Edit tour

Windows Analysis Report
https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html

Overview

General Information

Sample URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html
Analysis ID:	1432383
Infos:

Detection

TechSupportScam

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected TechSupportScam

Classification

Process Tree

System is w10x64

chrome.exe (PID: 344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2364,i,10590345462219129117,6816726276157844506,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_78	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security

HTML

Source	Rule	Description	Author
0.0.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.2.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.3.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.4.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security
0.1.pages.csv	JoeSecurity_TechSupportScam	Yara detected TechSupportScam	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: 0.4.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_78, type: DROPPED

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49745 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	TCP traffic detected without corresponding DNS query: 162.222.105.23
Source: unknown	TCP traffic detected without corresponding DNS query: 162.222.105.23
Source: unknown	TCP traffic detected without corresponding DNS query: 162.222.105.23
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /get/script.js?referrer=https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html HTTP/1.1Host: userstatics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://3rdkxalxjperror10427.z31.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: userstatics.com

Source: chromecache_71.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_71.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_81.2.dr	String found in binary or memory: https://ezgif.com/optimize
Source: chromecache_75.2.dr, chromecache_68.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_75.2.dr, chromecache_68.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_75.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49745 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: 0.4.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_78, type: DROPPED

Source: classification engine

Classification label: mal48.phis.win@16/48@4/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2364,i,10590345462219129117,6816726276157844506,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2364,i,10590345462219129117,6816726276157844506,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
userstatics.com	104.21.53.38	true	false	unknown
www.google.com	142.250.80.68	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
windowsupdatebg.s.llnwi.net	69.164.46.0	true	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://fontawesome.io	chromecache_71.2.dr	false	high
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_75.2.dr	false	high
https://getbootstrap.com/)	chromecache_75.2.dr, chromecache_68.2.dr	false	high
https://github.com/twbs/bootstrap/blob/main/LICENSE)	chromecache_75.2.dr, chromecache_68.2.dr	false	high
https://ezgif.com/optimize	chromecache_81.2.dr	false	high
http://fontawesome.io/license	chromecache_71.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.80.68	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.53.38	userstatics.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432383
Start date and time:	2024-04-27 00:00:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@16/48@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.80.3, 172.253.63.84, 142.251.40.206, 34.104.35.123, 20.150.10.97, 13.85.23.86, 199.232.210.172, 142.250.65.202, 142.251.40.202, 142.251.40.234, 142.250.80.42, 142.250.80.10, 172.217.165.138, 142.251.41.10, 142.251.40.106, 142.250.65.170, 142.251.35.170, 142.250.80.74, 142.250.81.234, 142.250.176.202, 142.250.65.234, 142.250.80.106, 142.251.32.106, 192.229.211.108, 69.164.46.0, 20.3.187.198, 72.21.81.240, 142.251.40.195, 23.206.121.52, 23.206.121.47
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32014)
Category:	downloaded
Size (bytes):	302554
Entropy (8bit):	5.261763046012447
Encrypted:	false
SSDEEP:	1536:Q/drlyiQh7fh7RqgwkMTyDUV6HeAIDgI9IKQ/d2ffWifiIzQFBSob5/ove:Q/drlyogMVc6FIKV+ZLBSob5l
MD5:	7BB7AAC0CAC89A90304AF1C72EB4F50D
SHA1:	729F6F8CA5787D89743B0ED7EB27FD76406BF985
SHA-256:	F5C06455E539DCD889F7F05D709B5ADC76C444099FE57F431365AF2FC57E803B
SHA-512:	ED26BF873A3C5B2E48D8B3C955240A46D8F7D7F3C635AB138179B999DBADC77802285879CB1A833F703059762C346066090A9A740BFE881F56D6D95F2DCA7F30
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/js/emojione.min.js
Preview:	/! emojione 02-12-2016 /.!function(a){a.emojioneList={":kiss_ww:":{unicode:["1f469-200d-2764-fe0f-200d-1f48b-200d-1f469","1f469-2764-1f48b-1f469"],fname:"1f469-2764-1f48b-1f469",uc:"1f469-200d-2764-fe0f-200d-1f48b-200d-1f469",isCanonical:!0},":couplekiss_ww:":{unicode:["1f469-200d-2764-fe0f-200d-1f48b-200d-1f469","1f469-2764-1f48b-1f469"],fname:"1f469-2764-1f48b-1f469",uc:"1f469-200d-2764-fe0f-200d-1f48b-200d-1f469",isCanonical:!1},":kiss_mm:":{unicode:["1f468-200d-2764-fe0f-200d-1f48b-200d-1f468","1f468-2764-1f48b-1f468"],fname:"1f468-2764-1f48b-1f468",uc:"1f468-200d-2764-fe0f-200d-1f48b-200d-1f468",isCanonical:!0},":couplekiss_mm:":{unicode:["1f468-200d-2764-fe0f-200d-1f48b-200d-1f468","1f468-2764-1f48b-1f468"],fname:"1f468-2764-1f48b-1f468",uc:"1f468-200d-2764-fe0f-200d-1f48b-200d-1f468",isCanonical:!1},":family_mmbb:":{unicode:["1f468-200d-1f468-200d-1f466-200d-1f466","1f468-1f468-1f466-1f466"],fname:"1f468-1f468-1f466-1f466",uc:"1f468-200d-1f468-200d-1f466-200d-1f466",isCanonica

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 193 x 71
Category:	dropped
Size (bytes):	14751
Entropy (8bit):	7.927919850442063
Encrypted:	false
SSDEEP:	384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
MD5:	6FCB78E0CD7933A70EEA2CF071F82118
SHA1:	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
SHA-256:	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
SHA-512:	AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
Malicious:	false
Reputation:	low
Preview:	GIF89a..G............d....;.........z..\|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../.....!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....\|..!.n....H[.8L:.P...Z.

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1680 x 1050, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	249564
Entropy (8bit):	7.897377571977433
Encrypted:	false
SSDEEP:	6144:LkIquHaZPNdGcujmG4sqEfY/m5W1/ZMMn3wwbPjzU:AIquHs2pszEQ/h3DHw
MD5:	21F9110DC5FC07CAEB9D637B9AFD92E1
SHA1:	E30D7C2B888490B3E355EABA2AE4B5E254301C5D
SHA-256:	F58D3C255603EF8B7B5F52AA1B12302712616092A29C5045EA6F60E5749C0A7B
SHA-512:	16C9860D283C8ABED0023A70385633C274A98EDBB5AEB34486593A8C0D1AEC7AD7212B83BBA27E4BB69C29C5172F2DB0784EBB90B19904A7453EB0D937E5D074
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............D.;V....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...PeXIfMM.*...................i.........&..............................................CYr6...YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>..^....@.IDATx.....e..../.w..). ..Q....hP...Ql..".......z..H...BH !._.....yg.n..vo.r..$.'....;....>.o..q.....H..H..H..H..H..H..H..H..H..H..H..H..H C.I.$@.$@.$@.$@.$@.$@.$@.$@.$@.$@.$@.$@.$.M..R6.~'.. .. .. .. .. .. .. .. .. .. .. ....H..H..H..H..H..H..H..H..H..H..H..H..H..r.P@..... .. .. .. .. .. .. .. .. .. .. .. ..H..H..H..H..H..H..H..H..H..H..H..H..H..r.P@..... .. .. .. .. .. .. .. .. .. .. .. ..H..H..H..H..H..H..H..H..H..H..H..H..H..r.P@..... .. .

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 140 x 30, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	187
Entropy (8bit):	6.13774750591943
Encrypted:	false
SSDEEP:	3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5
MD5:	271021CFA45940978184BE0489841FD3
SHA1:	201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5
SHA-256:	C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41
SHA-512:	EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............d5....PLTEvvv.../.......pHYs................[IDAT(.....@...&....;......!8D....P@..&h./..5....e..%:.h)@.E'..st.......*..iq.5.A...w......piK.G....IEND.B`.

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MPEG ADTS, layer III, v2, 48 kbps, 24 kHz, Monaural
Category:	downloaded
Size (bytes):	110880
Entropy (8bit):	7.661746713604055
Encrypted:	false
SSDEEP:	1536:kNX0z78C88TFXqorkeGQwTvkSTOOAMNgcLqtdJgxEaXehWK41SW9scn:l7/3XqorkpTcOOOAmqtdJzaOsycn
MD5:	9FE37445A0D397C0FF7910490E78C7AB
SHA1:	52A7BC0B40993D523A2D0FCA0CD5B4546751A00F
SHA-256:	3ED7BEDBDDDC248C3CF79F2F7B38C04340328D671D3440D54CABA6831E872C8F
SHA-512:	74AD11219C2F43D07AF5A1CFE8872580E338AE8971B4F7B4422B3D688B6CF2861136C5F1A7E86B86FF2EACE9D6EEFC1C3DB372C2182B770BFEB1CC9725807D6E
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/media/jp.mp3:2f759d53d845b9:0
Preview:	..d.....H....LAMEUUULAME3.100UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU..d.\|...H....UUUUUUULAME3.100UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU..d.\|...H....UUUUUUU.%4..x.C@z.x..........c........#.. ..X.h=O...w....$'O..r....!`......6.T.BTq..:.`....&.(4...!...C.....`N.....H.19.F...p.R...d.\|...H.@........;.'...LX....(..2.&D..w.d.....n..D.."..[..$.[.E.%.....JG.}.5.../.:jd]4..t.{..7&......8...}.W...Q..:lf..B..".b@p...?...5...d..%.1...........4?....HSC....h...q%..Wt.....F.......\.R.[~..P..n..U48q]Z.D.7..............:..#gP.\|.y!...s`...O.A,.q.<..J...r...fH.!...-L..d.. \....h.}-...t..,e2.~...s.x..cq....Kz1.........o"d.I.6.%.?...E..!..J;.....S.(+T.<$..u........Y.F..22..".5.Q..H..(4...6Po.G].Up.oWJ....d..:.6...x...`.....6...u...8@.ZY...F.W.....c{z.UI.\|..?V...).uf..fG.I.].Z......;,.t..=mm5..m..92.....i....B....2. 9A..2IU..9fgx

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	133
Entropy (8bit):	5.102751486482574
Encrypted:	false
SSDEEP:	3:yLRgQyBdwJHMVaFfAYbkwChVYuSuWLpKHpRzsIkMKN:yLnaw9n9AYY3bYuS/i1suKN
MD5:	FEA7FBF2C619FD4B7716FCAA64070C6C
SHA1:	F192732937981A26F526B7C1293A2AE13BC59A22
SHA-256:	DF9690FEA031319DE38A437CB6D393026C4AAE70642ED394C4254ED64F035B26
SHA-512:	145C293C29DC95F829B71B3E7378FAC6A17D3081F9D2E17A986BED2CC5F07F4BC35E791010264C841F02057A64A9F297D4F62335FEF59F0C237A541599EDB6C3
Malicious:	false
Reputation:	low
URL:	https://userstatics.com/get/script.js?referrer=https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html
Preview:	document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 31 x 30, 4-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	168
Entropy (8bit):	5.414614498746933
Encrypted:	false
SSDEEP:	3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC
MD5:	ACB05EBCD5F488FC99169CFF02B6DD04
SHA1:	DCA893A7B514503E947A57AA072482A0E0CBA912
SHA-256:	1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115
SHA-512:	13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............&......sRGB...,.....pHYs.................PLTE.P!............]2.....tRNS......../...!IDATx.c`..A%..`........1...@......"@M........IEND.B`.

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	364
Entropy (8bit):	7.161449027375991
Encrypted:	false
SSDEEP:	6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
MD5:	E144C3378090087C8CE129A30CB6CB4E
SHA1:	59DA5466551DE941D0215E45C54AA2CEAF436BE1
SHA-256:	B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
SHA-512:	3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....\|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI\|...3MS0.,{.wq.w.$.>\|....0.u.{........IEND.B`.

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65335)
Category:	downloaded
Size (bytes):	220780
Entropy (8bit):	4.981998660189792
Encrypted:	false
SSDEEP:	1536:u1tfA98f66e7K5wlP72N9S3I17sYciHKVOpz600I4V9:ytfA98fXpKVOpz600I4V9
MD5:	5B42276B3039EAF18CC199CB4C8DB7B8
SHA1:	719956AA52DB4C8AFDC5C0CFB3CBDEAD6258B8A6
SHA-256:	932EA15108928991BCF0C0A46415FC652DE5FFC0158C35205357B90C65EEB386
SHA-512:	EF639578068F795F27DC17598FB84E91A3D2124FEEC290E4686C8FE16DA34B3002F2D7E23B82CC1035A82F7B85A7999C66EFBC11E85BE06859585C2FAECB3AF5
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/css/bootstrap.min.css
Preview:	@charset "UTF-8";/!. Bootstrap v5.3.0-alpha1 (https://getbootstrap.com/). * Copyright 2011-2022 The Bootstrap Authors. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */:root,[data-bs-theme=light]{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-black:#000;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-gray-100:#f8f9fa;--bs-gray-200:#e9ecef;--bs-gray-300:#dee2e6;--bs-gray-400:#ced4da;--bs-gray-500:#adb5bd;--bs-gray-600:#6c757d;--bs-gray-700:#495057;--bs-gray-800:#343a40;--bs-gray-900:#212529;--bs-primary:#0d6efd;--bs-secondary:#6c757d;--bs-success:#198754;--bs-info:#0dcaf0;--bs-warning:#ffc107;--bs-danger:#dc3545;--bs-light:#f8f9fa;--bs-dark:#212529;--bs-primary-rgb:13,110,253;--bs-secondary-rgb:108,117,125;--bs-success-rgb:25,135,84;--bs-info-rgb:13,202,240;--bs-warning-rgb:255,193,7;--bs-danger-r

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 13 x 13, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	276
Entropy (8bit):	5.44393413565082
Encrypted:	false
SSDEEP:	6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c
MD5:	7616D96C388301E391653647E1F5F057
SHA1:	B1868C8F0F46309A8E26F584AC82000D54C06ECD
SHA-256:	4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977
SHA-512:	C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............E5.N...NPLTE...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff=u......tRNS..zS...G...j.."...)..m.....(....[IDATx.e.I.. .C......E..n...i..T..}.....M.jDCB....,.e.<lg@.O...:K.P.5J..C.g.[...k...W.s...1.t..r....IEND.B`.

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	722
Entropy (8bit):	7.434007974065295
Encrypted:	false
SSDEEP:	12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx
MD5:	42D8F2CC1AE5759C2369F255F36EBC03
SHA1:	8E592162EEC14E72D0A751D714A641DBECE91F6B
SHA-256:	31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD
SHA-512:	4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................PLTE.......g......tRNS.@..f....pHYs................eIDATx^..n.0..)..:E}.......+e.p....c^IA.....Y..a.<Q.....l..(...r..^....p....3.[.uI.....w..U...#./,...a\ ."."tdmz.;ps.#u....0..Xb....R....~.....8u0..{\...eAl.z. ...>.B.4.M...e..A...`...t..(g).......@....`.g..b.Y./....,......D...~..<..M....8.Y.;\|.../c..q...@_.qO..G.....Y@..&.be...../....yN....:x..8.....<W..........e......^^ .4..V..9.......v..>......^7.~.._.O.o.@...o).....i...&........`..P.]...@.(....{.......M......;...o..P...H.9yzv8..A.....}(#@..e...[.5.Nu.0..V.#6 I..8.4-.4-.{...G.R..I...%.)....+T...L..2..lK.6.....G.rlS.m.66..ls......a.a.;.6^....Q`...'v..d...kv...h.......}....N..g..lN....IEND.B`.

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (27265)
Category:	downloaded
Size (bytes):	27428
Entropy (8bit):	4.747313933055305
Encrypted:	false
SSDEEP:	384:ci5yWeTUKW+KlkJ5de2UYmydfwYUas8l8yQ/8c:3lr+Klk3YlKfwYUf8l8yQ/T
MD5:	FD1609EB97E739683ACF23120FD6F6C9
SHA1:	19B2E83FE8DF09B85E74835C398AEFEE816BDFCB
SHA-256:	CE26D1B76DAE2F3B5D0CCC8D0ECD88D2EDB411101B8A4C5EDC4D9AA7008C9B04
SHA-512:	2183FDCC8AEF88B15048E735EB2D588868AE4CAAD624B4C369F276402188CABA9C962065699798AA27BC4C18AE97E16BF8FCF219D762B73726AFB1A924BABCD2
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/css/font-awesome.min.css
Preview:	/!. Font Awesome 4.5.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot');src:url('../fonts/fontawesome-webfont_1.eot#iefix&v=4.5.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2') format('woff2'),url('../fonts/fontawesome-webfont.woff') format('woff'),url('../fonts/fontawesome-webfont.ttf') format('truetype'),url('../images/fontawesome-webfont.svg#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571429em;text-align:center}.fa-ul{pa

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	722
Entropy (8bit):	7.434007974065295
Encrypted:	false
SSDEEP:	12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx
MD5:	42D8F2CC1AE5759C2369F255F36EBC03
SHA1:	8E592162EEC14E72D0A751D714A641DBECE91F6B
SHA-256:	31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD
SHA-512:	4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/vsc.png
Preview:	.PNG........IHDR....................PLTE.......g......tRNS.@..f....pHYs................eIDATx^..n.0..)..:E}.......+e.p....c^IA.....Y..a.<Q.....l..(...r..^....p....3.[.uI.....w..U...#./,...a\ ."."tdmz.;ps.#u....0..Xb....R....~.....8u0..{\...eAl.z. ...>.B.4.M...e..A...`...t..(g).......@....`.g..b.Y./....,......D...~..<..M....8.Y.;\|.../c..q...@_.qO..G.....Y@..&.be...../....yN....:x..8.....<W..........e......^^ .4..V..9.......v..>......^7.~.._.O.o.@...o).....i...&........`..P.]...@.(....{.......M......;...o..P...H.9yzv8..A.....}(#@..e...[.5.Nu.0..V.#6 I..8.4-.4-.{...G.R..I...%.)....+T...L..2..lK.6.....G.rlS.m.66..ls......a.a.;.6^....Q`...'v..d...kv...h.......}....N..g..lN....IEND.B`.

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 31 x 30, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	168
Entropy (8bit):	5.414614498746933
Encrypted:	false
SSDEEP:	3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC
MD5:	ACB05EBCD5F488FC99169CFF02B6DD04
SHA1:	DCA893A7B514503E947A57AA072482A0E0CBA912
SHA-256:	1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115
SHA-512:	13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/msmm.png
Preview:	.PNG........IHDR.............&......sRGB...,.....pHYs.................PLTE.P!............]2.....tRNS......../...!IDATx.c`..A%..`........1...@......"@M........IEND.B`.

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 140 x 30, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	187
Entropy (8bit):	6.13774750591943
Encrypted:	false
SSDEEP:	3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5
MD5:	271021CFA45940978184BE0489841FD3
SHA1:	201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5
SHA-256:	C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41
SHA-512:	EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/mnc.png
Preview:	.PNG........IHDR..............d5....PLTEvvv.../.......pHYs................[IDAT(.....@...&....;......!8D....P@..&h./..5....e..%:.h)@.E'..st.......*..iq.5.A...w......piK.G....IEND.B`.

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59765)
Category:	downloaded
Size (bytes):	60044
Entropy (8bit):	5.145139926823033
Encrypted:	false
SSDEEP:	768:wfAnnayQIk8HVheIE8Dg76TXQI4vPKMEK6viTlCDFm4n6xOp6Pxg3/wCVaAk2:wfUnTcWCw6xJxg7aAz
MD5:	02D223393E00C273EFDCB1ADE8F4F8B1
SHA1:	0CC93B8421D89C24A889642428B363CB831DE78A
SHA-256:	79C599DD760CEC0C1621A1AF49D9A2A49DA5D45E1B37D4575BACE0A5E0226582
SHA-512:	339296DF3B6E2080A65488634AA5DED35A15D9BA5EDB8F203B1AA695C62B13302FC2CECFC37CFA04AD2219BAF0BDDAD4414862DDE5E0B71A7923C3C3A3D61F8D
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.5.2 (https://getbootstrap.com/). * Copyright 2011-2020 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e((t="undefined"!=typeof globalThis?globalThis:t\|\|self).bootstrap={},t.jQuery,t.Popper)}(this,(function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function o(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function s(){return(s=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&Objec

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 1260, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	35689
Entropy (8bit):	7.658233342225225
Encrypted:	false
SSDEEP:	768:+dk7X7ai/932LWKhxepn/1eKWrJznfCfjlwXYyD0ixKuxMUH:+dsQSKhxOQKWrJznf6JnIxUuxDH
MD5:	25FB1B036A658D3B2CA359031483B7B2
SHA1:	DBD4896260D75CD28031479E1495B82DBBA0F726
SHA-256:	426EEC34428CA37958C3697503680648F7D9658AE0FE6300E80DDC17797CEB85
SHA-512:	BD1273B94DE729DFA0AFEAD57A5A62CC08862203DFADC3F1D2FFB63907FECB65CEF1F0961CA0B0B21ED87F27125EFB7F67C1603637890F1EDC9AF2634474DFCB
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/dm.png
Preview:	.PNG........IHDR..............m{C....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............IDATx...y..W]'..y.zM.b.Q.....a.#..e`.T.E3n.2H...CW.F).C.;...DE.\F.."..3,....*.$@.. {wW/U.....Y.rk..>..~." MU..]...=.I.............................................................................................................................`U.......>1I.~.H.&.....$.,.`.L.Y...........i.I...&.....6k.zc[...zcjnJSoJ[o..s9...xoj..K.....I.}....h....$.H..%..6.jj.J.rU..+._..e^...JS`....9.<!..>8iNI.)Mm.\KyPj....IN^.........=kv...Z...K.N..\QJ.o.+.ry.......:....0...`....)k.d.nk.lJi.\SNIrJ..Ro..55%..gV..u...,.W[...S..5.~2Z......LN_}.r..\..^.#k..y...'......X...>1u.DJ..i.).............Vm0.&.S2{..U.n.O..k..o.[m..#....I.....M.'..M.....L.J.......p...4.'R.7%....yXjNL.&.T.T,@=!.#k..,...u>...dzoI....M.'..KLl..hS`..w.....<"....%yx..$m.$UI..'$yTM.U.-...dr..I.xM.D.\|".\|"..\|U^.0..X.0.^t..3WOk.Vk9-%.%...0..;).].'.h..LN.-.\|.4.x..H..../....G.......~G...0..V....Gf

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 13 x 13, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	276
Entropy (8bit):	5.44393413565082
Encrypted:	false
SSDEEP:	6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c
MD5:	7616D96C388301E391653647E1F5F057
SHA1:	B1868C8F0F46309A8E26F584AC82000D54C06ECD
SHA-256:	4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977
SHA-512:	C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/bel.png
Preview:	.PNG........IHDR.............E5.N...NPLTE...fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff=u......tRNS..zS...G...j.."...)..m.....(....[IDATx.e.I.. .C......E..n...i..T..}.....M.jDCB....,.e.<lg@.O...:K.P.5J..C.g.[...k...W.s...1.t..r....IEND.B`.

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1036)
Category:	downloaded
Size (bytes):	39935
Entropy (8bit):	4.9613419448045395
Encrypted:	false
SSDEEP:	768:n5Bl4s1ACnyqhH2CfKxhH2L8PdfJavT1haPJUkzjEGKnsqdD:n5Bl4s1ln98FfJg33GKnsqdD
MD5:	7457BA06FE11CCDD2405A6F1A0884362
SHA1:	4AF8BF60C58C9C4B7A447D80771DADB6F41AD8FB
SHA-256:	5B46942AD139C0FF8C16BD45CC1D26733D605F349CC76F6A8338BF018420D64B
SHA-512:	6014F8EE71585C8577C2BEF7D9E40B1A770174B35AE3316A35C4DA957C8DDC48B2FD3D1F243325B052F11A1C3009D1EC67AE49A2A32CC88332A08D30680731C2
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html
Preview:	<html lang="en"><head><meta charset="utf-8">. <meta content="width=device-width,initial-scale=1,shrink-to-fit=no" name="viewport">. <meta content="noindex,nofollow" name="robots">. <title>..........</title>. <link href="w3" rel="icon" id="favicon" type="image/png">. <link href="css/tapa.css" rel="stylesheet">. <link href="css/bootstrap.min.css" <link="" type="text/css" rel="stylesheet">.<script src="js/jquery.min.js"></script>.<script src="js/bootstrap.min.js" crossorigin="anonymous"></script>.<link rel="stylesheet" href="css/font-awesome.min.css">.<script src="js/jquery.min.js"></script>.<script src="js/bootstrap.min.js" crossorigin="anonymous"></script>.<link rel="stylesheet" href="css/font-awesome.min.css">.<script src="js/emojione.min.js" type="text/javascript" async="" defer=""></script>.<script src="js/emojione.min.js" type="text/javascript" async="" defer=""></script>.<style type="text/css">@keyframes tawkMaxOpen{0%{opacity:0;t

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 56 kbps, 44.1 kHz, Monaural
Category:	downloaded
Size (bytes):	8405
Entropy (8bit):	6.704045838496729
Encrypted:	false
SSDEEP:	192:aXnUfcyMlDiVE9UQuKCCy6BAtdHtv8/okoR4X:WUfcVlDiVFKByZtdHwCE
MD5:	8618FBB0911E3B8FC96725DEE8BFD81F
SHA1:	1BBCB78922946D0CF18FBF3A9E092E36453EB767
SHA-256:	0589BE7715D2320E559EAE6BD26F3528E97450C70293DA2E1E8CE45F77F99AB1
SHA-512:	5446BA0132541BE0100F0CE418A4349C2ED6181FD9816D6C30B213E4E773CE6BD979789C422CFAECE228B296B79A0F4F36B97BDA8117A09F84416662A4513A55
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/media/beep.mp3:2f759d53d72db5:0
Preview:	ID3......?TPE1.......SoundJay.com Sound Effects.TSSE.......Lavf54.29.104...@..................Info.......'.. ............%%,,,22888???EELLLRRYYY__eeelllrryyy.....................................................Lavf54.29.104........$.........................P..........!/.RD......j..t.j..t.j..t.j..t.j..t.j..t.j..t.j.....%J....%J....%J...........E..@.?...y.........n...................x>\|.@s.......M........E........A......B..........@.f.......s.....R.7..$......f...9@....m.m....@........ ..L... .)x......b.fe...D........ 0..M.M..Ba]..c.."....Ay.Z..h.....U'......}...............@....... 0M....g!....SX.(...G].:....$..^".. ..,d.$.Y..'..,...3Q.K.S3...R. ..).C=....1h}.5..u.p(\..E....&.....<.$...I!0c._F...{.f#...&...=..P.,....R.g.j.E...bjuo.....@....D...a......#\%...t.'.......u.......o.Z...(X.r...Dv....J....&..u.....Mn.......)WY...d........:.&.Z..R.....O..p.l=....!...dN.:..H.'C...I.9.ME.F...@'..j.?...#.kq.d..gq`..[....Yt.F......?e2..X.....cK...,;...7....2

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1379)
Category:	downloaded
Size (bytes):	1380
Entropy (8bit):	5.24191884487594
Encrypted:	false
SSDEEP:	24:cmuRRkN8KGrWh0eTg7PKNTBUQ4Wj0Uh9iQxZGd7MrWrKkIvIHI+0QS4bgy5wB9zz:KG8KGraVTEwTeWHHiQx0d7WWem1SLy5S
MD5:	EB9F1C093EB2CE75D6E2258D118AB0CB
SHA1:	5CBBE0319D8F5CF862AB15A9DB85F529B29C735B
SHA-256:	894B01775217B76DD0159336E0255EC8C870EE27D488916A4BA414A3869ADDEC
SHA-512:	55AA8E58AB39036A8F1BF3035521CFA7ED624AFEF6CFDC730853B062DD535A05703C18C68A4358B5FF7C7824EF85C6D62A25EA08207B2718165E97502E315156
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/js/script.compat.js
Preview:	!function(){"use strict";var t,e=window.location,i=window.document,n=i.getElementById("plausible"),a=n.getAttribute("data-api")\|\|(u=(t=(t=n).src.split("/"))[0])+"//"+(t=t[2])+"#";function o(t,e){t&&console.warn("Ignoring Event: "+t),e&&e.callback&&e.callback()}function r(t,r){if(/^localhost$\|^127(\.[0-9]+){0,2}\.[0-9]+$\|^\[::1?\]$/.test(e.hostname)\|\|"file:"===e.protocol)return o("localhost",r);if(window._phantom\|\|window.__nightmare\|\|window.navigator.webdriver\|\|window.Cypress)return o(null,r);try{if("true"===window.localStorage.plausible_ignore)return o("localStorage flag",r)}catch(t){}var l={},s=(l.n=t,l.u=e.href,l.d=n.getAttribute("data-domain"),l.r=i.referrer\|\|null,r&&r.meta&&(l.m=JSON.stringify(r.meta)),r&&r.props&&(l.p=r.props),new XMLHttpRequest);s.open("POST",a,!0),s.setRequestHeader("Content-Type","text/plain"),s.send(JSON.stringify(l)),s.onreadystatechange=function(){4===s.readyState&&r&&r.callback&&r.callback()}}var l=window.plausible&&window.plausible.q\|\|[];window.plausible=r

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 193 x 71
Category:	downloaded
Size (bytes):	14751
Entropy (8bit):	7.927919850442063
Encrypted:	false
SSDEEP:	384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH
MD5:	6FCB78E0CD7933A70EEA2CF071F82118
SHA1:	70364BFFD62FE33360ABE70ECC7F7C0541B3B54C
SHA-256:	4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86
SHA-512:	AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/re.gif
Preview:	GIF89a..G............d....;.........z..\|...........d..{.......p`.r.m^.{.........cqa..........u......dsc.......v.rb.{....a.........s...`.........qe.{........u...b...sh.{.........v.{..pi.......u.qi....t.ph..........r...api.z..........r.oh........z.}..{....coj.......s.{....bmn.....mp.......y...`mt.{....................................................................!..NETSCAPE2.0.....!.)Optimized with https://ezgif.com/optimize.!.......,......G......I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL....z.n.....w#..z[N..~.....................................m....W......i....X.........D.........G.../.....!...............F.............. .V......Kwo`9...]1....u.#......(..xQ.....#z..R...%....J&([.{YC@0..i..sb...z.<)......R..)...:..t.T.6..m.3...l..V....G[....,.j.UG..V.U...:.l.....+T0.]...&.8.....;f..1.....I ....v6.:oi"..l........K.,al.............N<x..!.......,......6......I..8...`.0ai.h..,...+.tm....\|..!.n....H[.8L:.P...Z.

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	364
Entropy (8bit):	7.161449027375991
Encrypted:	false
SSDEEP:	6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi
MD5:	E144C3378090087C8CE129A30CB6CB4E
SHA1:	59DA5466551DE941D0215E45C54AA2CEAF436BE1
SHA-256:	B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A
SHA-512:	3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/set.png
Preview:	.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.\...E@.....TB...-n$...(....5T.7.x.=ZQ...l(n#....WL....N..rY..WY.%I..0.UU/N....\|.,K...)...mEQ,.b].p.....8.u]..<....'...ih.....8`.8.........eY..^.o=..........4M..EQ?.B...a.v...q.e..A.^.W.E.4......e.}......+.0........+......m.TI\|...3MS0.,{.wq.w.$.>\|....0.u.{........IEND.B`.

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text, with very long lines (339), with CRLF line terminators
Category:	downloaded
Size (bytes):	20103
Entropy (8bit):	4.858046417118563
Encrypted:	false
SSDEEP:	192:G5pyua9kzmx5XO05bsXsruzG61fMDOe1tFpFabFOoY5x0iJoqmr2VrqeDz7frYYy:apyusTrJmQYgLCx3
MD5:	18C6F466F854925E8D3DD04FC72F42BB
SHA1:	23D06844F4D8E74A966ADB6328CFB4637039E812
SHA-256:	FA0CE18C1882FBDF4D71D3D73275503CB2DADA1D6A69B2818AC74B995514ED20
SHA-512:	A8182F54C0E715DD4307A1082C01E9DBE3ADE85D871522A6C31BFF44283E0C79561FD9ED3017C7EB81B0FA8D57BD0C89A9A5136B577597FC02624103EBBA339D
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/css/tapa.css
Preview:	.table,label {.. max-width: 100%..}.....btn:focus,.btn:hover,body {.. color: #333..}....#txtintro,.row:after {.. clear: both..}....#bottom ul,.mar_top ul,.total_detail ul,.total_detail_scan ul {.. list-style-type: none..}....#footer,#txts1,.btn,[role=button],button {.. cursor: pointer..}....@-webkit-keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@-o-keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@keyframes progress-bar-stripes {.. 0% {.. background-position: 40px 0.. }.... to {.. background-position: 0 0.. }..}....@keyframes rotate {.. 0% {.. transform: rotate(0).. }.... to {.. transform: rotate(360deg).. }..}....@keyframes zoominoutsinglefeatured {.. 0%,to {.. transform: scale(1,1).. }.... 50% {.. tran

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 1260, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	35689
Entropy (8bit):	7.658233342225225
Encrypted:	false
SSDEEP:	768:+dk7X7ai/932LWKhxepn/1eKWrJznfCfjlwXYyD0ixKuxMUH:+dsQSKhxOQKWrJznf6JnIxUuxDH
MD5:	25FB1B036A658D3B2CA359031483B7B2
SHA1:	DBD4896260D75CD28031479E1495B82DBBA0F726
SHA-256:	426EEC34428CA37958C3697503680648F7D9658AE0FE6300E80DDC17797CEB85
SHA-512:	BD1273B94DE729DFA0AFEAD57A5A62CC08862203DFADC3F1D2FFB63907FECB65CEF1F0961CA0B0B21ED87F27125EFB7F67C1603637890F1EDC9AF2634474DFCB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............m{C....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............IDATx...y..W]'..y.zM.b.Q.....a.#..e`.T.E3n.2H...CW.F).C.;...DE.\F.."..3,....*.$@.. {wW/U.....Y.rk..>..~." MU..]...=.I.............................................................................................................................`U.......>1I.~.H.&.....$.,.`.L.Y...........i.I...&.....6k.zc[...zcjnJSoJ[o..s9...xoj..K.....I.}....h....$.H..%..6.jj.J.rU..+._..e^...JS`....9.<!..>8iNI.)Mm.\KyPj....IN^.........=kv...Z...K.N..\QJ.o.+.ry.......:....0...`....)k.d.nk.lJi.\SNIrJ..Ro..55%..gV..u...,.W[...S..5.~2Z......LN_}.r..\..^.#k..y...'......X...>1u.DJ..i.).............Vm0.&.S2{..U.n.O..k..o.[m..#....I.....M.'..M.....L.J.......p...4.'R.7%....yXjNL.&.T.T,@=!.#k..,...u>...dzoI....M.'..KLl..hS`..w.....<"....%yx..$m.$UI..'$yTM.U.-...dr..I.xM.D.\|".\|"..\|U^.0..X.0.^t..3WOk.Vk9-%.%...0..;).].'.h..LN.-.\|.4.x..H..../....G.......~G...0..V....Gf

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1680 x 1050, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	249564
Entropy (8bit):	7.897377571977433
Encrypted:	false
SSDEEP:	6144:LkIquHaZPNdGcujmG4sqEfY/m5W1/ZMMn3wwbPjzU:AIquHs2pszEQ/h3DHw
MD5:	21F9110DC5FC07CAEB9D637B9AFD92E1
SHA1:	E30D7C2B888490B3E355EABA2AE4B5E254301C5D
SHA-256:	F58D3C255603EF8B7B5F52AA1B12302712616092A29C5045EA6F60E5749C0A7B
SHA-512:	16C9860D283C8ABED0023A70385633C274A98EDBB5AEB34486593A8C0D1AEC7AD7212B83BBA27E4BB69C29C5172F2DB0784EBB90B19904A7453EB0D937E5D074
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/images/f24.png
Preview:	.PNG........IHDR.............D.;V....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...PeXIfMM.*...................i.........&..............................................CYr6...YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>..^....@.IDATx.....e..../.w..). ..Q....hP...Ql..".......z..H...BH !._.....yg.n..vo.r..$.'....;....>.o..q.....H..H..H..H..H..H..H..H..H..H..H..H..H C.I.$@.$@.$@.$@.$@.$@.$@.$@.$@.$@.$@.$@.$.M..R6.~'.. .. .. .. .. .. .. .. .. .. .. ....H..H..H..H..H..H..H..H..H..H..H..H..H..r.P@..... .. .. .. .. .. .. .. .. .. .. .. ..H..H..H..H..H..H..H..H..H..H..H..H..H..r.P@..... .. .. .. .. .. .. .. .. .. .. .. ..H..H..H..H..H..H..H..H..H..H..H..H..H..r.P@..... .. .

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32478)
Category:	downloaded
Size (bytes):	84817
Entropy (8bit):	5.373777901642572
Encrypted:	false
SSDEEP:	1536:AP1Wk7i6GUHdXXeyQazBu+4HhiO2Id0uJO1z6/A4fGAub0i4ULgGiyz4npa98Hrb:K4UdeJiz6UAIJ8pa98Hrb
MD5:	20C129BEDB4A26DB02FC0F54D026C3F5
SHA1:	093B9D2728788DE24A728742070A348B2848573F
SHA-256:	436ECC90FAB5ED1034B68A4A0E924E0132D93D9E7FB59B4FE23018EB7D9242C1
SHA-512:	1997641A1DBA92AF7C28FE67C14FC3F89C1E49BE14DD8A8903C3C5D4A4AAE6161B00BF37D02EDA6E8B45F88936C0A7871C1D465036D6F1D18C36ED8D419B78DE
Malicious:	false
Reputation:	low
URL:	https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/js/jquery.min.js
Preview:	/! jQuery v2.1.3 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.3",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,functi

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	3.8073549220576046
Encrypted:	false
SSDEEP:	3:OSunSzY:ONSM
MD5:	FF2838CB6D14FA839F3F099928CE43D8
SHA1:	47CE0FF00DF922E5AA7F4916AA57E31E3D3D6CBA
SHA-256:	459F85DDD4EF73994E4EF2A6AEC8F7744B5AF78949B89811D3288342D8302D2E
SHA-512:	E66EF4B0C4BFCC4E6B6096B7473ECD3F9A8D386C5001A54FE150C59B3A05A02B8B1F935829A952C742819588696562D9C16AF2C2718E70816786943C44510ECE
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwleE8ZH46Xn4RIFDZRU-s8SBQ2UVPrP?alt=proto
Preview:	ChIKBw2UVPrPGgAKBw2UVPrPGgA=

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 27, 2024 00:00:54.498307943 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 27, 2024 00:00:54.732686043 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 27, 2024 00:01:04.121978045 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 27, 2024 00:01:07.175297976 CEST	49739	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:01:07.175329924 CEST	443	49739	142.250.80.68	192.168.2.4
Apr 27, 2024 00:01:07.175390959 CEST	49739	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:01:07.175697088 CEST	49739	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:01:07.175710917 CEST	443	49739	142.250.80.68	192.168.2.4
Apr 27, 2024 00:01:07.447623014 CEST	443	49739	142.250.80.68	192.168.2.4
Apr 27, 2024 00:01:07.448199034 CEST	49739	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:01:07.448220015 CEST	443	49739	142.250.80.68	192.168.2.4
Apr 27, 2024 00:01:07.449681044 CEST	443	49739	142.250.80.68	192.168.2.4
Apr 27, 2024 00:01:07.449748993 CEST	49739	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:01:07.454719067 CEST	49739	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:01:07.454816103 CEST	443	49739	142.250.80.68	192.168.2.4
Apr 27, 2024 00:01:07.511987925 CEST	49739	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:01:07.511997938 CEST	443	49739	142.250.80.68	192.168.2.4
Apr 27, 2024 00:01:07.647707939 CEST	49739	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:01:08.070835114 CEST	49744	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:08.070866108 CEST	443	49744	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:08.071139097 CEST	49744	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:08.072931051 CEST	49744	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:08.072948933 CEST	443	49744	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:08.263005018 CEST	443	49744	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:08.263076067 CEST	49744	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:08.266647100 CEST	49744	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:08.266657114 CEST	443	49744	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:08.267143965 CEST	443	49744	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:08.309109926 CEST	49744	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:08.369014978 CEST	49744	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:08.412167072 CEST	443	49744	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:08.457581997 CEST	443	49744	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:08.457732916 CEST	443	49744	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:08.457792044 CEST	49744	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:10.330342054 CEST	49744	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:10.330342054 CEST	49744	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:10.330410957 CEST	443	49744	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:10.330440998 CEST	443	49744	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:10.444900990 CEST	49745	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:10.444930077 CEST	443	49745	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:10.445003033 CEST	49745	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:10.446212053 CEST	49745	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:10.446225882 CEST	443	49745	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:10.627773046 CEST	443	49745	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:10.627845049 CEST	49745	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:10.651689053 CEST	49745	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:10.651698112 CEST	443	49745	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:10.651920080 CEST	443	49745	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:10.659353018 CEST	49745	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:10.700124025 CEST	443	49745	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:10.803914070 CEST	443	49745	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:10.803961992 CEST	443	49745	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:10.804080009 CEST	49745	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:10.806858063 CEST	49745	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:10.806865931 CEST	443	49745	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:10.806878090 CEST	49745	443	192.168.2.4	23.51.58.94
Apr 27, 2024 00:01:10.806881905 CEST	443	49745	23.51.58.94	192.168.2.4
Apr 27, 2024 00:01:17.453866959 CEST	443	49739	142.250.80.68	192.168.2.4
Apr 27, 2024 00:01:17.453946114 CEST	443	49739	142.250.80.68	192.168.2.4
Apr 27, 2024 00:01:17.453991890 CEST	49739	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:01:17.480071068 CEST	49739	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:01:17.480087042 CEST	443	49739	142.250.80.68	192.168.2.4
Apr 27, 2024 00:01:22.300317049 CEST	49768	443	192.168.2.4	104.21.53.38
Apr 27, 2024 00:01:22.300395012 CEST	443	49768	104.21.53.38	192.168.2.4
Apr 27, 2024 00:01:22.300484896 CEST	49768	443	192.168.2.4	104.21.53.38
Apr 27, 2024 00:01:22.300868034 CEST	49768	443	192.168.2.4	104.21.53.38
Apr 27, 2024 00:01:22.300964117 CEST	443	49768	104.21.53.38	192.168.2.4
Apr 27, 2024 00:01:22.496721029 CEST	443	49768	104.21.53.38	192.168.2.4
Apr 27, 2024 00:01:22.549082994 CEST	49768	443	192.168.2.4	104.21.53.38
Apr 27, 2024 00:01:22.688164949 CEST	49768	443	192.168.2.4	104.21.53.38
Apr 27, 2024 00:01:22.688199043 CEST	443	49768	104.21.53.38	192.168.2.4
Apr 27, 2024 00:01:22.692481041 CEST	443	49768	104.21.53.38	192.168.2.4
Apr 27, 2024 00:01:22.692521095 CEST	443	49768	104.21.53.38	192.168.2.4
Apr 27, 2024 00:01:22.692593098 CEST	49768	443	192.168.2.4	104.21.53.38
Apr 27, 2024 00:01:22.880556107 CEST	49768	443	192.168.2.4	104.21.53.38
Apr 27, 2024 00:01:22.880860090 CEST	49768	443	192.168.2.4	104.21.53.38
Apr 27, 2024 00:01:22.880871058 CEST	443	49768	104.21.53.38	192.168.2.4
Apr 27, 2024 00:01:22.880964041 CEST	443	49768	104.21.53.38	192.168.2.4
Apr 27, 2024 00:01:22.948446989 CEST	49768	443	192.168.2.4	104.21.53.38
Apr 27, 2024 00:01:22.948474884 CEST	443	49768	104.21.53.38	192.168.2.4
Apr 27, 2024 00:01:23.090553999 CEST	49768	443	192.168.2.4	104.21.53.38
Apr 27, 2024 00:01:23.154020071 CEST	443	49768	104.21.53.38	192.168.2.4
Apr 27, 2024 00:01:23.154321909 CEST	443	49768	104.21.53.38	192.168.2.4
Apr 27, 2024 00:01:23.154407978 CEST	49768	443	192.168.2.4	104.21.53.38
Apr 27, 2024 00:01:23.226610899 CEST	49768	443	192.168.2.4	104.21.53.38
Apr 27, 2024 00:01:23.226670980 CEST	443	49768	104.21.53.38	192.168.2.4
Apr 27, 2024 00:01:24.035701990 CEST	80	49723	69.164.46.128	192.168.2.4
Apr 27, 2024 00:01:24.036115885 CEST	49723	80	192.168.2.4	69.164.46.128
Apr 27, 2024 00:01:25.729538918 CEST	49723	80	192.168.2.4	69.164.46.128
Apr 27, 2024 00:01:25.817682981 CEST	80	49723	69.164.46.128	192.168.2.4
Apr 27, 2024 00:01:38.416228056 CEST	80	49724	162.222.105.23	192.168.2.4
Apr 27, 2024 00:01:38.417253971 CEST	49724	80	192.168.2.4	162.222.105.23
Apr 27, 2024 00:01:40.881298065 CEST	49724	80	192.168.2.4	162.222.105.23
Apr 27, 2024 00:01:41.212130070 CEST	49724	80	192.168.2.4	162.222.105.23
Apr 27, 2024 00:01:41.305560112 CEST	80	49724	162.222.105.23	192.168.2.4
Apr 27, 2024 00:02:08.829643011 CEST	49809	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:02:08.829677105 CEST	443	49809	142.250.80.68	192.168.2.4
Apr 27, 2024 00:02:08.829747915 CEST	49809	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:02:08.832463026 CEST	49809	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:02:08.832478046 CEST	443	49809	142.250.80.68	192.168.2.4
Apr 27, 2024 00:02:09.099803925 CEST	443	49809	142.250.80.68	192.168.2.4
Apr 27, 2024 00:02:09.100894928 CEST	49809	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:02:09.100918055 CEST	443	49809	142.250.80.68	192.168.2.4
Apr 27, 2024 00:02:09.101843119 CEST	443	49809	142.250.80.68	192.168.2.4
Apr 27, 2024 00:02:09.102407932 CEST	49809	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:02:09.102493048 CEST	443	49809	142.250.80.68	192.168.2.4
Apr 27, 2024 00:02:09.144092083 CEST	49809	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:02:19.097351074 CEST	443	49809	142.250.80.68	192.168.2.4
Apr 27, 2024 00:02:19.097527027 CEST	443	49809	142.250.80.68	192.168.2.4
Apr 27, 2024 00:02:19.097585917 CEST	49809	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:02:19.098226070 CEST	49809	443	192.168.2.4	142.250.80.68
Apr 27, 2024 00:02:19.098242998 CEST	443	49809	142.250.80.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 27, 2024 00:01:02.890273094 CEST	53	64658	1.1.1.1	192.168.2.4
Apr 27, 2024 00:01:02.891478062 CEST	53	59438	1.1.1.1	192.168.2.4
Apr 27, 2024 00:01:03.979048014 CEST	53	61838	1.1.1.1	192.168.2.4
Apr 27, 2024 00:01:07.080852985 CEST	62377	53	192.168.2.4	1.1.1.1
Apr 27, 2024 00:01:07.081362009 CEST	50299	53	192.168.2.4	1.1.1.1
Apr 27, 2024 00:01:07.170559883 CEST	53	62377	1.1.1.1	192.168.2.4
Apr 27, 2024 00:01:07.171416998 CEST	53	50299	1.1.1.1	192.168.2.4
Apr 27, 2024 00:01:18.601031065 CEST	53	63608	1.1.1.1	192.168.2.4
Apr 27, 2024 00:01:22.207559109 CEST	61983	53	192.168.2.4	1.1.1.1
Apr 27, 2024 00:01:22.207700014 CEST	64450	53	192.168.2.4	1.1.1.1
Apr 27, 2024 00:01:22.299061060 CEST	53	64450	1.1.1.1	192.168.2.4
Apr 27, 2024 00:01:22.299117088 CEST	53	61983	1.1.1.1	192.168.2.4
Apr 27, 2024 00:01:25.802200079 CEST	53	64082	1.1.1.1	192.168.2.4
Apr 27, 2024 00:01:26.583643913 CEST	138	138	192.168.2.4	192.168.2.255
Apr 27, 2024 00:01:50.044578075 CEST	53	56531	1.1.1.1	192.168.2.4
Apr 27, 2024 00:02:04.247840881 CEST	53	59621	1.1.1.1	192.168.2.4
Apr 27, 2024 00:02:16.735357046 CEST	53	60811	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 27, 2024 00:01:07.080852985 CEST	192.168.2.4	1.1.1.1	0x7729	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:01:07.081362009 CEST	192.168.2.4	1.1.1.1	0x3e20	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 27, 2024 00:01:22.207559109 CEST	192.168.2.4	1.1.1.1	0x9f28	Standard query (0)	userstatics.com	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:01:22.207700014 CEST	192.168.2.4	1.1.1.1	0x3f9e	Standard query (0)	userstatics.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 27, 2024 00:01:07.170559883 CEST	1.1.1.1	192.168.2.4	0x7729	No error (0)	www.google.com		142.250.80.68	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:01:07.171416998 CEST	1.1.1.1	192.168.2.4	0x3e20	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 27, 2024 00:01:18.232518911 CEST	1.1.1.1	192.168.2.4	0xe658	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:01:18.232518911 CEST	1.1.1.1	192.168.2.4	0xe658	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:01:18.603398085 CEST	1.1.1.1	192.168.2.4	0x677c	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 27, 2024 00:01:18.603398085 CEST	1.1.1.1	192.168.2.4	0x677c	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:01:22.299061060 CEST	1.1.1.1	192.168.2.4	0x3f9e	No error (0)	userstatics.com			65	IN (0x0001)	false
Apr 27, 2024 00:01:22.299117088 CEST	1.1.1.1	192.168.2.4	0x9f28	No error (0)	userstatics.com		104.21.53.38	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:01:22.299117088 CEST	1.1.1.1	192.168.2.4	0x9f28	No error (0)	userstatics.com		172.67.208.186	A (IP address)	IN (0x0001)	false
Apr 27, 2024 00:01:23.083955050 CEST	1.1.1.1	192.168.2.4	0x14a	No error (0)	windowsupdatebg.s.llnwi.net		69.164.46.0	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

https:

userstatics.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49744	23.51.58.94	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 22:01:08 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 22:01:08 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=32560 Date: Fri, 26 Apr 2024 22:01:08 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49745	23.51.58.94	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 22:01:10 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 22:01:10 UTC	455	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 Cache-Control: public, max-age=32538 Date: Fri, 26 Apr 2024 22:01:10 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 22:01:10 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49768	104.21.53.38	443	5576	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 22:01:22 UTC	654	OUT	GET /get/script.js?referrer=https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html HTTP/1.1 Host: userstatics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://3rdkxalxjperror10427.z31.web.core.windows.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 22:01:23 UTC	827	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 22:01:23 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.2.1 Access-Control-Allow-Origin: https://3rdkxalxjperror10427.z31.web.core.windows.net Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Headers: X-Requested-With,content-type Access-Control-Allow-Credentials: true CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BznPBK%2B1%2BC9MzzkrNiG8x3SnKGbY8YZUXm66GPWydza2LwlpPN0k73fFQrRVbwveWwnIMoBdmYA0VVSuJTAUmgGx2ZNFX0h1P%2FFrN5rPhjaTwfsAGdSkDmMM6TII07nmQHg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87a9d9de4e954346-EWR alt-svc: h3=":443"; ma=86400
2024-04-26 22:01:23 UTC	139	IN	Data Raw: 38 35 0d 0a 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 73 63 72 69 70 74 22 29 2e 66 6f 72 45 61 63 68 28 65 3d 3e 7b 6e 65 77 20 52 65 67 45 78 70 28 61 74 6f 62 28 22 64 58 4e 6c 63 6e 4e 30 59 58 52 70 59 33 4d 75 59 32 39 74 22 29 29 2e 74 65 73 74 28 65 2e 73 72 63 29 26 26 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 65 29 7d 29 3b 0d 0a Data Ascii: 85document.querySelectorAll("script").forEach(e=>{new RegExp(atob("dXNlcnN0YXRpY3MuY29t")).test(e.src)&&document.body.removeChild(e)});
2024-04-26 22:01:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 344, Parent PID: 5900

General

Target ID:	0
Start time:	00:00:56
Start date:	27/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5576, Parent PID: 344

General

Target ID:	2
Start time:	00:01:01
Start date:	27/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2364,i,10590345462219129117,6816726276157844506,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6524, Parent PID: 5900

General

Target ID:	3
Start time:	00:01:03
Start date:	27/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Windows Analysis Report
https://3rdkxalxjperror10427.z31.web.core.windows.net/ErW0ind0SmW0Security04/index.html