Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://live.dot.vu/p/dholcomb/landing-page-trends-report/

Overview

General Information

Sample URL:	https://live.dot.vu/p/dholcomb/landing-page-trends-report/
Analysis ID:	1632398
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA

Score:	84
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Tycoon 2FA PaaS

AI detected landing page (webpage, office document or email)

Creates files inside the system directory

Deletes files inside the Windows folder

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Invalid T&C link found

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 5856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5596 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2000,i,17989972940415024766,5736517667624462038,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://live.dot.vu/p/dholcomb/landing-page-trends-report/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
1.62.d.script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.62.d.script.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
2.2.pages.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
2.1.pages.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
2.2.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
2.1.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
2.1.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
2.2.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
1.78..script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
3.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
3.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
Click to see the 6 entries

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://eo.chuylerf.com/pxrubdmbpaalgorl1q0mm7cogzm9vyth190zhe4gtnq57?FOVHHHCJEDPHEYBFYHBWMJNSLXMTLD	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL 'eo.chuylerf.com' does not match the legitimate domain for Microsoft., The domain 'chuylerf.com' is not associated with Microsoft and appears suspicious., The use of a subdomain 'eo' and an unrelated primary domain 'chuylerf.com' suggests a potential phishing attempt., The input fields 'Email, phone, or Skype' are commonly targeted in phishing attacks to harvest personal information. DOM: 3.4.pages.csv
Source: https://eo.chuylerf.com/pxrubdmbpaalgorl1q0mm7cogzm9vyth190zhe4gtnq57?FOVHHHCJEDPHEYBFYHBWMJNSLXMTLD	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL 'eo.chuylerf.com' does not match the legitimate domain for Microsoft., The domain 'chuylerf.com' is not associated with Microsoft and appears suspicious., The use of a subdomain 'eo' and an unrelated primary domain 'chuylerf.com' suggests a potential phishing attempt., The input fields 'Email, phone, or Skype' are commonly targeted in phishing attacks to harvest personal information. DOM: 3.5.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 3.4.pages.csv, type: HTML
Source: Yara match	File source: 3.5.pages.csv, type: HTML

Yara detected Invisible JS

Source: Yara match	File source: 1.62.d.script.csv, type: HTML
Source: Yara match	File source: 2.1.pages.csv, type: HTML
Source: Yara match	File source: 2.2.pages.csv, type: HTML

Yara detected Obfuscation Via HangulCharacter

Source: Yara match	File source: 1.62.d.script.csv, type: HTML
Source: Yara match	File source: 2.2.pages.csv, type: HTML
Source: Yara match	File source: 2.1.pages.csv, type: HTML
Source: Yara match	File source: 1.78..script.csv, type: HTML

Yara detected Tycoon 2FA PaaS

Source: Yara match	File source: 2.2.pages.csv, type: HTML
Source: Yara match	File source: 2.1.pages.csv, type: HTML

AI detected landing page (webpage, office document or email)

Source: https://live.dot.vu/p/dholcomb/landing-page-trends-report/

Joe Sandbox AI: Page contains button: 'VIEW DOCUMENT HERE' Source: '1.0.pages.csv'

Source: https://eo.chuylerf.com/pxrubdmbpaalgorl1q0mm7cogzm9vyth190zhe4gtnq57?FOVHHHCJEDPHEYBFYHBWMJNSLXMTLD

HTTP Parser: Number of links: 0

Source: https://eo.chuylerf.com/pxrubdmbpaalgorl1q0mm7cogzm9vyth190zhe4gtnq57?FOVHHHCJEDPHEYBFYHBWMJNSLXMTLD

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://eo.chuylerf.com/v3HNIp/

HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Office 365 Documentation</title> <style> body { font-family: Arial, sans-serif...

Source: https://eo.chuylerf.com/pxrubdmbpaalgorl1q0mm7cogzm9vyth190zhe4gtnq57?FOVHHHCJEDPHEYBFYHBWMJNSLXMTLD

HTTP Parser: Title: Login For Account Security does not match URL

Source: https://eo.chuylerf.com/pxrubdmbpaalgorl1q0mm7cogzm9vyth190zhe4gtnq57?FOVHHHCJEDPHEYBFYHBWMJNSLXMTLD	HTTP Parser: Invalid link: Terms of use
Source: https://eo.chuylerf.com/pxrubdmbpaalgorl1q0mm7cogzm9vyth190zhe4gtnq57?FOVHHHCJEDPHEYBFYHBWMJNSLXMTLD	HTTP Parser: Invalid link: Privacy & cookies

Source:	HTTP Parser: var otherweburl = "";var websitenames = ["godaddy", "okta"];var bes = ["apple.com","netflix.com"];var pes = ["https:\/\/t.me\/","https:\/\/t.com\/","t.me\/","https:\/\/t.me.com\/","t.me.com\/","t.me@","https:\/\/t.me@","https:\/\/t.me","https:\/\/t.com","t.me","https:\/\/t.me.com","t.me.com","t.me\/@","https:\/\/t.me\/@","https:\/\/t.me@\/","t.me@\/","https:\/\/www.telegram.me\/","https:\/\/www.telegram.me"];var capnum = 1;var appnum = 1;var pvn = 0;var view = "";var pagelinkval = "dib30";var emailcheck = "0";var webname = "rtrim(/web8/, '/')";var urlo = "/ujvk4ull1m9n3erxw0yvpwstt50cmcs6mizioombbsw07urmke9872ao05";var gdf = "/ghzxaxtwdkzbwvuxbai5zmzuvqwrbndiprgn7ldcd120";var odf = "/ijfa6t1lxyphllfwyz9jylffw79ftp0j0ltkcd645";var twa = 0;var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "";var useragent = navigator.useragent;var browsername;var userip;var usercountry;var errorcodeexecuted = false;if(useragent.match(/edg/i)){ ...
Source: https://eo.chuylerf.com/v3HNIp/	HTTP Parser: function gkciswhcje(){toyazvkjpc = atob("pcfet0nuwvbfigh0bww+cjxodg1sigxhbmc9imvuij4kpghlywq+ciagica8bwv0ysbjagfyc2v0psjvveytoci+ciagica8bwv0ysbuyw1lpsj2awv3cg9ydcigy29udgvudd0id2lkdgg9zgv2awnllxdpzhrolcbpbml0awfslxnjywxlpteumci+ciagica8dgl0bgu+r3jhcghpyybdyxjkifdlyibuzw1wbgf0ztwvdgl0bgu+ciagica8c3r5bgu+ciagicagicagym9kesb7ciagicagicagicagigzvbnqtzmftawx5oiantw9udhnlcnjhdccsihnhbnmtc2vyawy7ciagicagicagicagigjhy2tncm91bmqty29sb3i6icmxytfhmmu7ciagicagicagicagignvbg9yoiajztblmguwowogicagicagicagicbtyxjnaw46ida7ciagicagicagicagihbhzgrpbmc6ida7ciagicagicagicagigxpbmutagvpz2h0oiaxljy7ciagicagicagfqogicagicagighlywrlcib7ciagicagicagicagigjhy2tncm91bmqty29sb3i6icmxnjixm2u7ciagicagicagicagihbhzgrpbmc6idmwchg7ciagicagicagicagihrlehqtywxpz246ignlbnrlcjskicagicagicagicagym9yzgvylwjvdhrvbtogm3b4ihnvbglkicnlotq1nja7ciagicagicagfqogicagicagighlywrlcibomsb7ciagicagicagicagig1hcmdpbjogmdskicagicagicagicagzm9udc1zaxploia0mnb4owogicagicagicagicbjb2xvcjogi2u5ndu2mdskicagicagicagicagdgv4dc10cmfuc2zvcm06ihvwcgvyy2fzztskicagicagi...

Source: https://eo.chuylerf.com/pxrubdmbpaalgorl1q0mm7cogzm9vyth190zhe4gtnq57?FOVHHHCJEDPHEYBFYHBWMJNSLXMTLD

HTTP Parser: <input type="password" .../> found

Source: https://eo.chuylerf.com/pxrubdmbpaalgorl1q0mm7cogzm9vyth190zhe4gtnq57?FOVHHHCJEDPHEYBFYHBWMJNSLXMTLD

HTTP Parser: No favicon

Source: https://eo.chuylerf.com/pxrubdmbpaalgorl1q0mm7cogzm9vyth190zhe4gtnq57?FOVHHHCJEDPHEYBFYHBWMJNSLXMTLD

HTTP Parser: No <meta name="author".. found

Source: https://eo.chuylerf.com/pxrubdmbpaalgorl1q0mm7cogzm9vyth190zhe4gtnq57?FOVHHHCJEDPHEYBFYHBWMJNSLXMTLD

HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49748 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 40MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /p/dholcomb/landing-page-trends-report/ HTTP/1.1Host: live.dot.vuConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cloud/css/inc_live.min.ea842e342a89866e.css HTTP/1.1Host: 4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://live.dot.vu/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/f8b7637500d28420b64e2e0c558350cf.png HTTP/1.1Host: 2602be50ef1bade7a2db-b79efcb2159d30e50ba2339a24d7c7ed.ssl.cf3.rackcdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://live.dot.vu/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cloud/js/live_vendor_bundle.3276b8a81ed29823.js HTTP/1.1Host: 4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://live.dot.vu/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/f8b7637500d28420b64e2e0c558350cf.png HTTP/1.1Host: 2602be50ef1bade7a2db-b79efcb2159d30e50ba2339a24d7c7ed.ssl.cf3.rackcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cloud/js/live_bundle.3c67f9789a583d15.js HTTP/1.1Host: 4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://live.dot.vu/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/853a32f7688d230aac0a53eb297f7e2b.jpg HTTP/1.1Host: 527d6243594cd3bae314-8f07a30c4b28d440d2b580e99b7b8ed5.ssl.cf3.rackcdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://live.dot.vu/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cloud/js/inc_liveEs5.23af589c2deea6a9.js HTTP/1.1Host: 4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://live.dot.vu/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/poppins-bold-webfont.woff2 HTTP/1.1Host: live.dot.vuConnection: keep-aliveOrigin: https://live.dot.vusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://live.dot.vu/p/dholcomb/landing-page-trends-report/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: dot_session=9fa7750783408cffa419125b441b3e0c4542c083663f511f506bde8ed89977ef
Source: global traffic	HTTP traffic detected: GET /fonts/poppins-regular-webfont.woff2 HTTP/1.1Host: live.dot.vuConnection: keep-aliveOrigin: https://live.dot.vusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://live.dot.vu/p/dholcomb/landing-page-trends-report/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: dot_session=9fa7750783408cffa419125b441b3e0c4542c083663f511f506bde8ed89977ef
Source: global traffic	HTTP traffic detected: GET /files/853a32f7688d230aac0a53eb297f7e2b.jpg HTTP/1.1Host: 527d6243594cd3bae314-8f07a30c4b28d440d2b580e99b7b8ed5.ssl.cf3.rackcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon/dot-favicon-57x57.png?7 HTTP/1.1Host: 4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://live.dot.vu/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon/dot-favicon-57x57.png?7 HTTP/1.1Host: 4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/dholcomb/landing-page-trends-report/__page-api__/data/flush/v2 HTTP/1.1Host: live.dot.vuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: dot_session=9fa7750783408cffa419125b441b3e0c4542c083663f511f506bde8ed89977ef; dot_v_12174=67cb634272ffc27dfb51fddd
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://eo.chuylerf.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://eo.chuylerf.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://eo.chuylerf.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://eo.chuylerf.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://eo.chuylerf.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=P990EGIhxcZdRROlZe8r7YtkUPFFDyeBPPRyx.nI6.4-1741382473-1.0.1.1-7hvrTh5RxOIsx6qT_bJSKeI6cnlP.i79nBMFjuR_Tnu.vASoMHbXjGSAKlOtuJ37vxn8.h7j35VXaiTe9jnAr1eIiga9iWQIE7.eCb0jkFk
Source: global traffic	HTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://eo.chuylerf.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250307%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250307T211938Z&X-Amz-Expires=300&X-Amz-Signature=12b7bc66bf67e2100a533cefe50978db69728925214ffba84175535575cad14e&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://eo.chuylerf.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: live.dot.vu
Source: global traffic	DNS traffic detected: DNS query: 4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com
Source: global traffic	DNS traffic detected: DNS query: 2602be50ef1bade7a2db-b79efcb2159d30e50ba2339a24d7c7ed.ssl.cf3.rackcdn.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 527d6243594cd3bae314-8f07a30c4b28d440d2b580e99b7b8ed5.ssl.cf3.rackcdn.com
Source: global traffic	DNS traffic detected: DNS query: eo.chuylerf.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: developers.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: pkwvq.zvaznx.ru
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: ok4static.oktacdn.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com

Source: unknown

HTTP traffic detected: POST /p/dholcomb/landing-page-trends-report/__page-api__/data/flush/v2 HTTP/1.1Host: live.dot.vuConnection: keep-aliveContent-Length: 47sec-ch-ua-platform: "Windows"X-Csrf-Token: 0a00b0d314de02def2c7e4f488594d65dfd557f2c856b21e7d06be9d56fb5ddaX-Dot-Session-Id: 9fa7750783408cffa419125b441b3e0c4542c083663f511f506bde8ed89977efsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01Content-Type: application/x-www-form-urlencoded; charset=UTF-8Origin: https://live.dot.vuSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://live.dot.vu/p/dholcomb/landing-page-trends-report/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: dot_session=9fa7750783408cffa419125b441b3e0c4542c083663f511f506bde8ed89977ef; dot_v_12174=67cb634272ffc27dfb51fddd

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: ApacheCache-Control: no-cache, max-age=0, must-revalidate, no-storeContent-Type: text/html;charset=UTF-8Content-Security-Policy: default-src 'none';base-uri 'none';script-src 'nonce-YlWOurDYdb5N8TV1yy3K9A==' 'strict-dynamic' 'unsafe-inline' https:;style-src 'self' 'nonce-YlWOurDYdb5N8TV1yy3K9A==';Strict-Transport-Security: max-age=7776000, includeSubDomainsDate: Fri, 07 Mar 2025 21:21:20 GMTKeep-Alive: timeout=5, max=100X-Xss-Protection: 1; mode=blockContent-Language: en-GBX-Content-Type-Options: nosniffConnection: closeContent-Length: 418

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown

HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49748 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir5856_959998772

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir5856_959998772

Source: classification engine

Classification label: mal84.phis.win@22/47@48/199

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2000,i,17989972940415024766,5736517667624462038,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://live.dot.vu/p/dholcomb/landing-page-trends-report/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2000,i,17989972940415024766,5736517667624462038,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Scripting	1 Extra Window Memory Injection	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File Deletion	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Extra Window Memory Injection	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://live.dot.vu/p/dholcomb/landing-page-trends-report/	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com/cloud/js/live_bundle.3c67f9789a583d15.js	0%	Avira URL Cloud	safe
https://4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com/cloud/js/live_vendor_bundle.3276b8a81ed29823.js	0%	Avira URL Cloud	safe
https://527d6243594cd3bae314-8f07a30c4b28d440d2b580e99b7b8ed5.ssl.cf3.rackcdn.com/files/853a32f7688d230aac0a53eb297f7e2b.jpg	0%	Avira URL Cloud	safe
https://4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com/cloud/css/inc_live.min.ea842e342a89866e.css	0%	Avira URL Cloud	safe
https://live.dot.vu/fonts/poppins-regular-webfont.woff2	0%	Avira URL Cloud	safe
https://2602be50ef1bade7a2db-b79efcb2159d30e50ba2339a24d7c7ed.ssl.cf3.rackcdn.com/files/f8b7637500d28420b64e2e0c558350cf.png	0%	Avira URL Cloud	safe
https://live.dot.vu/fonts/poppins-bold-webfont.woff2	0%	Avira URL Cloud	safe
https://4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com/cloud/js/inc_liveEs5.23af589c2deea6a9.js	0%	Avira URL Cloud	safe
https://4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com/favicon/dot-favicon-57x57.png?7	0%	Avira URL Cloud	safe
https://live.dot.vu/p/dholcomb/landing-page-trends-report/__page-api__/data/flush/v2	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=iM8bzcKjqG4ndBeGyON2XH83QfWloL77ZD7Y9BrDwYPn3TA739IZFZbFmkORsmrMZ1aSdpZRmSTHilv24hhUZZ5We69IW0DqkorC8we5Ck8c0H4ApHRc5E5vb1x9	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
pkwvq.zvaznx.ru	104.21.64.1	true	false		unknown
a.nel.cloudflare.com	35.190.80.1	true	false		high
developers.cloudflare.com	104.16.2.189	true	false		high
github.com	140.82.121.3	true	false		high
e4848.g.akamaiedge.net	2.16.184.139	true	false		unknown
code.jquery.com	151.101.130.137	true	false		high
eo.chuylerf.com	172.67.181.138	true	true		unknown
cdnjs.cloudflare.com	104.17.25.14	true	false		high
live.dot.vu	134.213.78.31	true	false		unknown
challenges.cloudflare.com	104.18.94.41	true	false		high
www.google.com	142.250.186.164	true	false		high
d19d360lklgih4.cloudfront.net	13.33.187.120	true	false		high
objects.githubusercontent.com	185.199.108.133	true	false		high
4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com	unknown	unknown	false		unknown
527d6243594cd3bae314-8f07a30c4b28d440d2b580e99b7b8ed5.ssl.cf3.rackcdn.com	unknown	unknown	false		unknown
ok4static.oktacdn.com	unknown	unknown	false		high
2602be50ef1bade7a2db-b79efcb2159d30e50ba2339a24d7c7ed.ssl.cf3.rackcdn.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://eo.chuylerf.com/v3HNIp/	false		unknown
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	false		high
https://developers.cloudflare.com/favicon.png	false		high
https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js	false		high
https://eo.chuylerf.com/pxrubdmbpaalgorl1q0mm7cogzm9vyth190zhe4gtnq57?FOVHHHCJEDPHEYBFYHBWMJNSLXMTLD	true		unknown
https://live.dot.vu/p/dholcomb/landing-page-trends-report/__page-api__/data/flush/v2	true	Avira URL Cloud: safe	unknown
https://live.dot.vu/p/dholcomb/landing-page-trends-report/	true		unknown
https://4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com/cloud/css/inc_live.min.ea842e342a89866e.css	false	Avira URL Cloud: safe	unknown
https://4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com/cloud/js/live_bundle.3c67f9789a583d15.js	false	Avira URL Cloud: safe	unknown
https://4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com/favicon/dot-favicon-57x57.png?7	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=iM8bzcKjqG4ndBeGyON2XH83QfWloL77ZD7Y9BrDwYPn3TA739IZFZbFmkORsmrMZ1aSdpZRmSTHilv24hhUZZ5We69IW0DqkorC8we5Ck8c0H4ApHRc5E5vb1x9	false	Avira URL Cloud: safe	unknown
https://527d6243594cd3bae314-8f07a30c4b28d440d2b580e99b7b8ed5.ssl.cf3.rackcdn.com/files/853a32f7688d230aac0a53eb297f7e2b.jpg	false	Avira URL Cloud: safe	unknown
https://4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com/cloud/js/live_vendor_bundle.3276b8a81ed29823.js	false	Avira URL Cloud: safe	unknown
https://4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com/cloud/js/inc_liveEs5.23af589c2deea6a9.js	false	Avira URL Cloud: safe	unknown
https://live.dot.vu/fonts/poppins-regular-webfont.woff2	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	false		high
https://live.dot.vu/fonts/poppins-bold-webfont.woff2	false	Avira URL Cloud: safe	unknown
https://2602be50ef1bade7a2db-b79efcb2159d30e50ba2339a24d7c7ed.ssl.cf3.rackcdn.com/files/f8b7637500d28420b64e2e0c558350cf.png	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
134.213.78.31	live.dot.vu	Ireland		15395	RACKSPACE-LONGB	false
173.194.76.84	unknown	United States		15169	GOOGLEUS	false
104.18.94.41	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
13.33.187.14	unknown	United States		16509	AMAZON-02US	false
104.21.64.1	pkwvq.zvaznx.ru	United States		13335	CLOUDFLARENETUS	false
142.250.185.227	unknown	United States		15169	GOOGLEUS	false
151.101.130.137	code.jquery.com	United States		54113	FASTLYUS	false
142.250.185.142	unknown	United States		15169	GOOGLEUS	false
104.21.96.1	unknown	United States		13335	CLOUDFLARENETUS	false
2.16.184.139	e4848.g.akamaiedge.net	European Union		16625	AKAMAI-ASUS	false
142.250.186.131	unknown	United States		15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
104.21.18.94	unknown	United States		13335	CLOUDFLARENETUS	false
142.250.186.74	unknown	United States		15169	GOOGLEUS	false
104.16.2.189	developers.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
104.122.33.118	unknown	United States		16625	AKAMAI-ASUS	false
142.250.186.163	unknown	United States		15169	GOOGLEUS	false
13.33.187.120	d19d360lklgih4.cloudfront.net	United States		16509	AMAZON-02US	false
140.82.121.3	github.com	United States		36459	GITHUBUS	false
23.57.20.118	unknown	United States		16625	AKAMAI-ASUS	false
142.250.185.238	unknown	United States		15169	GOOGLEUS	false
142.250.181.227	unknown	United States		15169	GOOGLEUS	false
172.67.181.138	eo.chuylerf.com	United States		13335	CLOUDFLARENETUS	true
142.250.186.164	www.google.com	United States		15169	GOOGLEUS	false
185.199.108.133	objects.githubusercontent.com	Netherlands		54113	FASTLYUS	false
142.250.185.74	unknown	United States		15169	GOOGLEUS	false
104.17.25.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1632398
Start date and time:	2025-03-07 22:20:14 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://live.dot.vu/p/dholcomb/landing-page-trends-report/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.phis.win@22/47@48/199

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.238, 142.250.185.227, 142.250.185.142, 173.194.76.84, 142.250.185.110, 142.250.186.74, 142.250.186.131, 142.250.185.78, 142.250.186.142
Excluded domains from analysis (whitelisted): fonts.googleapis.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://live.dot.vu/p/dholcomb/landing-page-trends-report/

Created / dropped Files

Chrome Cache Entry: 100

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	6115
Entropy (8bit):	7.965698067995616
Encrypted:	false
SSDEEP:
MD5:	A645D4A112ECB83403E4933D05D94B49
SHA1:	9F6D750EC991364D3FD8932245EC7ADEEB3EA4B1
SHA-256:	90D7A0D9F8298E5F0390199024AC77FCAECFF78E23A96D73B66AEABE3A816AE8
SHA-512:	AF7D0D23D0B9A3A12F8249D7AE96E03E67A2B7A004DC686F0E3CB8C896DA0F9B30CEF75424838A7FB2C1ABF62916E09C5DB0EAB7AA5E7FC3E7F355542DCC8BEA
Malicious:	false
Reputation:	unknown
URL:	https://eo.chuylerf.com/xyJcAATmDUrs8tcd23
Preview:	(./..X.g.zw..*.l.<...".V...qYo..SA.4..,.......5x..1bH...G.>.B..O(;0...zE~..sc...B-..:..Cje...G..%....V...]WD..?.N....v>V..:....].....[.......l3........'..%..{`....c.M...S(..S ..H Je....."..=.#..Vm.V.?.5.Zt..{j..6..?....Gb..]...q.....s&.ZU...9<,0L`.++=P.c.=.XM'co-N4.7W...JY.E"..:.-+.\gzc.j.!..e{...G..4... ...".0./.Zk..b...F...&0..@a...+\|l.......,#.\.'8.W;..&.KJ(m$!W..;'.........a.?w.Q.)...v...%7DA..%..}JD....c$#..Ph.H...p..)..{.........PFt..Q....1....-W.....P`....e...xP8.s...L.-..vZ.r=.q,..,Jz......tu.8L.0......zmi...O........V.^..?e.n........z......[..~.y..=_....v.N#{.f...Z.....eu..B.s.T.RnV...=.H/].OR..[W..6.l...n.-4..,.Q.Rn.....m}z.........NN......D...,.G...(...6..Ij.va89.N.(..JZ.6..s!.4..d.......=....){.Z:...^...h.m.FgIH,n.;......"...t......{=.F........9.... ...&.O.3....B-.y.6..c\.5..q.s,..-......E.....\.=....x!...~.$.k..=.i\|OQ.!H.m8..v.... ...]6..V.)...{0l..... .{.......?.6...:.j.a$..,m.%l).8..S.O%.I...G.&`.i<\".!. ...L8..-.

Chrome Cache Entry: 101

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	2376
Entropy (8bit):	7.90794867960839
Encrypted:	false
SSDEEP:
MD5:	244F7FC5A6A55C4F78503CC424826948
SHA1:	4F9FAD65C76C747CAECFBDA601E3754CD1A3E346
SHA-256:	70ABF63B32B010DE222640D7184E2E5A7A5A1179C4DC4FFAE4B8EE871DB26665
SHA-512:	C39D1B32EFE36E9217CEDAFE84126C607EAD9E7EA0A25783323BB7EC60F7736D61B6B4F1A3073724CB918FCEB7CF388887789A2C1087236A4A76EA5388280FD4
Malicious:	false
Reputation:	unknown
URL:	https://eo.chuylerf.com/ijDovMGdaFRJw3tAyov4Bw6Db3QIIplouwxZyLCB4jdmnvFzCdCMg8E678170
Preview:	Qts. V...$..S'c.1=.Ux.......{.......=rWa4g.J!..."...jvi.Z.Z.....7j/...E-...UZ..TkF.*..8.,.c=..Q+..L.T6..w?...7..u..q....._.....~.....H.E..z................_......~..~.O...yb.....\.......\|......J=..].+..G....b...x..U\..o./.\|\|\|\|\|\|.<..gO?>..Ky....o.x........?.zu..o..x.....W...9..D..."D..mmIX..P.B.n.Q.-.0..-..6..%.b....HU..bk$..A1.n..R.J.P...T5.#4;$.b..K ......T...JW..[-.`)...D!..0b.Rb.j........-.n..X.#.M._..%.NK....p8-...d..4..M:m.O...C.....c{.<..t.poJ.....7J.Q.&thq.oh-.u.1...Ee....J.y.. j.`.uZ.;-...+f.b...5..f]qG...cz[<1\.o.{.c]MBQ.........;B"0.{.s,H..G.<,..-QH..3..Q...R.D`..<....."w.I......V......u..=...D{....8...%$jw{d>....3}.^..u....AV.....XF.r.5.F...^0u....Owq...8#f.\?.Kle.5j...3...~...1.........d............@wr8..0............/>{......9F."..1........O..I"M[X.v..Pu..e...K.p.;U.y.B.m.G....L?....g..gc.i...sbG.v.e.f......<.\A..s...f8..=..nW..OS.-.dT.l.f.n...w..~ZC+.L.0.F.....].,D....n&.a~E.....u....w....%..tfV.BY..\|.,.X?U...9(../.T..,

Chrome Cache Entry: 102

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10017)
Category:	downloaded
Size (bytes):	10245
Entropy (8bit):	5.437589264532084
Encrypted:	false
SSDEEP:
MD5:	6C20A2BE8BA900BC0A7118893A2B1072
SHA1:	FF7766FDE1F33882C6E1C481CEED6F6588EA764C
SHA-256:	B1C42ACD0288C435E95E00332476781532ED002CAC6F3DCEE9110CED30B31500
SHA-512:	8F80AD8ADC44845D24E13D56738A2CA2A73EE6FCDC187542BA4AAEBBF8817935D053A2ACFB0D425B9CC0C582B5091E1C9FE16B90B3AA682187645067C267FC41
Malicious:	false
Reputation:	unknown
URL:	https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250307%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250307T211938Z&X-Amz-Expires=300&X-Amz-Signature=12b7bc66bf67e2100a533cefe50978db69728925214ffba84175535575cad14e&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
Preview:	//.// randexp v0.4.3.// Create random strings that match a given regular expression..//.// Copyright (C) 2016 by Roly Fentanes (https://github.com/fent).// MIT License.// http://github.com/fent/randexp.js/raw/master/LICENSE .//.!function(){var e="RandExp",t=function(){return function e(t,n,r){function o(s,i){if(!n[s]){if(!t[s]){var u="function"==typeof require&&require;if(!i&&u)return u(s,!0);if(a)return a(s,!0);var p=new Error("Cannot find module '"+s+"'");throw p.code="MODULE_NOT_FOUND",p}var h=n[s]={exports:{}};t[s][0].call(h.exports,function(e){var n=t[s][1][e];return o(n?n:e)},h,h.exports,e,t,n,r)}return n[s].exports}for(var a="function"==typeof require&&require,s=0;s<r.length;s++)o(r[s]);return o}({1:[function(e,t,n){function r(e){return e+(e>=97&&122>=e?-32:e>=65&&90>=e?32:0)}function o(){return!this.randInt(0,1)}function a(e){return e instanceof h?e.index(this.randInt(0,e.length-1)):e[this.randInt(0,e.length-1)]}function s(e){if(e.type===p.types.CHAR)return new h(e.value);if(e.

Chrome Cache Entry: 103

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	462496
Entropy (8bit):	7.991949112106726
Encrypted:	true
SSDEEP:
MD5:	B25E75E325CDFA0B37B63EE979431356
SHA1:	38E1A83C0581BC41417279B70713367BDED789A5
SHA-256:	DC8E32BFC2451F6EC82A50C009F5A4CE5742A89055405C559E8E3CBB89791D9B
SHA-512:	C5A493C6B5984618882E9347D3655E069A040A87394BDAB7782208B0852F183C6FA6149F203734CC89DB4D9D070DC1E0068A4B6C3F738E271B72840FB0D25059
Malicious:	false
Reputation:	unknown
URL:	https://eo.chuylerf.com/347MzrdGVlX4SMEmmHPecloivb2klu03IRSGsWgkdtx089106
Preview:	(./..XD5...=0p.M....../..o=Ym.......t[..+z2\|....BW...K...,/.2........)....<u].z...>.B.{..k.p..9..`#.mt.S..Z....<....9.8`..y..M..^.....cO.:.K.m..}.V...{J...C..T.Sr.=.f....6..............l..X.a.=+..M....J.m..Q&...i[..&2..^.h+<.\|..N..s.._..4...e8...S/I..2J..............@0....D.I....Ba:..\|(a_........v..8-.h..1l.@..c....f.....O..B..<-...B..........d.,....N...S.a{.u....t.G..$$J^R..G!.....T;.b...W%@&M]x...M.}.Z<.}...=n.1'....%...e..:N.JTv..c.-.5[c...}.s.o.p...y&.....t.$..N.. .Cb.8+01.]ZQ.`.pj....Sj.......+..?..D...E.....;..$d...W....3..r.....U.h}.=I.H......rCD.u..+..C]j ..Z..C.$.......x..X.....RD+.m...AF,.......:..`.N..0..E....W...q....v.?..6.=.B._.7...........+....Sp.9..,C..>V..[......._B@Uw..2....).d......1......eZ}.\|E...X.!.y.pY...J...R1.-w.Ws......U.z<..r.].)*q.%m.,.}Nb02......\|.1Ee..L.....xrou..q...hg.`..YA..7...~MIC.#..c.M.....y...Q.."..C..&+W...0i..f.N5..x...F6.6"jU..(..!.......e..K..;.P..V....2.g.u.0.ZpM...J..+B_<..w..RZ..

Chrome Cache Entry: 104

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 36696, version 1.0
Category:	downloaded
Size (bytes):	36696
Entropy (8bit):	7.988666025644622
Encrypted:	false
SSDEEP:
MD5:	A69E9AB8AFDD7486EC0749C551051FF2
SHA1:	C34E6AA327B536FB48D1FE03577A47C7EE2231B8
SHA-256:	FD78A1913DB912221B8EAD1E62FAD47D1FF0A9FA6CD88D3B128A721AD91D2FAF
SHA-512:	9A0E4297282542B8813F9CC85B2CCB09663CE281F64503F9A5284631881DA9AACF7649553BF1423D941F01B97E6BC3BA50AB13E55E4B7B61C5AA0A4ADF4D390F
Malicious:	false
Reputation:	unknown
URL:	https://eo.chuylerf.com/GDSherpa-regular.woff
Preview:	wOFF.......X......6........0...(............DSIG...(............GPOS..........^>....GSUB.............3y.OS/2.......F...`h`{Zcmap...........<.?+.cvt .......0...<(...fpgm............?...gasp................glyf.."0..Tl...h...+head..v....4...6..}.hhea..v....!...$...Zhmtx..v........x;...loca..z\|...........tmaxp..~$... ... .-..name..~D.......'....post............1+.,prep.............P..x..\.\|U..Nr.^.......DD.T....V...C....U._.N..k.8.m...h.Q.6q....#....Y4l.}3.@ .............Z_....s.....>RD.....J....wR./...#.,<'f....4b..}(....P..\.s.9'.....-.Q..d..H.@%..K+....4U.4...yx.3..DkfJ..3S.H......\|..........%.B...........W.~..nN<x.?....}jn...W..M.7...?...:-uAjQ.4J.].vm....H{&...y..@....G...~.......x=.V..g.;..@..J.l...G..L... gM..h.....Q!}B...Q.m.M...R.5.JUi..U_5@]..PW...5H.VW.k..:5D].nP#..5V=....x.....W/...E5I...NVS.T.u...^U3._...m5G-P...U...Gj.V..j.Z...j..BJ.._Pw..0..f...q...q5...'.F=MIj.7..^.f."..K\..pHMC.t.W.Z.Bz...l.+.....e\|......B>....1.a,.D.Ej..(.

Chrome Cache Entry: 105

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 222931
Category:	downloaded
Size (bytes):	37602
Entropy (8bit):	7.992431619910663
Encrypted:	true
SSDEEP:
MD5:	65C8E946B531157A11540468B5AC0047
SHA1:	C7F3345A671D3C7DBA2289D6F58D413A5D4F4A28
SHA-256:	4E8970B4FDC306A25683625031983483FDB8EF809F7F2539C64120D13772EA18
SHA-512:	99D5B2D292BC10CB55414EAF1AD2B75FC5B38BE14F7A734FA150918B692249F26C053BCEE133C34CFF04F7D5BD4CBC3D337E8BD1C01FC8C7810365B39426F65C
Malicious:	false
Reputation:	unknown
URL:	https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
Preview:	...........ko#I. .}~EL..dv).\|..D.uO.....;.........dP.N..b.......r?.~...{..<.I)..\.U%........../..}S..W.._.k~.....C.{....X.f.z[._V.rq...l}.._.n]<..V...7..l4.\.>._...,....C....CY.?.f.1\|.)>...a........?w.rYm.g..........C..P......\|.o/...O.~......\|_..r......;.}(?..b]..4.I...x...r^...~...<T.e.m....P},y..0.W.{..0.f#x%Q....&..C.&...w......N.a..4...6.z.(.f..)a.....:..U../....../.....vu.D....\..\V.MF...}OK.......y.]..g...v.h...b...kF)HS.t5\|....f.4!..8xtm.S.zg.c../...dn..........&5..-7<....\|S.......U3..$`Y.....M.,q.\.{`.`i......y..p......Z9Z..O./weq...r..{........W..z.!.... ;....b..;....l.......l.[.......j...,.v..j..n..,.Uq\...9..D..V.O1y.0..j..NF<....+&...8C.\..&.(\Dk.`1...B..X,..onnD@"c.......PF.).............z..*k...2..;.C@.=D(.!X..GC.^...I@.hD.f..T.?DpZ.W......a5...j5..M<\|.'LC....'..VM.R&.t:..k...As(.p..f...W..s.#........0..\|u.......-....r....O.5\.7K..=f....{......I..yZ.[.b^.}...ts;..Q.jyw5.2lv7.O.zA.J.......j>.k..H.. .._y5!&.?..r.!.=~'.iQ.

Chrome Cache Entry: 106

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Category:	downloaded
Size (bytes):	48236
Entropy (8bit):	7.994912604882335
Encrypted:	true
SSDEEP:
MD5:	015C126A3520C9A8F6A27979D0266E96
SHA1:	2ACF956561D44434A6D84204670CF849D3215D5F
SHA-256:	3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA
SHA-512:	02A20F2788BB1C3B2C7D3142C664CDEC306B6BA5366E57E33C008EDB3EB78638B98DC03CDF932A9DC440DED7827956F99117E7A3A4D55ACADD29B006032D9C5C
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Preview:	wOF2.......l......D...............................O..B..h?HVAR.x.`?STAT.$'...0+...\|.../V........+..2.0..6.6.$..`. ..~......[B4q.....t..P.M_.z...1..R.S...u.#..R....fR.1.N.v.N.P...;.2........!Z......Qs...5f.G.K.an2&....2.........C.H.t..N!.....nh.<(.vN.....j.._.L.P.t..Ai.%.............._I.i,..o,C.].H.X9.....a.=N....k.....n.L..k.f.u..{...:.}^\[..~5...Z`...........`!...%4..,...K0..&.a/....P....S....m.Z......u...D.j.F...f.0`I.`.`.h#..)(FQ.F!o$........S.).MV8%Rh...r...x...T]$.=......Y...!.3.&U..."....Q....{.l/0..d..4iJ/..}...3....i[Z..NG.WD...>.[U..Q.h..@m.=..S...1C2...d...<..v.?.q.f..n...OUz.....&Z......Z."..N.....n...9.B..C..W....}...W..6Zs.i.+Z........jB.n..x.8M.....q..@I....-.%..,C,..K..#.2...4)/.v_..x.<....t.....%[.4?.=j.V..jj''..W.u..q....I.L.=......E...\.M.7{.>......W........C.`...,9$......\..o........y...4A..m.P.,X..=?.:................wF`..+.P..........M!.4.......l.>M..t.ff5r..^..Z.g...!fA,hIIQ...e.R>B.AH.VuX..>..\.=.ky...1>C....>C.c.;...6D.

Chrome Cache Entry: 107

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	dropped
Size (bytes):	1298
Entropy (8bit):	6.665390877423149
Encrypted:	false
SSDEEP:
MD5:	32CA2081553E969F9FDD4374134521AD
SHA1:	7B09924C4C3D8B6E41FE38363E342DA098BE4173
SHA-256:	216FC342A469AA6A005B2EACC24622095E5282D3E9F1AE99CE54C27B92EC3587
SHA-512:	F75749C6344FCD7BF06872A3678BB2EB4CAE2DDC31CC5D1EE73EFBA843705577841667733A83163AF4336EC8A32DF93E7A36155BD6282D7BB86159644975948C
Malicious:	false
Reputation:	unknown
Preview:	RIFF....WEBPVP8X....0...k.....ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPHX.....\m{.z..........T ..Q....R...X....U`..@......Yyy..<q.."b..a....K._.....jH....}q..........^.-.\.4. &.H~.q..H.q.'.t..p....0)...X.....8./.... ..6.#H..Y..../...E>.#.tv....9.\.p5......h......1.{@.k].(1...B.........u.n....=....sX...*..I.c]r....S.....u.a...X.....Pi..q.$73..ga..h%9.S.l.....}....^%.@:Q....we8x..j..3.^.}5.fFtZ...3....<. x.s....d@(./.<].y...m.....T..........T.P`....5..<qYl.g..k..N. `_...f....yN.R.PB..p\|..-.%.`y.._.]C.v.<.Y...V..I..(.c....>...........k....nt

Chrome Cache Entry: 108

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1572)
Category:	downloaded
Size (bytes):	30128
Entropy (8bit):	5.3458898241461155
Encrypted:	false
SSDEEP:
MD5:	9034BBAF75926FEE6C18B238EE2322E5
SHA1:	0DD967881608562CB3B76010C5A225F5EB5F109A
SHA-256:	A25C1B02D41DC9AD07FC85393ADD347F813AE6B48D7638D80F002C4E8ADAE48C
SHA-512:	4FB94D750DDFA3F5EE2A1ED70535569746A38AC1295C12F6645E036DA4D66B38F3EF789BB1E48165AFA6A246A927A11E68E732EFDC58D23918004A70F385632D
Malicious:	false
Reputation:	unknown
URL:	"https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,400,300,700&display=swap"
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Open Sans';. font-style: italic;. font-weight: 300;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtE6F15M.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Open Sans';. font-style: italic;. font-weight: 300;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWvU6F15M.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext */.@font-face {. font-family: 'Open Sans';. font-style: italic;. font-weight: 300;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtU6F15M.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}

Chrome Cache Entry: 109

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	dropped
Size (bytes):	1204
Entropy (8bit):	7.804295004872199
Encrypted:	false
SSDEEP:
MD5:	C051B9B6CB9D72BE788D7DF924625D6F
SHA1:	B41BF64E3CD816C3CAD7A84092B57E4E8DF474DC
SHA-256:	B5649F16F82BD07C990D7925EC06EE87B169A8857E11C3018BF355A7C15C0C4D
SHA-512:	BEED178582C5760A411FC16DA416F97922204F5C1B1EA89835B1929FDDA2A84272562514831B02BFC9A4472C10180C8908F66BD1956C7ECDBB5B62ED5AA47B04
Malicious:	false
Reputation:	unknown
Preview:	(./..X$%.JP..! .$mP........f..=t....wHL......p............>\I.3o.S.......>QU....j-M.......+m5Y.[..g.....T....jf....t."..ki.k..H6.>e...-^."s......$...........(4PPL,h$.....P...8. (...........P.."8.p.1a.....HPPSh.h(..HP...X(..B....._\\,,.x.hH(4T4.`.!!..!T...?.h$2).....)...C.M.&ye.2a.....I\#......$B.P..?.gh....Y....u.\|E.5...'..OQ.l......>I..@....;.j....h.1=.....S]..Ly,."I..`..j.f"..tdzk.\|...O..g..2...VB..t...,.O...M4."..m..I&uhO.....Eg.:..V....b...l5V3..:4.$M5A,J.I!..w&kkb.$.i.!...g.X..wM...6....2.TV&De...mT.X~...#].n.I.:4c...K3..O...[..F.3.Y.!TO!2}.h..................DS.x.Gk..E ....A"P/..0.`4W.^..r.&b]..sH...t..).h.A$.Xj..f.%..4Z...=s...h..^.s4....6.h<...{.eU.r...8..I..0.c......34..D.W&.eF. .O>A"O.$.O.[..a.RD.....M...@.....m.@8M1.$H.$M:.J.....#[...~."t...&)Lo.zt5.d.P.A....?!. ...-Ar.U.....Y...4K......<.7v....=-x.N~.G.'.@...X....Z..2.`.4C..Tj..'..K.......Z/.?'M.".o9...../....q\|.....AR...o.!...Q.8.sH>5.Gk.p..\|....2#.8.df=...-.G...m~.r...

Chrome Cache Entry: 111

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (48238)
Category:	downloaded
Size (bytes):	48239
Entropy (8bit):	5.343270713163753
Encrypted:	false
SSDEEP:
MD5:	184E29DE57C67BC329C650F294847C16
SHA1:	961208535893142386BA3EFE1444B4F8A90282C3
SHA-256:	DD03BA1DD6D73643A8ED55F4CEBC059D673046975D106D26D245326178C2EB9D
SHA-512:	AF3D62053148D139837CA895457BEEF7620AA52614B9A08FD0D5BEF8163F4C3B9E8D7B2A74D29079DB3DACC51D98AE4A5DC19C788928E5A854D7803EBB9DED9C
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js
Preview:	"use strict";(function(){function Ht(e,t,a,o,c,l,v){try{var h=e[l](v),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function qt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);function v(s){Ht(l,o,c,v,h,"next",s)}function h(s){Ht(l,o,c,v,h,"throw",s)}v(void 0)})}}function V(e,t){return t!=null&&typeof Symbol!="undefined"&&t[Symbol.hasInstance]?!!t[Symbol.hasInstance](e):V(e,t)}function De(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function Ve(e){for(var t=1;t<arguments.length;t++){var a=arguments[t]!=null?arguments[t]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){De(e,c,a[c])})}return e}function Ir(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 112

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	dropped
Size (bytes):	13
Entropy (8bit):	3.5465935642949384
Encrypted:	false
SSDEEP:
MD5:	E09C3D77EF897191660B908218F413E1
SHA1:	DE4597455EFFC2623C3FD6B69FA812A66C475100
SHA-256:	355382ACC32B88120E9126B76F46642081AC688504FA6534980405B2942C4D9F
SHA-512:	3E696F02546C8263507A4572AE9ABB0754409F98BA4C6848901F08BFF310D8CF0D0660F822EB3BFB58C368FD5E747924C5BC2253069B1A652E32E9DAD64AF64A
Malicious:	false
Reputation:	unknown
Preview:	(./..X......Q

Chrome Cache Entry: 113

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	dropped
Size (bytes):	209
Entropy (8bit):	7.003729227650454
Encrypted:	false
SSDEEP:
MD5:	0BA9541A7F11910912B741BE2ED00B0A
SHA1:	31F6C6FDBC3F3A64FBAB4FFBB10EBDF8C87586ED
SHA-256:	C83E0201A889D1DC836DBB4AD833D22763B4D6E6958791886761D6C7021C4630
SHA-512:	818E66183AB061CDFABE1A5FF77AA0788E99EC118365693162464E66B8B9E970172BCF0ACE742B2EFE28D9E0EFFD2D442EE70DFAF5FDE47A1B738D62251307A0
Malicious:	false
Reputation:	unknown
Preview:	(./..X...R.*.Pg...S..Z.g.n0...[..H....\.L..P6U9........yO..................ux.....%.....a._...y....j?.K.i.....Y.).=....6..Q..:..O...5...ic..q.n.o....eSUw/%.Lb7.{..XX;..EQ4.l......=.....&..../?.(....P.

Chrome Cache Entry: 114

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	128
Entropy (8bit):	4.750616928608237
Encrypted:	false
SSDEEP:
MD5:	D90F02F133E7B82AF89B3E58526AC459
SHA1:	F1D6D47EFE0D920F5BC5024E813554BD2F8A1650
SHA-256:	FCF0826E3EA7D24F6C73417BFF62AD84191ECC837DBFB10E60A2547580C3C14D
SHA-512:	83C187216CE1B44E23000DF4F25A4BAA7C5E0066E62C3E0D0203B013B5C26D097C6B225C58E345204B47E5E7BF34D4A8E60F7DF63D6083157C6CB9707DD9C41E
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCVLZ8txUeVpJEgUNX1f-DRIFDRObJGMhy7WgP1budhsSSgkbDQ1K6NyyUxIFDc8jKv8SBQ3Fk8QkEgUNiaVnyxIFDcMZOZASBQ2JpWfLEgUNwxk5kBIFDdACQOwSBQ2oXeN0IZyk0WOBR18H?alt=proto
Preview:	ChIKBw1fV/4NGgAKBw0TmyRjGgAKSAoHDc8jKv8aAAoHDcWTxCQaAAoHDYmlZ8saAAoHDcMZOZAaAAoHDYmlZ8saAAoHDcMZOZAaAAoHDdACQOwaAAoHDahd43QaAA==

Chrome Cache Entry: 117

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1160
Entropy (8bit):	7.805828744420264
Encrypted:	false
SSDEEP:
MD5:	2396E7CABE0BADAA2914790E344077E8
SHA1:	19E35C418D05C439535B69401DA62867F375A9B0
SHA-256:	76AD183EF851786356B7CC64F131347787B8488A92913220DDB835C3EA1FD8A6
SHA-512:	C182103A7DFE17943DA45B07E8F21BB7B2A2E0943D18E479BCBFFC9568D030E50FC5325D3BF8A79D5CF54D4D419AC1C8A0BAD47E68DA52720DA8E246750B7A99
Malicious:	false
Reputation:	unknown
URL:	https://eo.chuylerf.com/yz2XDwCKFwq5Q9mQWdBUetsdMjR0rsB7upsJRgf2VhnRjKCkBPwA70ab174
Preview:	A..Z.@..Y...=..n6Pt..g....`...~9A.+.y..;O.7...4H.E.Q".A(X.V.V.k..]n...o..K.W.?..^?.9......O_^.u.}...J..)....oo^\|.......7.7....o.._<8no_\o....}y...W.\|......O._....}>..o..?.a..:....d..-...I1XW...(..,s...BU\1>......qbL......Fs......e.i%.(..@3..p....!t.,.A......Y.rY.nt."R..>..&..z..>+$...>.......%+.:Zt....4.IM:.5.B.>V........b..C.d5e;...c)\|(...q2r..A..\|...2..l.Y.q.Wx.2t.cU.l...$.]T.#4x.v{a.3e.a..O.Z..y$T2.cP..].h.M.A..o. k.JM..XD..v.X.x2.\.z.r.l.K.IH.l.W.'X(....S).k_.....u..=d:....._........B9..Y..,21Y.(Sm/.vt.../.6..z.Ev......l...0!XQ+x3.Dv...zrv....(T.BE8.S.......3.S.s^.O...T..[...]...... .Zj.....P.A7m.)y.EX&3. .9...i#..xHt....`n..M...K+...Xx.8..H.-... ..P...e..'..Q.F..9......W.....%..l.fR}a\..p."J.M[...+.2..D]...7.Y...pYX..b..s.SV...D/b[^...j...q4&.8....N....a........Rf...A.%.8..\|!k..D.[..vbpD(....h.^cFt.C(p(..EE._...;,n.J.....WD+..... PM.&`)G...M1.$Z...-......z<.B.M....mf..2Z.6..I.@.\|+.r\....Z..9...4.P.G.6.%w...vC.-.n..d..Ew.....#.....f.k...

Chrome Cache Entry: 118

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (31996)
Category:	downloaded
Size (bytes):	842634
Entropy (8bit):	5.575616829380187
Encrypted:	false
SSDEEP:
MD5:	3276B8A81ED29823CC2894A4923A3C7E
SHA1:	FD377EF1B3336E147B2BC8AFD270FCB005FB00F5
SHA-256:	F3138E68BFC06C313287BDB0AD43C4279073F7A78DB62C5D01EA6FF3CA3561B0
SHA-512:	EDD3337CD45DDE3FECF2407AA21A05B99329DAC9FF6A2059188F925909C9394EF16D891CCBC8CE09214DE1D34CB370395E2227CEFABE6F86F86076FDCE2970EA
Malicious:	false
Reputation:	unknown
URL:	https://4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com/cloud/js/live_vendor_bundle.3276b8a81ed29823.js
Preview:	var requirejs,require,define;!function(a){function b(a,b){return s.call(a,b)}function c(a,b){var c,d,e,f,g,h,i,j,k,l,m,n,o=b&&b.split("/"),p=q.map,r=p&&p["*"]\|\|{};if(a){for(a=a.split("/"),g=a.length-1,q.nodeIdCompat&&u.test(a[g])&&(a[g]=a[g].replace(u,"")),"."===a[0].charAt(0)&&o&&(n=o.slice(0,o.length-1),a=n.concat(a)),k=0;k<a.length;k++)if("."===(m=a[k]))a.splice(k,1),k-=1;else if(".."===m){if(0===k\|\|1===k&&".."===a[2]\|\|".."===a[k-1])continue;k>0&&(a.splice(k-1,2),k-=2)}a=a.join("/")}if((o\|\|r)&&p){for(c=a.split("/"),k=c.length;k>0;k-=1){if(d=c.slice(0,k).join("/"),o)for(l=o.length;l>0;l-=1)if((e=p[o.slice(0,l).join("/")])&&(e=e[d])){f=e,h=k;break}if(f)break;!i&&r&&r[d]&&(i=r[d],j=k)}!f&&i&&(f=i,h=j),f&&(c.splice(0,h,f),a=c.join("/"))}return a}function d(b,c){return function(){var d=t.call(arguments,0);return"string"!=typeof d[0]&&1===d.length&&d.push(null),k.apply(a,d.concat([b,c]))}}function e(a){return function(b){return c(b,a)}}function f(a){return function(b){o[a]=b}}function g(c

Chrome Cache Entry: 121

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	6700
Entropy (8bit):	7.96792506940668
Encrypted:	false
SSDEEP:
MD5:	4D19D2E45B83BEA9713B58AF162E3399
SHA1:	5CBBE7180BD684135F02928A7EAF54E7A302569E
SHA-256:	2807992C562DA9CBC079ACBD390F0CB663AA7562B6E055517FE5F37B1F39B8D5
SHA-512:	784325A2A72D920B9EA06CF76C9F0A3F35BD0EF3F03CDCAC10EA7EDD74FE8D5BAC18EF69C81CE059CA8869DD08035408EABD7234256025FB7454257FA70E563C
Malicious:	false
Reputation:	unknown
URL:	https://eo.chuylerf.com/34FYE0n1acd04PVT06720
Preview:	(./..X.u.z.$.....z .O..i....&U.8....j.3..ZOD.=.....E.f.a................D.. ...Kh.5...D..X3.[.!..4.&.\|j..D....y..,...........l...........Z...!yu..6/J25.B...G........Iw......W.#$..O........;.......y1P..@<.zK...B~dA.h.G.$N]..`.V....-.....G.@..8...8.tE@$..zBc.o;d?@$....~..@<...O.".5.(.GSA.G-...JB........\|).....W.G. 9u?...."..-....D....)R.I.'h..[.\..,....(..)[r.e.WI...^_).y...~.S...._..UIdG,......{..12...\.X?z....u.GY...U...+....A...0......;..,w..Jb....&..v....^....\.N..p...,.i44...:>F.0TwZ.@.@Xvt.....'J.$wm..i}}.4.U...E..O.0.....<.).....\o.^.Yx.c/.\!.6......(......?....x.^F.%......tj..P.;[z..;_..h..... F.^.m.R.ekG~..b.Y..Y.(..0.b.!.%....RgQ ..a.R.Y .(.,.....2.".R..rb...av.^=..Sm.C..z....!...ZD6.z..<./...u......V_w...(..0T..Z..@*j...<.....Z}].JA.+.....y}..$...OY..\|.K..GS..\|.S......K..i...U.hZ.\|....r.....aI..l...#..~Yv}..u..z8.Ou.?......^O..z.....Vr..#..X.70.c...Y.N.U.6..`...4...-....\.%.e..w.CM..e......rv....X@b...e...k!...].PLn..r....Z..,.....GJb/}.1

Chrome Cache Entry: 122

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	937
Entropy (8bit):	7.737931820487441
Encrypted:	false
SSDEEP:
MD5:	FC3B7BBE7970F47579127561139060E2
SHA1:	3F7C5783FE1F4404CB16304A5A274778EA3ABD25
SHA-256:	85E6223AFDBD5BADF2C79BCFBAA6FE686ACAA781ECA52C196647FFABB3BE2FFE
SHA-512:	49FA22DE92BEBEDE28BB72F7C7902C01D59E56723811629E40C8A887E34FD0B392A9DF169A238BDD8E46D984E76312D75B2644B8611C66A71A559C1B6834DE6C
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....szz.....pHYs...........~....[IDATX..KHTQ..g...&....!pY-.q.-B.H....Q`HY.wL.L....D....M.hS.H.w..wF..y\|..s.9..2.6s..w.....}.9........m.{"."q.Q..x.ZO..h.U.y.3.].^.M. .0...D7L...D....w...a$}/u..)n....@......8.V.y6..X..U.QgA.\.Q.F..~.>..'......g.=.2..VW..\....`1d......q..........6...Y...L.g9....l.-...z.t.CE\|...d5...b..H?....4...+.J.....9.E..-. ..R$.D.S....7...b..i..\q.?0..9....,d&...mw.L..&N.FpM"...;.......O[db/...-....Q<..WDhN.nu....%...m......A.S.._.>w...0.u..TJ...)......u..(=.!.."zTE0....J....ki#..n0..^.._"..D.....u..p.*=.&d..1....8...f.kR.3G6.t....Vcl.o=~/.$./...I.....$............(]...9.,...i....e... ..........._....@.h./......./U2Nd..........U..\|...{.(...y....`.\|....z\..z.@.o5...-...O.T.TL).5...y.m.......zZ........:..B..i..w...?!...m-xi.....;...e.0.A...W.}..E...u......h0O./...U..jA..., ..{.(......._=.w#.~..<..g.Vz....o@.e...........2.....T....IEND.B`.

Chrome Cache Entry: 123

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10796
Entropy (8bit):	7.946024875001343
Encrypted:	false
SSDEEP:
MD5:	12BDACC832185D0367ECC23FD24C86CE
SHA1:	4422F316EB4D8C8D160312BB695FD1D944CBFF12
SHA-256:	877AE491D9AAC5C6EF82A8430F9F652ACE8A0DBC7294BD112AAD49BD593769D0
SHA-512:	36C319AC7F75202190E7A59F3F3C92892A71D5F17663E672319A745B6574BCFDE7C89B35F480CB15A193924DACB9D67F8CA1E1BC2BF33FC5CCBFA152CC7BA2D0
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......^.....l2`...).IDATx..}...U.... w...B..P$.Hv..t......x.EA@.Q`.E......-.".(..X`..D....5]]U}....$3...&...guOw..}>.....~....w.ZZ...z..FZ$I.$I....N.......tt.$e...M....ru$I.$IR.h.AvK0.t..wy.:.1...D.H...LS....iF~.X...smr.$I.$IR.4.....SY..@....h8.......dB...1.eG...$I.$.hZ...8.r...[.A.I..XE..hdA{Z..teaF...u:}.1^..-I.$I.FP.A..Nm..........A78...=.%W_.$I..8YQ.H2z#.D_...m..k..u.t..R6#.....N....){...$I..1@...g...@a ..u2..dL...ai.d.[.$I..D.....OM..a...,h%u.B.....0...57..hrW..$I....Gf.\|.=.eg`.........k.J.$IR..<.u....]....@.d...H..$I.$5..MWwu:....H\|Y..,.$.I.$I....Qu...s.NzzM..]..;$ I.$IR......+..L9......63.I@.$I..z..#.....:..7...s..<$ I.$I.hP.tu...m"..o1.y.@..W1T<(..... z%."?.4zE..$ ..Y1z`.P..!....`t%t....[..d...N.UKy&.A;..6S...<...........o...]0...r.$I......0..R.....N.....0Wi._.;...M..Lrb{.7w..].jm.r....C...&..gd}..Etm}..~L.l...}n\'...$..Mr.i..{..n..9.....SwMh.}.Q{./wJ.....B]:.....+..\V...A.S.w..6.....,..[.......J@....-.4.....:..Zvt.r.*.

Chrome Cache Entry: 125

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Category:	downloaded
Size (bytes):	28000
Entropy (8bit):	7.99335735457429
Encrypted:	true
SSDEEP:
MD5:	A4BCA6C95FED0D0C5CC46CF07710DCEC
SHA1:	73B56E33B82B42921DB8702A33EFD0F2B2EC9794
SHA-256:	5A51D246AF54D903F67F07F2BD820CE77736F8D08C5F1602DB07469D96DBF77F
SHA-512:	60A058B20FCB4F63D02E89225A49226CCD7758C21D9162D1B2F4B53BBA951B1C51D3D74C562029F417D97F1FCA93F25FDD2BC0501F215E3C1EF076810B54DD06
Malicious:	false
Reputation:	unknown
URL:	https://eo.chuylerf.com/GDSherpa-bold.woff2
Preview:	wOF2......m`......$...l....B.......................6....`..<.<..b.....$....6.$..x..>.. .....{...[..q.k.]]O....s...\|..n...!..[<;....P&..g....!..I'i..Q.DP....9..J......9G..Q1(..)Jn......8Y......)J.F.c A..7k.v...2=.Z.n.4`...~Nl...4;...S.l{w..:.#..=!. ..X....>[.7........1??.3.?t..qE..f...b...,.Fwcp8...4^.^x..\|....Ro<%.."....~0..q..rP..G.......R....-..{O.QeJ.....6.E........{.{.....,h.!.._......$..3..cF@..>........t.o...Fc ...YS.....s.V..j....uk.`n......#....6.....1`kbd..Z..).x...F........T.._..}...p..._F.0.S'.V.g........3.$...Jf.j._,J....v7(...(..bm.....a....Nh.(QS.H...5.w.o.1.[<m.1.cJ......B......R..L..>[\|@..]../...6.\..(.j.Bn...Oj.&/j@.'T...w.,......e.g.I=.w.x..ap..?.......lI../..uuDH.P.....)._...<..C.x.......Kh.P.\|"M..JQ......?`..S@{..o..RjCE.qx.p.!(Wi....dY.%./r.#.p..C ..........r.o4P.}...3X..].....6.'~&...]...y...YQ..9."v....3...oEMQoWM.W`................Y.V..O2......l....p.1..B..Fn..o.<..,C......^.Y.C...W..tX..\|.`...5:.Yd@]..j..$...v.

Chrome Cache Entry: 128

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 57 x 57, 8-bit/color RGBA, interlaced
Category:	downloaded
Size (bytes):	1408
Entropy (8bit):	7.749857010376764
Encrypted:	false
SSDEEP:
MD5:	8EDE39B4FF475AED87DFB1934085830F
SHA1:	15F57743299D31DA78373B907704047B9BF2E5A6
SHA-256:	EF621FF05E6BBB6C054E1D0FA064DFBB4A9C8A3324F98A4473649D64D97C77B1
SHA-512:	213EE2DFCCF194C13B431F6651C49A66F12CE003CCB4C6AE21372199435D4400AE16951B27307449237C94B7A9A316B4E54F06259145709BBF214A7D17333474
Malicious:	false
Reputation:	unknown
URL:	https://4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com/favicon/dot-favicon-57x57.png?7
Preview:	.PNG........IHDR...9...9.............tEXtSoftware.Adobe ImageReadyq.e<..."IDATx.b`@._....x?..#T..H.g@..'.....0..FW.2.?.Fg31...u..Y.b. w +.e.\|to......a.....%.~.....,.U..&...L......(.a.w... F\.....M....`....@C...i..W..]..7"))..I.......-<A\|.t..-a...@.3P...T....j,@.?.~..40...n.jj.q....G.T.R..@....0.i....pY..bH.+L3#....K.#r.a....#%....R.H..X...h.@..HP#..5...=.1../$v?1."P..<....x$'.0..\| F...............HD4.@.3."...E.-.Z...r....AB...,.k9r.5....@...".. .4X..E\|..).O.cm..[vaM..J.....(..=...q..j...zbC...L...0jm,..T.&R.K.........@B.9.e..[Z.T.t(.......A<m.......PM.. ./V{. .C.. :...n l............8.l....R/x1.$....;.K.\|.$.Q.U .;..\.FV.34V.)Q.\i.)...R...C.x......8.....Tg\.F.sZjHp..,...]..8`...H....h_.....-.S j....(4wMn=..U.S....a.....G.K....(.a..Zkj`..yO..9...6Df....YH\|g...f..<.P...q.@(.Z)....t.I..m.u)...w$t.F..........k.L+.b..c.)S..Z.~-x...@.w.9....de.`.G7..._'....!K..G.8s.!0..sL...t.ZE.+ht...>."..\|.....Q..fh.....J.A.Y..TkE...04f.t.d......zLP:A.....&..........6..X....?..;KOO.

Chrome Cache Entry: 130

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	146539
Entropy (8bit):	5.0981202777405885
Encrypted:	false
SSDEEP:
MD5:	EA842E342A89866E32B1C40340B9B604
SHA1:	E77549A18EA6A2A9DB3E76E2C08A04B15E1F945D
SHA-256:	577B276D0C0914AF9770237417922A38E4353A4C56F28F8495D465D84CCA6A75
SHA-512:	5E062C43344757EB0EC7289916363B623AB1DE472130D8265F50F45870D0937FEE0267C114416F37D68DCC73DC4BC42F6FAE801CF3116678024740A2607B0458
Malicious:	false
Reputation:	unknown
URL:	https://4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com/cloud/css/inc_live.min.ea842e342a89866e.css
Preview:	@charset "UTF-8";a h1,abbr,address,article,aside,audio,b,blockquote,body,button,canvas,caption,cite,code,dd,del,details,dfn,div,dl,dt,em,fieldset,figcaption,figure,footer,form,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,input,ins,kbd,label,legend,li,mark,menu,nav,object,ol,p,pre,q,samp,section,select,small,span,strong,summary,table,tbody,td,textarea,tfoot,th,thead,time,tr,ul,var,video{margin:0;padding:0;border:0;outline:0;font-size:100%;vertical-align:baseline;background:0 0}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,menu,nav,section{display:block}nav ul{list-style:none}blockquote,q{quotes:none}blockquote:after,blockquote:before,q:after,q:before{content:'';content:none}ins{background-color:#ff9;color:#000;text-decoration:none}table{border-collapse:collapse;border-spacing:0}hr{display:block;height:1px;border:0;padding:0}input,select{vertical-align:middle}html{-webkit-box-sizing:border-box;box-sizing:border-box}*,:after,:before{-webkit-box-sizing:inheri

Chrome Cache Entry: 131

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Category:	downloaded
Size (bytes):	93276
Entropy (8bit):	7.997636438159837
Encrypted:	true
SSDEEP:
MD5:	BCD7983EA5AA57C55F6758B4977983CB
SHA1:	EF3A009E205229E07FB0EC8569E669B11C378EF1
SHA-256:	6528A0BF9A836A53DFD8536E1786BA6831C9D1FAA74967126FDDF5B2081B858C
SHA-512:	E868A2702CA3B99E1ABBCBD40B1C90B42A9D26086A434F1CBAE79DFC072216F2F990FEC6265A801BC4F96DB0431E8F0B99EB0129B2EE7505B3FDFD9BB9BAFE90
Malicious:	false
Reputation:	unknown
URL:	https://eo.chuylerf.com/GDSherpa-vf2.woff2
Preview:	wOF2......l\....... ..k...........................v...&..$?HVAR.j?MVAR.F.`?STAT.6'8.../.H........x....0..:.6.$..0. ..z...[....%"...........!.I.T....w.!c.H...t.]k......6..Cy..Ul.re........I..%.%....DE....v.i.QF8....iH.!r......P4Z[....Zs....o..r..8b.O....n...!......R}GL..5n!....^..I...A.....U...,&..uz....E.R.K/GL...#..U..A8%.rd..E,}...'e...u..3.dD....}..:..0.a..#O8.\|.7..{.}.o......(.D..HX...w.;F...g.+....g.x..,.@~<.K......ZJw......^.!..{:..<..`N..h..0.t..NA..,...]........On./..X\|_=...e,.tS..3Z..q_....'F[..jR.?U..k.:+;..Z.co5..l..yV.Md..4.6............L8q..._...AX.y.Cc...Agb..a.K...N....`-..N.b.u...q..i.S...p..j*...fA.......?.Z.Ee.~\|.\..TZ._...?./a.64..+.]..(gq..d..\K...S..z.i.l[.........1=....I.....4g.?.G.3.&.0L&.$.@R6...U..o..:.S.=.....bU..u.]z.W8[U.\|7.'.%..u...11..g<.^...J..PB.JHB...k........].($..D...S"u...7...9.8.....U..7...R$..x...g.X.zV.,.$....y.:.....Q$OM....q.. ...(.O....".d<.l..9..\|^B.r.5......yi.D..._...<P..o....(Re.I...@E.~..T.

Chrome Cache Entry: 132

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (31990)
Category:	downloaded
Size (bytes):	1011268
Entropy (8bit):	5.286536847175565
Encrypted:	false
SSDEEP:
MD5:	3C67F9789A583D15AEF4A096790C8733
SHA1:	EB3BA9FAA55DDDDCDB55B4D05521250B4E78EEBA
SHA-256:	F02F6347C1FC1D80ED663AAB63DA4CDE85FA1B986AEF3275BB74C2031FE00213
SHA-512:	148EDA93720645128A01D6C1548A76303FEF28D0227CF68FC99BF6B9916C6FDD1C8DE4709314B19228B8C839D9162E1C623DE4FB7D09CA287F6904DE348EA340
Malicious:	false
Reputation:	unknown
URL:	https://4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com/cloud/js/live_bundle.3c67f9789a583d15.js
Preview:	define("modules/utils/env",["exports"],function(a){"use strict";Object.defineProperty(a,"__esModule",{value:!0});var b=void 0;try{dot.state.dotState.environment&&(a.env=b=dot.state.dotState.environment)}catch(a){console.warn(a)}try{window.__state.env&&(a.env=b=window.__state.env)}catch(a){console.warn(a)}a.env=b}),define("modules/utils/utils",["exports"],function(a){"use strict";function b(a,b,c){return b in a?Object.defineProperty(a,b,{value:c,enumerable:!0,configurable:!0,writable:!0}):a[b]=c,a}function c(a,b){var c=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};window.Raven&&window.Raven.captureException(b,{level:a,extra:c})}function d(a){return String(a).replace(/[^\w. ]/gi,function(a){return"&#"+a.charCodeAt(0)+";"})}function e(a){return String(a).replace(/[^\w. ]/gi,function(a){return"\\u"+("0000"+a.charCodeAt(0).toString(16)).slice(-4)})}function f(a){return(new Intl.NumberFormat).format(a)}function g(a,b){b=_.isArray(b)?b:[b],b.forEach(function(b){var c=b.split(".");

Chrome Cache Entry: 134

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (48316), with no line terminators
Category:	downloaded
Size (bytes):	48316
Entropy (8bit):	5.6346993394709
Encrypted:	false
SSDEEP:
MD5:	2CA03AD87885AB983541092B87ADB299
SHA1:	1A17F60BF776A8C468A185C1E8E985C41A50DC27
SHA-256:	8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
SHA-512:	13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
Preview:	!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U\|\|function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create\|\|function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init\|\|(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();

Chrome Cache Entry: 135

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C source, ASCII text, with very long lines (31982)
Category:	downloaded
Size (bytes):	117162
Entropy (8bit):	5.226736846434769
Encrypted:	false
SSDEEP:
MD5:	23AF589C2DEEA6A9FF6CB00162FC9AF2
SHA1:	D263D6A76F81ADCA4E6560883B7DB8E787D29855
SHA-256:	97BCDAB6D75E0003C6664BC3A6E0BF57D0EB567BCE44BAE52F8B5F4139DD2FFC
SHA-512:	2CD2C550C7244CFC66140C09D5C9884ABECA436C68BB592DC04EB2E57E81E6183544FAE75E5AB0AB7E4D4BDA3D01135CB0FF949D4C27E2FD099AB6B00FD4D94B
Malicious:	false
Reputation:	unknown
URL:	https://4500902784af655b3de3-5ad26d8a78e52ca19e00dd2d340c77bb.ssl.cf3.rackcdn.com/cloud/js/inc_liveEs5.23af589c2deea6a9.js
Preview:	!function(){window.require("modules/utils/utils")}(),window.dot.t=window.require("modules/utils/twinify"),window.console=window.console\|\|function(){var a={};return a.log=a.warn=a.debug=a.info=a.error=a.time=a.dir=a.profile=a.clear=a.exception=a.trace=a.assert=function(){},a}(),function(){for(var a=0,b=["ms","moz","webkit","o"],c=0;c<b.length&&!window.requestAnimationFrame;++c)window.requestAnimationFrame=window[b[c]+"RequestAnimationFrame"],window.cancelAnimationFrame=window[b[c]+"CancelAnimationFrame"]\|\|window[b[c]+"CancelRequestAnimationFrame"];window.requestAnimationFrame\|\|(window.requestAnimationFrame=function(b,c){var d=(new Date).getTime(),e=Math.max(0,16-(d-a)),f=window.setTimeout(function(){b(d+e)},e);return a=d+e,f}),window.cancelAnimationFrame\|\|(window.cancelAnimationFrame=function(a){clearTimeout(a)}),window.requestAnimationFrameSimple=window.requestAnimationFrame}(),function(){void 0===navigator.mediaDevices&&(navigator.mediaDevices={}),void 0===navigator.mediaDevices.getUs

Chrome Cache Entry: 136

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 8980, version 3.655
Category:	downloaded
Size (bytes):	8980
Entropy (8bit):	7.980004569956214
Encrypted:	false
SSDEEP:
MD5:	3AB6552E1C3CFD800C5F94C4AC965429
SHA1:	19E74F33781DC0CA4C9A1FA535A5E2B73AAFCCB8
SHA-256:	7C6F732728829514F4A80B391EB0CC2B944E10923A48404991E944AD49C91AB3
SHA-512:	9E354E668477CC5DD2E9E534985215028FF77B0E6F0928AE6484C712141FA092D5F44175C47819DB517F281D26442979337E07C20FEC962630FFA0770956BB70
Malicious:	false
Reputation:	unknown
URL:	https://live.dot.vu/fonts/poppins-bold-webfont.woff2
Preview:	wOF2......#.......H(..".........................?FFTM....@..H.`..z......L.=.6.$..4..\.. .....a?webf...:.n...A.......1......Z.4Y.i...e.@.Hh.A{.p...w.R.=...W..}......F$\|p.{.6.]Afvm..:`.-...../..............r....K....$.A...'....J..1j..E.t.NqN..6W..._~..........jMw.n.....U.H.X.\|..U...+H....*.O!rpC.D..8..&./Yw_...It.....t...vPVH....9vQ.a.p.X.5..u....ZHg..y.~"+..[.;.2.H...t..C..uB......B..o?W............0.0.P.:.A&x.Z.p)...m.....t.D...".....p...t.VT[..ni.DjD.......B....U.~.Eg..qV..\...O....&U.b...y.gS..Y......LXQ.<.9..,.<.uk.._.R.Eb.dUZ;.@.x..YB:y....4....!.5q.&>.....Z.A.MP.VAM.2H.P..f=;wO).-.f...&;.7....w.e.0...Zd..a....p.......E.=2.....x$0.u6.+@Z..s;.u..!...k........v.}........n..L..G7...dY!U......~^psn..s.,..,....E_....g........wW_[]^]Z...:1.......[..{@!....d\...L.8.v....ds...^.>.~...Az..."..#".PhLtLl....'.IdJ...Hg$1Yl.....Eb.49%5-=#3K&Wdo.Q.....................'...L.2wi.....o..Mo..........s+..O..1...3.:..........>~....W[~......./V....

Chrome Cache Entry: 73

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	9648
Entropy (8bit):	7.9099172475143416
Encrypted:	false
SSDEEP:
MD5:	4946EB373B18D178C93D473489673BB6
SHA1:	16477ACB73B63CA251D37401249E7E4515FEBD24
SHA-256:	666BC574C9F3FB28A8AC626FA8105C187C2A313736494A06BD5A937473673C92
SHA-512:	F684B90B748DC8399F76C5D8F94AF6C4E6869143F18D19CE435B25EAA14E9647B120467BDD0795895676DC0CCCDEABF82BEB2F46CE2C5BF4C58ED9C134F30C48
Malicious:	false
Reputation:	unknown
URL:	https://eo.chuylerf.com/qrfiHwJmlnIuIzn5NryItkfo6j6G6QiXV6bMR3hGAIts12BbOIpNoJfZL1f4rouXNWlcxUBDORricd240
Preview:	RIFF.%..WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH......0....n.mu..G..t042.....@...`[...%...6....9AD.'@.,f.B...+..+..+..W&.p.....h.......f.-...+.....m...n....E....O].+R.&Q..#.X.ip4..p......\O...\/....9.5.a..DfZ,K....8.....Z..2..z......t.......\|.I.(..6E.D.}.C..OQD$S}iZ...[D.......q`(...@../.NQ......+"b%.X.D".G.*...0G...".2........x.O......7......E..&....e.F..4...K>.M..Pd.B...@'o./te..[.f....4[..a..x...9#.@$.=...t..=..t_.W....[..f.\|fv...N...c6..k4}.9.7.....f.F3.4[...a...;.m.@N.n.0.....n.G[c.H.}..t.{..;....G...2.::..].0....

Chrome Cache Entry: 74

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	10
Entropy (8bit):	2.8464393446710154
Encrypted:	false
SSDEEP:
MD5:	EE1BF5C18C874188D46F017B783E4C43
SHA1:	633B72845F9E9AC909A31992985C2CAF2C70CD0C
SHA-256:	724F3BD0511F8CF3E16E439BCA6AB756C53A862A1F6DE8F789013318B4EBD628
SHA-512:	61E69BA74793FB28796282FABEFB8588DF698DEC5307460E00814D405FC5929B519CA29AAE8221B9074F9CB0601BF2F00964C51C7FE8AFDE8261E74BCD99D126
Malicious:	false
Reputation:	unknown
URL:	https://pkwvq.zvaznx.ru/gando@x5lxen
Preview:	(./..X...0

Chrome Cache Entry: 75

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	dropped
Size (bytes):	644
Entropy (8bit):	4.6279651077789685
Encrypted:	false
SSDEEP:
MD5:	541B83C2195088043337E4353B6FD60D
SHA1:	F09630596B6713217984785A64F6EA83E91B49C5
SHA-256:	2658B8874F0D2A12E8726DF78AC8954324C3BBE4695E66BDEF89195FDE64322F
SHA-512:	B2AE42BA9D3A63D3ACB179051B005F2589F147D94F044616AE5DC5705E873F16057C56934262841191263B4C35804EF188BD38CF69CCE0F4B2CF76C05F17B8AD
Malicious:	false
Reputation:	unknown
Preview:	RIFF\|...WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPHK....W`$....z..".Y..P}0;.PE..G..h....9.@..`..2.......=.T.....-3..ow....&......VP8 :...0........>m&.M.!"......i...O...(.........g....w...XG...

Chrome Cache Entry: 77

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	dropped
Size (bytes):	25216
Entropy (8bit):	7.947339442168474
Encrypted:	false
SSDEEP:
MD5:	F9A795E2270664A7A169C73B6D84A575
SHA1:	0FBB60AB27AB88C064EB347D0722C8ED4CF5E8B8
SHA-256:	D00203B2EEA6E418C31BAAFA949ADA5349A9F9B7E99FA003AEC7406822693740
SHA-512:	E17C8D922F52C8AB36D9C0A7DC41D32735CF1680EA653056308C6D23255FDBE40B96C68F0E7F8B3B521B6ACB080CD825F94320364B0A70141606A4449D980517
Malicious:	false
Reputation:	unknown
Preview:	RIFFxb..WEBPVP8X....0...o.....ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH.Y....'$H..xkD....oUS..[.uM....CwI.H#.H.t(..!J.AJ# .(........0.W.?D...g.6..u......}K5.>\|....^..2.....z..../.1..F..A...Vk..W.Wm?z....H+.;:...s..Z;....V.....Z.gm.......\>.}..-.....w...D.........+,K...#......._[L.[.]w1..[.l..8.....f..E...W....;....o.Q...T`.W.(..........;^........:.T..6......Yo..x.6..n.\A.5X.........J....2.O.)....0..zdL1.x.X..e?.eA.M%f.D..W.].A=6D.....w....>.3\|M.7....aEe&l.or.Tt^.*6li..lYz.HF.....2.\...U.tfQ.<ZlHB.G--....]T..h.L.U]...m....{..T{....~......K#

Chrome Cache Entry: 78

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 9048, version 3.655
Category:	downloaded
Size (bytes):	9048
Entropy (8bit):	7.977187180092532
Encrypted:	false
SSDEEP:
MD5:	7B7BFD964128E1FCFFB454BE5251ACBB
SHA1:	EC962CCAADA578513596BE83E515995621D63855
SHA-256:	454181744771CBD11D3D7ED3AA80A2DD23D5035C9DBBB8FE91258071C4F61D4F
SHA-512:	6C06F96AF46EA9925E136A6FFEAA85886AA6DC8F8A40F34A21296FF9026867C8113FFF92EDEA2DAD9A780AC0D1930ACDBF81B3550AD5335FD32C38EB29E66C80
Malicious:	false
Reputation:	unknown
URL:	https://live.dot.vu/fonts/poppins-regular-webfont.woff2
Preview:	wOF2......#X......I...".........................?FFTM....@..H.`..z........K.6.$..4..\.. ..2..a?webf..9<.....HRb.,DQ.8m...`.0.Gk1.05.U.h...R.....u...a.X.!.+.8...C<...w...Sx.!U...G7.ah-.^9$).<.......CBE.~.vr~.."{r....f.Q.+{:.7.T..V..Z.#U"......u.,]...v..6.>..l.:...I.X..Kv.U:.p.........7.%..K.@.I.@).^@]Gw~...........$....h..X...Tr.;.<..v)..ALj.........LW...........v.......Ng.O#..h..A[!.%....f.......1k;....s...y.XH].'..}....k7Yjd... ..\|.0.8..Q.)...0<w....%B.....>;X{....{).........-....)f.:l..Q. .Vo7..K...w...TN...,...e@.n#..U....M7wwA.M-..L{........8.!..^qK...M6...KH"....N...........l.1$...)..x3......+........h.7.Tv.b..-.c....F.x..n..%.W.YMrf..).d..z...:J:Q............0:.#G.\|....k`....X..&..h...........{....4S..Ng....lf..&p....m...........\|..0[ar1..i.2L5...c./.MK/...^...a...`6..`.o.......;c..F..........[...k.k.+...S.......u...........s......@d..1.K.F...t{..p4.Lg..r....+..*...j".\C....&..........H,......A.........lA..6...r.h..U...>....CG..8>t...3g._.p....

Chrome Cache Entry: 79

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	dropped
Size (bytes):	17842
Entropy (8bit):	7.821645806304586
Encrypted:	false
SSDEEP:
MD5:	4B52ECDC33382C9DCA874F551990E704
SHA1:	8F3BF8E41CD4CDDDB17836B261E73F827B84341B
SHA-256:	CCE050CC3B150C0B370751021BB15018EE2B64AC369E230FE3B571A9B00D4342
SHA-512:	AC3D3C82BAD9147AE5F083ED49C81A744F672DDFBB262135AA3F2C6601F8DFFEA11D8E323CEF025C36D76C6F2515AA6814B622CF504CA01D13346E9EA989048F
Malicious:	false
Reputation:	unknown
Preview:	RIFF.E..WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH.,...$.m.8..k.\.oDL.. ..TU....3'.{.g..6..2...6.DL`e..."&@..b.#&@......T.....'.....$......1.d...G........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........._...........................?...Z5[...B,.c...V-...m.0.../..?...............?.......?................_.....-...M.B.....=....C...[......w .X...ea.............VW.?b....[[.o^.Y.K...OD

Chrome Cache Entry: 80

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	704
Entropy (8bit):	7.669143474808194
Encrypted:	false
SSDEEP:
MD5:	9D461679C932CBFB19DAC89074AAABC9
SHA1:	2AC2EAC6C0F283EE9DE2C7FD31456B0A9CBA3D53
SHA-256:	71E52447BDB7BB7C8F4E8A8492C04EFC05F28C198B4BAC6BDA1C251D597EC63E
SHA-512:	9CD348C47CED5238A886022BA7E99ECAA10EFFD8AF1DE92ACB8410C454DE497DF417A0F3D705B40E552F5B58B58E36C845205E634F815892BAA04F0F2A0E803B
Malicious:	false
Reputation:	unknown
URL:	https://eo.chuylerf.com/mntbn0ahe0eweS4SIiiMh3ZArCybAIed7UW4nTOtKQC4kljQz7zfna9SeGY92BkFEqKe3YRoqy4FVCuv212
Preview:	(./..X...F.x# m.3...H.\..@..2..$QI..F.........t.b.j......A.....o.\|.2.!...1.'0...........`JT..U..,s...1KE-.h0.A=.2M..g;Sj.IN...u.D..". .t.K ....H$.$.U..S.......b.=.9...Y.7.....(...c8.o....v>v.w.:2l......\|mJ.www.....o.._2..O_.O_......=..W.G........&%G.W....2g.%.,k.D0....H[...,...H.b1...4....,..w.&......md..o..:"Ko..2..&.w....7..w2..`7J...5.A.'.......n....r%..1..=.!.G....0..PI....fC}...n..<..L...r..g.y.:..P.kgd;.S,j..VQ........gZ.k.M.N]e.B..e...U..`Q..X,..jx(8.R9,.`JP.a11...@..Hd..Y.`.Q.l..`..(f.a..&....g.Z.{.%....A./.....8`. 8..n..c....,\..}.E...;.S..........~..7.........}.4....b.....N...XHo.4/...x.H.q0..(=!...x.......L..D>^^. &H..._T...>....1..#..}(d.........

Chrome Cache Entry: 81

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Category:	downloaded
Size (bytes):	28584
Entropy (8bit):	7.992563951996154
Encrypted:	true
SSDEEP:
MD5:	17081510F3A6F2F619EC8C6F244523C7
SHA1:	87F34B2A1532C50F2A424C345D03FE028DB35635
SHA-256:	2C7292014E2EF00374AEB63691D9F23159A010455784EE0B274BA7DB2BCCA956
SHA-512:	E27976F77797AD93160AF35714D733FD9E729A9981D8A6F555807981D08D8175E02692AA5EA6E59CEBD33895F5F6A3575692565FDD75667630DAB158627A1005
Malicious:	false
Reputation:	unknown
URL:	https://eo.chuylerf.com/GDSherpa-regular.woff2
Preview:	wOF2......o.......6x..oG...B.......................>....`..<.<..b.....h..B.6.$..x..>.. ..'..{...[x"q..].....hJ....'.......6.2.[....q....z..mCww....eU..S.........0..S.s..,....\.e..F.&....oUR.}Q.C..2.TD....5..#..h.H.2.\|<.1.z..].xZ...z..z..W.........p%..F.e.r"yG.......f.M3.].U.p...E..<..:..j..E......t....!....~a...J.m....f.d.eE..>.:.9.....,6K{.q..6e..4:z......{.{....$.. ...B....9:0.G..6.9R....m..jCW.m.]:{.p..?P.O.B..E....u.J.._..........dd=. l..SJ..fjm....\....)...6......mV.`.J.R.A..R.....J...T.y.........m...k-....{'.Ud"...C.$d.N 9}.N]..2p.q.T..6.-A.U...."..o.\......uh...$..4j..v...9....anl/NT....K....k..A...........U5S.=.t[.)/s.R.......F..)6H A..'?!....7S.....w:.%.H.@...l?...lm..lUd D...-.... .......5).`..w&..Q....-.. ...9.Xt./SQ?.s+u.9..\.h.l.G.#...#@.F..f.1.f..=`....p.....=c..f=..p 4By.u.z'...$;.s.....z.....X..n6y-...........<.......X......~+j.z.j.......7.PD..O..w..9..8].!~C&.......LCE..Nf~.N.eJ.iXnXC.&....t.U..Nr.@..lZ.... .X..

Chrome Cache Entry: 82

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 10498
Category:	downloaded
Size (bytes):	2785
Entropy (8bit):	7.9277979811573465
Encrypted:	false
SSDEEP:
MD5:	3F14A3F4F24031F554DC74EB339930D6
SHA1:	AFAADEFF7C2E44CE3DFB0A09432A2AA7CF9D6B29
SHA-256:	31E9FF6DD1A6C38F99FDF728A5E813EF6D0048CFC1F28A316D0F3C727B36EAD4
SHA-512:	AA52756A7B005F7DA1B7AD5E75B06459501CACDC3E21DF08D5B9A0A33543921EFAAA5DBA562AB2B2C44B10E1CC4184B392698F79F8B2078E251921A290EEEFB6
Malicious:	false
Reputation:	unknown
URL:	https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
Preview:	...........Zm..6..._...G9$%R..E...\..P..}9.._..neI.......oH......E..X.D.9.<...(..n.2m]./.....#.iJ.&...]..............+b..%.....@.%.Jb]ElqK,.{.K..(m..\.....'..,...d!._.. .k..H........T...0..o.R....I]..4-...#.Z6.[..$]...mq..RWs.4.oH.t.........{./..(.mI..Y..V.k....W.....Pl..^.....>...Q..p;+...E..T..R....,5h..c...0..TY..V..:..[k_..P....=.....u.R._..}.-........L9...L....5.y?>X..7.5{..zS...\mV..Q...c..].Y0u.<.C.....F.@........p...R5..6.......aK..w...W..Z.~[.kJu...K.l.WU.[.,.....7....E....n.."...7.Q.....(.g?..].T...j.}..E..O>..%.^w......t..Ky.:$}....T($ja.}.._Os+.8...4..tcr.u...}}U.+..L..S..W..F.Q. .h.Wo....E.0..:'....c1.P;.M.......SyFQ..bje...K.L...."g.5.bI.Tj..;2.v.....:.1Hk.0.<.\|...F..y..s.zU.v...y..R..=:..D...#.bGM....S...\B.3D...vZ.LC....u.<.i.N....a9u...X.U".S..#..,.3.c..i......Hf.2.4.2.R.ii...t#....y&..1.=...s.S...>...P...,Sht....\.w... .~K.:$.IA...]4z...o_p..p.b...6....n_,.`..b.2..&..T..KF.FS..U..O...x...e.q.y.....S......)..m

Chrome Cache Entry: 84

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	dropped
Size (bytes):	17
Entropy (8bit):	3.6168746059562227
Encrypted:	false
SSDEEP:
MD5:	3172F449A4B84268DAEBC419D6857561
SHA1:	CE4D548FCAE05B3A076335B0F37F006FA6746262
SHA-256:	1C7DA61817B4E779C91FCE7A81B055169729C5705961C7734BF0882CC4F8AA22
SHA-512:	36E639008AA506EE2D08EB09C9D2EBFB040E4707A2FBA77D8E8821DA8DDA885139A2A8427E728F1CEB8CF6DA03FA01667A42A7C03FB16C7FC29262C391F3B43A
Malicious:	false
Reputation:	unknown
Preview:	(./..X...0....D.

Chrome Cache Entry: 85

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 86

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	dropped
Size (bytes):	892
Entropy (8bit):	5.863167355052868
Encrypted:	false
SSDEEP:
MD5:	41D62CA205D54A78E4298367482B4E2B
SHA1:	839AAE21ED8ECFC238FDC68B93CCB27431CD5393
SHA-256:	20A4A780DB0BCC047015A0D8037EB4EB58B3E5CB338673799C030A3E1B626B40
SHA-512:	82B9806490A0DB493DA16466738437B9BB54B979075DB58C89CA0D192D780DDB5ED888E10CE76A53D48D30D5013791CAC7AB468D85B61D32766140DD53DC9044
Malicious:	false
Reputation:	unknown
Preview:	RIFFt...WEBPVP8X....0.../../..ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH=......m[..H.A.).U....A..C.u@. ....L.......;.....$3{2{....3..V6.i.W.F.h..ee^k.:..cl.Z.eb.....).IZ....!....;X.:&...hF0...kM......!W5.ak8.......#V.s...2...`..v...}.(0 p../s.'VS`SjX.B.,...v.#./I....}.b....^1..k.:F9hgb.HgW.Q^.r}..Y5....'.JJ....&.."]<.M.Z)o.H..].i.H1..G.P>.b.{.G.\BYx.[.y...?L....:.%.d......%.q..VP8 @...0....*0.0.>U .E..!.4.8.D...o..z...A....Z........?..z......k...

Chrome Cache Entry: 88

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	dropped
Size (bytes):	192
Entropy (8bit):	6.802130404243052
Encrypted:	false
SSDEEP:
MD5:	3DDE3D2AEB368C46B8DC65D9985A3865
SHA1:	5634AEB7E75666BA713E219A76BDD9AD7BA7D078
SHA-256:	824A631627328BE75BD3E19CBFD6D892EB04E7A14ED8AC68276301F78AF830D9
SHA-512:	9CFF4E4D27A1178BF2818AD52F5A6D83DC7040E040DA3D5598898134BBF94326CF5115C31723A20AEC6DCB5E2CFCC9B2C5F081E96A1E2695C0D01CD0428C6FE5
Malicious:	false
Reputation:	unknown
Preview:	(./..X...r.#.p7uF....-1zHX/HR/@..&"D.....%. u...@...j...fe...qum...Y..`\| ...?$.:......3...@.._...z...l..e.fZ .q...s..l....bI....}..1F41.s...-.<........v ......l....8.dYU.$.............T

Chrome Cache Entry: 90

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	12221
Entropy (8bit):	7.982015762398763
Encrypted:	false
SSDEEP:
MD5:	20F444C6E461B1BA9FB70D19B5C7E084
SHA1:	53724E23E956A56BC0C4598DB5C7D5C9581EDD97
SHA-256:	AEA99390953F2D7BBD7E40276943184306998528F005D834F70F37F0BC8E35FD
SHA-512:	8C1298A98D7C421FD247DD537AE6CA81E11DB5C640CE80CEBF99AA291465CA559394556D2320B555C545DC43C9D2424F3918DEB33FD232891DD37132D6704161
Malicious:	false
Reputation:	unknown
URL:	https://eo.chuylerf.com/v3HNIp/
Preview:	(./..X.4.J},......b.$T...#.R..{#...dw..:...E].0......@..r.s....n-.Oj ..w7Gx.v.K..2]..K...6..~.......d...A....9...Oqy.<.l.}....U.~..J....;...SN.....R......[.........\.R..^....1O...?q!...w.D./.Zm.s...../.{...R.}..h...T..........4.I..C`.m.....'R!V....d...)...F....p.v.......9..g.....). $<@H80`..f.3..@.^@.....x....B^L...a..>.A.\|..I.\|.)..0.q..p.#}E..H.h4...e~... ..&...p @.&....+.$..1.$DHp....H..6`.\.gR...8.f.;.Z..S.?.W.L.......G...Q......(.<....!gxu..F.I!.)5}K...4..G......7.?...P..`?.....k;.8..q....v..}...7o...Zj..)J.....b..X....-G.... .SKSZ8VRP\.5...I.....H...x........Y..`...K....:.9z...E....p.M9x..5...G5.......=..7i.iU<..Cw.F.......I.&.d.........<4....oB....mw...../l.3.:.-....L....G7Y'.1!.>#....L......sL.BA.'...o$R(...,V...GWZ....a...M7i>..5..FzF..XyS9."..bL......y...Q1s../......B..M..iEDh. ...E.Y.l.,#.,...Cw...^..z.\|B....Q.D...9.\(..(...G...ZcS...'.k.....D7...Q7.YTBc.4.bZ.QO.T..u.>..W^./H.M.}.8.....W...P.,5.Q.W. ^..-...Ka?j..g

Chrome Cache Entry: 91

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	dropped
Size (bytes):	2365
Entropy (8bit):	7.875167013659231
Encrypted:	false
SSDEEP:
MD5:	DBA3275F1AFDE7697B46DA604CF650CC
SHA1:	62D2CC335E51E8519A4A6165865357698C9E59C9
SHA-256:	1969AA52E1DC194ADC9E107EBC7159832DDE24BB301AACD1C10B763A1C89957D
SHA-512:	95A9E292E336D2E8FD609143FA0238C92F816B9EA73610840C69E79466CDD71E3087022556245A8CB16BFA9C906A28B040BFC0D6E1F2F388CFD3C816063D101F
Malicious:	false
Reputation:	unknown
Preview:	(./..XlI.z...% .&...E[.=C......j...-!EH$......#!..k.9.-.j2.-.K.G..M.....^}%.....EW.m........)Q,.^Rw]%.S...h..."....I._...q...q]h..%h{..n.7yV9...F.!N...../+...eRs..oTw/....h.jrD.A.f4..Z/...$qG...d%9..H..oyD...'A\.(.g.f.m=TE.M.pl.;....]..<..2.IN..2bFj.1B.."E.......H............4.. ............S.2..$.T....J.... !..`p...".8(....$.H.X..ZX.....O.0aa..."D`.`.x.....xx..A..A...$.&j22... .0..BB... ..HB-.. ....Y !...hIG.....N..........XBs..A9i-Q.y.p.u(..R..d.~.aY...<.5.%....5--c..Q.J#EW...k....:..c...:..C.8.vn....X,.}%....I......9.Qw..$P,.2..Oe...1^v...W.%....H08.....,........1pI}.K.m.%5...j%.[t......+....S...M.O.N2...#.I..bfw....x.K..In...V...3..BW.b!Z....&.L5...=...9.fm&.A.j.DbYg4I..qXCG....,o%...1..x.E.%y.....Z..?..2...jV.....d.&.....R)/.s.w,A..&e..X..Y.I...:,.;....Q-.Nr.F...tR;.....Wh".y).....g.k..v......%..;..OSffg.2......J..............U.+Gp.I..&.3..<...76.y....{..B..^....X.$..[je.E\5.s.N1.9TTh0.....S.......5G_........:.c..?.....Z..

Chrome Cache Entry: 92

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	68151
Entropy (8bit):	7.991829513457792
Encrypted:	true
SSDEEP:
MD5:	8ED06DAA895DCEB280AC7FBB74BCB830
SHA1:	7CCAEAEFBCE0B6074E5F1D5ED9E03BA5C34696B7
SHA-256:	C54E8F190433351F740B71E2171C24866A495E554507D012A66B531E3460324E
SHA-512:	4DD9E6D623A8A7B04248E12B2AB2D28EA9A34D3FFED76B5336FB6DF63944F021FA4F24C99DA13EB4B0BDF443076977ABD8F1EFF66F4B622EDA67EA255FA17B81
Malicious:	false
Reputation:	unknown
URL:	https://eo.chuylerf.com/pxrubdmbpaalgorl1q0mm7cogzm9vyth190zhe4gtnq57?FOVHHHCJEDPHEYBFYHBWMJNSLXMTLD
Preview:	(./..XT0..KL.+..<.......y........%....m.n.nW.."W.a4+........U\|.....R.P,2...+.w.......}..:.W,,km.%.Xc...Y.6......./.b..3.#.....z..%(X.\|.F........'.=<o...{...J#.N.s./.Z..cmu~.U...Z..H....J.\|....H..F....Q.u......4x....H.{......X,.Y..2"Y..1.O....L.oX...AA.....r..M.X..m..?..Hn.-Z.ke._Mo..4.,_:5n(....4v..h5...'6@k.[7\.6).b+'&....,..5.....6....N.x.\_.[...8...Yc.Mz.+t..}...o..%W..$....y.'...W..._...\|#.....k$....#\|#..$xb.K..O..^J....y.iy`xb/.$...xb.z)....K.V...........4}k..h..Nr...^.z=.^.,W........\|.+.=A.I.._..b]4...m.[L.'.):]..at=hr........y.>...l.R.m...{.>..pm.<y.f.f.4..m.z....gkC..0.-..m[.mG.....A..\|.+.R{......k...'....`k.I.Dzr......@.P..\|m.....X..+3?../..........A..>......4IN5e.&FP.j&..A.......)F.9.(cA9./6..8`......5UO.j ....r.(A.!9Ot...s@..."..J..N..Uk......!A....G..@...SEO6...$....U.{@l.e....AGM.t.=...{..T.EQ..&.F.B(. .q.gy^.`Ol..4~"ZQ.b...9...S.. ......a.R...H.$i.Q...A*...`py..a.......h...$.B..!\................,.9.D

Chrome Cache Entry: 93

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=12, height=8455, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3
Category:	dropped
Size (bytes):	35384
Entropy (8bit):	2.4646271751923146
Encrypted:	false
SSDEEP:
MD5:	853A32F7688D230AAC0A53EB297F7E2B
SHA1:	D7B1539F9CE06281AE2D8AA99DE37C45796C49E7
SHA-256:	5F748CCBE6CF8BB45AF58343159D97E92DE999669A57A41C8BD2031CD671F6FF
SHA-512:	6ADDF43E1FFB22AA15D51FC7628ADF688B71578CF752D753CE07A8DF03BAC22B3BB27F32A7810955076488B027CC37C73C2BF056DFD09A66BF08F284A660A929
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....H.H.....>Photoshop 3.0.8BIM..........Z...%G........8BIM.%.........}....pv....N8BIM.:....................printOutput........PstSbool.....Inteenum....Inte....Clrm....printSixteenBitbool.....printerNameTEXT..........printProofSetupObjc.....P.r.o.o.f. .S.e.t.u.p......proofSetup........Bltnenum....builtinProof....proofCMYK.8BIM.;.....-..............printOutputOptions........Cptnbool.....Clbrbool.....RgsMbool.....CrnCbool.....CntCbool.....Lblsbool.....Ngtvbool.....EmlDbool.....Intrbool.....BckgObjc..........RGBC........Rd doub@o..........Grn doub@o..........Bl doub@o..........BrdTUntF#Rlt............Bld UntF#Rlt............RsltUntF#Pxl@R..........vectorDatabool.....PgPsenum....PgPs....PgPC....LeftUntF#Rlt............Top UntF#Rlt............Scl UntF#Prc@Y..........cropWhenPrintingbool.....cropRectBottomlong........cropRectLeftlong........cropRectRightlong........cropRectToplong.....8BIM.........H.......H......8BIM.&................?...8BIM............8BIM............8BIM....

Chrome Cache Entry: 94

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 100 x 77, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	12087
Entropy (8bit):	7.975634403117881
Encrypted:	false
SSDEEP:
MD5:	F8B7637500D28420B64E2E0C558350CF
SHA1:	5F03F88798F1C077D2D18F142463007E109B347C
SHA-256:	251F84D6CB48F079548B4B3AA5392B539D85FFD9F03B7BE543C64CFC6695FA66
SHA-512:	BA48BCFD592666571AD6B24B6ECD572496ADBFEBA48916F43B1687D639C9B2AE0B30C64F0A1A8EA87079AB00B4401D7C82611D4AA5F0238950B52B0F7CCB8EA3
Malicious:	false
Reputation:	unknown
URL:	https://2602be50ef1bade7a2db-b79efcb2159d30e50ba2339a24d7c7ed.ssl.cf3.rackcdn.com/files/f8b7637500d28420b64e2e0c558350cf.png
Preview:	.PNG........IHDR...d...M.....PA......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.}gs.W.-...W..w.3wf.F..DI$.L.HD.9... H.9I..%....AZ..f....0......>}..k..N...$..J,..H$&.FC....Y).....P(..t:%.rE......R)i..#._E..$.I..C...$..J2..../..J.R.\|6...K$.s....y+...g.5?E....T.7$.....A.R.W.V.J../..RF.6.M1.nq.".Ac3....I....."?.,.RY.v...y\|/..` ...._\|...X......!...%w .o..;....L.......\|s....;.....gO.....W...27)~._~.sGff&..>.._...).f[r........e9..L..lZ.kkR.(.7.em.-.RQV{....c.0."Q..r:............G...w:....=.........D.....p............3...D0.j......Uiw{x.MqY......m.c_.....v]....I..V.dfn^.@.z.......&A R6....9........l...$.3.291)...Xm+.l\..E1...j...d....Y6...t.Cq8 ..x......S....^K...b...b4.^KK277'.e.8.vm.g.2>...1[,h.ILh..4...y...`P\|>....\|z...x...w........b..l.{.\...u...vX..e.E.aqa^.h....~..l..>w9]b.wC..Ox.Y.T.3..fU..."...........](..l...FK..yhc..,%.`X...p?*.NGV.M).c.5.kS...Rh.d..N.).@T.......w....O/~]..i.%..KkuM...lJM....Y[.B&)KK.6...L..rA...5....}...F.%[;.y

Chrome Cache Entry: 95

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Category:	downloaded
Size (bytes):	43596
Entropy (8bit):	7.9952701440723475
Encrypted:	true
SSDEEP:
MD5:	2A05E9E5572ABC320B2B7EA38A70DCC1
SHA1:	D5FA2A856D5632C2469E42436159375117EF3C35
SHA-256:	3EFCB941AADDAF4AEA08DAB3FB97D3E904AA1B83264E64B4D5BDA53BC7C798EC
SHA-512:	785AB5585B8A9ED762D70578BF13A6A69342441E679698FD946E3616EF5688485F099F3DC472975EF5D9248AFAAD6DA6779813B88AA1DB60ABE2CC065F47EB5F
Malicious:	false
Reputation:	unknown
URL:	https://eo.chuylerf.com/GDSherpa-vf.woff2
Preview:	wOF2.......L.......P..............................U...z...?HVAR.;?MVARF.`?STAT...H/L.....@..P..>.0....6.$..x. .....{[.q....Rl....t..~v....(....T.t.;..n'..v=....?...l].xI...m."..?hNX.,...8.;G...m,}.h.>(=[...m/.>....8&f..&.......].u...&.VD..].<..yR.eb<,x......)..c..t...k...9..o.T..R9..kq..TR%U..v....r._......D...f..=qH...8.<...x..(V.I.h.L3#]8...-.z.........3.9V..........u.........x.....S_...\1...&6...j^...c;()m.J.....>....xz..Y...\|.7......!.jw...,.L.;N.......n......].....8].R..d.....`.R.B..#..,...1R.UJD..b.`.0<....FA=..{.....`....c...R..Uy..J.k.".j..N.{w..UT<.8T66...H,...FH.GS.G.]......?.T.!4..8...B...l.p@.......t.o...v...b.g..?..m..!.%.....x..MC1M...........k...})..+N.....Q_yS.X.11a....&`..'".xZ..=b^...iD...} .. ..b...}DIvu.q....k.4.....@.....P..j..)..'.L......b..RQjII..Qk.T.l._wO..$....!c..%.{.._N..E@....A...?...aW.y.gf.g.&E... ~.x.b....b...~......f/.....G....J.6.y.....zE@T.a.0^Ul......S:..,..}..B.R..Rt~.v...L:`4.IKA..V...x&@...h.7.P......

Chrome Cache Entry: 97

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 35970, version 1.0
Category:	downloaded
Size (bytes):	35970
Entropy (8bit):	7.989503040923577
Encrypted:	false
SSDEEP:
MD5:	496B7BBDE91C7DC7CF9BBABBB3921DA8
SHA1:	2BD3C406A715AB52DAD84C803C55BF4A6E66A924
SHA-256:	AE40A04F95DF12B0C364F26AB691DC0C391D394A28BCDB4AEACFACA325D0A798
SHA-512:	E02B40FEA8F77292B379D7D792D9142B32DFCB887655A2D1781441227DD968589BFC5C00691B92E824F7EDB47D11EBA325ADE67AD08A4AF31A3B0DDF4BB8B967
Malicious:	false
Reputation:	unknown
URL:	https://eo.chuylerf.com/GDSherpa-bold.woff
Preview:	wOFF..............$ .......\...&............DSIG...T............GPOS..........N..B..GSUB...`.........3y.OS/2.......F...`i.{[cmap...X.......<.?+.cvt ......./...<)...fpgm............?...gasp................glyf..!t..Ra....$.ihead..s....3...6..}.hhea..t....!...$....hmtx..t0.......x?s.#loca..w.........LC%.maxp..{X... ... .5..name..{x..........post..~@........1+.,prep.............P..x..\.tU..;y...!..!..R.4."(."".U..V.]3...r..5c...j....._.7U...H..1MSE...0b..b&.......%..w...}.{.......u...s..g..soBLD~.C.)n..1.Q...z.q. ..R..)n.QY.v..{.(...o...O.......G...{to.~.....,..#<.w...W...?6..3....2.)O........].`_a..F'.6..."}&..$'.K...a..NK$..01ar......-.Do_. .H.].x'{....n....{.\|.L.p..u...-.w}.}...~.....(.zP:..^t.=D?..i9.....m.......AE.......J.....j......q&_...`....P....M<.o.[.V....H..Sx:...<.g.....x>/.......^..x9.....Ws...&.....x....jUJ...B.S...2(_...U...Q...<..y.j.y...P.x.:....m+..V.....5h[.~E.WL..rp....0..Pu..$OA....LJ.Y.....9.e...L..... /"?.m.......+..J.........

Static File Info

⊘No static file info