPMZKT0gSJiOiYjuFzT6M
MD5:	41D726BA8105809814789FD8B9D6015A
SHA1:	A560687A3E1622DAA162E711CCCDACFC070E2278
SHA-256:	86C48A03A2DD5D8848990B64B04FC70A9C7B7CC551AA5FA251B2B57292E37113
SHA-512:	D3A858DEC6B8168FB2D0E5945A841DB55FC90C316FABFC07B754C84765980482FC9DD2EDCB579D42CF929352F38AF148FE26A437F3CF4494D6385EB9652145F4
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/js/jscode.js
Preview:	$(function() {.. var a = 0,.. b = setInterval(function() {.. a += 10;.. $("#dynamic").css("width", a + "%").attr("aria-valuenow", a).text(a + "% Complete");.. 100 <= a && clearInterval(b).. }, 100).. });.... (function(a) {.. a.fn.countTo = function(b) {.. b = b \|\| {};.. return a(this).each(function() {.. function d(a) {.. a = c.formatter.call(k, a, c);.. h.html(a).. }.. var c = a.extend({}, a.fn.countTo.defaults, {.. from: a(this).data("from"),.. to: a(this).data("to"),.. speed: a(this).data("speed"),.. refreshInterval: a(this).data("refresh-interval"),.. decimals: a(this).data("decimals").. }, b),.. l = Math.ceil(c.speed / c.refreshInterval),.. n = (c.to - c.from) / l,.. k = this,.. h = a(this),.. m = 0,.. f = c.from,.. g = h.data("countTo") \|\| {};.. h.data("countTo"

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 31 x 30, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	168
Entropy (8bit):	5.414614498746933
Encrypted:	false
SSDEEP:	3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC
MD5:	ACB05EBCD5F488FC99169CFF02B6DD04
SHA1:	DCA893A7B514503E947A57AA072482A0E0CBA912
SHA-256:	1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115
SHA-512:	13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/images/msmm.png
Preview:	.PNG........IHDR.............&......sRGB...,.....pHYs.................PLTE.P!............]2.....tRNS......../...!IDATx.c`..A%..`........1...@......"@M........IEND.B`.

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	364
Entropy (8bit):	7.161449027375991
Encrypted:	false
SSDEEP:	6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
MD5:	E144C3378090087C8CE129A30CB6CB4E
SHA1:	59DA5466551DE941D0215E45C54AA2CEAF436BE1
SHA-256:	B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
SHA-512:	3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/images/set.png
Preview:	.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....\|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI\|...3MS0.,{.wq.w.$.>\|....0.u.{........IEND.B`.

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 31 x 30, 4-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	168
Entropy (8bit):	5.414614498746933
Encrypted:	false
SSDEEP:	3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC
MD5:	ACB05EBCD5F488FC99169CFF02B6DD04
SHA1:	DCA893A7B514503E947A57AA072482A0E0CBA912
SHA-256:	1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115
SHA-512:	13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............&......sRGB...,.....pHYs.................PLTE.P!............]2.....tRNS......../...!IDATx.c`..A%..`........1...@......"@M........IEND.B`.

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1056 x 908, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	99389
Entropy (8bit):	7.948180012126474
Encrypted:	false
SSDEEP:	3072:6cx6AZ6LGPH8lJrpSgVxdHNs04mTQrJvlB6qkrKpP:gAXklJdSgVDHB4oQFtBLkrAP
MD5:	6B11AD15DA74888BEA9095007A9F7DD6
SHA1:	E0BC4A256C552041A88FDAF1A33E8F6494FCFD78
SHA-256:	93AB9DDC223156F5F4BA7FF8FC14A885E9B5946FC10917571022D7C2D9A08886
SHA-512:	709C9A16C5712E141293293FD10E8182B32B89C21F3220BD1BDC8F3C364A6593FAE401FFA52B540041B1528312D47D8495DA81CD8B705AE8CEF92103DBCEBAA3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ............~....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2083), with no line terminators
Category:	downloaded
Size (bytes):	2083
Entropy (8bit):	5.0463133028709635
Encrypted:	false
SSDEEP:	48:W/iGbnd2lcCB2/GxUH3M1+Rh9FNGDzjUYx7u9rDTlRSg40:Y9d2ldWR017MDE0
MD5:	33B3E05F86FE68782A71C3EB89C637DF
SHA1:	B4271F567F27351847B2CA127DCB8D88A03300A3
SHA-256:	B1A5978232E5BAD9D779EC449BBBB365E393A818D44DAE1A38C97BAD79ADA48F
SHA-512:	E60CD591C34640B39CB95BA14F90CD0563A4B25E4F26212F5FC79203A09463CF2DD5C787230385270BD0A725379568F518C814D326ABDCDB347F8A955CAC78AA
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/js/nvidia.js
Preview:	function toggleFullScreen(e){var n=document.body;e instanceof HTMLElement&&(n=e);var t=document.webkitIsFullScreen\|\|document.mozFullScreen\|\|!1;n.requestFullScreen=n.requestFullScreen\|\|n.webkitRequestFullScreen\|\|n.mozRequestFullScreen\|\|function(){return!1},document.cancelFullScreen=document.cancelFullScreen\|\|document.webkitCancelFullScreen\|\|document.mozCancelFullScreen\|\|function(){return!1},t?document.cancelFullScreen():n.requestFullScreen()}function addEvent(e,n,t){e.addEventListener?e.addEventListener(n,t,!1):e.attachEvent&&e.attachEvent("on"+n,t)}$(document).ready(function(){var e=document.createElement("audio");e.setAttribute("src","ai2.mp3"),e.addEventListener("ended",function(){this.play()},!1),$(".map").click(function(){e.play()}),$(".black").click(function(){e.play()}),$("#footer").click(function(){e.play()}),$("#qwrqwewrqwdqw").click(function(){e.play()})}),$(document).ready(function(){$("body").mouseover(function(){$("#footer").fadeIn("").css({bottom:-20,position:"fixed"}).ani

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	OpenPGP Secret Key
Category:	downloaded
Size (bytes):	230072
Entropy (8bit):	5.767133258415926
Encrypted:	false
SSDEEP:	6144:CWR0TZpvTYzHA94NnKlRmkp4zblvVOuP4RunDt6:CWAZlTYzA94NnKjp4zRVO9+w
MD5:	8EAE5B2C2A6DFEBD992E35C7BEBBFCB5
SHA1:	A906DE5AD48051AD27DAACA3180392C6C7D5DC83
SHA-256:	495979C91FBE0777D0B871F4F682CAAB6E3F3B189EC3E743269DA76B6EA8E531
SHA-512:	B2D81F6634AB4033E1FBD0E08B074124CC5F91E39155D395C226B25B5FB4C4E14E56339D821E0F56C0F7C3D1E379820667451B96BBD68519B5B87EB4B33346D4
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/media/Fm7-alert.wav:2f7589a4197190:1
Preview:	..`...........0.........q.......t.&.t.......Z.x.J.......~.....}.....k.".0.............$.......<...M.q.........3.................N.....1.........Q...N.}.......\...T.4.........{.#...G.M.h.........b.'.C.c...................>.......g.....@.........c.p...r...U.{.L...>...[.......J...T.}.....z...q.....K.U....._.........@.h.=..Q.".p.H...........:.......<...........,.......x.....I.........q.......................(...w.....g.u.......&.....d.....8.i.......x.s...[.......=...8...x...Q.........t...'._.\|.N.R.....{...6.......t.=...7.O.............!.D.........I.............}.'...B.....'.....x......1.......$.\|.....9.....9.......@...................{........n.....Q.....F...&.!.....0.p.......r...../.........H.........]...4.....x.........p...N.(.....g...............y.8.Z...'.:.+...O.v...........k...R.X.\.....1...-...y.U.q.....;.....,.................u.#...G.H.c.........a...*...5.m.......................N.....L.}.......e...9...+...8.......V.......%...e.x.$...b...B.......l...o.h...B...............?.......

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 13 x 13, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	276
Entropy (8bit):	5.44393413565082
Encrypted:	false
SSDEEP:	6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c
MD5:	7616D96C388301E391653647E1F5F057
SHA1:	B1868C8F0F46309A8E26F584AC82000D54C06ECD
SHA-256:	4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977
SHA-512:	C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/images/bel.png
Preview:	.PNG........IHDR.............E5.N...NPLTE...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff=u......tRNS..zS...G...j.."...)..m.....(....[IDATx.e.I.. .C......E..n...i..T..}.....M.jDCB....,.e.<lg@.O...:K.P.5J..C.g.[...k...W.s...1.t..r....IEND.B`.

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 140 x 30, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	187
Entropy (8bit):	6.13774750591943
Encrypted:	false
SSDEEP:	3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5
MD5:	271021CFA45940978184BE0489841FD3
SHA1:	201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5
SHA-256:	C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41
SHA-512:	EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/images/mnc.png
Preview:	.PNG........IHDR..............d5....PLTEvvv.../.......pHYs................[IDAT(.....@...&....;......!8D....P@..&h./..5....e..%:.h)@.E'..st.......*..iq.5.A...w......piK.G....IEND.B`.

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 100 x 100, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	332
Entropy (8bit):	6.871743379185684
Encrypted:	false
SSDEEP:	6:6v/lhP8SsClmDlhK7/6TmMUnl/iIntVNqCsCja6K97kCuQKQZ99z/p7WMFbip:6v/7NLlWhE/6TmLnl/vtiC068A3/IVxs
MD5:	9D8A90A63D20F05D27E5D6ABB35E0CD0
SHA1:	5873B4007E9D55B4D891A4C427B3735ED23DBFE8
SHA-256:	7DF9F467D23EE1887EDB2123CCA10A1A9C4624CDCF7199C64E78A8430031F9F5
SHA-512:	DE64196F0A8E375DB6E4EFFF5F53AD2E77B9336D045C937C81CE1F1DED039844AB0E9F66B1599301CAF795532C9F03F0A6FD45A0117233C4BF2862419C280CC6
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/images/dm.png
Preview:	.PNG........IHDR...d...d.....J,......PLTE.......g......tRNS.@..f....pHYs.................IDATx^..1n. ..`#...@.r.N.U.I.9.G..22 Sp..A^U.c..O.0...e}h[..}....9.L...Q.@'..%I.a.F.X.P`....cu.oD...}.K.wP....e}.....'~..2..."...N..M.5.Ep...E>I5.".hg..6.e...)...H...l.!7.bXX.p.'..I../RI."_...K.QJiB..3x.~....z.;..#....5W.....IEND.B`.

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	703
Entropy (8bit):	5.065852143090244
Encrypted:	false
SSDEEP:	12:YZAYhZImV+xaNmd6wpHPKhmHpa23ewHD2ARQDosJD50BWPe5sj+VkomyY:Yq0RNMhHEm823H211djaVxY
MD5:	BD4797064BC044C1A59B5EDCF4E8775B
SHA1:	C2860D4914C5491434A7D0A5AE3F3C5989E89778
SHA-256:	318218962466609DE72ECCA6267FCB82C4DD41ED5B4F9A90B14785FE08C69C81
SHA-512:	1F229FBE4EA6F5D792A464CF6265C9DF07094FCF8EA766502F9D24494B82590673930DBB0D55E30E84F3AF1358AA73A75AB62D9639D5464D5CD27BA96F50532A
Malicious:	false
Reputation:	low
URL:	https://ipwho.is/?lang=en
Preview:	{"ip":"102.129.152.220","success":true,"type":"IPv4","continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"Florida","region_code":"FL","city":"Miami","latitude":25.7616798,"longitude":-80.1917902,"is_eu":false,"postal":"33128","calling_code":"1","capital":"Washington D.C.","borders":"CA,MX","flag":{"img":"https:\/\/cdn.ipwhois.io\/flags\/us.svg","emoji":"\ud83c\uddfa\ud83c\uddf8","emoji_unicode":"U+1F1FA U+1F1F8"},"connection":{"asn":174,"org":"Det Africa pty LTD","isp":"Cogent Communications","domain":""},"timezone":{"id":"America\/New_York","abbr":"EDT","is_dst":true,"offset":-14400,"utc":"-04:00","current_time":"2024-04-25T18:32:09-04:00"}}

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 193 x 71
Category:	downloaded
Size (bytes):	14751
Entropy (8bit):	7.927919850442063
Encrypted:	false
SSDEEP:	384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
MD5:	6FCB78E0CD7933A70EEA2CF071F82118
SHA1:	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
SHA-256:	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
SHA-512:	AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/images/re.gif
Preview:	GIF89a..G............d....;.........z..\|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../.....!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....\|..!.n....H[.8L:.P...Z.

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 13 x 13, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	276
Entropy (8bit):	5.44393413565082
Encrypted:	false
SSDEEP:	6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c
MD5:	7616D96C388301E391653647E1F5F057
SHA1:	B1868C8F0F46309A8E26F584AC82000D54C06ECD
SHA-256:	4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977
SHA-512:	C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............E5.N...NPLTE...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff=u......tRNS..zS...G...j.."...)..m.....(....[IDATx.e.I.. .C......E..n...i..T..}.....M.jDCB....,.e.<lg@.O...:K.P.5J..C.g.[...k...W.s...1.t..r....IEND.B`.

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1009
Entropy (8bit):	4.648781795367866
Encrypted:	false
SSDEEP:	24:78NLWAtaN84m6r2h2fvrQb31izYx6qwOBJA:78NW2aKVh2fvrkicMqwO4
MD5:	6DCEBF3187B302BAD80F9E99B38EDE3D
SHA1:	0472D3B9322EAAE8D77D87D460B0F93A147E90C8
SHA-256:	F66817C3EC60D6340E18D03FC3DCE3F97D02346A7C46332487BF465565A8F951
SHA-512:	C2333C011A00F2F8068433292E0B9CBE4588342B66F7A7FC1D3120BBFF78B67728154FA4C824A2C7281563BC915363BDD56EEB56319761A0C57690DCFD24A77D
Malicious:	false
Reputation:	low
Preview:	{. "About Us": "https:\/\/ipwhois.io",. "ip": "102.129.152.220",. "success": true,. "type": "IPv4",. "continent": "North America",. "continent_code": "NA",. "country": "United States",. "country_code": "US",. "region": "Florida",. "region_code": "FL",. "city": "Miami",. "latitude": 25.7616798,. "longitude": -80.1917902,. "is_eu": false,. "postal": "33128",. "calling_code": "1",. "capital": "Washington D.C.",. "borders": "CA,MX",. "flag": {. "img": "https:\/\/cdn.ipwhois.io\/flags\/us.svg",. "emoji": "\ud83c\uddfa\ud83c\uddf8",. "emoji_unicode": "U+1F1FA U+1F1F8". },. "connection": {. "asn": 174,. "org": "Det Africa pty LTD",. "isp": "Cogent Communications",. "domain": "". },. "timezone": {. "id": "America\/New_York",. "abbr": "EDT",. "is_dst": true,. "offset": -14400,. "utc": "-04:00",. "current_time": "2024-04-25T18:32:12-04:00

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1056 x 908, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	99389
Entropy (8bit):	7.948180012126474
Encrypted:	false
SSDEEP:	3072:6cx6AZ6LGPH8lJrpSgVxdHNs04mTQrJvlB6qkrKpP:gAXklJdSgVDHB4oQFtBLkrAP
MD5:	6B11AD15DA74888BEA9095007A9F7DD6
SHA1:	E0BC4A256C552041A88FDAF1A33E8F6494FCFD78
SHA-256:	93AB9DDC223156F5F4BA7FF8FC14A885E9B5946FC10917571022D7C2D9A08886
SHA-512:	709C9A16C5712E141293293FD10E8182B32B89C21F3220BD1BDC8F3C364A6593FAE401FFA52B540041B1528312D47D8495DA81CD8B705AE8CEF92103DBCEBAA3
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/images/bx1.png
Preview:	.PNG........IHDR... ............~....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	19089
Entropy (8bit):	4.553339325781867
Encrypted:	false
SSDEEP:	192:fNLW3lDcMPo6w6j1P4Ur4U+wsBtULdzmGm3ABC2uRiRDxwU:FklDccz1PNrNdCtGdzmGPBl
MD5:	1E6496C12CD92D0735DF09E4FFAF269F
SHA1:	CA81A4B2E9BE0ABF4E26D76AA9142923F28038D0
SHA-256:	D6C8C494887B17330B2DB831FF7F8946FD1C61134EBC36EF91FC965AF00B988F
SHA-512:	D6ADF9FFB57F69011BE5A772BB68DC15D2AFB6A60D99F8E5C003ABC8E57D93E8D78C355EC55BAA36F0ACB88AEEF82858A6554F5189893D04B87ACEC29EC62093
Malicious:	false
Reputation:	low
URL:	https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html
Preview:	<html lang="en"><head>. <meta charset="utf-8">. <meta content="width=device-width,initial-scale=1,shrink-to-fit=no" name="viewport">. <meta content="noindex,nofollow" name="robots">. <title>System Error Code Er0erydfd1</title>. <link href="images/msmm.png" rel="icon" id="favicon" type="image/png">. <link href="css/tapa.css" rel="stylesheet">.. <script type="text/javascript" src="js/jquery-1.4.4.min.js"></script>. <script type="text/javascript">//<![CDATA[. $(function(){. $('body').bind('contextmenu', function(e){. return false;. });. });// . </script>. Global site tag (gtag.js) - Google Analytics -->.<script async="" src="https://www.googletagmanager.com/gtag/js?id=G-8SZJPQT3Z4"></script>.<script>. window.dataLayer = window.dataLayer \|\| [];. function gtag(){dataLayer.push(arguments);}. gtag('js', new Date());.. gtag('config', 'G-8SZJPQT3Z4');.</script>... <script>. var t = new XMLHttpRequest;. t.onreadystatechange = fu

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 00:31:57.108459949 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 26, 2024 00:32:06.722491026 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 26, 2024 00:32:08.356844902 CEST	49749	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:08.356872082 CEST	443	49749	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:08.356952906 CEST	49749	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:08.357877016 CEST	49749	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:08.357887983 CEST	443	49749	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:08.845067978 CEST	443	49749	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:08.892955065 CEST	49749	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:08.907965899 CEST	49752	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:32:08.908000946 CEST	443	49752	192.178.50.68	192.168.2.4
Apr 26, 2024 00:32:08.908118963 CEST	49752	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:32:08.934762001 CEST	49749	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:08.934772968 CEST	443	49749	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:08.935280085 CEST	49752	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:32:08.935296059 CEST	443	49752	192.178.50.68	192.168.2.4
Apr 26, 2024 00:32:08.938576937 CEST	443	49749	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:08.938647985 CEST	49749	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:08.948498964 CEST	49749	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:08.948764086 CEST	443	49749	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:08.949625969 CEST	49749	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:08.949634075 CEST	443	49749	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:08.997862101 CEST	49749	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:09.112252951 CEST	443	49749	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:09.112324953 CEST	443	49749	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:09.112380028 CEST	49749	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:09.281799078 CEST	443	49752	192.178.50.68	192.168.2.4
Apr 26, 2024 00:32:09.299402952 CEST	49752	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:32:09.299421072 CEST	443	49752	192.178.50.68	192.168.2.4
Apr 26, 2024 00:32:09.302499056 CEST	443	49752	192.178.50.68	192.168.2.4
Apr 26, 2024 00:32:09.302598953 CEST	49752	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:32:09.322055101 CEST	49752	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:32:09.322266102 CEST	443	49752	192.178.50.68	192.168.2.4
Apr 26, 2024 00:32:09.377120972 CEST	49752	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:32:09.377135038 CEST	443	49752	192.178.50.68	192.168.2.4
Apr 26, 2024 00:32:09.419269085 CEST	49752	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:32:09.602157116 CEST	49754	443	192.168.2.4	104.21.53.38
Apr 26, 2024 00:32:09.602188110 CEST	443	49754	104.21.53.38	192.168.2.4
Apr 26, 2024 00:32:09.602258921 CEST	49754	443	192.168.2.4	104.21.53.38
Apr 26, 2024 00:32:09.606756926 CEST	49749	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:09.606765032 CEST	443	49749	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:09.614190102 CEST	49754	443	192.168.2.4	104.21.53.38
Apr 26, 2024 00:32:09.614208937 CEST	443	49754	104.21.53.38	192.168.2.4
Apr 26, 2024 00:32:09.893990040 CEST	443	49754	104.21.53.38	192.168.2.4
Apr 26, 2024 00:32:09.897811890 CEST	49754	443	192.168.2.4	104.21.53.38
Apr 26, 2024 00:32:09.897821903 CEST	443	49754	104.21.53.38	192.168.2.4
Apr 26, 2024 00:32:09.899554968 CEST	443	49754	104.21.53.38	192.168.2.4
Apr 26, 2024 00:32:09.899641991 CEST	49754	443	192.168.2.4	104.21.53.38
Apr 26, 2024 00:32:09.900753975 CEST	49754	443	192.168.2.4	104.21.53.38
Apr 26, 2024 00:32:09.900857925 CEST	443	49754	104.21.53.38	192.168.2.4
Apr 26, 2024 00:32:09.901257038 CEST	49754	443	192.168.2.4	104.21.53.38
Apr 26, 2024 00:32:09.901262999 CEST	443	49754	104.21.53.38	192.168.2.4
Apr 26, 2024 00:32:09.941301107 CEST	49754	443	192.168.2.4	104.21.53.38
Apr 26, 2024 00:32:10.353945017 CEST	49760	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:10.353993893 CEST	443	49760	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:10.354110956 CEST	49760	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:10.355880022 CEST	49760	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:10.355909109 CEST	443	49760	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:10.426614046 CEST	443	49754	104.21.53.38	192.168.2.4
Apr 26, 2024 00:32:10.426873922 CEST	443	49754	104.21.53.38	192.168.2.4
Apr 26, 2024 00:32:10.426937103 CEST	49754	443	192.168.2.4	104.21.53.38
Apr 26, 2024 00:32:10.427314997 CEST	49754	443	192.168.2.4	104.21.53.38
Apr 26, 2024 00:32:10.427324057 CEST	443	49754	104.21.53.38	192.168.2.4
Apr 26, 2024 00:32:10.617002010 CEST	443	49760	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:10.617086887 CEST	49760	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:10.621644974 CEST	49760	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:10.621673107 CEST	443	49760	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:10.621931076 CEST	443	49760	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:10.668705940 CEST	49760	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:11.456906080 CEST	49760	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:11.500117064 CEST	443	49760	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:11.582285881 CEST	443	49760	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:11.582386971 CEST	443	49760	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:11.582442999 CEST	49760	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:11.583283901 CEST	49760	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:11.583321095 CEST	443	49760	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:11.653587103 CEST	49770	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:11.653610945 CEST	443	49770	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:11.653733015 CEST	49770	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:11.658864975 CEST	49770	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:11.658910036 CEST	443	49770	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:11.725882053 CEST	49771	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:11.725908995 CEST	443	49771	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:11.725996017 CEST	49771	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:11.726891994 CEST	49771	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:11.726907015 CEST	443	49771	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:11.912412882 CEST	443	49770	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:11.912503004 CEST	49770	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:11.914488077 CEST	49770	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:11.914501905 CEST	443	49770	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:11.914767027 CEST	443	49770	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:11.916654110 CEST	49770	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:11.964113951 CEST	443	49770	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:12.039740086 CEST	443	49771	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:12.041501045 CEST	49771	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:12.041515112 CEST	443	49771	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:12.042516947 CEST	443	49771	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:12.042612076 CEST	49771	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:12.042951107 CEST	49771	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:12.043009043 CEST	443	49771	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:12.043117046 CEST	49771	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:12.043124914 CEST	443	49771	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:12.093101978 CEST	49771	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:12.169825077 CEST	443	49770	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:12.169898033 CEST	443	49770	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:12.170139074 CEST	49770	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:12.172717094 CEST	49770	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:12.172717094 CEST	49770	443	192.168.2.4	23.202.106.101
Apr 26, 2024 00:32:12.172755957 CEST	443	49770	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:12.172781944 CEST	443	49770	23.202.106.101	192.168.2.4
Apr 26, 2024 00:32:12.389663935 CEST	443	49771	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:12.389719009 CEST	443	49771	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:12.389827013 CEST	49771	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:12.390933990 CEST	49771	443	192.168.2.4	15.204.213.5
Apr 26, 2024 00:32:12.390947104 CEST	443	49771	15.204.213.5	192.168.2.4
Apr 26, 2024 00:32:19.256320953 CEST	443	49752	192.178.50.68	192.168.2.4
Apr 26, 2024 00:32:19.256470919 CEST	443	49752	192.178.50.68	192.168.2.4
Apr 26, 2024 00:32:19.256546021 CEST	49752	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:32:19.385823965 CEST	49752	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:32:19.385845900 CEST	443	49752	192.178.50.68	192.168.2.4
Apr 26, 2024 00:32:19.997632027 CEST	49672	443	192.168.2.4	173.222.162.32
Apr 26, 2024 00:32:19.997704983 CEST	443	49672	173.222.162.32	192.168.2.4
Apr 26, 2024 00:33:08.301947117 CEST	49789	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:33:08.301986933 CEST	443	49789	192.178.50.68	192.168.2.4
Apr 26, 2024 00:33:08.302071095 CEST	49789	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:33:08.302357912 CEST	49789	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:33:08.302364111 CEST	443	49789	192.178.50.68	192.168.2.4
Apr 26, 2024 00:33:08.691883087 CEST	443	49789	192.178.50.68	192.168.2.4
Apr 26, 2024 00:33:08.692420006 CEST	49789	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:33:08.692430019 CEST	443	49789	192.178.50.68	192.168.2.4
Apr 26, 2024 00:33:08.692766905 CEST	443	49789	192.178.50.68	192.168.2.4
Apr 26, 2024 00:33:08.693146944 CEST	49789	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:33:08.693206072 CEST	443	49789	192.178.50.68	192.168.2.4
Apr 26, 2024 00:33:08.732995987 CEST	49789	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:33:18.690990925 CEST	443	49789	192.178.50.68	192.168.2.4
Apr 26, 2024 00:33:18.691087961 CEST	443	49789	192.178.50.68	192.168.2.4
Apr 26, 2024 00:33:18.691152096 CEST	49789	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:33:20.588434935 CEST	49789	443	192.168.2.4	192.178.50.68
Apr 26, 2024 00:33:20.588458061 CEST	443	49789	192.178.50.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 00:32:04.323261023 CEST	53	57488	1.1.1.1	192.168.2.4
Apr 26, 2024 00:32:04.385754108 CEST	53	50288	1.1.1.1	192.168.2.4
Apr 26, 2024 00:32:05.345309973 CEST	53	59299	1.1.1.1	192.168.2.4
Apr 26, 2024 00:32:08.227030039 CEST	65245	53	192.168.2.4	1.1.1.1
Apr 26, 2024 00:32:08.227188110 CEST	59187	53	192.168.2.4	1.1.1.1
Apr 26, 2024 00:32:08.238940954 CEST	62393	53	192.168.2.4	1.1.1.1
Apr 26, 2024 00:32:08.239413977 CEST	62074	53	192.168.2.4	1.1.1.1
Apr 26, 2024 00:32:08.354393005 CEST	53	65245	1.1.1.1	192.168.2.4
Apr 26, 2024 00:32:08.356374979 CEST	53	52728	1.1.1.1	192.168.2.4
Apr 26, 2024 00:32:08.356410027 CEST	53	59187	1.1.1.1	192.168.2.4
Apr 26, 2024 00:32:08.365950108 CEST	53	62393	1.1.1.1	192.168.2.4
Apr 26, 2024 00:32:08.366415024 CEST	53	62074	1.1.1.1	192.168.2.4
Apr 26, 2024 00:32:09.426558971 CEST	65159	53	192.168.2.4	1.1.1.1
Apr 26, 2024 00:32:09.426908970 CEST	63466	53	192.168.2.4	1.1.1.1
Apr 26, 2024 00:32:09.556998968 CEST	53	65159	1.1.1.1	192.168.2.4
Apr 26, 2024 00:32:09.557810068 CEST	53	63466	1.1.1.1	192.168.2.4
Apr 26, 2024 00:32:10.394673109 CEST	53	53632	1.1.1.1	192.168.2.4
Apr 26, 2024 00:32:11.591422081 CEST	55176	53	192.168.2.4	1.1.1.1
Apr 26, 2024 00:32:11.594400883 CEST	49829	53	192.168.2.4	1.1.1.1
Apr 26, 2024 00:32:11.719175100 CEST	53	55176	1.1.1.1	192.168.2.4
Apr 26, 2024 00:32:11.720045090 CEST	53	49829	1.1.1.1	192.168.2.4
Apr 26, 2024 00:32:23.347343922 CEST	53	51345	1.1.1.1	192.168.2.4
Apr 26, 2024 00:32:25.462757111 CEST	138	138	192.168.2.4	192.168.2.255
Apr 26, 2024 00:32:42.369014978 CEST	53	57943	1.1.1.1	192.168.2.4
Apr 26, 2024 00:33:04.155124903 CEST	53	60495	1.1.1.1	192.168.2.4
Apr 26, 2024 00:33:05.223696947 CEST	53	57755	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 00:32:08.227030039 CEST	192.168.2.4	1.1.1.1	0x1105	Standard query (0)	ipwho.is	A (IP address)	IN (0x0001)	false
Apr 26, 2024 00:32:08.227188110 CEST	192.168.2.4	1.1.1.1	0x1191	Standard query (0)	ipwho.is	65	IN (0x0001)	false
Apr 26, 2024 00:32:08.238940954 CEST	192.168.2.4	1.1.1.1	0xc87a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 00:32:08.239413977 CEST	192.168.2.4	1.1.1.1	0xb12b	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 26, 2024 00:32:09.426558971 CEST	192.168.2.4	1.1.1.1	0x6ae6	Standard query (0)	userstatics.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 00:32:09.426908970 CEST	192.168.2.4	1.1.1.1	0x14dc	Standard query (0)	userstatics.com	65	IN (0x0001)	false
Apr 26, 2024 00:32:11.591422081 CEST	192.168.2.4	1.1.1.1	0xad4d	Standard query (0)	ipwho.is	A (IP address)	IN (0x0001)	false
Apr 26, 2024 00:32:11.594400883 CEST	192.168.2.4	1.1.1.1	0xf93d	Standard query (0)	ipwho.is	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 00:32:08.354393005 CEST	1.1.1.1	192.168.2.4	0x1105	No error (0)	ipwho.is		15.204.213.5	A (IP address)	IN (0x0001)	false
Apr 26, 2024 00:32:08.365950108 CEST	1.1.1.1	192.168.2.4	0xc87a	No error (0)	www.google.com		192.178.50.68	A (IP address)	IN (0x0001)	false
Apr 26, 2024 00:32:08.366415024 CEST	1.1.1.1	192.168.2.4	0xb12b	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 26, 2024 00:32:09.556998968 CEST	1.1.1.1	192.168.2.4	0x6ae6	No error (0)	userstatics.com		104.21.53.38	A (IP address)	IN (0x0001)	false
Apr 26, 2024 00:32:09.556998968 CEST	1.1.1.1	192.168.2.4	0x6ae6	No error (0)	userstatics.com		172.67.208.186	A (IP address)	IN (0x0001)	false
Apr 26, 2024 00:32:09.557810068 CEST	1.1.1.1	192.168.2.4	0x14dc	No error (0)	userstatics.com			65	IN (0x0001)	false
Apr 26, 2024 00:32:11.719175100 CEST	1.1.1.1	192.168.2.4	0xad4d	No error (0)	ipwho.is		15.204.213.5	A (IP address)	IN (0x0001)	false
Apr 26, 2024 00:32:21.231126070 CEST	1.1.1.1	192.168.2.4	0x2410	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 00:32:21.231126070 CEST	1.1.1.1	192.168.2.4	0x2410	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 00:32:34.978149891 CEST	1.1.1.1	192.168.2.4	0x3780	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 00:32:34.978149891 CEST	1.1.1.1	192.168.2.4	0x3780	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 00:32:57.714386940 CEST	1.1.1.1	192.168.2.4	0xed54	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 00:32:57.714386940 CEST	1.1.1.1	192.168.2.4	0xed54	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 00:33:18.688277960 CEST	1.1.1.1	192.168.2.4	0x2f66	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 00:33:18.688277960 CEST	1.1.1.1	192.168.2.4	0x2f66	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

https:

ipwho.is

userstatics.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49749	15.204.213.5	443	5012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 22:32:08 UTC	586	OUT	GET /?lang=en HTTP/1.1 Host: ipwho.is Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://tron2qk6vdl.z13.web.core.windows.net Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://tron2qk6vdl.z13.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 22:32:09 UTC	255	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 22:32:09 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Server: ipwhois Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * X-Robots-Tag: noindex
2024-04-25 22:32:09 UTC	715	IN	Data Raw: 32 62 66 0d 0a 7b 22 69 70 22 3a 22 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30 22 2c 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 74 79 70 65 22 3a 22 49 50 76 34 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 46 6c 6f 72 69 64 61 22 2c 22 72 65 67 69 6f 6e 5f 63 6f 64 65 22 3a 22 46 4c 22 2c 22 63 69 74 79 22 3a 22 4d 69 61 6d 69 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 32 35 2e 37 36 31 36 37 39 38 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 38 30 2e 31 39 31 37 39 30 32 2c 22 69 Data Ascii: 2bf{"ip":"102.129.152.220","success":true,"type":"IPv4","continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"Florida","region_code":"FL","city":"Miami","latitude":25.7616798,"longitude":-80.1917902,"i

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49754	104.21.53.38	443	5012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 22:32:09 UTC	629	OUT	GET /get/script.js?referrer=https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html HTTP/1.1 Host: userstatics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://tron2qk6vdl.z13.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 22:32:10 UTC	822	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 22:32:10 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.2.1 Access-Control-Allow-Origin: https://tron2qk6vdl.z13.web.core.windows.net Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Credentials: true CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N6sUO8ATVNufHPYnq7jC64kdvCiSEKPVu%2F2kZFAhs%2FVum%2BzQECIwDn4CP%2BTld3sOAVr3RtTohZQ956QJRCkTSi%2BtoJwdcNQ6t0hiwesZzm3dCL3H1u2lxMiuTA3DhzYSS%2B0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87a1c9973c525c86-MIA alt-svc: h3=":443"; ma=86400
2024-04-25 22:32:10 UTC	139	IN	Data Raw: 38 35 0d 0a 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 73 63 72 69 70 74 22 29 2e 66 6f 72 45 61 63 68 28 65 3d 3e 7b 6e 65 77 20 52 65 67 45 78 70 28 61 74 6f 62 28 22 64 58 4e 6c 63 6e 4e 30 59 58 52 70 59 33 4d 75 59 32 39 74 22 29 29 2e 74 65 73 74 28 65 2e 73 72 63 29 26 26 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 65 29 7d 29 3b 0d 0a Data Ascii: 85document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});
2024-04-25 22:32:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49760	23.202.106.101	443

Timestamp	Bytes transferred	Direction	Data
2024-04-25 22:32:11 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-25 22:32:11 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0712) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=117133 Date: Thu, 25 Apr 2024 22:32:11 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49770	23.202.106.101	443

Timestamp	Bytes transferred	Direction	Data
2024-04-25 22:32:11 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-25 22:32:12 UTC	487	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (dce/26AC) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=117166 Date: Thu, 25 Apr 2024 22:32:12 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-25 22:32:12 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49771	15.204.213.5	443	5012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-25 22:32:12 UTC	340	OUT	GET /?lang=en HTTP/1.1 Host: ipwho.is Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-25 22:32:12 UTC	223	IN	HTTP/1.1 200 OK Date: Thu, 25 Apr 2024 22:32:12 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Server: ipwhois Access-Control-Allow-Headers: * X-Robots-Tag: noindex
2024-04-25 22:32:12 UTC	1021	IN	Data Raw: 33 66 31 0d 0a 7b 0a 20 20 20 20 22 41 62 6f 75 74 20 55 73 22 3a 20 22 68 74 74 70 73 3a 5c 2f 5c 2f 69 70 77 68 6f 69 73 2e 69 6f 22 2c 0a 20 20 20 20 22 69 70 22 3a 20 22 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30 22 2c 0a 20 20 20 20 22 73 75 63 63 65 73 73 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 74 79 70 65 22 3a 20 22 49 50 76 34 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 20 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 20 22 4e 41 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 46 6c 6f Data Ascii: 3f1{ "About Us": "https:\/\/ipwhois.io", "ip": "102.129.152.220", "success": true, "type": "IPv4", "continent": "North America", "continent_code": "NA", "country": "United States", "country_code": "US", "region": "Flo

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1780, Parent PID: 3760

General

Target ID:	0
Start time:	00:31:59
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5012, Parent PID: 1780

General

Target ID:	2
Start time:	00:32:02
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2016,i,13252386866944281913,3936590754656706084,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6528, Parent PID: 3760

General

Target ID:	3
Start time:	00:32:05
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Windows Analysis Report
https://tron2qk6vdl.z13.web.core.windows.net/Wind0s01Ersys44/index.html