Play interactive tour

Edit tour

Windows Analysis Report http://covid-19.in.th/

Overview

General Information

Sample URL:	http://covid-19.in.th/
Analysis ID:	451066
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

iexplore.exe (PID: 2396 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4800 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2396 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49730 version: TLS 1.2

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: covid-19.in.thConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/main.css HTTP/1.1Accept: text/css, /Referer: http://covid-19.in.th/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: covid-19.in.thConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/bm/cv/669835187/api.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://covid-19.in.th/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: covid-19.in.thConnection: Keep-Alive

Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: "http://www.facebook.com/cloudflare", equals www.facebook.com (Facebook)
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: "http://www.twitter.com/cloudflare", equals www.twitter.com (Twitter)
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: "http://www.youtube.com/user/CloudflareTeam" equals www.youtube.com (Youtube)
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: "https://www.linkedin.com/company/cloudflare", equals www.linkedin.com (Linkedin)

Source: unknown

DNS traffic detected: queries for: covid-19.in.th

Source: unknown

HTTP traffic detected: POST /cdn-cgi/bm/cv/result?req_id=6719d64d08990eb7 HTTP/1.1Accept: */*Content-Type: application/jsonReferer: http://covid-19.in.th/Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: covid-19.in.thContent-Length: 355Connection: Keep-AliveCache-Control: no-cache

Source: chunk-5d677ef1b4eeb74635d3[1].js.3.dr	String found in binary or memory: http://api.jqueryui.com/category/ui-core/
Source: ~DF64BF8B4AEFB55D6C.TMP.2.dr	String found in binary or memory: http://covid-19.in.th/
Source: ~DF64BF8B4AEFB55D6C.TMP.2.dr	String found in binary or memory: http://covid-19.in.th/N
Source: {FBE078D1-E967-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: http://covid-19.in.th/Root
Source: chunk-5d677ef1b4eeb74635d3[1].js.3.dr	String found in binary or memory: http://getify.mit-license.org
Source: chunk-55d37f7935d3778f0709[1].js.3.dr	String found in binary or memory: http://greensock.com
Source: chunk-55d37f7935d3778f0709[1].js.3.dr	String found in binary or memory: http://greensock.com/standard-license
Source: chunk-5d677ef1b4eeb74635d3[1].js.3.dr	String found in binary or memory: http://jquery.org/license
Source: chunk-5d677ef1b4eeb74635d3[1].js.3.dr	String found in binary or memory: http://jqueryui.com
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: http://plus.google.com/
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: http://schema.org
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: http://schema.org/Article
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: http://www.cloudflare.com
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: http://www.twitter.com/cloudflare
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: http://www.youtube.com/user/CloudflareTeam
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/css/application-ee0728fba2.min.css
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-01f71c423e068664057e.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-06380521ff19239efe05.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-1560bda32b9d6d231e95.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-1c4da1169909c3c43069.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-232ffa51e57f882f0534.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-27eef9fa207b28718df2.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-3125ea56e87c986b133e.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-55ad6e1817237ece29a0.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-55d37f7935d3778f0709.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-5c6ec7c6f9d0b6f9dd57.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-5d677ef1b4eeb74635d3.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-5f991135348b5b16cb1b.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-962e1864decb73b3a75a.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-cc3c9c6363f24544e951.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-cd8895b507ee9e702e17.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-e06d79a8c06c0d46865a.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-e50bafad0559f7d0a0f0.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-e6a0177c9a8b595a3dd2.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/runtime-6a16446847617098e330.js
Source: e34df59b-4a48-4bf9-b2b5-7a4bb09cd231[1].json.3.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
Source: e34df59b-4a48-4bf9-b2b5-7a4bb09cd231[1].json.3.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2Data.json
Source: e34df59b-4a48-4bf9-b2b5-7a4bb09cd231[1].json.3.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
Source: e34df59b-4a48-4bf9-b2b5-7a4bb09cd231[1].json.3.dr	String found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Source: api[1].js0.3.dr	String found in binary or memory: https://github.com/antoinevastel/picasso-like-canvas-fingerprinting
Source: chunk-e6a0177c9a8b595a3dd2[1].js.3.dr	String found in binary or memory: https://github.com/imakewebthings/waypoints/blob/master/licenses.txt
Source: chunk-5d677ef1b4eeb74635d3[1].js.3.dr	String found in binary or memory: https://github.com/polygonplanet/weakmap-polyfill
Source: chunk-232ffa51e57f882f0534[1].js.3.dr	String found in binary or memory: https://jquery.com/
Source: chunk-232ffa51e57f882f0534[1].js.3.dr	String found in binary or memory: https://jquery.org/license
Source: chunk-232ffa51e57f882f0534[1].js.3.dr	String found in binary or memory: https://js.foundation/
Source: chunk-232ffa51e57f882f0534[1].js.3.dr	String found in binary or memory: https://sizzlejs.com/
Source: chunk-5d677ef1b4eeb74635d3[1].js.3.dr	String found in binary or memory: https://vimeo.com/api/oembed.json?url=
Source: chunk-cd8895b507ee9e702e17[1].js.3.dr	String found in binary or memory: https://www.cloudflare.com
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing/
Source: imagestore.dat.3.dr	String found in binary or memory: https://www.cloudflare.com/favicon.ico
Source: imagestore.dat.3.dr	String found in binary or memory: https://www.cloudflare.com/favicon.ico~
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://www.cloudflare.com/img/cf-facebook-card.png
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://www.cloudflare.com/img/cf-twitter-card.png
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://www.cloudflare.com/vendor/onetrust/scripttemplates/otSDKStub.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://www.linkedin.com/company/cloudflare

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725

Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49730 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/56@4/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF57B235A356874BB7.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2396 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2396 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol3	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://covid-19.in.th/	0%	Virustotal		Browse
http://covid-19.in.th/	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
covid-19.in.th	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://covid-19.in.th/cdn-cgi/styles/main.css	0%	Avira URL Cloud	safe
http://covid-19.in.th/cdn-cgi/bm/cv/669835187/api.js	0%	Avira URL Cloud	safe
http://covid-19.in.th/N	0%	Avira URL Cloud	safe
http://covid-19.in.th/cdn-cgi/bm/cv/result?req_id=6719d64d08990eb7	0%	Avira URL Cloud	safe
http://covid-19.in.th/Root	0%	Avira URL Cloud	safe
https://js.foundation/	0%	URL Reputation	safe
https://js.foundation/	0%	URL Reputation	safe
https://js.foundation/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.cloudflare.com	104.16.124.96	true	false		high
assets.www.cloudflare.com	104.16.124.96	true	false		high
covid-19.in.th	172.67.159.246	true	false	0%, Virustotal, Browse	unknown
favicon.ico	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://covid-19.in.th/	false		unknown
http://covid-19.in.th/cdn-cgi/styles/main.css	false	Avira URL Cloud: safe	unknown
http://covid-19.in.th/cdn-cgi/bm/cv/669835187/api.js	false	Avira URL Cloud: safe	unknown
http://covid-19.in.th/cdn-cgi/bm/cv/result?req_id=6719d64d08990eb7	false	Avira URL Cloud: safe	unknown
http://covid-19.in.th/	false		unknown
https://www.cloudflare.com/5xx-error-landing/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://jquery.org/license	chunk-5d677ef1b4eeb74635d3[1].js.3.dr	false		high
https://assets.www.cloudflare.com/js/chunk-01f71c423e068664057e.js	5xx-error-landing[1].htm.3.dr	false		high
https://assets.www.cloudflare.com/js/chunk-232ffa51e57f882f0534.js	5xx-error-landing[1].htm.3.dr	false		high
https://assets.www.cloudflare.com/js/chunk-1c4da1169909c3c43069.js	5xx-error-landing[1].htm.3.dr	false		high
http://greensock.com/standard-license	chunk-55d37f7935d3778f0709[1].js.3.dr	false		high
http://jqueryui.com	chunk-5d677ef1b4eeb74635d3[1].js.3.dr	false		high
https://assets.www.cloudflare.com/js/chunk-5d677ef1b4eeb74635d3.js	5xx-error-landing[1].htm.3.dr	false		high
https://assets.www.cloudflare.com/js/chunk-55d37f7935d3778f0709.js	5xx-error-landing[1].htm.3.dr	false		high
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location	e34df59b-4a48-4bf9-b2b5-7a4bb09cd231[1].json.3.dr	false		high
https://www.cloudflare.com/vendor/onetrust/scripttemplates/otSDKStub.js	5xx-error-landing[1].htm.3.dr	false		high
https://github.com/polygonplanet/weakmap-polyfill	chunk-5d677ef1b4eeb74635d3[1].js.3.dr	false		high
https://www.cloudflare.com/favicon.ico~	imagestore.dat.3.dr	false		high
https://www.cloudflare.com/img/cf-facebook-card.png	5xx-error-landing[1].htm.3.dr	false		high
http://schema.org/Article	5xx-error-landing[1].htm.3.dr	false		high
http://schema.org	5xx-error-landing[1].htm.3.dr	false		high
https://cdn.cookielaw.org/vendorlist/googleData.json	e34df59b-4a48-4bf9-b2b5-7a4bb09cd231[1].json.3.dr	false		high
https://www.linkedin.com/company/cloudflare	5xx-error-landing[1].htm.3.dr	false		high
https://assets.www.cloudflare.com/js/chunk-1560bda32b9d6d231e95.js	5xx-error-landing[1].htm.3.dr	false		high
https://cdn.cookielaw.org/vendorlist/iabData.json	e34df59b-4a48-4bf9-b2b5-7a4bb09cd231[1].json.3.dr	false		high
https://vimeo.com/api/oembed.json?url=	chunk-5d677ef1b4eeb74635d3[1].js.3.dr	false		high
https://assets.www.cloudflare.com/js/chunk-55ad6e1817237ece29a0.js	5xx-error-landing[1].htm.3.dr	false		high
https://cdn.cookielaw.org/vendorlist/iab2Data.json	e34df59b-4a48-4bf9-b2b5-7a4bb09cd231[1].json.3.dr	false		high
https://assets.www.cloudflare.com/js/chunk-06380521ff19239efe05.js	5xx-error-landing[1].htm.3.dr	false		high
https://assets.www.cloudflare.com/js/chunk-cc3c9c6363f24544e951.js	5xx-error-landing[1].htm.3.dr	false		high
https://www.cloudflare.com/img/cf-twitter-card.png	5xx-error-landing[1].htm.3.dr	false		high
http://greensock.com	chunk-55d37f7935d3778f0709[1].js.3.dr	false		high
http://www.twitter.com/cloudflare	5xx-error-landing[1].htm.3.dr	false		high
https://assets.www.cloudflare.com/js/chunk-962e1864decb73b3a75a.js	5xx-error-landing[1].htm.3.dr	false		high
https://assets.www.cloudflare.com/js/chunk-e6a0177c9a8b595a3dd2.js	5xx-error-landing[1].htm.3.dr	false		high
http://covid-19.in.th/N	~DF64BF8B4AEFB55D6C.TMP.2.dr	false	Avira URL Cloud: safe	unknown
https://assets.www.cloudflare.com/js/chunk-5c6ec7c6f9d0b6f9dd57.js	5xx-error-landing[1].htm.3.dr	false		high
https://assets.www.cloudflare.com/css/application-ee0728fba2.min.css	5xx-error-landing[1].htm.3.dr	false		high
https://github.com/imakewebthings/waypoints/blob/master/licenses.txt	chunk-e6a0177c9a8b595a3dd2[1].js.3.dr	false		high
http://getify.mit-license.org	chunk-5d677ef1b4eeb74635d3[1].js.3.dr	false		high
https://assets.www.cloudflare.com/js/chunk-e06d79a8c06c0d46865a.js	5xx-error-landing[1].htm.3.dr	false		high
https://github.com/antoinevastel/picasso-like-canvas-fingerprinting	api[1].js0.3.dr	false		high
http://api.jqueryui.com/category/ui-core/	chunk-5d677ef1b4eeb74635d3[1].js.3.dr	false		high
https://www.cloudflare.com	chunk-cd8895b507ee9e702e17[1].js.3.dr	false		high
https://assets.www.cloudflare.com/js/chunk-27eef9fa207b28718df2.js	5xx-error-landing[1].htm.3.dr	false		high
http://covid-19.in.th/Root	{FBE078D1-E967-11EB-90E4-ECF4BB862DED}.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://assets.www.cloudflare.com/js/chunk-5f991135348b5b16cb1b.js	5xx-error-landing[1].htm.3.dr	false		high
https://jquery.org/license	chunk-232ffa51e57f882f0534[1].js.3.dr	false		high
http://plus.google.com/	5xx-error-landing[1].htm.3.dr	false		high
https://jquery.com/	chunk-232ffa51e57f882f0534[1].js.3.dr	false		high
https://assets.www.cloudflare.com/js/runtime-6a16446847617098e330.js	5xx-error-landing[1].htm.3.dr	false		high
https://www.cloudflare.com/5xx-error-landing/	5xx-error-landing[1].htm.3.dr	false		high
http://www.youtube.com/user/CloudflareTeam	5xx-error-landing[1].htm.3.dr	false		high
https://www.cloudflare.com/favicon.ico	imagestore.dat.3.dr	false		high
http://www.cloudflare.com	5xx-error-landing[1].htm.3.dr	false		high
https://sizzlejs.com/	chunk-232ffa51e57f882f0534[1].js.3.dr	false		high
https://js.foundation/	chunk-232ffa51e57f882f0534[1].js.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://assets.www.cloudflare.com/js/chunk-3125ea56e87c986b133e.js	5xx-error-landing[1].htm.3.dr	false		high
https://assets.www.cloudflare.com/js/chunk-cd8895b507ee9e702e17.js	5xx-error-landing[1].htm.3.dr	false		high
https://assets.www.cloudflare.com/js/chunk-e50bafad0559f7d0a0f0.js	5xx-error-landing[1].htm.3.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.159.246	covid-19.in.th	United States		13335	CLOUDFLARENETUS	false
104.16.124.96	www.cloudflare.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	451066
Start date:	20.07.2021
Start time:	07:36:33
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 33s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	http://covid-19.in.th/
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@3/56@4/2
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://www.cloudflare.com/5xx-error-landing
Warnings:	Show All Exclude process from analysis (whitelisted): ielowutil.exe, backgroundTaskHost.exe, svchost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 104.43.139.144, 23.203.80.193, 104.43.193.48, 20.82.209.183 Excluded domains from analysis (whitelisted): e11290.dspg.akamaiedge.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, go.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, arc.trafficmanager.net, skypedataprdcolcus16.cloudapp.net, watson.telemetry.microsoft.com, arc.msn.com, skypedataprdcolcus15.cloudapp.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\8120Q1N4\www.cloudflare[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	39
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aK1r0aK1r0aKb:JFK1rFK1rFKb
MD5:	B9C5EB570521110110BB7DFF12AF780D
SHA1:	27F5BEBC2200FD8D0B51A93D1357EA954BE44079
SHA-256:	90171F10A6467C9DC31143859BAB69D045B67B39E2E49D92BB7168B383C4D1AB
SHA-512:	BC81539E62D643808CBDA3D86050058F379B2F0347CE65CBBA9797D386401C886B22AC4C0B2BE68197AE10C83A1E22A14232CD531C8D139DD3C031DB423EA355
Malicious:	false
Reputation:	low
Preview:	<root></root><root></root><root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FBE078CF-E967-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8523381094637805
Encrypted:	false
SSDEEP:	96:rcZnZN2CWbCdtbCZfbCktMb/bBAbBhxfbBhQRcX:rcZnZN2CWOdtOZfOktMTNANjfN0cX
MD5:	75B6923EED70574AF5CEC147EDE38B68
SHA1:	8D364E99DA2BDC9F47F9B5E2FEAADF826B398C4B
SHA-256:	8434CC766BA7176482EF8F6F4450EDEFC20772BC8BE22D3F044F22028C1DD649
SHA-512:	9C451EE2DB89AFE84692B555A8603B87EF24BA335E7CAF26DEE438D62DA1F812A64ECA1178F85CC3DB3144A7C8594DB40DCE8316BC2FC71EBF3BCD47D76D13E3
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FBE078D1-E967-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	34046
Entropy (8bit):	1.8577047551626906
Encrypted:	false
SSDEEP:	96:rHZAQU6uBShjF29WiMSgWzBUwNRmtRrGe52:rHZAQU6ukhjF29WiMSgWzB3N8tdG82
MD5:	4B6AFC718A577D23B4078A66CC9C77AB
SHA1:	2A41A10702E0C8E9302AFF96CD4957BE411A09EF
SHA-256:	B79164EF48B598A1712BFA8D8767BEE27E12849E6DB61E3B44B1FB782D2061D7
SHA-512:	4233BE28A9D3B66CCF9130ECF9342526E7D0ABD03C1487479EFD19B7C8FB2966F0D8B8ED54ED8577BAE780FE8AE840A6D4F6221E788EC69F02572235A6074952
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FBE078D2-E967-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5657246385434567
Encrypted:	false
SSDEEP:	48:IwUGcprZGwpa8G4pQcGrapbSdGQpK7G7HpR0TGIpG:rIZTQc6aBSnA6TQA
MD5:	BD3C09ED45DE42B0C6DCA74EBE9DCA68
SHA1:	D560B5752B60B55F5D8A1BC0D0FA76104A421AF8
SHA-256:	8A7093BE1A10611029A9B99298EAE15C9C716CF74FB5DF813378F79029E0C6CD
SHA-512:	AC6666B849146ADEA96240C278C5A4AFCDB3857E8EB8A7D18768FBB5DBC5D11F9DC3AD8C17E10D83C7FA0FC7C27E7FDEAF5D4C5CA1433DA1FF3784BD969990AA
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	35088
Entropy (8bit):	3.089951954871294
Encrypted:	false
SSDEEP:	96:q0Or5hOoWQhk2fAewbVq/iwa2R7QV8pz4DopTPGFsb2:SblcU6uRy8pvO
MD5:	38FBA069009B0CC9E3807426A7C0C8C0
SHA1:	4C36635E971EF82F32913CD5AE7530C966D85FDA
SHA-256:	0617475066F098403C9DED92F9CE31EC6A1FE91B9BA3E2D318BC0E73C33A465C
SHA-512:	B0395A653FA795D18AA3F8E8F6DCF11F0FEA68DCCE09348821C9E55C1C927DEC954A7C90C84F3C73110A86E38783743D4E273B3F377784FEA7A5473CC1FDC457
Malicious:	false
Reputation:	low
Preview:	&.h.t.t.p.s.:././.w.w.w...c.l.o.u.d.f.l.a.r.e...c.o.m./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... ............................................................................................................................................................................................................................................................................................h...........................................................Zd... ... ... ... ... ... ... ... ... ...B.......N...@...@...s......6.... ... ...?...[...a...g...l...r...............}...M...............m... ... ... ... ... ... ... ... ...[...j...@...d..................P ... ... ... ... ... ... ... ... ..........X.......................6...Hf... ... ... ... ... ...B...........................................G... ... ... ...5......2...............................................X.......f................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\5xx-error-landing[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	19534
Entropy (8bit):	5.258889266190977
Encrypted:	false
SSDEEP:	384:PSiI2MEVpqhAGh+7rjYJ9B3IQyqYl3XBa5OF8ko+V8/J39P0x3:PV6AGh+7rjYJ9B3IPhnBkJko+V8/J39+
MD5:	95C01EF7019FF0EF6E8535634CA52087
SHA1:	970E97070998A33B67E9A0E8A09ED29ED1328A50
SHA-256:	E82385BFBD576B0DCDC13DEB989A17E130DA1B5C6A2586B4F4574A12069AE74E
SHA-512:	6EBE97753E81BC502C65F223E7EEE293438E908F0BE3267ECA2BC03353D0D50970E831D86229CE152582B955E6FFB81BC4EBB8970A322F15CC5E2DD70B26F65F
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/5xx-error-landing/
Preview:	.<!DOCTYPE html>.<html lang="en-us" itemscope itemtype="http://schema.org/Article">.<head><script>window.redwood={"consentGroups":{"C0001":false,"C0002":false,"C0003":false,"C0004":false},"country":"CH","colo":"FRA","user":null,"locale":"en-US"}</script>. <script type="text/javascript">. var OneTrust={"geolocationResponse":{"stateCode":"ZH","countryCode":"CH"}}. </script>. <script>. const acceptedLocales = [. 'en-au',. 'en-ca',. 'en-gb',. 'en-in',. 'en-us',. 'de-de',. 'es-es',. 'es-la',. 'fr-fr',. 'it-it',. 'ja-jp',. 'ko-kr',. 'pt-br',. 'zh-tw',. 'zh-cn',. ];. const orphanLocales = [. 'ru-ru',. 'sv-se',. 'nl-nl',. 'vi-vn',. 'th-th',. 'id-id',. ];. const ignoreList = [. 'apps',. 'docs',. 'rate-limit-test',. 'rss',. ]. function getPathFromLocale(locale, code, pathString) {. if ( locale === code \|\| !acceptedLocales.includes(c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ao-com[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	2260
Entropy (8bit):	3.78899141290085
Encrypted:	false
SSDEEP:	48:ZIrv0/OWp9GDtxUVbgiFzM7JvNiNlN/hUaPlHlDKXqWus81L:arc2g9GDMbgiFMGXNOatF/sS
MD5:	35250DF100EA12026E3F89D01AA86CF5
SHA1:	AAEA904EF92151B36C7C716A017E2E56058FBFD5
SHA-256:	1C628EA1BB79FEA6C359F96B1212499AB6062B192E3BCC088F2CE0586610B092
SHA-512:	FFC683AC15DF433260BF7BFE7A742C953BF9CF4239F90D3D147ADCEE97C694A1DE343E98F212660C563E0EE53BC666A7169ED78F9516253BF7116F8ED316B072
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/logo/black/ao-com.svg
Preview:	<svg data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 40"><path d="M24.6 12.2a3.5 3.5 0 0 1-3.5-3.5 3.5 3.5 0 0 1 3.5-3.4A3.4 3.4 0 0 1 28 8.7a3.5 3.5 0 0 1-3.4 3.5M30.9.3a2.8 2.8 0 0 0-2.6 1.6A5.5 5.5 0 0 0 24 .1a8.6 8.6 0 0 0-8.5 8.8c0 5.2 3.8 8.8 8.2 8.8a6.1 6.1 0 0 0 4.6-1.9 2.7 2.7 0 0 0 2.6 1.7c1.8 0 2.6-1.2 2.6-3.6v-10c0-2.5-.8-3.6-2.6-3.6M45.9 12.4a3.4 3.4 0 1 1 0-6.8A3.5 3.5 0 0 1 49.4 9a3.5 3.5 0 0 1-3.5 3.4m0-12.4c-5.3 0-9.2 3.7-9.2 8.9s3.9 8.9 9.2 8.9 9.2-3.7 9.2-8.9S51.3 0 45.9 0M52.2 24.8H52V24l-.3.5h-.1l-.3-.5v.8h-.2v-1.1h.2l.4.5.3-.5h.2zm-1.2-1h-.4v1h-.2v-1h.6zm1.2-1.3h-4.6a1.3 1.3 0 0 0-1.3 1.1 11.4 11.4 0 0 1-11.2 9.3 10.7 10.7 0 0 1-8.1-3.4 10.4 10.4 0 0 1-3.2-6 1.3 1.3 0 0 0-1.3-1h-4.6a1.3 1.3 0 0 0-1.3 1.3 17.9 17.9 0 0 0 5.3 10.7A18 18 0 0 0 35.1 40a17.9 17.9 0 0 0 13.1-5.4 17.9 17.9 0 0 0 5.3-10.7 1.3 1.3 0 0 0-1.3-1.3M56.3 17.2a1.2 1.2 0 0 1-1.1.4 1.2 1.2 0 0 1-.9-.3c-.3-.1-.4-.5-.4-.9a1 1 0 0 1 .4-.9 1.6 1.6 0 0 1 1.1-.3c.4 0 .8.1.9.3a1.1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\discord[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1754
Entropy (8bit):	4.049997904829301
Encrypted:	false
SSDEEP:	48:ZczzzgxFSd+GOp9pPSYvlhAZkUf44/ya4y2lN5EUF9nUkd2kMO:6zzzgKdX4tCojNF9nwkMO
MD5:	3448F00B277AFBFBA697CE8F31FF2489
SHA1:	E546276DF70EB84552E57C0E85650D7C1A3B9964
SHA-256:	18B0F4EE016FF8DA58E83BBC3387B0CEE3011636E6AAFC7F65CA3193444FDA07
SHA-512:	84E355D0C0FF32315153BBA83DEB501CFB8E5412F55F289447F563027FB9934A1965D4421FB1EC71882048E11331A29BFA6B1956D8BF275FC160B5BE96CAD6A4
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/logo/black/discord.svg
Preview:	<svg data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 40"><path d="M14.6 17.8a1.5 1.5 0 0 0-1.4 1.5 1.4 1.4 0 1 0 2.8 0 1.5 1.5 0 0 0-1.4-1.5zm-5 0a1.5 1.5 0 0 0-1.4 1.5 1.4 1.4 0 1 0 2.8 0 1.5 1.5 0 0 0-1.4-1.5z" fill="#404242"/><path d="M21.3 6.3H2.8A2.9 2.9 0 0 0 0 9.2v18.4a2.9 2.9 0 0 0 2.8 2.9h15.7l-.8-2.6 1.8 1.7 1.7 1.5 2.9 2.6V9.2a2.8 2.8 0 0 0-2.8-2.9zM16 24.2l-.9-1.1a4.4 4.4 0 0 0 2.5-1.6l-1.6.8-2 .6a10.6 10.6 0 0 1-3.6-.1l-2-.5-1-.5h-.2l-.4-.2a5.1 5.1 0 0 0 2.4 1.6l-.9 1.1a5.1 5.1 0 0 1-4.2-2.1 18.3 18.3 0 0 1 2-8 7.3 7.3 0 0 1 3.8-1.4l.2.2a8.6 8.6 0 0 0-3.6 1.8l.8-.4a10.9 10.9 0 0 1 3.1-.9h3a10.6 10.6 0 0 1 4.2 1.3 8.6 8.6 0 0 0-3.5-1.8l.2-.2a7.5 7.5 0 0 1 3.9 1.4 18.3 18.3 0 0 1 2 8 5.1 5.1 0 0 1-4.2 2zm20.8-12h-4.6v5.2l3.1 2.7v-5h1.6c1 0 1.5.5 1.5 1.3v3.8a1.3 1.3 0 0 1-1.5 1.4h-4.7v2.9h4.6c2.4 0 4.7-1.2 4.7-4v-4.1c0-2.9-2.3-4.2-4.7-4.2zm24 8.3v-4.3c0-1.5 2.7-1.8 3.5-.3l2.5-1a4.5 4.5 0 0 0-4.3-2.8c-2.4 0-4.8 1.4-4.8 4.1v4.3c0 2.7 2.4 4.1 4.8 4.1a4.9

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\e34df59b-4a48-4bf9-b2b5-7a4bb09cd231[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	3235
Entropy (8bit):	4.758403532551476
Encrypted:	false
SSDEEP:	96:Oym9740rwxeWit5GHQYa6Ay6jfjVjQt4A:erWit56v+bdbA
MD5:	EED86A060DC84BB386C91A036C7379CD
SHA1:	C9BDEA10B2410AFCAAB8566E09D7E6A2CECA214D
SHA-256:	0A7037843713FE40028AC64F9E8295ECC778FE75E1AB4EB413D44F4EB8F61C79
SHA-512:	2602AEBF102F30473BB956984CFB5FD98BF99A0B29170834E20C4BA1CE4045E1B97F3D68BA25325A332DB4BD2ECDBB9ADB9BD2BFC38D2874C7EE53BD3DBB62B6
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/vendor/onetrust/consent/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231.json
Preview:	{"CookieSPAEnabled":false,"MultiVariantTestingEnabled":false,"UseV2":true,"MobileSDK":false,"SkipGeolocation":false,"ScriptType":"LOCAL","Version":"6.8.0","OptanonDataJSON":"e34df59b-4a48-4bf9-b2b5-7a4bb09cd231","GeolocationUrl":"https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location","RuleSet":[{"Id":"0310bbd8-7656-4397-bf84-6fbb29c7694a","Name":"EU only","Countries":["no","de","be","fi","pt","bg","dk","lt","lu","hr","lv","fr","hu","se","si","mc","sk","mf","sm","gb","yt","ie","gf","ee","mq","mt","gp","is","it","gr","es","re","at","cy","cz","ax","pl","li","ro","nl"],"States":{},"LanguageSwitcherPlaceholder":{"default":"en"},"BannerPushesDown":false,"Default":false,"Global":false,"Type":"GDPR","UseGoogleVendors":false,"VariantEnabled":false,"TestEndTime":null,"Variants":[]},{"Id":"4505fd23-3c09-44db-82b2-07a7d776e9a7","Name":"Global","Countries":["pr","ps","pw","py","qa","ad","ae","af","ag","ai","al","am","ao","aq","ar","as","au","aw","az","ba","bb","rs","bd","ru","bf","rw","

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\en[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	35842
Entropy (8bit):	5.359393542924329
Encrypted:	false
SSDEEP:	768:gh3D++xlHaf6iSdnxbOOiwTrP0vjkjFaxtKCB:gh3C/CTnxqOLovQaL7B
MD5:	8EA288422E1BD1BE70EA1387EF313A6E
SHA1:	37AAAE757FAD30D3D8FC0A7AA91E2DACABF7D246
SHA-256:	8F9EF35C8BB712AFA239DAB6764F65755A8C092BA54C5CFF8F828C9A41BB76ED
SHA-512:	8ADD81914352A7B796CF1323E05A65C6D319506CC93FF13BAE18BC0C1AF36E76F0BE5415165B4ECFCBB1CD6B06388DF5B66421E75BC4ED9940A91250BF0401A5
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/vendor/onetrust/consent/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231/4505fd23-3c09-44db-82b2-07a7d776e9a7/en.json
Preview:	{"DomainData":{"pccloseButtonType":"Icon","pclifeSpanYr":"Year","pclifeSpanYrs":"Years","pclifeSpanSecs":"A few seconds","pclifeSpanWk":"Week","pclifeSpanWks":"Weeks","pccontinueWithoutAcceptText":"Continue without Accepting","cctId":"e34df59b-4a48-4bf9-b2b5-7a4bb09cd231","MainText":"Your Cookie Options","MainInfoText":"Cloudflare uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.","AboutText":"Cloudflare's Cookie Policy","AboutCookiesText":"Your Privacy","ConfirmText":"Allow All","AllowAllText":"Save Settings","CookiesUsedText":"Cookies used","AboutLink":"https://www.cloudflare.com/cookie-policy/","HideToolbarCookieList":true,"ActiveText":"Active","AlwaysActiveText":"Always Active","AlertNoticeText":"Like most websites, we use cookies to make our site work the way you expect it to, improve your experienc

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\log-me-in[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3066
Entropy (8bit):	3.8150263791438412
Encrypted:	false
SSDEEP:	48:ZZMxUlKbX/tE1uqDrenBghmybuflngYhrjqEw9JB:o5iknDNRhfqRJB
MD5:	D2ABAD763443A92351B5CB911BE5E442
SHA1:	50142DF7FDA1F7BD8F197328F070A2DC7ECD617F
SHA-256:	F25C4C7620F8228007475B542D28418E6623302F3CF338EB8AE2B3EEB2558C33
SHA-512:	DC8AEBCEAB99425C8FE8ABE1CFC73C0A5474E7358295EAF36357020C819B5309ADD4E87B5E36097E4DD4B10B07B108F8B043B9D18245CEF8D9ECC9E9118A9509
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/logo/black/log-me-in.svg
Preview:	<svg data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 40"><path d="M85 34.4l-1.7-.3a13 13 0 0 1-7.4-3.6 14.1 14.1 0 0 1-4.6-9A14.3 14.3 0 0 1 83 5.9l1.7-.3h1.8l1.1.2a14.1 14.1 0 0 1 8.5 4.4 13.6 13.6 0 0 1 3.7 7.8c.1.6.1 1.1.2 1.7v.9a13.9 13.9 0 0 1-2.6 7.6 13.7 13.7 0 0 1-9.4 5.9l-1.8.3zm-1.8-12.1V28c.1.4.2.5.6.5h2.1c.5 0 .7-.2.7-.7v-4.7c0-.8.1-1.5.1-2.3a2.4 2.4 0 0 1 2.4-2.4 2 2 0 0 1 2.2 1.5 5 5 0 0 1 .2 1.2v6.8a.5.5 0 0 0 .6.6h2.1c.5 0 .7-.1.7-.7v-7.4a10 10 0 0 0-.2-1.6 3.6 3.6 0 0 0-2.8-2.9H90a4 4 0 0 0-2.8 1.1c-.1.1-.4.3-.5.2s-.2-.2-.3-.4c-.1-.5-.2-.6-.7-.6h-1.8c-.5 0-.7.2-.7.7zM77 19.9v6a12.1 12.1 0 0 0 .1 1.9c0 .6.1.7.7.7H80c.6 0 .8-.2.8-.9V11.8a.5.5 0 0 0-.6-.4h-2.6c-.3 0-.5.1-.5.4a1.1 1.1 0 0 0-.1.5zM0 11.6a.7.7 0 0 1 .7-.4h2.5c.4 0 .5.1.5.5v10.4c0 .8.1 1.6.1 2.4s.2.7.8.7h5.7c.3 0 .4.2.4.5a13.4 13.4 0 0 1 0 2 .5.5 0 0 1-.6.6H.8A.9.9 0 0 1 0 28zM57.1 19.8v8a.5.5 0 0 1-.6.6h-2.1c-.6 0-.8-.2-.8-.8v-9.9c0-.2-.1-.4-.2-.4s-.3.1-.3.3l-.9 2.4-2.7 7.7a1 1 0 0 1-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\logo-cloudflare[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	2014
Entropy (8bit):	4.182578414266631
Encrypted:	false
SSDEEP:	48:/wb1A6MKYE88+WiClv3NqbV4aIHq/XM3ADKr58N5RPCgaf:/mjxYE884bVuK/XMQ+8VCgW
MD5:	B8054BFFF1F7B60ABA9F2087CBC9BFCE
SHA1:	D97366F3991F2198DC2F8D0AE6BA0AAE2418F247
SHA-256:	D2E1935E577B782725B4D7CDAE566481706DD12AAADBFA2BBB6140B4D24C7043
SHA-512:	55C682A768AF6A83EFEF1EDFB15EBE54C1062CD7B9AC5985AA9AFDFA5E617F0DFB101A688668495FED13C102FA006F359BFA6A3682A3D1F8007BE4B0535C33F8
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/logo-cloudflare.svg
Preview:	<svg id="Layer_2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 109 40.5"><style>.st0{fill:#fff}.st1{fill:#f48120}.st2{fill:#faad3f}</style><path class="st0" d="M98.6 14.2L93 12.9l-1-.4-25.7.2v12.4l32.3.1z"/><path class="st1" d="M88.1 24c.3-1 .2-2-.3-2.6-.5-.6-1.2-1-2.1-1.1l-17.4-.2c-.1 0-.2-.1-.3-.1-.1-.1-.1-.2 0-.3.1-.2.2-.3.4-.3l17.5-.2c2.1-.1 4.3-1.8 5.1-3.8l1-2.6c0-.1.1-.2 0-.3-1.1-5.1-5.7-8.9-11.1-8.9-5 0-9.3 3.2-10.8 7.7-1-.7-2.2-1.1-3.6-1-2.4.2-4.3 2.2-4.6 4.6-.1.6 0 1.2.1 1.8-3.9.1-7.1 3.3-7.1 7.3 0 .4 0 .7.1 1.1 0 .2.2.3.3.3h32.1c.2 0 .4-.1.4-.3l.3-1.1z"/><path class="st2" d="M93.6 12.8h-.5c-.1 0-.2.1-.3.2l-.7 2.4c-.3 1-.2 2 .3 2.6.5.6 1.2 1 2.1 1.1l3.7.2c.1 0 .2.1.3.1.1.1.1.2 0 .3-.1.2-.2.3-.4.3l-3.8.2c-2.1.1-4.3 1.8-5.1 3.8l-.2.9c-.1.1 0 .3.2.3h13.2c.2 0 .3-.1.3-.3.2-.8.4-1.7.4-2.6 0-5.2-4.3-9.5-9.5-9.5"/><path class="st0" d="M104.4 30.8c-.5 0-.9-.4-.9-.9s.4-.9.9-.9.9.4.9.9-.4.9-.9.9m0-1.6c-.4 0-.7.3-.7.7 0 .4.3.7.7.7.4 0 .7-.3.7-.7 0-.4-.3-.7-.7-.7m.4 1.2h-.2l-.2-.3h-.2v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mapbox[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	2236
Entropy (8bit):	3.8722650976939423
Encrypted:	false
SSDEEP:	48:ZI17e0dPOGYL2fDnAO6VlhvNX/TaoDc3bP4mwO4awv2+OylOvT:yBhOXO6dvxo41Oy0b
MD5:	CED0C24A8BD4418FAFEC0E151E805F0A
SHA1:	6FECFB9422729F4BCD41E4B8D307A8B2471842A1
SHA-256:	C4123349FB4CD728256D1FD09A31B36FF8CEB31553C4955A1F2085D3534E91A3
SHA-512:	31789DBB0B9B6F205C95EBE3331EE46FC5ADDB3EFC9DEB9836B84C81310BEBD6749B3C0C7FA77535AFC4A339566B7F62BE2A99FB4037D07114F5EB374C782342
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/logo/black/mapbox.svg
Preview:	<svg data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 40"><path d="M0 20A11.2 11.2 0 0 1 11.2 8.8a11.2 11.2 0 1 1 0 22.4A11.2 11.2 0 0 1 0 20zm5.7 2.8a12.7 12.7 0 0 0 .1 2c.1.7-.1.5.6.6a14.9 14.9 0 0 0 4.7-.1 10.2 10.2 0 0 0 4.7-1.9 5.2 5.2 0 0 0 2.3-4.4 5.7 5.7 0 0 0-2.3-4.7 5.6 5.6 0 0 0-6.4-.4 7.7 7.7 0 0 0-2.6 3.3 13.6 13.6 0 0 0-1.1 5.6zM30.1 16.2a3.5 3.5 0 0 1 5.8.5l.6-.8a3.2 3.2 0 0 1 3.7-.7 3.3 3.3 0 0 1 2.2 3.1v6.1c0 .3-.1.4-.4.4h-1.5c-.3 0-.4-.1-.4-.4V19a2.2 2.2 0 0 0-.7-1.7 1.9 1.9 0 0 0-3 1 2.4 2.4 0 0 0-.2.8c0 1.7 0 3.5.1 5.2s-.1.5-.6.5h-1.3c-.3 0-.4-.1-.4-.4v-5.3a2 2 0 0 0-.5-1.5 1.9 1.9 0 0 0-3.2.5 5 5 0 0 0-.2 1.2c-.1 1.6 0 3.4 0 5s-.1.5-.5.5h-1.4c-.3 0-.4-.1-.4-.4v-8.9c0-.3.1-.4.4-.4h1.5c.3 0 .4.1.4.4v.7zM71.3 16.3l1-.8a4.7 4.7 0 0 1 6 1.2 5.3 5.3 0 0 1-1.1 7.6 4.5 4.5 0 0 1-5.7-.5l-.2-.2v.8c0 .3-.1.4-.4.4h-1.4c-.3 0-.4-.1-.4-.4V11.7c0-.4 0-.5.4-.5h1.4c.3 0 .4.1.4.4v4.7zm5.9 3.7a1.7 1.7 0 0 1-.1-.7 2.9 2.9 0 0 0-4-2.1 3.1 3.1 0 0 0-1.6 3.8 2.9 2.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\marketo[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1158
Entropy (8bit):	4.201001867829674
Encrypted:	false
SSDEEP:	24:tR1Rt5CBdi7pE2ommt79c44wQ5Q9EgX0H3UloF0imL:ZRnCwO2u9c44wT6HooF0fL
MD5:	5CDEF9839F693A29A7B9F61FECE66FA1
SHA1:	12CB67AE89F0F5779236464E1F834497F528A62C
SHA-256:	D7349E77199B82A7A86E674056A02CC53F1853F18F0EC13693277E1CEE52F67A
SHA-512:	8F89F00AA53F2856636E157F514DCE9FF05C6F1DB97C561960623073B2BD9A09C6C0BE069755F224E07AA6988A0CFBCD030C3BC4572C9B7BDA7F32B0BA809496
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/logo/black/marketo.svg
Preview:	<svg data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 40"><g fill="#404242"><path d="M19.4 11.8v14.9l-5.8 4.6V8.7zm-8.5.2l-4.7-1.4v17.8l4.7-2zM0 25.8l3.6-.9V13.6L0 13zM41 11.8v14.9h-2.5V15.8L33.4 24l-5.1-8.1v10.8h-2.5V11.8h2.7l5 8.1 4.9-8.1zm10.6 14.9V20c0-2.5-1.6-4-4.5-4a5.4 5.4 0 0 0-3.7 1.3v2.4a5.3 5.3 0 0 1 3.5-1.5c1.4 0 2.3.6 2.3 1.7v.2l-2.7.4c-2.5.4-3.7 1.5-3.7 3.5a3 3 0 0 0 3.2 3 3.7 3.7 0 0 0 3.2-1.7v1.4zm-5-1.8c-.8 0-1.4-.4-1.4-1.1s.5-1.3 1.7-1.5l2.3-.3v.5a2.4 2.4 0 0 1-2.6 2.4m13.1-8.8h-.4a3.2 3.2 0 0 0-3.1 2v-1.8h-2.5v10.4h2.5v-4.6c0-2.1 1.1-3.5 2.9-3.5.2-.1.4 0 .6 0zm1.6-4.3v14.9h2.4v-4.1l.6-.5 3.7 4.6h3l-4.9-5.9 4.6-4.5h-3l-4 3.9v-8.4zm19 11.6a6.2 6.2 0 0 1-3.9 1.4 3.1 3.1 0 0 1-3.3-2.5h7.7c0-.3.1-.6.1-.9 0-3.1-2-5.4-5-5.4a5.2 5.2 0 0 0-5.2 5.5c0 3.1 2.1 5.4 5.6 5.4a6.4 6.4 0 0 0 4-1.1zm-7.2-3a2.8 2.8 0 0 1 2.7-2.4 2.6 2.6 0 0 1 2.7 2.4zM87 24.7c-1.1 0-1.6-.5-1.6-1.7v-4.6h2.8v-2.1h-2.8v-3.4l-4.3 5.5H83v5.1c0 2.2 1.2 3.4 3.3 3.4a4.4 4.4 0 0 0 1.9-.3v-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\otBannerSdk[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	340168
Entropy (8bit):	5.32035138362897
Encrypted:	false
SSDEEP:	3072:vwsZ79QchwMw4xaNtkPtlAzOD4ugX6BbhvLGGlY/5:7m4xaNtkPtOOD4ugX6BVTGGG5
MD5:	76E4D874B9B184D135AF9055DCE948F6
SHA1:	49BEAD4F9F3E1CB814AE3A6C4D41916E335B9951
SHA-256:	80A4168DA3BFEB8A7A3D725AD6AABAFC536C28503E6C053B3B8067FD1B5CD0CB
SHA-512:	D184B4087FCEB4C830936A8547F6D022085A0041A2D9E8DE1B83278EEB47B909729071830426AD45D98E23B0E50653239DB412A3DC629858F2962801BE561496
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/vendor/onetrust/scripttemplates/6.8.0/otBannerSdk.js
Preview:	/** . * onetrust-banner-sdk. * v6.8.0. * by OneTrust LLC. * Copyright 2020 . */.!function(){"use strict";var o=function(e,t){return(o=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var o in t)t.hasOwnProperty(o)&&(e[o]=t[o])})(e,t)};var r=function(){return(r=Object.assign\|\|function(e){for(var t,o=1,n=arguments.length;o<n;o++)for(var r in t=arguments[o])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e}).apply(this,arguments)};function a(s,i,l,a){return new(l=l\|\|Promise)(function(e,t){function o(e){try{r(a.next(e))}catch(e){t(e)}}function n(e){try{r(a.throw(e))}catch(e){t(e)}}function r(t){t.done?e(t.value):new l(function(e){e(t.value)}).then(o,n)}r((a=a.apply(s,i\|\|[])).next())})}function u(o,n){var r,s,i,e,l={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return e={next:t(0),throw:t(1),return:t(2)},"function"==typeof Symbol&&(e[Symbol.iterator]=function(){return this}),e;function t(t){retur

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\otFlat[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	12762
Entropy (8bit):	5.381302797948604
Encrypted:	false
SSDEEP:	384:E5cgywI14jbK3e85csXf+oH6iAHyP1MJAR:EnI14S
MD5:	DB7B898247FBD56626448860E42D0E8D
SHA1:	8EAB737CCDC1ECD0F12843EB4C364004139AAAA0
SHA-256:	06B10167B8D0AC41C1B681A2CCE2977F08C4BB49F3261D7FF2FCE60B0E59F7C0
SHA-512:	AF00D8CE61B79020BBA5EDA8D0C442ED897C5BF6C0EC5C47DB20628DE4CCD5148788CCCFA9B97E9FD80D691B7F8CFE089123CA6A784A1D21615BC0A33E98B577
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/vendor/onetrust/scripttemplates/6.8.0/assets/otFlat.json
Preview:	. {. "name": "otFlat",. "html": "PGRpdiBpZD0ib25ldHJ1c3QtYmFubmVyLXNkayIgY2xhc3M9Im90RmxhdCIgcm9sZT0iZGlhbG9nIiBhcmlhLWxhYmVsbGVkYnk9Im9uZXRydXN0LXBvbGljeS10aXRsZSIgYXJpYS1kZXNjcmliZWRieT0ib25ldHJ1c3QtcG9saWN5LXRleHQiPjxkaXYgY2xhc3M9Im90LXNkay1jb250YWluZXIiPjxkaXYgY2xhc3M9Im90LXNkay1yb3ciPjxkaXYgaWQ9Im9uZXRydXN0LWdyb3VwLWNvbnRhaW5lciIgY2xhc3M9Im90LXNkay1laWdodCBvdC1zZGstY29sdW1ucyI+PGRpdiBjbGFzcz0iYmFubmVyX2xvZ28iPjwvZGl2PjxkaXYgaWQ9Im9uZXRydXN0LXBvbGljeSI+PGgzIGlkPSJvbmV0cnVzdC1wb2xpY3ktdGl0bGUiPlRoaXMgc2l0ZSB1c2VzIGNvb2tpZXM8L2gzPjwhLS0gTW9iaWxlIENsb3NlIEJ1dHRvbiAtLT48ZGl2IGlkPSJvbmV0cnVzdC1jbG9zZS1idG4tY29udGFpbmVyLW1vYmlsZSIgY2xhc3M9Im90LWhpZGUtbGFyZ2UiPjxidXR0b24gY2xhc3M9Im9uZXRydXN0LWNsb3NlLWJ0bi1oYW5kbGVyIG9uZXRydXN0LWNsb3NlLWJ0bi11aSBiYW5uZXItY2xvc2UtYnV0dG9uIG90LW1vYmlsZSBvdC1jbG9zZS1pY29uIiBhcmlhLWxhYmVsPSJDbG9zZSBCYW5uZXIiIHRhYmluZGV4PSIwIj48L2J1dHRvbj48L2Rpdj48IS0tIE1vYmlsZSBDbG9zZSBCdXR0b24gRU5ELS0+PHAgaWQ9Im9uZXRydXN0LXBvbGljeS10ZX

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\5xx-error-screenshot[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 3473 x 2127, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	193754
Entropy (8bit):	7.734750183533637
Encrypted:	false
SSDEEP:	3072:3u8Ww3i+WxFxtZN4UuxfnWXKEUzjFbJzmSl4A+twD6h+p8ttjIGC+cmq6SP+d:35bM/r4UuxfW6EUzpJ6vBtY6h+pHGC+n
MD5:	2CFBA918DA5ACE6D738CF232CC63F87A
SHA1:	F79A71B271ED3A94C52D684613FEDCF78C7D0F75
SHA-256:	0F7F0349844A5B0DB39F2C6455F59E2C09A8306387D19B0097A89FD78EAC263D
SHA-512:	A9A7D8BFE95AC22BD0ADD801D13CAAE504FB7BC1E6D40F67CFDD022F74B1F68669A4801E649DB4668460FB976CD3A16189D866CCC4E6CD5E11BACCC18BDFC9F9
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/5xx-error-landing/5xx-error-screenshot.png
Preview:	.PNG........IHDR.......O........K....IDATx....s.....N.H...%R.D...ZY..BE.V.Fb[m.....f#.MJ..Qe..}]g.k...q:s...x...g..>s.9.~.................O...........h............"..........f...........,...........E..........."..........Y...........,...........E.........@............Y..........4............E.........@...........h...........4...........f...........,..........h............"..........f...........,...........E..........."..........Y...........,...........E.........@............Y..........4............E.........@...........h...........:.Y...........,...........E..........."..........Y..........4............E.........@...........h...........4...........f..........@...........h............"..........f...........,..........h............"..........Y...........,...........E.........@............Y..........4............E.........@...........h...........4...........f..........@..q..m.......G..iii.9.....7....1N...........Y..-[.....Y\|L\|d\|..q"........................X'.D~............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\api[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	35662
Entropy (8bit):	5.289565799540458
Encrypted:	false
SSDEEP:	768:eIEo7x4VqTHUlEulsfi+P1u0C9tJXTPDbYYFfct/1VMp9JddY8PmE4k7DgGSB:e2yYYac1TssM
MD5:	6C6281C15CBC981BC05942BAC40BCD7E
SHA1:	6015D314D852ECC0C0158731D8E06724805E38E5
SHA-256:	0D3118E306C6A26F1D2EFCB698984E6922C5E7E155C94A84760E36E5592A3C11
SHA-512:	7DB423D081304661C5981C6FC6D37CE2F32DBE8B8C38A9D2791DBD6110DB36261FA249A1662F667B58AA5B1A88446AD65D90B6EFBBEE0DA1378BD39BB1FE0DB2
Malicious:	false
Reputation:	low
IE Cache URL:	http://covid-19.in.th/cdn-cgi/bm/cv/669835187/api.js
Preview:	/*. @license. * Copyright (c) 2015 Andr. Cruz <amdfcruz@gmail.com>. * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:. * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.. * THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cookie-banner-close[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	407
Entropy (8bit):	4.605924496471114
Encrypted:	false
SSDEEP:	6:tvKqmc4sl3UYgIyOnWQFWNTfRzZtK0U70U0FbcamolfJ+1emax8V2j0g//ssFnoL:tvv1ngIzWf5zmwzjl014x8VtSNnow8
MD5:	9C51826AA58DB2EBB532085EDFEAE7C6
SHA1:	C8A8642168C7C1FF62E39D586CB618ADCEC0C89B
SHA-256:	628E1E79D510C99A5ACB5365A6A1B20513724B53EDF80897A0AA3FA6236F25A1
SHA-512:	5038ACE5F4C845B6CCC75EF6116051CFA08AF581A32D573FB4A1B5AB24755446FA8FA48CC957CC7FC2E028EDC02D81262942D801BC0C01E422C862C7823A8506
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/cookie-banner-close.svg
Preview:	<svg id="Layer_1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16.5"><style>.st0{fill:#fff}</style><path class="st0" d="M13.3 2.8C10.4-.1 5.5-.1 2.6 2.8s-2.9 7.8 0 10.7 7.8 2.9 10.7 0 2.9-7.7 0-10.7zm-4.2 7.5L7.9 9.1l-1.2 1.2c-.3.3-.7.3-.9 0-.3-.3-.3-.7 0-.9L7 8.2 5.7 6.9c-.3-.3-.3-.6 0-.9.3-.3.7-.3.9 0l1.2 1.2L9.1 6c.3-.3.7-.3.9 0 .3.3.3.7 0 .9L8.8 8.1 10 9.4c.3.3.3.7 0 .9-.1.3-.6.3-.9 0z"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\crunchbase[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	2116
Entropy (8bit):	3.8915382507857084
Encrypted:	false
SSDEEP:	48:Zs1gaAHUX2lfcqoduiCpRddOEDO8lbNfynqjJ2qXjpu:6JAHUX2udikmlxJjcX
MD5:	62A3993BF9388776606B366302FF6949
SHA1:	D63210EBEEA33E560CCC4BCC14799BA519846B4A
SHA-256:	24F33F0458791C167EF9A5EB05BB31EE1AA038DE981A5715CF20ED8CC3EFFA6F
SHA-512:	B6CB71009F8D407E3A1081BC816101EB749AF272F75EE5FF398274EF234B71D0932BCA578CC2BCC1F77972BC9EB83D68CA5E5ECF4B9714DB03460A5DDA9CCBF3
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/logo/black/crunchbase.svg
Preview:	<svg data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 40"><path d="M61.7 13v5.3a5 5 0 0 1 4.3-.5 4.7 4.7 0 0 1 3.2 4.4 4.5 4.5 0 0 1-3 4.5l-.8.3h-1.8l-1.5-.6h-.3l-2 .5V14a3.1 3.1 0 0 0-.1-1zm2.8 12a2.7 2.7 0 0 0 2.7-2.6 2.8 2.8 0 0 0-2.8-2.9 2.8 2.8 0 0 0-2.7 2.8 2.6 2.6 0 0 0 2.8 2.7zM75.1 27a5.6 5.6 0 0 1-1.8-.7 4.5 4.5 0 0 1-2.1-5.9 4.7 4.7 0 0 1 6-2.5l1 .4V18l2-.2v8.8c-.7 0-1.4.3-2-.3L76 27zm.4-2.1a2.6 2.6 0 0 0 2.8-2.7 2.8 2.8 0 0 0-5.5-.2 2.7 2.7 0 0 0 2.7 2.9zM94.7 27a5.5 5.5 0 0 1-3.3-2.3 5 5 0 0 1 1.2-6.2 4.7 4.7 0 0 1 6.3.4 4.9 4.9 0 0 1 1.1 3.9h-7.2a2.3 2.3 0 0 0 1.1 2 2.8 2.8 0 0 0 3.6-.1c.7-.8 1.5-.6 2.4-.6a3.6 3.6 0 0 1-2.4 2.5l-1.3.4zm-1.9-5.9H98a2.5 2.5 0 0 0-2.7-2 2.4 2.4 0 0 0-2.5 2zM51.5 13v5l1.4-.4a3.4 3.4 0 0 1 4.3 3c.1 1.8.1 3.6.1 5.5s-.6.5-1 .5-.9.1-.9-.6a36.8 36.8 0 0 0 0-4.7 1.7 1.7 0 0 0-2-1.8 1.7 1.7 0 0 0-1.8 1.9c-.1 1.4-.1 2.8-.1 4.2v1h-1.8V13zM42.2 27a4.7 4.7 0 0 1-2.9-2 4.4 4.4 0 0 1-.3-5 4.6 4.6 0 0 1 4.4-2.5 4.6 4.6 0 0 1 4.1 3 .4

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	downloaded
Size (bytes):	34494
Entropy (8bit):	3.028102929129642
Encrypted:	false
SSDEEP:	96:4KOr5hOo0Qhk2fAewTq/iwa2R7Qz8pz4DopTPGFsbN:qbl626uRg8pvF
MD5:	88415ACDA09A4CBD9D87543C3BA78180
SHA1:	2DEC4705E9AB399EFDC6EEF36E079AA31D1DF8D9
SHA-256:	20CCCC47C1BAC9D2EF36B6A1C58AF58C5C169AD5CA084080F0392B86F949641C
SHA-512:	77D0D7E0C85A1CAD6A22372F2D3904C0842628CE7F1ADAC9A2A0CBF3B566CE8148527B0E7EDE2BB068F5D005917B3F95C2A25D031D0D4D7A6A5A117CEFA83B24
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/favicon.ico
Preview:	............ .h...V......... ......... .... .....F...00.... ..%......@@.... .(B...D..(....... ..... ............................................................................................................................................................................................................................................................................................h...........................................................Zd... ... ... ... ... ... ... ... ... ...B.......N...@...@...s......6.... ... ...?...[...a...g...l...r...............}...M...............m... ... ... ... ... ... ... ... ...[...j...@...d..................P ... ... ... ... ... ... ... ... ..........X.......................6...Hf... ... ... ... ... ...B...........................................G... ... ... ...5......2...............................................X.......f..................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\library-of-congress[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	2900
Entropy (8bit):	3.9802657265739287
Encrypted:	false
SSDEEP:	48:ZcG0T0665g9UbrNQazmNSlza83lzRFILeUQf8mZinZYasYa4ldNoqn6xyUKIh:qj6fhyNydRF23UwYasYaOvoqnqKA
MD5:	D05B1F27272DCBD8D1F0ED7A02AC68BA
SHA1:	F297B32B3DE81C52CA0C0C43000BAE5CC140A665
SHA-256:	A3FCA10E250E9A55CCA8D692EB836D6AD811D2400ECDA63FEB7504176CB0425B
SHA-512:	C5D46BAD47F7CC22D4B754ABD78CF322FB54B4BDD2DC55D0E3CF2896D95E8A6D8EC26425B246D7918290B3CB6C12E3E76292C52907B8DA422C310D16FE121634
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/logo/black/library-of-congress.svg
Preview:	<svg data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 40"><path d="M0 7.6v24.7h6.9v-3.9H4.2V7.6zm7.8 0v24.7H12V7.6zm5.3 0v24.7h6.4c2 0 3.1-1.2 3.1-3.7v-6.8a2.7 2.7 0 0 0-2-2.9 2.6 2.6 0 0 0 1.7-2.6v-5.6c0-2.3-1.1-3.1-2.8-3.1zm10.4 0v24.7h4.2V21.5h.4c.4 0 .4.2.4.5v9.3a1.3 1.3 0 0 0 .3 1h4.1a3.1 3.1 0 0 1-.1-1.1v-9.9a2.5 2.5 0 0 0-1.6-2.3 2.5 2.5 0 0 0 1.5-2.6v-5.9c0-2-1.2-2.9-2.6-2.9zm12.2 0l-2.1 24.7h3.6l.3-4.4h1.4l.2 4.4h4.1L41 7.6zm8.3 0v24.7h4.2V21.5h.4c.4 0 .4.2.4.5v9.3a1.3 1.3 0 0 0 .3 1h4.2c-.2-.2-.2-.6-.2-1.1v-9.9a2.5 2.5 0 0 0-1.6-2.3 2.5 2.5 0 0 0 1.5-2.6v-5.9c0-2-1.1-2.9-2.6-2.9zm9.6 0l2.7 15v9.7h4.2v-9.7l2.5-15h-3.8l-.7 8.5-.7-8.5zm-36.3 3.1h.3c.5 0 .5.2.5.6v5.8c0 .5-.1.6-.5.6h-.3v-7zm10.5 0h.3c.4 0 .4.2.4.6v6c0 .4-.1.6-.4.6h-.3v-7.2zm20.5 0h.3c.4 0 .4.2.4.6v6c0 .4-.1.6-.4.6h-.3v-7.2zm-10.1 4.1l.5 9.4h-1zm-20.9 6h.4c.4 0 .5.2.5.7v7c0 .4 0 .6-.5.6h-.4zM62.4 23.5v4h2.8v-1h-1.7v-3zm3.2 0v4h1.1v-4zm1.7 0v4h1.8c1 0 1.5-.4 1.5-1.1a1 1 0 0 0-.6-1c.3-.1.5-.4.5

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo-cloudflare-dark[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	2032
Entropy (8bit):	4.199661036470794
Encrypted:	false
SSDEEP:	48:/wUA6MKYE88+WiClv3KqbV4aIHq/XM3ADKr58N5RPCgaf:/DxYE88lbVuK/XMQ+8VCgW
MD5:	D884003E20E8243AD893D526B5295C26
SHA1:	A4CB44B0D69CF50D0F4D694E1989ED24022B5D7D
SHA-256:	3863E9324177796ABC3FE195E77F0EDE0F1197296FE49D0EF11E9633C292A9E0
SHA-512:	8EC8F60DBE9AB1AF3B2079C8801AEFB7CD71F3442DBD3A2AC90F74C0258A36C7F427C664F1AA686218525A18A0E158D2471999A5AADAD5BDD155E7A6F1700E0D
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/logo-cloudflare-dark.svg
Preview:	<svg id="Layer_2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 109 40.5"><style>.st0{fill:#fff}.st1{fill:#f48120}.st2{fill:#faad3f}.st3{fill:#404041}</style><path class="st0" d="M98.6 14.2L93 12.9l-1-.4-25.7.2v12.4l32.3.1z"/><path class="st1" d="M88.1 24c.3-1 .2-2-.3-2.6-.5-.6-1.2-1-2.1-1.1l-17.4-.2c-.1 0-.2-.1-.3-.1-.1-.1-.1-.2 0-.3.1-.2.2-.3.4-.3l17.5-.2c2.1-.1 4.3-1.8 5.1-3.8l1-2.6c0-.1.1-.2 0-.3-1.1-5.1-5.7-8.9-11.1-8.9-5 0-9.3 3.2-10.8 7.7-1-.7-2.2-1.1-3.6-1-2.4.2-4.3 2.2-4.6 4.6-.1.6 0 1.2.1 1.8-3.9.1-7.1 3.3-7.1 7.3 0 .4 0 .7.1 1.1 0 .2.2.3.3.3h32.1c.2 0 .4-.1.4-.3l.3-1.1z"/><path class="st2" d="M93.6 12.8h-.5c-.1 0-.2.1-.3.2l-.7 2.4c-.3 1-.2 2 .3 2.6.5.6 1.2 1 2.1 1.1l3.7.2c.1 0 .2.1.3.1.1.1.1.2 0 .3-.1.2-.2.3-.4.3l-3.8.2c-2.1.1-4.3 1.8-5.1 3.8l-.2.9c-.1.1 0 .3.2.3h13.2c.2 0 .3-.1.3-.3.2-.8.4-1.7.4-2.6 0-5.2-4.3-9.5-9.5-9.5"/><path class="st3" d="M104.4 30.8c-.5 0-.9-.4-.9-.9s.4-.9.9-.9.9.4.9.9-.4.9-.9.9m0-1.6c-.4 0-.7.3-.7.7 0 .4.3.7.7.7.4 0 .7-.3.7-.7 0-.4-.3-.7-.7-.7m.4 1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\montecito[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	5908
Entropy (8bit):	3.737873486374039
Encrypted:	false
SSDEEP:	96:EQiu5GBiXTOAVP6cm1uk8UiHElWp+tMU2GNfd/LjcQmP1V/Ag/NVvf3B:8UXT/VPXmGroV2Gld/3xmPf/5/z3B
MD5:	B36C464CB2656E4D0851420484BDC521
SHA1:	B0743FC94733F68CE64FA88F79079FD68B6C5771
SHA-256:	379CD5F631C2D78BD2222E2FC1964A090FAA83846BED9EFD029F51B62039EA9F
SHA-512:	A81881E96C99D29BF09D0FAFC8E2630B919177933ED857A68DE665A9F411DD85B031FE547DE9428D1DC21BA8BF40C5DE8963AC0CB7A1B194276C10ACA6FE9810
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/logo/black/montecito.svg
Preview:	<svg data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 40"><path d="M5.3 27.5h1.6v-9a7.5 7.5 0 0 1 .2-2.1 2.6 2.6 0 0 1 2.4-1.9h7.9V16H9.7a1.2 1.2 0 0 0-1.1.8 1.5 1.5 0 0 0-.2.9v11.2H3.9v-.3c0-4-.1-8 0-12a5.8 5.8 0 0 1 1-3.6 4.2 4.2 0 0 1 3.5-1.8h7.5V9.5H8.8a5.8 5.8 0 0 0-6 4.4 11.3 11.3 0 0 0-.5 4.1v9.4c0 1-.1 2.1-.2 3.1h10.1a3.3 3.3 0 0 0 3.1-1.8 3.8 3.8 0 0 0 .6-2.3c.1-2.2.1-4.4.1-6.6 0-.1 0-.3-.3-.3h-4.3a.4.4 0 0 0-.1.3v7.3c0 .3.1.4.4.4s.9-.3 1-.8a2.3 2.3 0 0 0 .2-1.2v-4.1h1.5v4.5a3.9 3.9 0 0 1-.6 2.1 2.1 2.1 0 0 1-1.8.9H9.9v-11h7.5v9a5.3 5.3 0 0 1-4.4 5.2H0l.3-1.2a10.5 10.5 0 0 0 .5-3q-.2-5.8 0-11.7a9.1 9.1 0 0 1 1.9-5.7A7 7 0 0 1 8 7.9h9.4v4.9H8.7a3.2 3.2 0 0 0-3.2 2.5 7.1 7.1 0 0 0-.1 1.4c-.1 3.5-.1 6.9-.1 10.3zM20.6 9.5v1.7h7.3a4.3 4.3 0 0 1 4.4 3.3 9.1 9.1 0 0 1 .3 2.3v12.1h-4.5V17.8a1.7 1.7 0 0 0-.1-.7 1.3 1.3 0 0 0-1.4-1h-7.5v-1.6h7.6a2.7 2.7 0 0 1 2.9 2.6v10.1a.3.3 0 0 0 .3.3 4.8 4.8 0 0 1 1.2 0V16.7a4.2 4.2 0 0 0-.9-2.9 3.1 3.1 0 0 0-2.5-1h-8.6V7.9h9.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\okcupid[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3104
Entropy (8bit):	3.6957330045362142
Encrypted:	false
SSDEEP:	96:8R+Roi8fSLThgY8jCht4U5TRC8ezNRmnjr0:w+78qL6Ytl75ONQjQ
MD5:	D5220031C58C55B723A094C1BDA15D3C
SHA1:	5C9E330D7FE4DDBF2A942595EACACAD5BB181043
SHA-256:	06D506F4548612F963DC93C5BFC5A90D574E31B49A9DD33206521A147D34E2F3
SHA-512:	CB993A53BFE346E69AC09650CBB2DAB1F6678B5D93C3542AD23A08F73414C64BABC19D23A1DB41AE37E7ABAF90F111DEB47ED9273E9AC0ECCC2A43E74DEC6DAC
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/logo/black/okcupid.svg
Preview:	<svg data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 40"><path d="M93.1 25.1a4.1 4.1 0 0 1-3.1 2 6.7 6.7 0 0 1-3.7-.4 3.6 3.6 0 0 1-1.9-2.1 9.8 9.8 0 0 1-.2-4.5 7.9 7.9 0 0 1 2-5.1 6.1 6.1 0 0 1 5.1-2.2 6.6 6.6 0 0 1 2.3.4c.4.1.4 0 .5-.4a35.4 35.4 0 0 1 .7-4.7 2.4 2.4 0 0 1 3-2.1l1.8.4a.5.5 0 0 1 .3.5c-.3 1.8-.6 3.6-.8 5.4-.4 3.5-1 6.9-1.4 10.3-.1 1.2-.1 1.2 1.1 1.2s1.2.1 1.2 1.2a1.6 1.6 0 0 1-.9 1.5 7 7 0 0 1-4.7.6c-.8-.2-1-.8-1.1-1.5s0-.3-.2-.5zM88.7 21v.7c.1 2.3 1.8 2.5 3.2 2a1.2 1.2 0 0 0 .9-1.2l.3-2.1c.2-1.3.3-2.6.5-3.9s.1-.4-.2-.4a3.3 3.3 0 0 0-4 1.7 6 6 0 0 0-.7 3.2zM66.6 15.1h.1c1.2-2.1 3.1-2.5 5.3-2.1a2.9 2.9 0 0 1 2.1 1.8 9.4 9.4 0 0 1 .6 4.7 7.8 7.8 0 0 1-2.8 6 7.3 7.3 0 0 1-4.3 1.5h-2c-.3 0-.4.1-.4.3-.3 2-.6 4-.8 6a.6.6 0 0 1-.5.5 8.8 8.8 0 0 1-2.8.1c-1.3-.3-1.7-.9-1.6-2.1A24.7 24.7 0 0 1 60 28c.4-3.4 1-6.9 1.5-10.3a6.9 6.9 0 0 1 .2-1.3c0-.3 0-.5-.4-.4h-.1c-.9.1-.9.1-1-.9a1.8 1.8 0 0 1 1.5-2.1 9.8 9.8 0 0 1 3.8-.1c.9.2 1.2.6 1.1 1.4a1.9 1.9 0 0 1-.1.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\trace[1].txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	232
Entropy (8bit):	5.322550354812783
Encrypted:	false
SSDEEP:	6:yarl0U2TMWj7L+LRB2DOeke56d0oYoRd9D41cK2fvFZ:K3j3aRB2DOeX56d0oxxocJv7
MD5:	0A726B8568B1DC2CD7B4581C86A63666
SHA1:	4410E4C893EE03B835132ED9C26A4B4823CB34D6
SHA-256:	4848CF17724102DFF229AEE425F844B16DE903AC92005510B2615107E7586536
SHA-512:	6B1A8FB402DB88A0D14CA5A79994073FA9C714A17C0E91ED5D0502096D084FF12FB78F44DB07DE646428026A0855E0D06370DAE6326633055DE8BDD4DDD37E6A
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/cdn-cgi/trace
Preview:	fl=71f362.h=www.cloudflare.com.ip=84.17.52.51.ts=1626759461.294.visit_scheme=https.uag=Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko.colo=FRA.http=http/2.loc=CH.tls=TLSv1.2.sni=plaintext.warp=off.gateway=off.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\udacity[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1248
Entropy (8bit):	4.129064083074507
Encrypted:	false
SSDEEP:	24:tR1Uyy6Lm85HUZw8RIh6AUp1YLTE+9ZvuRbc7Mv1Ab0:ZJyQ5HUWAC6AE1yTEqvuR3vOo
MD5:	BF4951E4477FA7FAD14F2C1BE52CD84A
SHA1:	4CFC46AECBB7D3415E8525EFD67CEC8338E158F1
SHA-256:	DCBC458EB3EFBCD19B2752BA9D1C4F64AEE91757C3FA3DA51ACBE09FAA74F394
SHA-512:	06C9E63DD7B16869733E9A10392EFB4AB3053CED35934468DC735142E4AA34BE851E68920883BEE583C473B79B4453A33CFDD4A93CFD55BBC2DA1329E98F5802
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/logo/black/udacity.svg
Preview:	<svg data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 40"><path d="M32.8 21.3a2.9 2.9 0 0 1-5.7 0V16h-.9v5.3a3.5 3.5 0 0 0 3.7 3.6 3.6 3.6 0 0 0 3.8-3.6V16h-.9zm9.5-5.3h-2.8v8.9h2.8c2.6 0 4.3-1.7 4.3-4.5a4.1 4.1 0 0 0-4.3-4.4zm-.1 8h-1.8v-7.1h1.8a3.4 3.4 0 0 1 3.5 3.5 3.3 3.3 0 0 1-3.5 3.6zM67 24a3.6 3.6 0 0 1-3.5-3.7 3.4 3.4 0 0 1 3.5-3.6 4.1 4.1 0 0 1 2.6.9l.5-.6a4.7 4.7 0 0 0-3.2-1.1 4.3 4.3 0 0 0-4.3 4.4 4.4 4.4 0 0 0 4.4 4.6 4.5 4.5 0 0 0 3.3-1.5l-.5-.6A4.4 4.4 0 0 1 67 24zm8.9.9h.9V16h-.9zm5.7-8h3.1v8h.9v-8h3.1V16h-7.1zM99 16l-2.7 4-2.8-4h-1l3.3 4.9v4h.9v-4L100 16zm-44.9 0l-3.5 8.9h.9l.9-2.5 3.9-.8 1.3 3.3h.9L55 16zm-1.3 5.4l1.8-4.2 1.5 3.6zM5.9 11.1L0 14.5v7.9a6.6 6.6 0 0 0 6.5 6.5 6.3 6.3 0 0 0 3.3-.9l4.8-2.7a5.9 5.9 0 0 0 3.1-5.3v-8.2l-1.1-.6-5.1 2.7v8.5a4.1 4.1 0 0 1-.1 1.1 1.6 1.6 0 0 1-.3.9v.3a6.4 6.4 0 0 1-1.9-.8l-.7-.6a1.8 1.8 0 0 1-.5-.7 4.9 4.9 0 0 1-.9-2.6v-8.2zm2.9 16.1l-1.1.4h-1l-1.1-.2a1.7 1.7 0 0 1-1-.3l-.9-.5a4.6 4.6 0 0 1-1.4-1.4l-.5-.9-.3-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\zendesk[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1386
Entropy (8bit):	4.137770839021349
Encrypted:	false
SSDEEP:	24:tR1gWreGOvYW4ReEwX2nGQJJLBfggXwv5f1IfIV/VcvA3yGWLNrdL0:ZgWredt4RevZ0JltXwv5f1IgV9ctg
MD5:	6388271BC4AC3457F646A7A8552C0670
SHA1:	99F5559BCA88DD4815EFD164D8E7B6D4553A1360
SHA-256:	DE1F509BC976B8DB5A86B0BD302729E4E05004F9CAD710115C5DE1AEC94447AE
SHA-512:	E0B747C274B2090326066D030DBF7462D02DD105BCF2D53E26AA1575650D54CC1CA666DA9AD1FEB5CB95944757F7CA026AEE544EBD6D49E273D7BC02607E3873
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/logo/black/zendesk.svg
Preview:	<svg data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 40"><path d="M66 26.9a4.6 4.6 0 0 0 3.5-1.4l1.8 1.9a7 7 0 0 1-5.3 2.1c-4.3 0-7-2.8-7-6.7a6.6 6.6 0 0 1 6.6-6.7c4.3 0 6.7 3.3 6.5 7.7H62a3.7 3.7 0 0 0 4 3.1m3-5.2a3.2 3.2 0 0 0-3.4-3 3.5 3.5 0 0 0-3.6 3zM0 26.8l7.7-7.9H.2v-2.5h11.1V19l-7.7 7.8h7.8v2.5H0zm20.1.1a4.6 4.6 0 0 0 3.5-1.4l1.8 1.9a7 7 0 0 1-5.3 2.1c-4.2 0-7-2.8-7-6.7a6.6 6.6 0 0 1 6.6-6.7c4.3 0 6.7 3.3 6.5 7.7H16.1a3.7 3.7 0 0 0 4 3.1m3.1-5.2a3.2 3.2 0 0 0-3.4-3 3.4 3.4 0 0 0-3.6 3zm19.7 1.1a6.4 6.4 0 0 1 6.4-6.6 5.4 5.4 0 0 1 4.3 1.9v-7.6h2.8v18.7h-2.8v-1.7a5.7 5.7 0 0 1-4.3 2 6.5 6.5 0 0 1-6.4-6.7m10.9 0a4.1 4.1 0 1 0-4.1 4.2 4.1 4.1 0 0 0 4.1-4.2m20 3.7l2.5-1.3a3.9 3.9 0 0 0 3.3 1.9c1.6 0 2.4-.8 2.4-1.7s-1.5-1.3-3.1-1.6-4.5-1.2-4.5-3.8 1.9-3.9 5-3.9a6 6 0 0 1 5.2 2.5l-2.3 1.3a3.5 3.5 0 0 0-2.9-1.5c-1.5 0-2.3.7-2.3 1.6s1.2 1.1 3.1 1.5 4.5 1.2 4.5 3.9-1.5 4.1-5.2 4.1a6.1 6.1 0 0 1-5.7-3m18.3-3L90 25.9v3.3h-2.8V10.5H90v12.3l5.8-6.4h3.3l-5 5.5 5.1 7.3h

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\api[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	35662
Entropy (8bit):	5.289565799540458
Encrypted:	false
SSDEEP:	768:eIEo7x4VqTHUlEulsfi+P1u0C9tJXTPDbYYFfct/1VMp9JddY8PmE4k7DgGSB:e2yYYac1TssM
MD5:	6C6281C15CBC981BC05942BAC40BCD7E
SHA1:	6015D314D852ECC0C0158731D8E06724805E38E5
SHA-256:	0D3118E306C6A26F1D2EFCB698984E6922C5E7E155C94A84760E36E5592A3C11
SHA-512:	7DB423D081304661C5981C6FC6D37CE2F32DBE8B8C38A9D2791DBD6110DB36261FA249A1662F667B58AA5B1A88446AD65D90B6EFBBEE0DA1378BD39BB1FE0DB2
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/cdn-cgi/bm/cv/669835187/api.js
Preview:	/*. @license. * Copyright (c) 2015 Andr. Cruz <amdfcruz@gmail.com>. * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:. * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.. * THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\application-ee0728fba2.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	646375
Entropy (8bit):	5.138706511775651
Encrypted:	false
SSDEEP:	6144:3tbZPPHWBRH+79q3SYiLENM6HN26w/BDwT1MbXY6g/s5SC/k8+7Ig7:jWBRw/WT1MbXY6g/shk8+7Ig7
MD5:	EE0728FBA2E48A9C31E7C4339A078773
SHA1:	B7DDBCC98100287EB4278C963C32EC7BADEA9072
SHA-256:	45F4086E46553F084A5CCA5D02F860E89EC1CBD39EB504648F67FAF2D0AC71A9
SHA-512:	7468B003FC0F2F354001D0C6C3389AD88002367096AFBDF5BD762A3B6AD714C27001EB0CB5465D1A439940E51BE2E8D7729F2518521924B643194ED1DDDE8F0C
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/css/application-ee0728fba2.min.css
Preview:	@charset "UTF-8";/! Cloudflare CSS v1.0.0 //! normalize.css v8.0.0 \| MIT License \| github.com/necolas/normalize.css /html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}h1{font-size:2em;margin:.67em 0}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent}abbr[title]{border-bottom:none;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=re

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-01f71c423e068664057e[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	28575
Entropy (8bit):	5.542276189660896
Encrypted:	false
SSDEEP:	768:P7sguyQd3HIaxs8IWDJGD5mc+wv5YMnp6L:P7qymsmVJL
MD5:	BF56419853AD9973AF0A09F4C3F3A11E
SHA1:	1B5F23C38AB3ADD96514532A71A34C5020656397
SHA-256:	A6A6CFD5BD799A1F26DC1DE52D9259535B28EF50EC1CC8751C25A7982657A33C
SHA-512:	BB4046CC31AD74A9208E116A61C21D53C4FFB70C2ED7856A5696A82D699F7A22C0F03A37D4763F16F880361D7D5725CF4FBF413EE30872A4DF599031218E7319
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-01f71c423e068664057e.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[5],{29:function(t,i,e){var n=e(89),o=e(75),a=e(69),s=e(90);t.exports=function(t,i){return n(t)\|\|o(t,i)\|\|a(t,i)\|\|s()}},372:function(t,i,e){t.exports=e(721)},6:function(t,i){t.exports=function(t,i,e){return i in t?Object.defineProperty(t,i,{value:e,enumerable:!0,configurable:!0,writable:!0}):t[i]=e,t}},721:function(t,i,e){var n,o;n=[e(0)],void 0===(o=function(t){!function(t,i,e,n){"use strict";var o="intlTelInput",a=1,s={allowDropdown:!0,autoHideDialCode:!0,autoPlaceholder:"polite",customPlaceholder:null,dropdownContainer:"",excludeCountries:[],formatOnDisplay:!0,geoIpLookup:null,hiddenInput:"",initialCountry:"",localizedCountries:null,nationalMode:!0,onlyCountries:[],placeholderNumberType:"MOBILE",preferredCountries:["us","gb"],separateDialCode:!1,utilsScript:""},r=38,l=40,u=13,h=27,d=43,c=65,p=90,f=32,g=9,C=["800","822","833","844","855","866","877","880","881","882","883","884","885","886","887","888","889"];function y(i,e){this.tel

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-06380521ff19239efe05[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	10981
Entropy (8bit):	5.2441457160415075
Encrypted:	false
SSDEEP:	192:Jk6MOviIOt1dMR4agApyxcnjRDpREfQd+nNU74Qo:Jnvih1vag2y2RDpRKNnNc4Qo
MD5:	5B223758613BB302A5076A05C4305B7A
SHA1:	32A369D40C2ADE979352C2E234CD786776801863
SHA-256:	DB84A4255A6657B7DA3B01B60AB76A0C85EFE26480A28DA50783864F26845CD5
SHA-512:	BA3F088AC01ACE1EAC20DF228CD00B89550FD77938077F8B6BA94928C131E1DBFFFB55E7B51B03FAB7C729B0340E540C1836E79670C3127BD41A092F0A05E0F3
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-06380521ff19239efe05.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[29],{12:function(t,e,n){"use strict";e.a=function(t){return"string"==typeof t&&(t=t.split(".")),t.reduce((function(t,e){return void 0!==t&&void 0!==t[e]?t[e]:void 0}),window.CFJS.config)}},20:function(t,e,n){"use strict";n.d(e,"a",(function(){return m})),n.d(e,"g",(function(){return O})),n.d(e,"e",(function(){return h})),n.d(e,"f",(function(){return j})),n.d(e,"b",(function(){return _})),n.d(e,"d",(function(){return k})),n.d(e,"c",(function(){return y}));var r=n(13),o=n.n(r),c=n(80),i=n.n(c),a=n(22),u=n.n(a),s=n(65),d=n(12),f=n(55),g={C0001:!0,C0002:!1,C0003:!1,C0004:!1},l={cfmrk_eucookiebanner:"C0001",techTarget:"C0002",marketo:"C0002",bizible:"C0002",heap:"C0002",ga:"C0002",cfmrk_cic:"C0003",cfmrk_userLangRedirect:"C0003",gtm:"C0004",sparrow:"C0002",optimize:"C0002"};function m(){return p.apply(this,arguments)}function p(){return(p=u()(o.a.mark((function t(){var e,n,r,c;return o.a.wrap((function(t){for(;;)switch(t.prev=t.next){case

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-1c4da1169909c3c43069[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	93
Entropy (8bit):	4.850709958186547
Encrypted:	false
SSDEEP:	3:lD3ORZy/LBdORZzZqVRNqR4QBuMLGqY9kUyMe:lD3r1daZurqLuMLbOkUyMe
MD5:	7D78F9CD7969C5A9B19FADCDF622EF89
SHA1:	DEAE6686519CF1AA5C9FAFB8A55179533B785E9A
SHA-256:	5993759DF9D0357000201A26C7FF79EC8B0E44668EE57B496F5B10132090533D
SHA-512:	A28CB52D102AB6D83500C4795A59A3BCF09B366806B8523BFEB8AC163F437C02EF9D7734B95318F00FAE6A320FDF627CE966660D116BDB007BA50618B16AF3A3
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-1c4da1169909c3c43069.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[94],{1169:function(n,w){}},[[1169,0]]]);

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-27eef9fa207b28718df2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	99449
Entropy (8bit):	5.30924251315179
Encrypted:	false
SSDEEP:	768:E/iEDkiJnwKGcrQayrm5mIbWXKtWycrsOvGYeKyVgkHmFogVaTfzcH6sczH3tSvf:IDknKmy4K4vbWgVK7LzwtfJa6
MD5:	6C3F4456672E85441FF6B8D8BEF00FEE
SHA1:	9BD99E849B59AE221E4A0DDC1FB05B0F38745C16
SHA-256:	B04CCEC03DFB79773658C5A78C23D8CF914EBF939003BB291746DBB9F462CACF
SHA-512:	E68995AE28488E365DB7E0E1EAD3053AB1DC84C4B4FAC47A771EAA6DE41B175A86E21A47EE36A2944983E4FC10E58D7E917B6EA88B5122D75F0A6EC86CEF64BB
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-27eef9fa207b28718df2.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[167],{103:function(t,e){t.exports=function(t){return t.webpackPolyfill\|\|(t.deprecate=function(){},t.paths=[],t.children\|\|(t.children=[]),Object.defineProperty(t,"loaded",{enumerable:!0,get:function(){return t.l}}),Object.defineProperty(t,"id",{enumerable:!0,get:function(){return t.i}}),t.webpackPolyfill=1),t}},138:function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(197),o=r.getGlobalObject(),i=new(function(){function t(){this.enabled=!1}return t.prototype.disable=function(){this.enabled=!1},t.prototype.enable=function(){this.enabled=!0},t.prototype.log=function(){for(var t=[],e=0;e<arguments.length;e++)t[e]=arguments[e];this.enabled&&r.consoleSandbox((function(){o.console.log("Sentry Logger [Log]: "+t.join(" "))}))},t.prototype.warn=function(){for(var t=[],e=0;e<arguments.length;e++)t[e]=arguments[e];this.enabled&&r.consoleSandbox((function(){o.console.warn("Sentry Logger [Warn]: "+t.join(" "))}))},t

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-3125ea56e87c986b133e[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	7878
Entropy (8bit):	5.129787262222656
Encrypted:	false
SSDEEP:	192:2AyB6PhNqnzfJd6o0k8simxi3+mgLzxVGpJYhu5kC6YT:sovodsDA655IYT
MD5:	A2D21D3F79316BD4AAD9913CB4F4288F
SHA1:	9F70F2C752BAA9527EFAF68E7A00972F9A31E113
SHA-256:	F64F2EFF7CEC2E81FFA39F89304552364C72E9FE97D0A652A44FFBB43EBDACFF
SHA-512:	4EBF0E520F3754B40DE05265AAC1AF67245D6330345B0601C5571F7EF57A145F3296D3652D6974C4BDE3E0CAEF3A8135DC91530E99C811538FC9E9AF3E8E52D1
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-3125ea56e87c986b133e.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[28],{1387:function(t,e,n){"use strict";n.r(e);var o=n(0),i=n.n(o),r=(n(759),n(518)),s=n.n(r);window.toggleABTest=function(t,e){i()("."+s.a.control(t)).hide(),i()("."+s.a.variant(t,e)).show()},window.toggleABTestMRK8941=function(){i()(document).on("mktoform:load",(function(){i()("button[type='submit'].mktoButton").addClass("mktoButton--high-contrast")}))},i()(document).ready((function(){var t,e,n;e="img.".concat(t="js-lazy"),n=new IntersectionObserver((function(e){e.forEach((function(e){if(e.isIntersecting){var o=i()(e.target);o.attr("src",o.data("src")),o.data("srcset")&&o.attr("srcset",o.data("srcset")),o.removeClass(t),n.unobserve(e.target)}}))}),{rootMargin:"0px 0px 80% 0px"}),i()(e).each((function(){n.observe(this)}))}))},518:function(t,e){t.exports={control:function(t){return t+"--control"},variant:function(t,e){return e.reduce((function(e,n){return e+="".concat(t,"--variant_").concat(n," ")}),"")}}},759:function(t,e){!function(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-55d37f7935d3778f0709[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	121330
Entropy (8bit):	5.39453471091222
Encrypted:	false
SSDEEP:	1536:ka5fYJW0UtsgKw3TaYiyjSRA3RfjaAdirChQTVVsklIXaE3QbJjvQFQKK4:k4AoTsgKw32Ytj93Rftii8dILQbNQFM4
MD5:	EBDC60D18B7C19C85643F8A211A7A1AB
SHA1:	4BD6F41AA7C504DC418D9E0A5C39547CB28B006F
SHA-256:	90CF3CE8BB829E7936024115F34AA72113E771BB6E59F82C71D7A49D13C475FD
SHA-512:	94009D0CA13B6EC541BEDA46A084779C3D185756C12749DDE389D5FDDA7F0FFFD78296341515C401DC79AC4C08C46BCA5A6596B9B7CDB14E462465B35CD50859
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-55d37f7935d3778f0709.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[23],{45:function(t,e,i){"use strict";i.d(e,"b",(function(){return r.f})),i.d(e,"a",(function(){return f}));var r=i(7);/!. VERSION: 2.1.3.* DATE: 2019-05-17.* UPDATES AND DOCS AT: http://greensock.com.. @license Copyright (c) 2008-2019, GreenSock. All rights reserved..* This work is subject to the terms at http://greensock.com/standard-license or for.* Club GreenSock members, the software agreement that was issued with your membership... @author: Jack Doyle, jack@greensock.com.**/r.e._gsDefine("TweenMax",["core.Animation","core.SimpleTimeline","TweenLite"],(function(){var t=function(t){var e,i=[],r=t.length;for(e=0;e!==r;i.push(t[e++]));return i},e=function(t,e,i){var r,s,n=t.cycle;for(r in n)s=n[r],t[r]="function"==typeof s?s(i,e[i],e):s[i%s.length];delete t.cycle},i=function(t){if("function"==typeof t)return t;var e="object"==typeof t?t:{each:t},i=e.ease,r=e.from\|\|0,s=e.base\|\|0,n={},a=isNaN(r),o=e.axis,l={center:.5,end:1}[r]\|\|

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-5d677ef1b4eeb74635d3[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	99337
Entropy (8bit):	5.219088587895465
Encrypted:	false
SSDEEP:	3072:AiNc9i4Gf6bihXm+v0O1ly2bW4+SIRHNePb1nr1EUafm9H:AiNc9pGf6bq4pwH
MD5:	96D479C6BBFAB9B993E368BDBC5E9675
SHA1:	2AE2B7DD4BD0D2C5A6B89989AD7F43B43270762A
SHA-256:	027BCAB37313D3FBF259F6DE6EA4C167E7F89E67C96165F556FFF1065977C440
SHA-512:	EB215AAD346F77A10D1ABC0FC3F38725E678EBC8CB6B7EB5DA21B255AC7014CAEC749BC79BA26C7E47899E4697EC69360D3EECC2D82D96B253036C0A1AC3DAC4
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-5d677ef1b4eeb74635d3.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[168],{10:function(e,t){e.exports=function(e){if(void 0===e)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return e}},11:function(e,t){function n(t){return e.exports=n=Object.setPrototypeOf?Object.getPrototypeOf:function(e){return e.__proto__\|\|Object.getPrototypeOf(e)},n(t)}e.exports=n},137:function(e,t,n){var o=n(63),i=n(111),r=/^\s+\|\s+$/g,s=/^[-+]0x[0-9a-f]+$/i,a=/^0b[01]+$/i,l=/^0o[0-7]+$/i,c=parseInt;e.exports=function(e){if("number"==typeof e)return e;if(i(e))return NaN;if(o(e)){var t="function"==typeof e.valueOf?e.valueOf():e;e=o(t)?t+"":t}if("string"!=typeof e)return 0===e?e:+e;e=e.replace(r,"");var n=a.test(e);return n\|\|l.test(e)?c(e.slice(2),n?2:8):s.test(e)?NaN:+e}},154:function(e,t,n){var o=n(98),i=n(63);e.exports=function(e,t,n){var r=!0,s=!0;if("function"!=typeof e)throw new TypeError("Expected a function");return i(n)&&(r="leading"in n?!!n.leading:r,s="trailing"in n?!!n.trailing:s)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\digital-ocean[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3091
Entropy (8bit):	3.7067149928612886
Encrypted:	false
SSDEEP:	96:ofHi+EknMNZC7/p5Akmj9DMf7YAI7N1+JkgbNI:cila7htmj9DMf0Auf
MD5:	005E13698D0CFFE38329C5D50424B74B
SHA1:	39BDB9DA0F419EF22C522F084645F9AFE42BBC86
SHA-256:	A75A06B5A6A63A9FD7EE3419B31918991570C3B1916C4DF70064BA2F234736EF
SHA-512:	B8264B1990046C5FE9AD1CC2492DF1377F6C14CC51B1461471DE421CF15261C2CFB48714D7E498C859089EF05FED1017ED23E0BF0DC1223F27AE03D2DF64081A
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/img/logo/black/digital-ocean.svg
Preview:	<svg data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 40"><path d="M8.4 28.4v-3.2a5.2 5.2 0 0 0 4.8-7.1 4.6 4.6 0 0 0-2.9-2.9 5.2 5.2 0 0 0-6.7 3 5.7 5.7 0 0 0-.3 1.8H0a8.4 8.4 0 0 1 11.1-8 8.2 8.2 0 0 1 5.4 5.3 8.5 8.5 0 0 1-8.1 11.1z" fill="#404242"/><path d="M8.4 25.2H5.2v-3.3h3.2m-3.2 5.8H2.7v-2.5h2.5v2.5m-2.5-2.5H.6v-2.1h2.1M30 16.5a6.1 6.1 0 0 0-3.6-1h-3v9.6h3a6.1 6.1 0 0 0 3.6-1 4.4 4.4 0 0 0 1.2-1.5 5.9 5.9 0 0 0 .5-2.3 5.2 5.2 0 0 0-.5-2.3 3.1 3.1 0 0 0-1.2-1.5zm-4.9.6h1a5.3 5.3 0 0 1 2.6.6 2.7 2.7 0 0 1 1.1 2.6 3 3 0 0 1-1.1 2.6 4.7 4.7 0 0 1-2.6.7h-1v-6.5m8.7-1.8a.8.8 0 0 0-.7.3.9.9 0 0 0-.4.8 1.1 1.1 0 0 0 1 1 1.1 1.1 0 0 0 1.1-1 1.1 1.1 0 0 0-.3-.8.9.9 0 0 0-.7-.3m-.9 3h1.7v6.8h-1.7v-6.8m8 .6a2.5 2.5 0 0 0-1.8-.8 3.3 3.3 0 0 0-2.3 1 3.9 3.9 0 0 0-1 2.5 3.4 3.4 0 0 0 .9 2.4 3 3 0 0 0 2.4 1 2.7 2.7 0 0 0 1.7-.6v.2a1.9 1.9 0 0 1-.5 1.3 1.6 1.6 0 0 1-1.2.4 2.2 2.2 0 0 1-1.9-1.1L36 26.3a6.3 6.3 0 0 0 1.2 1 3.6 3.6 0 0 0 1.9.5 3.2 3.2 0 0 0 2.4-.9 3.7 3.7

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\otPcCenter[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	62665
Entropy (8bit):	5.7302870589954225
Encrypted:	false
SSDEEP:	768:eHKTp4KiyT9hHZn4qDxZlzxNsm/uPZ9gKAcfhoK:eHKTp4KNHZRDrdxv/+oKAcf3
MD5:	31AA46AF83C456854922DD51159828F2
SHA1:	B5499133ABD83E2B7E0A351C78DCC0E0146083FF
SHA-256:	C5015A9D4B5C5F025E2A826F1489C250C23FD70A63BB019A75CFC9E9A3025079
SHA-512:	D42A47324626CFD2613D620F2E6076B458425842C50A00CCBC3FFDACC6F59EF0E6BB000957A6318C82323649720E408302F5A0C86913DF3D2C65475F542C646A
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/vendor/onetrust/scripttemplates/6.8.0/assets/otPcCenter.json
Preview:	. {. "name": "otPcCenter",. "html": "PGRpdiBpZD0ib25ldHJ1c3QtcGMtc2RrIiBjbGFzcz0ib3Qtc2RrLWNvbnRhaW5lciBvdFBjQ2VudGVyIG90LWhpZGUgb3QtZmFkZS1pbiBvdC1hY2NvcmRpb25zLXBjIiBhcmlhLW1vZGFsPSJ0cnVlIiByb2xlPSJkaWFsb2ciIGFyaWEtbGFiZWxsZWRieT0icGMtdGl0bGUiPjwhLS0gQ2xvc2UgQnV0dG9uIC0tPiA8YnV0dG9uIGlkPSJjbG9zZS1wYy1idG4taGFuZGxlciIgY2xhc3M9Im1haW4gcGMtY2xvc2UtYnV0dG9uIG90LWNsb3NlLWljb24iIGFyaWEtbGFiZWw9IkNsb3NlIj48L2J1dHRvbj48IS0tIENsb3NlIEJ1dHRvbiAtLT48ZGl2IGlkPSJvdC1jb250ZW50IiBjbGFzcz0ib3QtbWFpbi1jb250ZW50Ij48IS0tIExvZ28gVGFnIC0tPjxkaXYgY2xhc3M9InBjLWxvZ28tY29udGFpbmVyIj48ZGl2IGNsYXNzPSJwYy1sb2dvIiByb2xlPSJpbWciIGFyaWEtbGFiZWw9IkNvbXBhbnkgTG9nbyI+PC9kaXY+PC9kaXY+PGgzIGlkPSJwYy10aXRsZSI+WW91ciBQcml2YWN5PC9oMz48ZGl2IGlkPSJwYy1wb2xpY3ktdGV4dCI+PC9kaXY+PGRpdiBpZD0iYWNjZXB0LXJlY29tbWVuZGVkLWNvbnRhaW5lciIgY2xhc3M9Im90LXNkay1yb3ciPjxkaXYgY2xhc3M9Im90LXNkay1jb2x1bW4iPjxidXR0b24gaWQ9ImFjY2VwdC1yZWNvbW1lbmRlZC1idG4taGFuZGxlciIgY2xhc3M9ImJ1dHRvbi10aGVtZSI+QWNjZXB0IH

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-1560bda32b9d6d231e95[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	19514
Entropy (8bit):	5.331774692469427
Encrypted:	false
SSDEEP:	384:c2CWEPerb+VRjkM6jBAtLcne8FEtayRyER1PRVBvHND:c2CWEP/RwWAneLtay46R5/V
MD5:	ECA0FC93D1FFCF079107DB64776A6D8D
SHA1:	5529EF293A1EE4E64C3181A5C1F6EF0C84EDD3CE
SHA-256:	929B068B89A3F2494100299B2D6FCFAFC4ADF24095B3B90A75C42EB6E0A3B57C
SHA-512:	09D89EC3D4884CBB560CACC3E863B6AD6F7972234ABC745AEA63B4B1C9A0BB2E88A59FE7731B882942C31BD88711645DC9D8D6AA41039BA66F0F863198B6BE38
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-1560bda32b9d6d231e95.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[119],{12:function(t,e,n){"use strict";e.a=function(t){return"string"==typeof t&&(t=t.split(".")),t.reduce((function(t,e){return void 0!==t&&void 0!==t[e]?t[e]:void 0}),window.CFJS.config)}},1386:function(t,e,n){"use strict";n.r(e);var r=n(29),o=n.n(r),a=n(0),i=n.n(a),c=n(356),u=n(20),s=n(26),d=n(25),l=n(12),m=n(340),f=n(23),b=n(140),p=["IR","KP","CU","SY"],g=["Korea, Democratic People's Republic of","Cuba","Iran, Islamic Republic of","Syrian Arab Republic"];var v=n(57);n(372);function h(t,e){var n;if("undefined"==typeof Symbol\|\|null==t[Symbol.iterator]){if(Array.isArray(t)\|\|(n=function(t,e){if(!t)return;if("string"==typeof t)return w(t,e);var n=Object.prototype.toString.call(t).slice(8,-1);"Object"===n&&t.constructor&&(n=t.constructor.name);if("Map"===n\|\|"Set"===n)return Array.from(t);if("Arguments"===n\|\|/^(?:Ui\|I)nt(?:8\|16\|32)(?:Clamped)?Array$/.test(n))return w(t,e)}(t))\|\|e&&t&&"number"==typeof t.length){n&&(t=n);var r=0,o=function

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-232ffa51e57f882f0534[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	90022
Entropy (8bit):	5.295459463124525
Encrypted:	false
SSDEEP:	1536:9mRLi9gxGCs+4Ezy4bx60BWdPkWyAR3EI+pRZzycEs8WuBBiXy75HDplIDrhjwaA:9mZOEI+pnMeXgHEwayF
MD5:	6262B17D31C33B46985406187768157A
SHA1:	CF83D13837A59B05E5DACD993AF0296F68DE7B43
SHA-256:	6E515BD86767A477EA60730417D91BB40FEBC33AD88BA2311FAED5F3641F4B1D
SHA-512:	7B92C5F11A2838A26FF7494307EF3FF2E136BB163E4070E262D8DE176EB3434AF816A4470C51A4591F470D29C792398F2A8468C05B1B79DB29E985545D728240
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-232ffa51e57f882f0534.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[1],[function(e,t,n){var r;/!. jQuery JavaScript Library v3.5.1.* https://jquery.com/.. Includes Sizzle.js.* https://sizzlejs.com/.. Copyright JS Foundation and other contributors.* Released under the MIT license.* https://jquery.org/license.. Date: 2020-05-04T22:49Z.*/!function(t,n){"use strict";"object"==typeof e.exports?e.exports=t.document?n(t,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return n(e)}:n(t)}("undefined"!=typeof window?window:this,(function(n,i){"use strict";var o=[],a=Object.getPrototypeOf,s=o.slice,u=o.flat?function(e){return o.flat.call(e)}:function(e){return o.concat.apply([],e)},l=o.push,c=o.indexOf,f={},p=f.toString,d=f.hasOwnProperty,h=d.toString,g=h.call(Object),v={},y=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},m=function(e){return null!=e&&e===e.window},x=n.document,b={type:!0,src:!0,nonce:!0,noModule:!0};function w(e,t,n){var r,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-55ad6e1817237ece29a0[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	8628
Entropy (8bit):	5.018709034860282
Encrypted:	false
SSDEEP:	192:fUAVTTeZoChW8MhS2A5lU0qnKqN/t6GFgqRPr44P9jxtdZpe:1VqhW8plbi9t6TG84pnpe
MD5:	DCAA94734CE93779A5693DF4E1D18F6B
SHA1:	65465C4F52BA3E9FF7B34B5C314FE5078CB97A61
SHA-256:	C97B7772FAA33FD9DE67596C0198DEBE23EA7361E4BA24AB3F437A3F4F489B8F
SHA-512:	24DA4E0CAD496292A4D16B74CDAB0A1460CF90C808009B7EC889838314E554725E5623EBA8F9F5681822A522D495960F10D8E69E2053BD4D14C00F6730AA985C
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-55ad6e1817237ece29a0.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[3],{13:function(t,r,e){t.exports=e(148)},148:function(t,r,e){var n=function(t){"use strict";var r=Object.prototype,e=r.hasOwnProperty,n="function"==typeof Symbol?Symbol:{},o=n.iterator\|\|"@@iterator",i=n.asyncIterator\|\|"@@asyncIterator",a=n.toStringTag\|\|"@@toStringTag";function c(t,r,e){return Object.defineProperty(t,r,{value:e,enumerable:!0,configurable:!0,writable:!0}),t[r]}try{c({},"")}catch(t){c=function(t,r,e){return t[r]=e}}function u(t,r,e,n){var o=r&&r.prototype instanceof h?r:h,i=Object.create(o.prototype),a=new E(n\|\|[]);return i._invoke=function(t,r,e){var n="suspendedStart";return function(o,i){if("executing"===n)throw new Error("Generator is already running");if("completed"===n){if("throw"===o)throw i;return _()}for(e.method=o,e.arg=i;;){var a=e.delegate;if(a){var c=L(a,e);if(c){if(c===s)continue;return c}}if("next"===e.method)e.sent=e._sent=e.arg;else if("throw"===e.method){if("suspendedStart"===n)throw n="completed",e.ar

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-5c6ec7c6f9d0b6f9dd57[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	32000
Entropy (8bit):	5.366299541764843
Encrypted:	false
SSDEEP:	384:XTe70IkHCjluFPoU7WlInX14q5K929M92iWItjaFy5a2eSTyExjqLcZmLzCcCOQc:XqAIkHCjlGGC6zjakdxyJ636
MD5:	B423D1DB71CF1B5DF25AB49948518F79
SHA1:	3DECD1313E3B71CEB6DC9B3187A218E8EEE3B335
SHA-256:	9AA1004BB8A904564BB85D2B8340F7A05D562DB17F7C2B912C023AF26DAB75D2
SHA-512:	8834550866523D19CB721AC44890FCDBF153BC72BFCE94EFC2E118E2B370C49FC721D94B17549E80DDD4B509A52BBB0458028FB3A28A4ECE5B55A49104776987
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-5c6ec7c6f9d0b6f9dd57.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[6],{12:function(e,t,n){"use strict";t.a=function(e){return"string"==typeof e&&(e=e.split(".")),e.reduce((function(e,t){return void 0!==e&&void 0!==e[t]?e[t]:void 0}),window.CFJS.config)}},140:function(e,t,n){"use strict";n.d(t,"a",(function(){return i}));var o=n(25),r=["AT","BE","BG","HR","CY","CZ","DK","EE","FI","FR","DE","GR","HU","IE","IT","LV","LT","LU","MT","NL","PL","PT","RO","SK","SI","ES","SE","GB","CH","LI","IS","NO"];function i(){return Object(o.a)().then((function(e){return-1!==r.indexOf(e.loc)}))}},16:function(e,t,n){"use strict";n.d(t,"a",(function(){return x}));var o=n(4),r=n.n(o),i=n(5),a=n.n(i),c=n(0),u=n.n(c),s=n(52),l=n.n(s),m=(n(372),n(340)),d={1:{name:"Enterprise Service Request",url:"/plans/enterprise/contact",conversionCode:"caqvCO3e32EQ5KvNzwM",biEvent:"deman0"},2:{name:"Under Attack Hotline Request",url:"/under-attack-hotline",conversionCode:"caqvCO3e32EQ5KvNzwM"},3:{name:"Enterprise Free Trial Request",url:"/

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-5f991135348b5b16cb1b[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	16611
Entropy (8bit):	5.256207994955795
Encrypted:	false
SSDEEP:	384:TtOjSQIkXyyGG2kXJfarJwE9XCityEnW77+c3l:3TIcriEcitdRG
MD5:	F79451A95BB3FD064385B82146D90090
SHA1:	C5DD0228F171577DE7AFAFD757F6CEA5288300E0
SHA-256:	188758602AB2CE77DDAC21CD7FFF813F43715500ADA3D9A5E0462F5605243098
SHA-512:	B3827675AEC9E4039919640D5AF21B8E452B48A2B28576CAF58AA702C88AB0508A379D7A8DA17D455A1D2F80513D6473A6EEFB4BDC5BB4E6843D7827E461CE09
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-5f991135348b5b16cb1b.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[22],{100:function(t,n,r){var e=r(67),o=r(166);t.exports=r(68)?function(t,n,r){return e.f(t,n,o(1,r))}:function(t,n,r){return t[n]=r,t}},101:function(t,n){var r={}.hasOwnProperty;t.exports=function(t,n){return r.call(t,n)}},102:function(t,n,r){var e=r(347),o=r(136);t.exports=function(t){return e(o(t))}},122:function(t,n){var r=Math.ceil,e=Math.floor;t.exports=function(t){return isNaN(t=+t)?0:(t>0?e:r)(t)}},123:function(t,n,r){var e=r(124);t.exports=function(t,n,r){if(e(t),void 0===n)return t;switch(r){case 1:return function(r){return t.call(n,r)};case 2:return function(r,e){return t.call(n,r,e)};case 3:return function(r,e,o){return t.call(n,r,e,o)}}return function(){return t.apply(n,arguments)}}},124:function(t,n){t.exports=function(t){if("function"!=typeof t)throw TypeError(t+" is not a function!");return t}},125:function(t,n,r){var e=r(348),o=r(166),i=r(102),u=r(146),c=r(101),f=r(534),s=Object.getOwnPropertyDescriptor;n.f=r(68)?s:fu

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-962e1864decb73b3a75a[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	7820
Entropy (8bit):	5.227124684744428
Encrypted:	false
SSDEEP:	96:O+or4+Gt/f59PEI7QcqYjflKRhqIJNX1OfKgfiCPoxVvk9rpC9:O+84+eXXEIdDdGhqUGCghcKO
MD5:	E6975A9FD7181FF254E8788E5AB2D8B9
SHA1:	E3145942376C31A616E9D7C49A7622C82F8A010F
SHA-256:	E083E8542BC2DE7DCCC65573F16A951874E5A7920A59ADFFD6FD2D1D27C31740
SHA-512:	C6161DC10595FF3C214470092CD6C7AFD9B6F572F882340F4DCA0BFD2822EA2CA7D893FD3BDBFB5ED07E55E1A516C7E1C3AE85D8B7DDCAFF02847BD8F9EF3D3C
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-962e1864decb73b3a75a.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[2],{111:function(t,n,r){var o=r(112),e=r(113);t.exports=function(t){return"symbol"==typeof t\|\|e(t)&&"[object Symbol]"==o(t)}},112:function(t,n,r){var o=r(95),e=r(174),i=r(175),u=o?o.toStringTag:void 0;t.exports=function(t){return null==t?void 0===t?"[object Undefined]":"[object Null]":u&&u in Object(t)?e(t):i(t)}},113:function(t,n){t.exports=function(t){return null!=t&&"object"==typeof t}},150:function(t,n,r){(function(n){var r="object"==typeof n&&n&&n.Object===Object&&n;t.exports=r}).call(this,r(34))},151:function(t,n){var r=Array.isArray;t.exports=r},174:function(t,n,r){var o=r(95),e=Object.prototype,i=e.hasOwnProperty,u=e.toString,c=o?o.toStringTag:void 0;t.exports=function(t){var n=i.call(t,c),r=t[c];try{t[c]=void 0;var o=!0}catch(t){}var e=u.call(t);return o&&(n?t[c]=r:delete t[c]),e}},175:function(t,n){var r=Object.prototype.toString;t.exports=function(t){return r.call(t)}},176:function(t,n,r){var o=r(731),e=r(734);t.exports=fu

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-cc3c9c6363f24544e951[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	44272
Entropy (8bit):	5.01100499065659
Encrypted:	false
SSDEEP:	768:yyBZmMGnTsDp0EEbWtzLtIwol12I/defVoAV5+76i:yiYMGTqDoAVw
MD5:	21EE2AD839A8ADAA1C0A5E08BD5EB5A5
SHA1:	AABDED2A3678292A9EF2E05C6355F4B7CB042D65
SHA-256:	866CF134D2AA132B0E942439E3F743DDB5B0126F6B5C529DC4989F0E5C95DF69
SHA-512:	7D20348E93459F16A68BA96607758B4260D3686C3C4C1D23587701DC02D2E0DD3CB69D5095836E206A7A6A1A8E6357166371DF2CE50861C5BC3F3F72602B5B1B
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-cc3c9c6363f24544e951.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[8],{79:function(t,e,i){(function(t,e){var i,s;!function(t,i,s,n){function o(e,i){this.settings=null,this.options=t.extend({},o.Defaults,i),this.$element=t(e),this._handlers={},this._plugins={},this._supress={},this._current=null,this._speed=null,this._coordinates=[],this._breakpoint=null,this._width=null,this._items=[],this._clones=[],this._mergers=[],this._widths=[],this._invalidated={},this._pipe=[],this._drag={time:null,target:null,pointer:null,stage:{start:null,current:null},direction:null},this._states={current:{},tags:{initializing:["busy"],animating:["busy"],dragging:["interacting"]}},t.each(["onResize","onThrottledResize"],t.proxy((function(e,i){this._handlers[i]=t.proxy(this[i],this)}),this)),t.each(o.Plugins,t.proxy((function(t,e){this._plugins[t.charAt(0).toLowerCase()+t.slice(1)]=new e(this)}),this)),t.each(o.Workers,t.proxy((function(e,i){this._pipe.push({filter:i.filter,run:t.proxy(i.run,this)})}),this)),this.setup(),th

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-cd8895b507ee9e702e17[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	1745
Entropy (8bit):	5.1905421249856465
Encrypted:	false
SSDEEP:	48:lD58dwLMAS28JXpTi4QjcIdweNnD28BsxdYJW:dS/5TjuDQdYw
MD5:	0BAC2FEA69CAE7D09A8B2B079FA4367C
SHA1:	F819E057B37F3C8140BBC9BF5A623FAF2BD95A65
SHA-256:	6159B7533AF80C42B129285B3EEBE1FD193CAD973A0DF7760EA5DA88471D9B06
SHA-512:	2A935978652AF8457BD401E710494CAE0D37C943F7B20ABF6FC0829C63AF64610A3FAD4B9134F1E74D0BD00F6476D9F1E0D3ACD5C5D602A1FC2672EC270275C7
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-cd8895b507ee9e702e17.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[43,44,45],{1065:function(n,e,r){"use strict";r.r(e);var t=r(395),i=r(408);window.addEventListener("load",(function(){Object(t.transformDashLinks)(),Object(i.forceLocaleLinks)()}))},395:function(n,e,r){"use strict";r.r(e),r.d(e,"transformDashLinks",(function(){return t}));var t=function(){var n=window.CFJS.config.serverLang;"en-us"!==n&&document.querySelectorAll('a[href*="dash.cloudflare.com"').forEach((function(e){e.search+=e.search.length?"&lang=".concat(n):"lang=".concat(n)}))}},408:function(n,e,r){"use strict";r.r(e),r.d(e,"forceLocaleLinks",(function(){return a}));var t=["en-us","en-gb","en-ca","en-au","en-in","de-de","es-es","es-la","fr-fr","it-it","ja-jp","pt-br","zh-tw","zh-cn","ko-kr","ru-ru","sv-se","nl-nl","vi-vn","th-th","id-id"],i=["resources/assets/","resources/images/","media/pdf/","ips-v","apps/","rate-limit-test/","gdpr/subprocessors/rss/","static/"],o=["/logo/","/abuse/"],a=function(){var n=window.CFJS.config.serverL

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-e06d79a8c06c0d46865a[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	62735
Entropy (8bit):	5.141734783296207
Encrypted:	false
SSDEEP:	768:KQOw9SAVCeiKHfx/b2KT3uMpZiFVQvmK8j6t4jkMIXPXfd9N08haRA7/AiiUxy4D:r95ioda8v9QoMIvlx7/Ty4032
MD5:	CDD56B6A7DBF4850C2296B6389C6EFC8
SHA1:	BC98583EA10D44154059DF586D308D2966B0509E
SHA-256:	3015437E9A32661CF1D28C8824419962B373C60EB5BDE9EF8CAD8649D05A3480
SHA-512:	17FB95570ED76843A5F229CE03AC60A8B047AB51F29CDC0B1D31621B24DCF804C2190623C5204F0896C9045D73A69BED6B663413666614DD8B5070C272BD4EDD
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-e06d79a8c06c0d46865a.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[4],{149:function(t,e){t.exports=function(t){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(t))return Array.from(t)}},339:function(t,e,r){var n=r(449),i=r(450);t.exports=function(t,e,r){var o=e&&r\|\|0;"string"==typeof t&&(e="binary"===t?new Array(16):null,t=null);var u=(t=t\|\|{}).random\|\|(t.rng\|\|n)();if(u[6]=15&u[6]\|64,u[8]=63&u[8]\|128,e)for(var a=0;a<16;++a)e[o+a]=u[a];return e\|\|i(u)}},449:function(t,e){var r="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto)\|\|"undefined"!=typeof msCrypto&&"function"==typeof window.msCrypto.getRandomValues&&msCrypto.getRandomValues.bind(msCrypto);if(r){var n=new Uint8Array(16);t.exports=function(){return r(n),n}}else{var i=new Array(16);t.exports=function(){for(var t,e=0;e<16;e++)0==(3&e)&&(t=4294967296*Math.random()),i[e]=t>>>((3&e)<<3)&255;return i}}},450:function(t,e){for(var r=[],n=0;n<256;++n)r[n]=(n+256).toString(16).substr(1);t.exports=function(t,e)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-e50bafad0559f7d0a0f0[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	129621
Entropy (8bit):	5.261231818828067
Encrypted:	false
SSDEEP:	1536:8vkhLSGwEet4I26f9K/aCf1fHf0WvmHSi2V72se2pU9RztR:8shLSp/w/aCyqmMV7k2pU9Rzz
MD5:	1E8ED1E5109F64BB7A7F32DAA62DBF49
SHA1:	325B05BCF8D5A0B102D2FA562602E30C35606A45
SHA-256:	910DFDF32324B353E6E0891265266EEE732D5640EBCEC8780E8AA3DF6248BC9C
SHA-512:	0866EAEF9F141975AF0CEE104381DC64E0C56B258C38E5A856E1FC70AD8A6E396BE8EBE653C26EF00F7E64AEF551F05D5415681D31391254F9532CEE17DE842D
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-e50bafad0559f7d0a0f0.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[7],{1:function(e,t,n){"use strict";e.exports=n(177)},177:function(e,t,n){"use strict";var r=n(59),l="function"==typeof Symbol&&Symbol.for,i=l?Symbol.for("react.element"):60103,a=l?Symbol.for("react.portal"):60106,o=l?Symbol.for("react.fragment"):60107,u=l?Symbol.for("react.strict_mode"):60108,c=l?Symbol.for("react.profiler"):60114,s=l?Symbol.for("react.provider"):60109,f=l?Symbol.for("react.context"):60110,d=l?Symbol.for("react.forward_ref"):60112,p=l?Symbol.for("react.suspense"):60113,m=l?Symbol.for("react.memo"):60115,h=l?Symbol.for("react.lazy"):60116,v="function"==typeof Symbol&&Symbol.iterator;function g(e){for(var t="https://reactjs.org/docs/error-decoder.html?invariant="+e,n=1;n<arguments.length;n++)t+="&args[]="+encodeURIComponent(arguments[n]);return"Minified React error #"+e+"; visit "+t+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."}var y={isMounted:function

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-e6a0177c9a8b595a3dd2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	50189
Entropy (8bit):	5.386668123805881
Encrypted:	false
SSDEEP:	1536:BYAW3P+Pkq6tG12kiYD6S14SkEJu6kjo5vsjwx5Xt:BYjP+P0qnDkLjnjwPXt
MD5:	334AAF92206913B7581906182F2A606F
SHA1:	1E32E0CE8CCDFECFCBF8D75F09D2F4BAED5A2369
SHA-256:	78EB8480F7BCD68C7067725604C8D5186DAEE35F4510DA02CA68C642119CF74E
SHA-512:	B7D694207A1450665B3D2828BC19F23F48E69AC9B6C07D78B349E3D66C8CCCCD90AD67FA46E0DD793038D6CE9B73FDDF3AADE1D32E967135C1EE20F2A20343B2
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/chunk-e6a0177c9a8b595a3dd2.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[39],{1381:function(e,t,n){"use strict";n.r(t);n(706),n(708),n(709),n(710);var a=n(0),o=n.n(a);o()((function(){o()(".js-scroll-to-top").click((function(){o()("html, body").animate({scrollTop:"50px"},200)}))}));var i=n(45);i.b.set(o()(".docmenu__item.docmenu__item--active .icon-caret-down"),{rotation:180}),o()(".js-docmenu-subgroup-toggle").click((function(){var e=o()(this).find("~ .docmenu__subgroup"),t=o()(this).find("~ i"),n=new i.a;e.is(":visible")?n.to(t,.1,{rotation:0,ease:Power1.easeOut}).to(e,.2,{opacity:0,height:0,display:"none",ease:Power1.easeOut}):n.to(e,.2,{delay:.2,display:"block",opacity:1,height:"auto",ease:Power1.easeIn}).to(t,.2,{rotation:180,ease:Power1.easeIn})})),o()(".js-docmenu-toggle").click((function(){var e=o()(this).find(".icon-down-arrow");if(e.is(":visible")){var t=o()(this).find("~ .docmenu__inner"),n=new i.a;t.is(":visible")?n.to(e,.1,{rotation:0,ease:Power1.easeOut}).to(t,.2,{opacity:0,height:0,display:"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\main[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	6620
Entropy (8bit):	5.083427840746227
Encrypted:	false
SSDEEP:	96:1RY3JNJinOeQRGxfldudududEtCbnaimpSpIplDO6bU6b16bE6bb6bo6kyTN1soC:1R4JiOO55dimwqjlP0/mfRbC
MD5:	D5FB0ED6278ABAFAE266B8AB9F1E0B42
SHA1:	615EE820D17BA2FACBEC654E9C3B20E002716F92
SHA-256:	2729A14CE8234270B0833CD05EAAE83A0D00A89F7E3D79B0BC3B4609C48D85FD
SHA-512:	542D15F900BF53F0D85FDAC45C3BEE1EE735C438CA5A5D7437A6FF53533792A4F8213A5EB11B76F628D8961377890F8FD95B842577C95DAA2E1E97C542B4E8E1
Malicious:	false
Reputation:	low
IE Cache URL:	http://covid-19.in.th/cdn-cgi/styles/main.css
Preview:	.container{width:100%}.bg-center{background-position:50%}.bg-no-repeat{background-repeat:no-repeat}.border-gray-300{--border-opacity:1;border-color:#ebebeb;border-color:rgba(235,235,235,var(--border-opacity))}.border-solid{border-style:solid}.border-0{border-width:0}.border{border-width:1px}.border-t{border-top-width:1px}.block{display:block}.inline-block{display:inline-block}.table{display:table}.hidden{display:none}.float-left{float:left}.clearfix:after{content:"";display:table;clear:both}.font-mono{font-family:monaco,courier,monospace}.font-light{font-weight:300}.font-normal{font-weight:400}.font-semibold{font-weight:600}.h-12{height:3rem}.h-20{height:5rem}.text-13{font-size:13px}.text-15{font-size:15px}.text-60{font-size:60px}.text-2xl{font-size:1.5rem}.text-3xl{font-size:1.875rem}.leading-tight{line-height:1.25}.leading-normal{line-height:1.5}.leading-relaxed{line-height:1.625}.leading-1\.3{line-height:1.3}.my-8{margin-top:2rem;margin-bottom:2rem}.mx-auto{margin-left:auto;margin-r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\otSDKStub[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	17401
Entropy (8bit):	5.344614273829078
Encrypted:	false
SSDEEP:	192:gQp/LPwSNk3Alwshci9wfW0vMfPPVMmXUxcjz3ZYzVO2zswGBF27iIvZo:TR7MQOsrjyMfPPGg3ZsVowGv2uIvZo
MD5:	E72DDCAFA303FF93A0E0FD6B4E335633
SHA1:	0148771023BF66CAFD35D8F35881A196662A71DA
SHA-256:	1DD4C3F1EA5B28CA04D4F2391197C4B57EF93D2D79CA0656BF6C5D588408E325
SHA-512:	9888A900B039BD6364FBDDBBC37AF57011583EB7ED92BF769CA6EB560EDA8FD8163B7701C9CBA3108E966CEE01C2C864E212B1163C5281C102410A2B8683C92F
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.cloudflare.com/vendor/onetrust/scripttemplates/otSDKStub.js
Preview:	var OneTrustStub=function(e){"use strict";var t,o,n,a,i,r,s,l,c,p,u,d,m,h,g,f,b,A,y,C,v,I,w,S,L,T,R,B,D,_,G,P,E,U,k,O,F,V,x,N,H,M,j,K,z,q,J,W,Y,Q,X,Z,$,ee=new function(){this.optanonCookieName="OptanonConsent",this.optanonHtmlGroupData=[],this.optanonHostData=[],this.genVendorsData=[],this.IABCookieValue="",this.oneTrustIABCookieName="eupubconsent",this.oneTrustIsIABCrossConsentEnableParam="isIABGlobal",this.isStubReady=!0,this.geolocationCookiesParam="geolocation",this.EUCOUNTRIES=["BE","BG","CZ","DK","DE","EE","IE","GR","ES","FR","IT","CY","LV","LT","LU","HU","MT","NL","AT","PL","PT","RO","SI","SK","FI","SE","GB","HR","LI","NO","IS"],this.stubFileName="otSDKStub",this.DATAFILEATTRIBUTE="data-domain-script",this.bannerScriptName="otBannerSdk.js",this.mobileOnlineURL=[],this.isMigratedURL=!1,this.migratedCCTID="[[OldCCTID]]",this.migratedDomainId="[[NewDomainId]]",this.userLocation={country:"",state:""}};(o=t=t\|\|{})[o.Unknown=0]="Unknown",o[o.BannerCloseButton=1]="BannerCloseButton",o[

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\runtime-6a16446847617098e330[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	1492
Entropy (8bit):	5.145100491842224
Encrypted:	false
SSDEEP:	24:ExffRGjwLhrYRc7zsQCBm3lBmGa0BTLWwMWIeazfIvJks8if:EBRIoYO7QQuKTLWLdYks8G
MD5:	3E509B6FBB60E3BACDC070373E53E258
SHA1:	56DB7694481B23CE9E42709DCF12CA13CF279662
SHA-256:	7E549F1FCFAB734025757F85BABFCF8A8F2EEF7E88AAE11C61D5B4900F2FA166
SHA-512:	2020178B54B8BE61BA9BBD3C17A8403D4A39DBF046710C2AB2A4E306EF17DF66A5BD1AE24C0D989B571DA3CDB0D1968096943998332A0AAFA44C536EC0188A5E
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.www.cloudflare.com/js/runtime-6a16446847617098e330.js
Preview:	!function(e){function r(r){for(var n,l,f=r[0],i=r[1],a=r[2],c=0,s=[];c<f.length;c++)l=f[c],Object.prototype.hasOwnProperty.call(o,l)&&o[l]&&s.push(o[l][0]),o[l]=0;for(n in i)Object.prototype.hasOwnProperty.call(i,n)&&(e[n]=i[n]);for(p&&p(r);s.length;)s.shift()();return u.push.apply(u,a\|\|[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,f=1;f<t.length;f++){var i=t[f];0!==o[i]&&(n=!1)}n&&(u.splice(r--,1),e=l(l.s=t[0]))}return e}var n={},o={0:0},u=[];function l(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,l),t.l=!0,t.exports}l.m=e,l.c=n,l.d=function(e,r,t){l.o(e,r)\|\|Object.defineProperty(e,r,{enumerable:!0,get:t})},l.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},l.t=function(e,r){if(1&r&&(e=l(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null)

C:\Users\user\AppData\Local\Temp\~DF57B235A356874BB7.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.48167800203238786
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loODF9loOJ9lWO/tGCORctGZhGZfiywRcyw2:kBqoIJf7CopWBhyvF
MD5:	D3DF29BBCD9E3B5967D7B1BABD35CDA9
SHA1:	7E214282540F68B073458A9599C6EB58A5272280
SHA-256:	C136687847DA76A1BCF301D1972816573179291B6D81D72AED813EA04E89277F
SHA-512:	8B6A7D048A96119E840FEFE57838F9D837886FCA95AB60875C9F02B4E40144771B02BF5A2F4607B8967FE57E62F911FFED883FF10791CA3B73BBDCD5F96E1659
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF64BF8B4AEFB55D6C.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	43559
Entropy (8bit):	0.45178847905907144
Encrypted:	false
SSDEEP:	48:kBqoxKAuvScS+Z3lUoIoUKzC3wbW0vK7KCDUoAK1DU:kBqoxKAuvScS+Z3lUX7hUviREe
MD5:	A193B55C6A150DEBAD4E70335D1EF790
SHA1:	B0D8D2A944AE438138EB13BFC252A89454D20950
SHA-256:	64D8B05AF893C589C1CB80C43E9A784B0AC9F994CA3826166DF690668F66EE5E
SHA-512:	0A7C365E9DBD669FA5725AF09442B196F7B01E55D05385A55789800A06BED4DA501E188FB98BCA24059B65EF1823CDEBD267A01248B04FE07BF45B22543F0AEB
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFF8637F91E2C9D542.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
07/20/21-07:37:21.490139	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49712	172.67.159.246	192.168.2.3

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 20, 2021 07:37:21.371745110 CEST	49712	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.372339010 CEST	49713	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.413213968 CEST	80	49712	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.413378000 CEST	49712	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.413665056 CEST	80	49713	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.413767099 CEST	49713	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.415440083 CEST	49712	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.459108114 CEST	80	49712	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.490139008 CEST	80	49712	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.490183115 CEST	80	49712	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.490207911 CEST	80	49712	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.490300894 CEST	49712	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.490349054 CEST	49712	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.551770926 CEST	49712	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.552299976 CEST	49713	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.593365908 CEST	80	49712	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.593621969 CEST	80	49713	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.596846104 CEST	80	49712	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.596889019 CEST	80	49712	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.596914053 CEST	80	49712	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.596976995 CEST	49712	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.597016096 CEST	49712	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.597022057 CEST	49712	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.606276989 CEST	80	49713	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.606323957 CEST	80	49713	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.606360912 CEST	80	49713	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.606359959 CEST	49713	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.606391907 CEST	49713	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.606398106 CEST	80	49713	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.606415033 CEST	49713	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.606435061 CEST	80	49713	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.606472015 CEST	49713	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.606482029 CEST	80	49713	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.606498957 CEST	49713	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.606523037 CEST	80	49713	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.606539965 CEST	49713	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.606554031 CEST	80	49713	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.606575012 CEST	80	49713	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.606650114 CEST	49713	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.789608955 CEST	49713	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.790299892 CEST	49713	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:21.834572077 CEST	80	49713	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.834625959 CEST	80	49713	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.835830927 CEST	80	49713	172.67.159.246	192.168.2.3
Jul 20, 2021 07:37:21.835922003 CEST	49713	80	192.168.2.3	172.67.159.246
Jul 20, 2021 07:37:40.005872011 CEST	49725	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.006668091 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.047374964 CEST	443	49725	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.047492981 CEST	49725	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.047980070 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.048147917 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.051795006 CEST	49725	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.052195072 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.093105078 CEST	443	49725	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.093373060 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.094710112 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.094750881 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.094814062 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.094861031 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.097779989 CEST	443	49725	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.097816944 CEST	443	49725	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.097877979 CEST	49725	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.097928047 CEST	49725	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.127605915 CEST	49725	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.127971888 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.134700060 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.134907007 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.134918928 CEST	49725	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.169064045 CEST	443	49725	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.169202089 CEST	443	49725	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.169234037 CEST	443	49725	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.169260979 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.169332027 CEST	49725	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.169369936 CEST	49725	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.170455933 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.170494080 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.170562983 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.170598984 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.170725107 CEST	49725	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.171257973 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.176070929 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.176151037 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.176178932 CEST	443	49725	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.176219940 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.177052975 CEST	443	49725	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.177160978 CEST	49725	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.211666107 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.211716890 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.211767912 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.211777925 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.211816072 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.211817980 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.211855888 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.211863041 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.211888075 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.211910963 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.211962938 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.216653109 CEST	49726	443	192.168.2.3	104.16.124.96
Jul 20, 2021 07:37:40.253359079 CEST	443	49726	104.16.124.96	192.168.2.3
Jul 20, 2021 07:37:40.255928993 CEST	443	49725	104.16.124.96	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 20, 2021 07:37:15.329946041 CEST	64938	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:15.379637957 CEST	53	64938	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:16.669054031 CEST	60152	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:16.723340988 CEST	53	60152	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:17.649801016 CEST	57544	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:17.699453115 CEST	53	57544	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:18.587111950 CEST	55984	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:18.647905111 CEST	53	55984	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:19.687603951 CEST	64185	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:19.738235950 CEST	53	64185	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:20.103522062 CEST	65110	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:20.165570974 CEST	53	65110	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:20.650573015 CEST	58361	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:20.711272955 CEST	53	58361	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:21.298295021 CEST	63492	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:21.358455896 CEST	53	63492	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:21.963530064 CEST	60831	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:22.023700953 CEST	53	60831	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:23.016551018 CEST	60100	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:23.066277027 CEST	53	60100	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:24.506246090 CEST	53195	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:24.558650970 CEST	53	53195	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:25.854818106 CEST	50141	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:25.912899017 CEST	53	50141	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:26.814819098 CEST	53023	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:26.866996050 CEST	53	53023	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:27.771111965 CEST	49563	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:27.823698044 CEST	53	49563	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:28.741230011 CEST	51352	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:28.793823004 CEST	53	51352	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:29.720185995 CEST	59349	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:29.777966976 CEST	53	59349	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:30.755851984 CEST	57084	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:30.805432081 CEST	53	57084	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:31.707700968 CEST	58823	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:31.757458925 CEST	53	58823	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:33.630788088 CEST	57568	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:33.683798075 CEST	53	57568	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:37.544744968 CEST	50540	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:37.604747057 CEST	53	50540	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:39.941021919 CEST	54366	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:40.004276991 CEST	53	54366	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:40.324104071 CEST	53034	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:40.390607119 CEST	53	53034	8.8.8.8	192.168.2.3
Jul 20, 2021 07:37:44.195509911 CEST	57762	53	192.168.2.3	8.8.8.8
Jul 20, 2021 07:37:44.269136906 CEST	53	57762	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jul 20, 2021 07:37:21.298295021 CEST	192.168.2.3	8.8.8.8	0xb77f	Standard query (0)	covid-19.in.th	A (IP address)	IN (0x0001)
Jul 20, 2021 07:37:37.544744968 CEST	192.168.2.3	8.8.8.8	0x7232	Standard query (0)	favicon.ico	A (IP address)	IN (0x0001)
Jul 20, 2021 07:37:39.941021919 CEST	192.168.2.3	8.8.8.8	0x6c46	Standard query (0)	www.cloudflare.com	A (IP address)	IN (0x0001)
Jul 20, 2021 07:37:40.324104071 CEST	192.168.2.3	8.8.8.8	0x9350	Standard query (0)	assets.www.cloudflare.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jul 20, 2021 07:37:21.358455896 CEST	8.8.8.8	192.168.2.3	0xb77f	No error (0)	covid-19.in.th		172.67.159.246	A (IP address)	IN (0x0001)
Jul 20, 2021 07:37:21.358455896 CEST	8.8.8.8	192.168.2.3	0xb77f	No error (0)	covid-19.in.th		104.21.41.46	A (IP address)	IN (0x0001)
Jul 20, 2021 07:37:37.604747057 CEST	8.8.8.8	192.168.2.3	0x7232	Name error (3)	favicon.ico	none	none	A (IP address)	IN (0x0001)
Jul 20, 2021 07:37:40.004276991 CEST	8.8.8.8	192.168.2.3	0x6c46	No error (0)	www.cloudflare.com		104.16.124.96	A (IP address)	IN (0x0001)
Jul 20, 2021 07:37:40.004276991 CEST	8.8.8.8	192.168.2.3	0x6c46	No error (0)	www.cloudflare.com		104.16.123.96	A (IP address)	IN (0x0001)
Jul 20, 2021 07:37:40.390607119 CEST	8.8.8.8	192.168.2.3	0x9350	No error (0)	assets.www.cloudflare.com		104.16.124.96	A (IP address)	IN (0x0001)
Jul 20, 2021 07:37:40.390607119 CEST	8.8.8.8	192.168.2.3	0x9350	No error (0)	assets.www.cloudflare.com		104.16.123.96	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

covid-19.in.th

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49712	172.67.159.246	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Jul 20, 2021 07:37:21.415440083 CEST	949	OUT	GET / HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: covid-19.in.th Connection: Keep-Alive
Jul 20, 2021 07:37:21.490139008 CEST	950	IN	HTTP/1.1 403 Forbidden Date: Tue, 20 Jul 2021 05:37:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Frame-Options: SAMEORIGIN Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT cf-request-id: 0b6404442700000eb75a3a2000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0gxY%2F%2Ff6Hzp36mdIz1PAdEIHwWWpmRCbr06%2FM%2BJu9aB%2F6RCoaIgD4Ehwp8KQhrXe%2FjbYrpUUZvkfDFj9g5RZ%2FELtD87kuPlo3l3UQIaPnY62X%2BL09bkV%2BK%2F8GgitAgER2Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 6719d64d08990eb7-FRA Content-Encoding: gzip alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 Data Raw: 35 64 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 57 69 6f 1b b7 16 fd ee 5f c1 0c 8a 3a 41 4c cd a2 5d d6 4c 91 ba 4e eb d6 48 ec c6 7e b5 13 04 02 87 bc a3 a1 c5 21 27 24 b5 25 2f ff fd 81 b3 28 72 14 a4 e8 87 87 02 02 86 bc 24 cf dd ce bd a4 a6 4f 7e 79 7d 76 73 7f 75 8e 72 5b 88 e4 68 fa 04 e3 77 3c 43 c2 a2 8b 73 34 7c 9f a0 a9 5b 40 54 10 63 62 4f 2a fc 60 10 87 01 52 82 71 f0 90 20 72 1e 7b 20 f1 ed 1b 2f 41 d3 27 ef 40 32 9e bd c7 f8 0b 54 83 83 d0 b7 a1 86 ff 0c 6a f4 1d a8 d1 3f 80 9a db 06 cd 09 be e5 e5 21 0a c6 8f 91 72 20 2c 39 9a 5a 6e 05 24 2f 28 05 63 10 03 c9 81 a1 ff 22 aa 56 9c e1 70 dc e1 b2 63 73 b4 34 c0 d0 99 50 4b 96 09 a2 01 59 85 34 18 ab 39 b5 88 54 47 a7 7e 0d 74 34 2d c0 12 44 73 a2 0d d8 d8 bb bd 79 89 47 1e f2 db 85 dc da 12 c3 87 25 5f c5 de 99 92 16 a4 c5 37 db 12 3c 44 eb 59 ec 59 d8 58 df 39 74 ba 83 f9 1e ca 1d be 7d 81 cf 54 51 12 cb 53 b1 0f 74 71 1e 9f b3 39 9c d0 5c ab 02 e2 70 0f 40 92 02 62 4f ab 54 59 b3 77 42 2a 2e 19 6c 4e 90 54 99 12 42 ad 0f 8e ac 38 ac 4b a5 ed de a1 35 67 36 8f 19 ac 38 05 5c 4d 4e b8 e4 96 13 81 0d 25 62 a7 58 70 b9 40 1a 44 ec 19 bb 15 60 72 00 eb 21 ce 62 8f 66 b3 5a 84 a9 31 1e ca 35 64 b1 e7 53 26 31 9d 73 bf 5e f2 0b c2 65 a7 5a b7 db 12 9a 30 55 f3 02 18 27 b1 67 a8 06 90 27 a5 56 0f 40 2d 57 b2 56 6b a8 e6 a5 45 c4 6c 25 45 46 d3 f8 78 87 9c 16 3e Data Ascii: 5d1Wio_:AL]LNH~!'$%/(r$O~y}vsur[hw<Cs4\|[@TcbO`Rq r{ /A'@2Tj?!r ,9Zn$/(c"Vpcs4PKY49TG~t4-DsyG%_7<DYYX9t}TQStq9\p@bOTYwB.lNTB8K5g68\MN%bXp@D`r!bfZ15dS&1s^eZ0U'g'V@-WVkEl%EFx>
Jul 20, 2021 07:37:21.551770926 CEST	953	OUT	GET /cdn-cgi/styles/main.css HTTP/1.1 Accept: text/css, / Referer: http://covid-19.in.th/ Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: covid-19.in.th Connection: Keep-Alive
Jul 20, 2021 07:37:21.596846104 CEST	955	IN	HTTP/1.1 200 OK Date: Tue, 20 Jul 2021 05:37:21 GMT Content-Type: text/css Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Tue, 13 Jul 2021 12:13:41 GMT ETag: W/"60ed8375-19dc" Server: cloudflare CF-RAY: 6719d64de9e20eb7-FRA X-Frame-Options: DENY X-Content-Type-Options: nosniff Vary: Accept-Encoding Expires: Tue, 20 Jul 2021 07:37:21 GMT Cache-Control: max-age=7200 Cache-Control: public Content-Encoding: gzip Data Raw: 37 33 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 e5 58 4b 8f e3 36 12 be e7 57 18 19 0c d0 0e 48 8d 1e b6 ba 5b ba 6c 76 b1 8b e4 b0 73 c8 20 40 02 f4 85 92 28 99 6b 8a 14 28 ba 6d 8f a0 ff be e0 43 12 25 cb 8d 69 20 08 10 64 3c 9a 11 bf af aa 48 16 4b 45 b2 bc 9c 33 89 08 c3 a2 3b 93 42 1e 92 c0 f7 3f f6 5e 56 c1 1c 33 89 45 97 a1 fc 58 09 7e 62 05 6c 78 4b 24 e1 2c d9 5b 11 c6 a1 c0 0d 46 d2 95 32 48 32 72 bd 97 71 51 60 01 2b 81 ae 30 f2 fd 0e 42 8b f0 06 e5 44 5e 93 20 b5 40 ce 29 17 c9 07 9c a9 df 1c 14 55 86 1e c2 68 0f 86 e7 15 89 87 a5 a5 ed 76 ec ad e5 94 14 dd d0 90 57 8a 13 0d 8d 02 fe 40 9a 79 fb 03 31 87 83 e6 32 6a c8 81 92 bc 99 d1 94 e7 c7 ae 20 6d 43 d1 35 d1 ad de 23 8c 12 86 e1 9c 73 c1 de 93 28 a3 78 e4 74 ab f7 0e a4 28 30 1b 51 c6 19 ee bd 92 72 24 21 c5 a5 ec f4 6b a2 5e 7b 2f a7 18 89 92 5c 12 54 aa a5 52 4b 89 99 4c be ff 3e 9d 19 4d b5 5c 92 71 79 e8 bd 92 33 09 6b ce 78 a7 df 4a 54 13 7a 4d 6a ce 50 ce 41 ce 4f 82 60 01 14 df 36 28 c7 56 9e 92 ea 20 8d c2 19 ab f7 24 f2 7d cb 31 2e 6a 44 67 e4 6e 24 5b 5c 93 8c d3 62 46 c7 8a 3e c0 20 ec 0e d6 98 c0 b5 42 42 7f 40 f6 1a 91 f8 22 61 10 19 e5 96 7c c5 49 10 29 87 1b 7c ef e2 fb 11 8f 7d 07 8f fd 11 0f 2f d4 55 f0 9c 2e a2 05 f5 f4 68 48 8a 51 41 58 05 a5 9e be 5e 3a 3b be c0 0b f7 13 6f 5d 30 17 70 78 81 29 ba e0 62 21 10 bb 26 82 17 2f 5a f0 51 ef d5 57 f8 d4 d5 48 54 84 a9 a0 4b 42 81 eb d4 b6 33 2e 25 af 35 d4 7b f5 05 a2 93 e4 83 ac 0a 8f 44 01 83 b0 d0 36 15 d2 7b b5 80 61 37 c3 ad 2f ea 6c 22 ac f5 81 91 30 72 c7 e1 3d 8e 1a bb 85 46 30 28 c4 ae 42 30 75 11 2f 15 26 ea 69 41 85 03 11 f8 4b 66 50 a2 0e a7 67 1d 4e e6 82 fd 42 2b 1a c6 0d 6b 3a 8d 43 ab c1 61 18 fc 15 8b 92 f2 33 b4 1f e2 d0 4e 4c bb f7 1a e8 77 0d 2a d4 aa a9 a4 d1 5c d5 08 2c 60 16 49 5b 4a 07 68 31 62 25 bf 9f c9 db 51 2d 15 c6 c1 36 02 c6 a3 82 18 a2 cb 50 72 bd f3 de 43 59 cb e9 49 e2 6e 4c da 03 d2 7b 2a 1c 25 79 75 b8 01 51 f1 58 4a 18 bc 7c 0a 3b ed 16 9d e9 ed 88 e0 ae b3 43 83 66 91 05 56 df 4b 67 fe b3 e9 45 7f 4f 76 eb d0 ef 88 92 8a 25 06 b1 74 46 51 7e 84 05 12 c7 0e 42 8d 4c 1b 81 dd 01 76 be fa a5 4e ea 8f 77 c0 fc 35 79 df 55 53 59 5f b7 f5 0e 13 eb 1d 66 dd ec f3 f3 b3 6b 33 d8 47 60 78 de 30 2b 70 01 b1 10 5c dc b5 9b 15 e1 2e 8c 67 a6 9f 9e 41 14 83 e8 e9 ed f1 62 cc 60 7b ca 73 dc b6 f7 07 9d e5 28 c2 f3 71 ef 41 e8 87 20 0e ef 58 47 4c 12 44 09 6a 71 d1 c1 33 ce 8e 44 42 93 e0 6a ce e5 41 85 ae 23 92 c2 9a 7f 85 bc bd 2c 65 94 3f db 1c a9 6d 49 8a 13 cb 91 c4 cb ef 21 35 5d 0f 20 a6 94 34 2d 69 d3 f3 81 48 0c f5 1e 92 30 7e 16 a8 e9 bd b3 4a f9 66 df 34 19 ff 0c c3 9d 6f 91 d8 b7 90 0e 3e 83 e9 e8 d3 48 34 e8 45 5e a4 ff 68 a2 3c 51 3a 3b b6 48 81 98 09 e9 71 Data Ascii: 735XK6WH[lvs @(k(mC%i d<HKE3;B?^V3EX~blxK$,[F2H2rqQ`+0BD^ @)UhvW@y12j mC5#s(xt(0Qr$!k^{/\TRKL>M\qy3kxJTzMjPAO`6(V $}1.jDgn$[\bF> BB@"a\|I)\|}/U.hHQAX^:;o]0px)b!&/ZQWHTKB3.%5{D6{a7/l"0r=F0(B0u/&iAKfPgNB+k:Ca3NLw\,`I[Jh1b%Q-6PrCYInL{%yuQXJ\|;CfVKgEOv%tFQ~BLvNw5yUSY_fk3G`x0+p\.gAb`{s(qA XGLDjq3DBjA#,e?mI!5] 4-iH0~Jf4o>H4E^h<Q:;Hq

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49713	172.67.159.246	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Jul 20, 2021 07:37:21.552299976 CEST	953	OUT	GET /cdn-cgi/bm/cv/669835187/api.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://covid-19.in.th/ Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: covid-19.in.th Connection: Keep-Alive
Jul 20, 2021 07:37:21.606276989 CEST	957	IN	HTTP/1.1 200 OK Date: Tue, 20 Jul 2021 05:37:21 GMT Content-Type: text/javascript Transfer-Encoding: chunked Connection: keep-alive cache-control: max-age=604800, public x-content-type-options: nosniff cf-request-id: 0b640444b000000746e0019000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=00wGa4qpx8440n%2FkNguRKKpfwvKL0ic3daonqSIKBoxDxvYkoh1gOZwDNZGZ1GtZ5UgNDN%2F3BElaObqkIbJ2cKsIA6fFCmDvDaYQesBthfaaO7unJ%2BfLh7hAQmT%2F5poq4w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 6719d64de97c0746-FRA Content-Encoding: gzip Data Raw: 32 33 64 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d db 72 dc 38 92 e8 fb 7e 05 3d 9e 31 8b 16 dd 02 08 82 17 49 d5 5e 59 97 b6 ce b1 25 87 24 6f 6f 87 a6 c6 01 02 a0 55 33 a5 2a 4d 5d 6c 79 64 f5 ff 9c ef 38 3f b6 81 4c 12 bc 14 29 db 3b 72 4c f7 c6 3e 28 54 04 f2 9e 40 22 01 02 e0 e6 d3 a7 ff e6 3c 75 fe 7d 32 96 7a ba d0 e6 f7 de ec fa d3 7c fc fe 72 e9 0c a4 e7 04 84 72 67 77 aa e6 ff ff ff 39 7b f3 d5 3f 9c 1d 71 a5 72 39 5f fd e3 df df 5f 89 f1 e4 07 39 bb fa d1 a0 bd d1 f3 ab f1 62 31 9e 4d 9d f1 c2 b9 d4 73 9d 7d 72 de cf c5 74 a9 95 ef e4 73 ad 9d 59 ee c8 4b 31 7f af 7d 67 39 73 c4 f4 93 73 ad e7 8b d9 d4 99 65 4b 31 9e 8e a7 ef 1d e1 c8 d9 f5 27 03 b9 bc 1c 2f 9c c5 2c 5f 7e 14 73 ed 88 a9 72 c4 62 31 93 63 b1 d4 ca 51 33 b9 ba d2 d3 a5 58 1a 7e f9 78 a2 17 ce 60 79 a9 1d f7 ac c0 70 3d 60 a2 b4 98 38 e3 a9 63 ea ca 2a e7 e3 78 79 39 5b 2d 9d b9 5e 2c e7 63 69 68 f8 ce 78 2a 27 2b 65 64 28 ab 27 e3 ab 71 c1 c1 a0 83 4d 16 86 e8 6a a1 7d 90 d3 77 ae 66 6a 9c 9b ff 1a d4 ba 5e 65 93 f1 e2 d2 77 d4 d8 90 ce 56 4b ed 3b 0b 53 08 e6 f5 8d 1e 9b b3 b9 b3 d0 93 89 a1 30 d6 0b d4 b5 92 0e 60 0c 97 6b 63 d0 65 61 22 e0 fb f1 72 76 d5 d4 64 bc 70 f2 d5 7c 3a 5e 5c 6a c0 51 33 67 31 03 8e 7f d5 72 69 4a 0c 78 3e 9b 4c 66 1f 8d 6a 72 36 55 63 a3 d1 62 cb f8 ec fc 52 3b 22 9b 7d d0 a0 0d 3a 7d 3a 5b 8e 25 1a 1c 5c 70 5d f9 b5 a8 5a 5c 8a c9 c4 c9 74 61 32 ad 8c 81 45 4d a1 b9 11 60 b1 14 d3 e5 58 4c 9c eb d9 1c 38 b6 15 fd 01 24 78 79 e0 9c 9d 1c 9e ff bc 7b 7a e0 1c 9d 39 6f 4e 4f fe e3 68 ff 60 df 71 77 cf 9c a3 33 d7 77 7e 3e 3a 7f 79 f2 f6 dc f9 79 f7 f4 74 f7 f8 fc 17 e7 e4 d0 d9 3d fe c5 f9 bf 47 c7 fb be 73 f0 9f 6f 4e 0f ce ce 9c 93 53 e7 e8 f5 9b 57 47 07 fb be 73 74 bc f7 ea ed fe d1 f1 4f ce 8b b7 e7 ce f1 c9 b9 f3 ea e8 f5 d1 f9 c1 be 73 7e 02 0c 0b 52 47 07 67 86 d8 eb 83 d3 bd 97 bb c7 e7 bb 2f 8e 5e 1d 9d ff e2 3b 87 47 e7 c7 86 e6 e1 c9 a9 b3 eb bc d9 3d 3d 3f da 7b fb 6a f7 d4 79 f3 f6 f4 cd c9 d9 81 b3 7b bc ef 1c 9f 1c 1f 1d 1f 9e 1e 1d ff 74 f0 fa e0 f8 fc 07 e7 e8 Data Ascii: 23db}r8~=1I^Y%$ooU3M]lyd8?L);rL>(T@"<u}2z\|rrgw9{?qr9__9b1Ms}rtsYK1}g9sseK1'/,_~srb1cQ3X~x`yp=`8cxy9[-^,cihx*'+ed('qMj}wfj^ewVK;S0`kcea"rvdp\|:^\jQ3g1riJx>Lfjr6UcbR;"}:}:[%\p]Z\ta2EM`XL8$xy{z9oNOh`qw3w~>:yyt=GsoNSWGstOs~RGg/^;G==?{jy{t
Jul 20, 2021 07:37:21.789608955 CEST	967	OUT	POST /cdn-cgi/bm/cv/result?req_id=6719d64d08990eb7 HTTP/1.1 Accept: / Content-Type: application/json Referer: http://covid-19.in.th/ Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: covid-19.in.th Content-Length: 355 Connection: Keep-Alive Cache-Control: no-cache
Jul 20, 2021 07:37:21.835830927 CEST	968	IN	HTTP/1.1 204 No Content Date: Tue, 20 Jul 2021 05:37:21 GMT Connection: keep-alive cf-request-id: 0b6404459d0000074693ae1000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7SU6f0ueJaRMP2t1K3qZhCiRyGROm%2BHVqlTxgkYwU4vffVTNH5WtSyBdMC%2FRv1ZiGDFqhuNupEKo%2FjNlKY4xqzc9edtT3H%2BYCQWsvX0LNZsQlSpZ5oCRPxfxJRyUxrxigQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 6719d64f6c490746-FRA

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jul 20, 2021 07:37:40.094750881 CEST	104.16.124.96	443	192.168.2.3	49726	CN=www.cloudflare.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Oct 19 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Tue Oct 19 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jul 20, 2021 07:37:40.094750881 CEST	104.16.124.96	443	192.168.2.3	49726	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jul 20, 2021 07:37:40.097816944 CEST	104.16.124.96	443	192.168.2.3	49725	CN=www.cloudflare.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Oct 19 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Tue Oct 19 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jul 20, 2021 07:37:40.097816944 CEST	104.16.124.96	443	192.168.2.3	49725	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jul 20, 2021 07:37:40.486448050 CEST	104.16.124.96	443	192.168.2.3	49727	CN=www.cloudflare.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Oct 19 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Tue Oct 19 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jul 20, 2021 07:37:40.486448050 CEST	104.16.124.96	443	192.168.2.3	49727	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jul 20, 2021 07:37:40.487075090 CEST	104.16.124.96	443	192.168.2.3	49729	CN=www.cloudflare.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Oct 19 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Tue Oct 19 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jul 20, 2021 07:37:40.487075090 CEST	104.16.124.96	443	192.168.2.3	49729	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jul 20, 2021 07:37:40.488032103 CEST	104.16.124.96	443	192.168.2.3	49732	CN=www.cloudflare.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Oct 19 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Tue Oct 19 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jul 20, 2021 07:37:40.488032103 CEST	104.16.124.96	443	192.168.2.3	49732	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jul 20, 2021 07:37:40.488711119 CEST	104.16.124.96	443	192.168.2.3	49728	CN=www.cloudflare.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Oct 19 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Tue Oct 19 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jul 20, 2021 07:37:40.488711119 CEST	104.16.124.96	443	192.168.2.3	49728	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jul 20, 2021 07:37:40.488893032 CEST	104.16.124.96	443	192.168.2.3	49731	CN=www.cloudflare.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Oct 19 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Tue Oct 19 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jul 20, 2021 07:37:40.488893032 CEST	104.16.124.96	443	192.168.2.3	49731	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jul 20, 2021 07:37:40.491601944 CEST	104.16.124.96	443	192.168.2.3	49730	CN=www.cloudflare.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Oct 19 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Tue Oct 19 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jul 20, 2021 07:37:40.491601944 CEST	104.16.124.96	443	192.168.2.3	49730	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 2396 Parent PID: 792

General

Start time:	07:37:18
Start date:	20/07/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7bbc90000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 4800 Parent PID: 2396

General

Start time:	07:37:19
Start date:	20/07/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2396 CREDAT:17410 /prefetch:2
Imagebase:	0x200000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report http://covid-19.in.th/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 2396 Parent PID: 792

General

Analysis Process: iexplore.exe PID: 4800 Parent PID: 2396

General

Disassembly