Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
http://consultoramxn.com

Overview

General Information

Sample URL:http://consultoramxn.com
Analysis ID:1460470

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
HTML body contains low number of good links
Invalid T&C link found
None HTTPS page querying sensitive user data (password, username or email)
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 984 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://consultoramxn.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6200 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1864,i,8728037834119198077,9748818344331007426,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary
  • Boot Survival

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: http://consultoramxn.comLLM: Score: 7 brands: Consultora MXN Reasons: The URL 'consultoramxn.com' does not match the legitimate domain associated with tax-related services in Mexico, which is 'sat.gob.mx'. The site uses social engineering techniques by mimicking the appearance of a legitimate tax consulting service. The presence of links that prompt users to input sensitive information such as 'Consultar R.F.C.' and 'Imprimir R.F.C.' without a secure and recognized domain is suspicious. The overall design and functionality suggest an attempt to deceive users into providing personal information. DOM: 0.0.pages.csv
Source: http://consultoramxn.com/HTTP Parser: Number of links: 1
Source: http://consultoramxn.com/HTTP Parser: Invalid link: Privacy
Source: http://consultoramxn.com/HTTP Parser: Invalid link: Terms
Source: http://consultoramxn.com/HTTP Parser: Has password / email / username input fields
Source: http://consultoramxn.com/HTTP Parser: No <meta name="author".. found
Source: http://consultoramxn.com/HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 104.126.37.130
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /libs/bootstrap/css/bootstrap.min.css HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /libs/font-awesome/web-fonts-with-css/css/fontawesome-all.min.css HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /libs/font-awesome/web-fonts-with-css/css/font-awesome-animation.min.css HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /libs/notifications-js/notifications.min.css HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /css/animate.css HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /css/styles.css?v=12 HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /js/jquery-3.3.1.min.js HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /libs/bootstrap/js/bootstrap.bundle.js HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /libs/notifications-js/notifications.min.js HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /libs/jquery-cookie/jquery.cookie.js HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /js/jquery.redirect.js HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /js/custom.js?v=133147391 HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/about.jpg HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/captcha.png HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fonts/OpenSans-Semibold.woff2 HTTP/1.1Host: consultoramxn.comConnection: keep-aliveOrigin: http://consultoramxn.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://consultoramxn.com/css/styles.css?v=12Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /libs/font-awesome/web-fonts-with-css/webfonts/fa-regular-400.woff2 HTTP/1.1Host: consultoramxn.comConnection: keep-aliveOrigin: http://consultoramxn.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://consultoramxn.com/libs/font-awesome/web-fonts-with-css/css/fontawesome-all.min.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fonts/OpenSans-Light.woff2 HTTP/1.1Host: consultoramxn.comConnection: keep-aliveOrigin: http://consultoramxn.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://consultoramxn.com/css/styles.css?v=12Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fonts/OpenSans.woff2 HTTP/1.1Host: consultoramxn.comConnection: keep-aliveOrigin: http://consultoramxn.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://consultoramxn.com/css/styles.css?v=12Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /libs/font-awesome/web-fonts-with-css/webfonts/fa-solid-900.woff2 HTTP/1.1Host: consultoramxn.comConnection: keep-aliveOrigin: http://consultoramxn.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://consultoramxn.com/libs/font-awesome/web-fonts-with-css/css/fontawesome-all.min.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fonts/OpenSans-Bold.woff2 HTTP/1.1Host: consultoramxn.comConnection: keep-aliveOrigin: http://consultoramxn.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://consultoramxn.com/css/styles.css?v=12Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/logo.png HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/contact.jpg HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/favicon/favicon.ico HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/favicon/favicon-32x32.png HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://consultoramxn.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/about.jpg HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/captcha.png HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/logo.png HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/contact.jpg HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/favicon/favicon.ico HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/favicon/favicon-32x32.png HTTP/1.1Host: consultoramxn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: consultoramxn.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: classification engineClassification label: mal48.phis.win@14/33@9/104
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://consultoramxn.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1864,i,8728037834119198077,9748818344331007426,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1864,i,8728037834119198077,9748818344331007426,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://consultoramxn.com0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://consultoramxn.com/img/logo.png0%Avira URL Cloudsafe
http://consultoramxn.com/fonts/OpenSans-Semibold.woff20%Avira URL Cloudsafe
http://consultoramxn.com/img/about.jpg0%Avira URL Cloudsafe
http://consultoramxn.com/js/jquery-3.3.1.min.js0%Avira URL Cloudsafe
http://consultoramxn.com/libs/font-awesome/web-fonts-with-css/css/fontawesome-all.min.css0%Avira URL Cloudsafe
http://consultoramxn.com/libs/bootstrap/js/bootstrap.bundle.js0%Avira URL Cloudsafe
http://consultoramxn.com/libs/font-awesome/web-fonts-with-css/webfonts/fa-regular-400.woff20%Avira URL Cloudsafe
http://consultoramxn.com/img/favicon/favicon.ico0%Avira URL Cloudsafe
http://consultoramxn.com/css/animate.css0%Avira URL Cloudsafe
http://consultoramxn.com/js/custom.js?v=1331473910%Avira URL Cloudsafe
http://consultoramxn.com/js/jquery.redirect.js0%Avira URL Cloudsafe
http://consultoramxn.com/libs/font-awesome/web-fonts-with-css/css/font-awesome-animation.min.css0%Avira URL Cloudsafe
http://consultoramxn.com/fonts/OpenSans.woff20%Avira URL Cloudsafe
http://consultoramxn.com/img/captcha.png0%Avira URL Cloudsafe
http://consultoramxn.com/img/contact.jpg0%Avira URL Cloudsafe
http://consultoramxn.com/fonts/OpenSans-Light.woff20%Avira URL Cloudsafe
http://consultoramxn.com/libs/notifications-js/notifications.min.js0%Avira URL Cloudsafe
http://consultoramxn.com/libs/jquery-cookie/jquery.cookie.js0%Avira URL Cloudsafe
http://consultoramxn.com/img/favicon/favicon-32x32.png0%Avira URL Cloudsafe
http://consultoramxn.com/css/styles.css?v=120%Avira URL Cloudsafe
http://consultoramxn.com/libs/notifications-js/notifications.min.css0%Avira URL Cloudsafe
http://consultoramxn.com/fonts/OpenSans-Bold.woff20%Avira URL Cloudsafe
http://consultoramxn.com/libs/bootstrap/css/bootstrap.min.css0%Avira URL Cloudsafe
http://consultoramxn.com/libs/font-awesome/web-fonts-with-css/webfonts/fa-solid-900.woff20%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
consultoramxn.com
63.250.41.165
truetrue
    		unknown
    www.google.com
    		142.250.185.132
    		truefalse
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://consultoramxn.com/libs/font-awesome/web-fonts-with-css/css/fontawesome-all.min.csstrue
      • Avira URL Cloud: safe
      		unknown
      http://consultoramxn.com/img/favicon/favicon.icotrue
      • Avira URL Cloud: safe
      		unknown
      http://consultoramxn.com/img/about.jpgtrue
      • Avira URL Cloud: safe
      		unknown
      http://consultoramxn.com/img/logo.pngtrue
      • Avira URL Cloud: safe
      		unknown
      http://consultoramxn.com/js/jquery-3.3.1.min.jstrue
      • Avira URL Cloud: safe
      		unknown
      http://consultoramxn.com/fonts/OpenSans-Semibold.woff2true
      • Avira URL Cloud: safe
      		unknown
      http://consultoramxn.com/js/custom.js?v=133147391true
      • Avira URL Cloud: safe
      		unknown
      http://consultoramxn.com/true
        		unknown
        http://consultoramxn.com/libs/font-awesome/web-fonts-with-css/webfonts/fa-regular-400.woff2true
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/libs/bootstrap/js/bootstrap.bundle.jstrue
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/css/animate.csstrue
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/js/jquery.redirect.jstrue
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/libs/font-awesome/web-fonts-with-css/css/font-awesome-animation.min.csstrue
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/img/captcha.pngtrue
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/fonts/OpenSans.woff2true
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/img/contact.jpgtrue
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/libs/notifications-js/notifications.min.jstrue
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/img/favicon/favicon-32x32.pngtrue
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/libs/jquery-cookie/jquery.cookie.jstrue
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/css/styles.css?v=12true
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/fonts/OpenSans-Light.woff2true
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/libs/notifications-js/notifications.min.csstrue
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/fonts/OpenSans-Bold.woff2true
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/libs/bootstrap/css/bootstrap.min.csstrue
        • Avira URL Cloud: safe
        		unknown
        http://consultoramxn.com/libs/font-awesome/web-fonts-with-css/webfonts/fa-solid-900.woff2true
        • Avira URL Cloud: safe
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        64.233.167.84
        		unknownUnited States
        		15169GOOGLEUSfalse
        1.1.1.1
        		unknownAustralia
        		13335CLOUDFLARENETUSfalse
        239.255.255.250
        		unknownReserved
        		unknownunknownfalse
        142.250.185.174
        		unknownUnited States
        		15169GOOGLEUSfalse
        142.250.185.132
        		www.google.comUnited States
        		15169GOOGLEUSfalse
        142.250.184.227
        		unknownUnited States
        		15169GOOGLEUSfalse
        63.250.41.165
        		consultoramxn.comUnited States
        		22612NAMECHEAP-NETUStrue
        142.250.74.195
        		unknownUnited States
        		15169GOOGLEUSfalse
        142.250.185.202
        		unknownUnited States
        		15169GOOGLEUSfalse
        216.58.206.46
        		unknownUnited States
        		15169GOOGLEUSfalse

        Private

        IP
        192.168.2.16

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1460470
        Start date and time:2024-06-21 01:25:35 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowsinteractivecookbook.jbs
        Sample URL:http://consultoramxn.com
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:14
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        Analysis Mode:stream
        Analysis stop reason:Timeout
        Detection:MAL
        Classification:mal48.phis.win@14/33@9/104
        • Exclude process from analysis (whitelisted): svchost.exe
        • Excluded IPs from analysis (whitelisted): 142.250.74.195, 216.58.206.46, 64.233.167.84, 34.104.35.123, 199.232.210.172, 142.250.185.202, 142.250.181.234, 172.217.18.10, 142.250.185.170, 172.217.16.138, 216.58.212.138, 142.250.186.74, 142.250.186.42, 142.250.185.106, 142.250.185.138, 172.217.18.106, 142.250.184.202, 142.250.186.138, 142.250.74.202, 142.250.185.234, 142.250.186.170
        • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
        • Not all processes where analyzed, report is missing behavior information
        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
        • VT rate limit hit for: http://consultoramxn.com

        LLM Input / Output

        InputOutput
        URL: http://consultoramxn.com Model: gpt-4o
        ```json{  "phishing_score": 7,  "brands": "Consultora MXN",  "phishing": true,  "suspicious_domain": true,  "has_loginform": false,  "has_captcha": false,  "setechniques": true,  "has_suspicious_link": true,  "legitmate_domain": "sat.gob.mx",  "reasons": "The URL 'consultoramxn.com' does not match the legitimate domain associated with tax-related services in Mexico, which is 'sat.gob.mx'. The site uses social engineering techniques by mimicking the appearance of a legitimate tax consulting service. The presence of links that prompt users to input sensitive information such as 'Consultar R.F.C.' and 'Imprimir R.F.C.' without a secure and recognized domain is suspicious. The overall design and functionality suggest an attempt to deceive users into providing personal information."}

        Created / dropped Files

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jun 20 22:26:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2673
        Entropy (8bit):3.9833083313986966
        Encrypted:false
        SSDEEP:
        MD5:09DEC8BAAEC8A7682F4AE698FB977D80
        SHA1:5B95132F1EC51894D2B191D5F6EEC49B2FA6477B
        SHA-256:451285903E7B54DC74C8879803BB225E130A4934773E1BF7CAD60B6AC0130356
        SHA-512:E36A4B238A251F85A02174B82FBFAA933B618DBF8D3E800BED82C58D70061BD25BEB281F00EBD1531B6B86E92E9F5437DFEAA08E6489F9EFE956DBFEE68765C9
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,....)..9i...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X8.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............pV......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jun 20 22:26:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2675
        Entropy (8bit):3.9969925179024752
        Encrypted:false
        SSDEEP:
        MD5:2EF6F5AE80F40010B696BDED4146CC1D
        SHA1:D1BDA78723CE8952B5C222BCEF32B72D51674855
        SHA-256:E372BA57A8D39869CC28C5C690F5E6A79F410F3CC59BDA91F52D16D3A407F982
        SHA-512:DE99F05B9D57477DBC914B1A4FDEB8B3D1A24C8F0D33CEABDD43D391245CABDE942FC9B3D1B6B16547702755106E15E792BB4C0548A783886A008590CB5029FA
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,.... 1.9i...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X8.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............pV......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2689
        Entropy (8bit):4.010396418111719
        Encrypted:false
        SSDEEP:
        MD5:E710B42F0D1DC6B4C85AE69C32F2DB91
        SHA1:73FB49B6013F6AB10D09FC8B4A1B353453209B97
        SHA-256:F41DFFB3D3A71ABF65F0F568A88DF4B20488455CA7EF5F9ABEEFBAFF23F81871
        SHA-512:DDA2AC63F0D39FA6F02B5D9DCE00910361B886FB71DDE23788E8778B626EF6E0F07391C4297AA6307FAFFFB2F6A335BCBC21F448974FF4394A8DC738093459B0
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X8.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............pV......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jun 20 22:26:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2677
        Entropy (8bit):3.9969487253663503
        Encrypted:false
        SSDEEP:
        MD5:5550FC065E90E4891D203CCC9AC2BB7E
        SHA1:2C51B184D36A3DD5B396D4655B295164EF0E44C6
        SHA-256:7143F2BBA8108481C9C480EE6E3A7E413E6C3E0FEFD856A38DA235AF998F25AC
        SHA-512:AE57FC8C61022A306D4D412F7A80F2DA8D5C1DCC0F18D0FCB54741E57F3B62391AC78A5D4A7B98DD1CCEDB1C7BC8C65BB002132001A8880D032C07A53281C748
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,.......9i...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X8.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............pV......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jun 20 22:26:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2677
        Entropy (8bit):3.9880736846631177
        Encrypted:false
        SSDEEP:
        MD5:DC0F7CCCF009D1F5467788564193322D
        SHA1:1508532685A8DC860D7A70B40ED21E6BD4D309D7
        SHA-256:F201ACE521E859EB08441DFD1DAC8D47290E301942F4E9ED94F57DC424CC2594
        SHA-512:2EBAAB641CBBACD9CD4A894D0D9A7AB0EE6A7A05E201CAF7DB8D572855FB716AB4E87725E67660AB422E9E7ECB6988DCBF4A094D3F66CCD279F5EC06F1B40451
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,....M..9i...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X8.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............pV......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jun 20 22:26:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2679
        Entropy (8bit):3.99734911948183
        Encrypted:false
        SSDEEP:
        MD5:16991DC87F60A5B0C7F11A7B3FCB2A3C
        SHA1:FE69B9703C965A768E2A5863AF7D10F0FADEA585
        SHA-256:E26990C64A7006A59B7740478835D16B34663152AE93C9DD69C6F5BEE939F1DA
        SHA-512:C6DC6839906321CD4C8925C4F653A7AB422E091A81E562061D4302FE855D1958CDFB789F4CE57535AFE9DBD5A5239249D47530B3152C7329BF83E70584BD0B69
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,.......8i...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X8.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............pV......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        Chrome Cache Entry: 100

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (307)
        Category:downloaded
        Size (bytes):212345
        Entropy (8bit):4.869832621418468
        Encrypted:false
        SSDEEP:
        MD5:50A98C751C19AE5EA4FC42B2BA2DA89B
        SHA1:56368D3745A9FB9E81628DB25DD5995BC3C31ADD
        SHA-256:3290AD3B8A579EF3BC11C67DAADDE34B8C60537E337AC6249885D85D13566363
        SHA-512:692244E33AFBA158AC6BEDE41A3632EEBF5AE0800FD9F5E7126727586E6A0431C4ED1136BD12544FC6E9A6984F5F12F7E449C8F12997CF0EEFE9C9C3909793E8
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/libs/bootstrap/js/bootstrap.bundle.js
        Preview:/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.(function (global, factory) {. typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports, require('jquery')) :. typeof define === 'function' && define.amd ? define(['exports', 'jquery'], factory) :. (factory((global.bootstrap = {}),global.jQuery));.}(this, (function (exports,$) { 'use strict';.. $ = $ && $.hasOwnProperty('default') ? $['default'] : $;.. function _defineProperties(target, props) {. for (var i = 0; i < props.length; i++) {. var descriptor = props[i];. descriptor.enumerable = descriptor.enumerable || false;. descriptor.configurable = true;. if ("value" in descriptor) descriptor.writable = true;. Object.defineProperty(target, descriptor.key, descriptor);. }. }.. function _createCl

        Chrome Cache Entry: 102

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (639), with no line terminators
        Category:downloaded
        Size (bytes):639
        Entropy (8bit):4.9753889120768005
        Encrypted:false
        SSDEEP:
        MD5:01D81E9F8B16494A05AF7653A9A0AA0B
        SHA1:FBB834666C65D77E957E828724A09EB6C9451017
        SHA-256:6EF55A24C9192E1E81EA43CF69F946786A62CF94A8D1DF82825689F3053FF740
        SHA-512:EA5AFDA1EEC5206BCC02DFEAE6CFA00282822F2E560363556B1CB966B49F7C136D43C9B6C55C9D8D65ABA0F0F09D6950FCAA60A940108A4C6C33D48E1F95DC27
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/libs/notifications-js/notifications.min.js
        Preview:function displayNotification(i,a,n){var t=$('<div class="notification">'+a+"</div>"),o=0,s=0;switch($(".notification")[0]&&(o=$(".notification").length),s=90*o,$(t).css("bottom",s),i){case"error":$(t).addClass("notification-error");break;case"success":$(t).addClass("notification-success");break;case"warning":$(t).addClass("notification-warning");break;case"info":$(t).addClass("notification-info");break;default:$(t).addClass("notification-"+i)}$("body").append(t),t.animate({right:5},500).animate({right:0},200).delay(n).animate({right:5},200).animate({right:-300},500,function(){$(this).remove()})}$("body").css("overflow-x","hidden");

        Chrome Cache Entry: 103

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (40884)
        Category:downloaded
        Size (bytes):41065
        Entropy (8bit):4.733538802357884
        Encrypted:false
        SSDEEP:
        MD5:D61BFE9B56C13ECFF5313EE3ABB45E8B
        SHA1:ECB7CAED8F169C4AE226D85B82CFEC19FC50D4AC
        SHA-256:43730866612149A27F49159D7C4F19185C8694BB91BF41ABC884A6FE1346E96E
        SHA-512:6C7DA4178DE1EC09A600C3D7A6A5E7587128172FB88411E4FD850CD843F0085B2001F30E1ED4ABD133E40634B72B877A4430088346ADC1BE2D3FECA68BF00EF1
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/libs/font-awesome/web-fonts-with-css/css/fontawesome-all.min.css
        Preview:/*!. * Font Awesome Free 5.0.13 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */..fa,.fab,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pull-left{fl

        Chrome Cache Entry: 104

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Web Open Font Format (Version 2), TrueType, length 50372, version 1.0
        Category:downloaded
        Size (bytes):50372
        Entropy (8bit):7.996498558245401
        Encrypted:true
        SSDEEP:
        MD5:8A8C0474283E0D9EF41743E5E486BF05
        SHA1:1BA4DD60AF529D1A72D0E57467C3BC0BBB728A4D
        SHA-256:CBBCA7D9888B4A9EAB7D479756D2924F9B067FD38DAB376797029DF741F96EE4
        SHA-512:FA863FCB24FF1D83F7A2C2B04EA1758EAF589BBFCBFAC16DD33D63AA9D6A447CE2E11204B21790FB2EB5243B2F82AB9C5DBD8C4CF25F5396480A13A482291661
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/libs/font-awesome/web-fonts-with-css/webfonts/fa-solid-900.woff2
        Preview:wOF2...............8...p.........................T.V..F......c.6.$..H..f.. ..z..E[S..@..V.0...f..[.xE!n....~...{..C..s?....._.,bl.....w."J)F.V....... ...dFS., ...P....L.9..n.*.../..q.`..<-.Z.f..h.y.. &..b.....>.j..G,/........Y....T...%.uwH....k.h..0S.-y..f.'.i.......D.O:t&....'..Y...3}.t.......V.v.H`.].!..r......r.-..../j...b..Jo.8..................q.2.szk..fJ.7r0.S..'k..a......#.P..`...(..0..bQ%......./.._..6.H.)T.B..#..A...94%'./....??...3M.nj..Q'..T..........c._.E...+.F.mD...1B....DI.1..0,0P0.l...#....<..1..:.D.;..7...+.U.c...f%..}.0.}V.=......j.......<U.......MX..b.....d.f._[....!`.ZU8.........}....3..n..@.X.....W7a.ZW...s...."..Q*J.B..7.op^..E.|.WW.9....q.G...P............l'....H..~J......eQR.....e..4`J.o.I8.v...\.'K.-.$[.......edn.9].....G.J.>...'....{T@U!.....*i'....wl.8@.T.m+..<.c.{...............t.D.\8.$"".FE.....j..i.....A..!+...5..s..<5.5......8....B..#]6..,l<.......L..XT.`.D.TN+i.'..Z-....2.v.B.....9..W.J..A&.`..$...6.$.....nO..

        Chrome Cache Entry: 105

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (18387), with no line terminators
        Category:downloaded
        Size (bytes):18387
        Entropy (8bit):4.810115689487053
        Encrypted:false
        SSDEEP:
        MD5:67046EA250D57883C8508731B0BB7270
        SHA1:1E350031093E0549E7C208CE0E363778A7E7AAD3
        SHA-256:3A4B03A6C128B46647CA81421D1B1DB2577751A66B09C13677C8D753CAC18C7A
        SHA-512:8B386F0C81C5E1FB61204F709A34612DEAA64D4CDBC0216A4B1A917A889157D28A9167A77411A157ED8BACE53FD929D90696FEAFF2AAE0893CAB7F66DD6D857E
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/libs/font-awesome/web-fonts-with-css/css/font-awesome-animation.min.css
        Preview:@-webkit-keyframes wrench{0%{-webkit-transform:rotate(-12deg);transform:rotate(-12deg)}8%{-webkit-transform:rotate(12deg);transform:rotate(12deg)}10%{-webkit-transform:rotate(24deg);transform:rotate(24deg)}18%{-webkit-transform:rotate(-24deg);transform:rotate(-24deg)}20%{-webkit-transform:rotate(-24deg);transform:rotate(-24deg)}28%{-webkit-transform:rotate(24deg);transform:rotate(24deg)}30%{-webkit-transform:rotate(24deg);transform:rotate(24deg)}38%{-webkit-transform:rotate(-24deg);transform:rotate(-24deg)}40%{-webkit-transform:rotate(-24deg);transform:rotate(-24deg)}48%{-webkit-transform:rotate(24deg);transform:rotate(24deg)}50%{-webkit-transform:rotate(24deg);transform:rotate(24deg)}58%{-webkit-transform:rotate(-24deg);transform:rotate(-24deg)}60%{-webkit-transform:rotate(-24deg);transform:rotate(-24deg)}68%{-webkit-transform:rotate(24deg);transform:rotate(24deg)}100%,75%{-webkit-transform:rotate(0);transform:rotate(0)}}@keyframes wrench{0%{-webkit-transform:rotate(-12deg);transform:

        Chrome Cache Entry: 106

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text
        Category:downloaded
        Size (bytes):6354
        Entropy (8bit):4.819226930433294
        Encrypted:false
        SSDEEP:
        MD5:63E0482EB383C275218F7F877A10AD20
        SHA1:0B59C1CAA98A4343B3FE1BC469BCD8BF0E427218
        SHA-256:6D69AE5C4892D35573385DA52AFEBEC92FB02FEAF7670B0684C1B2AA6F2CFB98
        SHA-512:4F532C5ABDC25305DE98BD55AE3C3414D15CD9E57F0606B5129DB870EB24D890EF7A321B48046FD2B173DCC5A65F2F589D38535EF130CFBFC039465172DA58C0
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/js/jquery.redirect.js
        Preview:/*.jQuery Redirect v1.1.3..Copyright (c) 2013-2018 Miguel Galante.Copyright (c) 2011-2013 Nemanja Avramovic, www.avramovic.info..Licensed under CC BY-SA 4.0 License: http://creativecommons.org/licenses/by-sa/4.0/..This means everyone is allowed to:..Share - copy and redistribute the material in any medium or format.Adapt - remix, transform, and build upon the material for any purpose, even commercially..Under following conditions:..Attribution - You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use..ShareAlike - If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original..*/.;(function ($) {. 'use strict';.. //Defaults configuration. var defaults = {. url: null,. values: null,. method: "POST",. target: null,. traditional: false,. redirectTop

        Chrome Cache Entry: 107

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with no line terminators
        Category:downloaded
        Size (bytes):164
        Entropy (8bit):4.812956738039882
        Encrypted:false
        SSDEEP:
        MD5:445FA94A468FE686172A9B2AF159E203
        SHA1:B03BBE659191A26D0DC01CFA0FC33ADEA8E5D7C3
        SHA-256:63E5D9D91EEE9AB94845ED2CA4E821DF0D92205DAF4529CD9786C178D62874DE
        SHA-512:50624DB50EB4511008CDC855779E6E998BE4C1658933B7577918D5F133D9CC1F3ECC91D0F5EB292FE5E4CFDA331E006201A74841E79386E55E9AF4DD70B68134
        Malicious:false
        Reputation:unknown
        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISXQn39kIkWBtnjxIFDcy4IQYSBQ0kN9uyEgUNiyYB9xIFDS_mosESBQ3MzTkQEgUNz0KPtRIFDYu8WbESBQ2SGo3vEgUNMStkYRIFDd55im4SBQ1CP2qnEgUN6IzzzRIQCeCcAWCHnxSFEgUNq_iy_A==?alt=proto
        Preview:CmwKBw3MuCEGGgAKBw0kN9uyGgAKBw2LJgH3GgAKBw0v5qLBGgAKBw3MzTkQGgAKBw3PQo+1GgAKBw2LvFmxGgAKBw2SGo3vGgAKBw0xK2RhGgAKBw3eeYpuGgAKBw1CP2qnGgAKBw3ojPPNGgAKCQoHDav4svwaAA==

        Chrome Cache Entry: 108

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text
        Category:downloaded
        Size (bytes):3121
        Entropy (8bit):5.078590661266263
        Encrypted:false
        SSDEEP:
        MD5:D5528DDE0006C78BE04817327C2F9B6F
        SHA1:31E1BCC4CF805A2C2FEE21F48DED1E598F64A2A8
        SHA-256:B84161C9FBF7520CD14E7019F92120BD87A928A074156E91A992EBA9FC9436E8
        SHA-512:69484BDB1382AE92C4B860F97FAB601DB2D8117469619F06E720FE5A516B5EB3F2D88AD6065BBA6E28790BD1FAA86B20AA753A9A0C7A2AD53C4EB787A404A9AF
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/libs/jquery-cookie/jquery.cookie.js
        Preview:/*!. * jQuery Cookie Plugin v1.4.1. * https://github.com/carhartl/jquery-cookie. *. * Copyright 2013 Klaus Hartl. * Released under the MIT license. */.(function (factory) {..if (typeof define === 'function' && define.amd) {...// AMD...define(['jquery'], factory);..} else if (typeof exports === 'object') {...// CommonJS...factory(require('jquery'));..} else {...// Browser globals...factory(jQuery);..}.}(function ($) {...var pluses = /\+/g;...function encode(s) {...return config.raw ? s : encodeURIComponent(s);..}...function decode(s) {...return config.raw ? s : decodeURIComponent(s);..}...function stringifyCookieValue(value) {...return encode(config.json ? JSON.stringify(value) : String(value));..}...function parseCookieValue(s) {...if (s.indexOf('"') === 0) {....// This is a quoted cookie as according to RFC2068, unescape.......s = s.slice(1, -1).replace(/\\"/g, '"').replace(/\\\\/g, '\\');...}....try {....// Replace server-side written pluses with spaces.....// If we can't decode the

        Chrome Cache Entry: 109

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=Abel Mitja Varela], baseline, precision 8, 1920x1280, components 3
        Category:dropped
        Size (bytes):367996
        Entropy (8bit):7.9769071154814775
        Encrypted:false
        SSDEEP:
        MD5:6FB8F305E4E747936F07AE0D5D23C749
        SHA1:2E02282889ACF38FC6BAD17CC20D14C7981B3DCA
        SHA-256:EF8E6F531635AE94504A91A44948C09CEF5869568B4F3962F5057629651B5D05
        SHA-512:F81610067A7898C1AC30BDB8AEEAB369813E3965AE154B4E39490B2EC7D4B0220D01BD83D78679CCA12F760A83F1D984F299677A38194DE4D4D3F9942738D00F
        Malicious:false
        Reputation:unknown
        Preview:.....6Exif..II*.......................Abel Mitja Varela.......Ducky.......<.....,Photoshop 3.0.8BIM.%..........................Adobe.d.............................................................................................................................................................................................................................................!1..AQ.aq"....2B.....R#...b3.r....CS$..4cs..D%...T...5EU&F......................!1.AQ..aq"...2...BR..b#...3r..............?....J.x".l.V.V.I.j.. .3TJ.F(......EL.;$...q...r"....3DX.,.v&...Q..q;B.4x..H.T...*........DW..Vj.TDNv+(s..N...iNE8.....1X..t...V.... ....qT4..5..*..TD.*P.....".."3.*.:..*.P.UY...*...$.0...W..i...+"f..x(.T.yAVR.(...Q.TFHUV`p..S..iTH..ivj*....EF;...v....\...J....%.F.i.UXaZ..9U...L.Y..K. .......ZC.."v....i.(...T@.h..[..B.o.FF.]J,.+...+vV..{.X.wq.{X..G.j.b.\....h.....9.4Y.YR...v5..M..Jw=aq -k..5jh..g....k..+....UUim..........Y..}5..{X..G..wv[.......Xo..-Gs^**.s.h.. *.9.N(...2!..

        Chrome Cache Entry: 78

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (65324)
        Category:downloaded
        Size (bytes):140936
        Entropy (8bit):5.058262383051032
        Encrypted:false
        SSDEEP:
        MD5:04ACA1F4CD3EC3C05A75A879F3BE75A3
        SHA1:675FCF28F9FBF37139D3B2C0B676F96F601A4203
        SHA-256:7928B5AB63C6E89EE0EE26F5EF201A58C72BAF91ABB688580A1AA26EB57B3C11
        SHA-512:890415FA75ED065992DD7883AED98BFBDFD9FA26EEC7E62EA30263238ADCA4EECD6204F37D33A214D9B4F645AD7D9CC407D7D0E93C0E55CF251555A8A05B83FF
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/libs/bootstrap/css/bootstrap.min.css
        Preview:/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors. * Copyright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,::after,::before{box-sizing:border-box}h

        Chrome Cache Entry: 79

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Unicode text, UTF-8 text
        Category:downloaded
        Size (bytes):40439
        Entropy (8bit):5.392809370696261
        Encrypted:false
        SSDEEP:
        MD5:D8F4796E28CDAA1613AA1ED888E52F47
        SHA1:EB449C0D806EF936F6DD0DC929CA25910158C7A1
        SHA-256:382F4A6753C0793D36284DFC37E845577348CE4A1D76CE7341F106D2FE9A142A
        SHA-512:0636228E737381E9701CD79E228911AD0D1929D6D7EEB7CA7DCF30055B4B9E331D524A846136391349EF141FC4E736A9BB2CD5F901DB0EC4F07AB01FA475CCEB
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/js/custom.js?v=133147391
        Preview:$(document).ready(function() {...$(".btn_rfc").on('click',function(event){...$(".text_constancia_rfc").text("R.F.C.");...$("#reference").val("R");..});..$(".btn_constancia").on('click',function(event){...$(".text_constancia_rfc").text('Constancia de Situaci.n Fiscal');...$("#reference").val('C');..});...const que_es_rfc_txt = `....<div class="col-12">. <div class="card shadow mb-2 mt-0">. <div class="card-header px-3">.Qu. es el R.F.C.?</div>. <div class="card-body">. El RFC es una clave que identifica como contribuyentes a las personas f.sicas o morales en M.xico para controlar el pago de impuestos frente al SAT, el Servicio de Administraci.n Tributaria. Sus siglas significan Registro Federal de Contribuyentes.<br>....... . Toda persona que realice alguna actividad econ.mica que deba tributar impuestos deber. hacer su inscripci.n en el RFC del SAT.<br>.

        Chrome Cache Entry: 80

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text
        Category:downloaded
        Size (bytes):77907
        Entropy (8bit):4.893216883162435
        Encrypted:false
        SSDEEP:
        MD5:91CC40989E5E96E8D6BDDC0F19598441
        SHA1:77B5378A2B4BFC120E52782DD869AEAB7EFE2FD4
        SHA-256:6B6B686ECAA56E02EC5ACED95541A03F922F599B31F1B4CD429CECA824A6E669
        SHA-512:90750A22634147D99CC10D6EE1120BB6C889982EAEE77F5B82445AA5F1AB6F05DB90FC5F6A9933017BDD1A7AD3BB76E518D5C73C25F4925AE513BCC0661AFE8C
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/css/animate.css
        Preview:@charset "UTF-8";../*!. * animate.css -https://daneden.github.io/animate.css/. * Version - 3.7.2. * Licensed under the MIT license - http://opensource.org/licenses/MIT. *. * Copyright (c) 2019 Daniel Eden. */..@-webkit-keyframes bounce {. from,. 20%,. 53%,. 80%,. to {. -webkit-animation-timing-function: cubic-bezier(0.215, 0.61, 0.355, 1);. animation-timing-function: cubic-bezier(0.215, 0.61, 0.355, 1);. -webkit-transform: translate3d(0, 0, 0);. transform: translate3d(0, 0, 0);. }.. 40%,. 43% {. -webkit-animation-timing-function: cubic-bezier(0.755, 0.05, 0.855, 0.06);. animation-timing-function: cubic-bezier(0.755, 0.05, 0.855, 0.06);. -webkit-transform: translate3d(0, -30px, 0);. transform: translate3d(0, -30px, 0);. }.. 70% {. -webkit-animation-timing-function: cubic-bezier(0.755, 0.05, 0.855, 0.06);. animation-timing-function: cubic-bezier(0.755, 0.05, 0.855, 0.06);. -webkit-transform: translate3d(0, -15px, 0);. transform: translate3d(0

        Chrome Cache Entry: 81

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):21918
        Entropy (8bit):7.597730332983334
        Encrypted:false
        SSDEEP:
        MD5:BAE2A7765764AB428182117FB8760BB4
        SHA1:443969DFAEA7348348873E49801441C8C905034D
        SHA-256:C643505BC3F28E300F461F1E7BF2824A906381E5CAB831BB7E010D9A1807AC14
        SHA-512:567E05BF5405D24AA637DF4BE88795D9C8D88BC670587678CB8DC42F62363B2060D5E893625C38527D9A3B8501CED3D5F005C573E15AE61888E493B4BE68D3DE
        Malicious:false
        Reputation:unknown
        Preview:.PNG........IHDR.............\r.f....zTXtRaw profile type exif..x..i..7...c....-..9..^~...dI.U..*)f.3........;...^...j!d.K..j.|e...o..|..=.............6.xM._.......n...].....b....?...r..yI......{..?......|...8.y>...D.....<....z....I!y....@.....M.;?.....~.S.....:..2Ft5.....G..........I.,r.....P~.E.....'..3M......G.Z}..w....,F.,u.N..T.;>7y....C...p.....:Y.H...Y.B$\7...7....b.9...ob\1........?..,...za.)..Kx.5..{Z..;....Y.........U)....b\1j..."..|....]....._...D..VY%b,...b../$H/...^?5....%....D..ZH%..[....;....:....R.f.1.T.M.z4...>.K....fD......4.V..i..C...K)....QS..Z[.(..Zv...Z.....^z..n}X..h......<sp.....1.L3..f.m.is,.g.UV]m.ek...?v.m.m{.pH..O9....qI.....z.......oX....D-|.._....3j.............r .M! ..b.{.9*r..7./.. .b.."F......#v.~"...Wqs-.)n...9......5n.......O.jQ}.....#.!....._.....F.V.....uj...m......\!...o.U.)o..j.uG.S. PaY..F..1M_.o.d.%.ZK.....}..O.e..".|.=.l..ki.T\.x....3..Aj.9..;s?.....k.....L.+.+.k.A....C.../d.1......7.....x..8.

        Chrome Cache Entry: 82

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:PNG image data, 103 x 102, 8-bit/color RGBA, non-interlaced
        Category:downloaded
        Size (bytes):5086
        Entropy (8bit):7.9298325015463105
        Encrypted:false
        SSDEEP:
        MD5:32118F672B64F3939F1D51EC390B8EC9
        SHA1:E18A4A391E67994AAAC0250E420D4B6176310E3F
        SHA-256:35029887E8A413552D4172090298651FDE7694F45826DD87332335D420516F26
        SHA-512:6D7C40B67177583BCD1CE13DFA5C302CA9678041F179FDFF74D7C763E7092C6FFD96591B23B0B9759C5906A47DFCF6DBAC7F2B04F592F029C01CF1A567E4DDA1
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/img/logo.png
        Preview:.PNG........IHDR...g...f........\....gAMA......a....IiCCPsRGB IEC61966-2.1..H..SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m....... ......O.

        Chrome Cache Entry: 83

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Web Open Font Format (Version 2), TrueType, length 52104, version 1.0
        Category:downloaded
        Size (bytes):52104
        Entropy (8bit):7.99613366433887
        Encrypted:true
        SSDEEP:
        MD5:B6A93C57AFF7C0A760B81509194452B0
        SHA1:4CA8598F86E0D4BBE26D1674B5F461275B13EEDE
        SHA-256:76977F53FF96EF106012E14B448666BF85988B6646CA0AC3BD46555222EEAD58
        SHA-512:3E7CB78F49183228D62376CF4F2676652A0A6C73D30E4C3F449E43CA2CD9A26860540A2CAD3EFC5598387BC34BAB4FDA07E121CA3B156050D879FDCF6857EFAB
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/fonts/OpenSans-Semibold.woff2
        Preview:wOF2...........................................?FFTM.....\..D.`..n..&..4.....t.....X..6.$..$. ..O......[*...5...6.l..~>..n&..c.G......n,<...NQ[?......$.8..`v.9B.......;..F....m.........h...n.*..02.7.. &Il...<e$$#....^9D%,...u..n.X..U[3.e3..2...g...U.....>..'l.n8q6.S../u...y.#..8MW.9.Q. ~..]..L.t....../.w^..yp..fd..7...S5.A..V.u/(qLnC.d...6.J.h@..l...B...9*d5#.X...w1.MU..G...q2.q..'+;YA...../.I..p"........A.....9.~M.........'sw.6&xP.)...e3bU.x.*...ew...W.W.@.B..%.......3.....].+1.*....".K!9D..(.d.H..*..c...mf.c.3s..)....q.3.c...l6-..~9....c....U...0..s..7..&0.h9M....4...P...LGT.*..-6.~q[..f...1n...k...e.Q.A?.s.a.L.{$.EFI..w..R@....|......d.v).m...S..<o....6...GQA.........m.G...r.5...s2g3.4/g.....]4......p.....k.......I7.w_.@....!.,.$p...E.\..[..;......D.r 12F.*.+F.V....#GlDI.(H.D.6F.......>.."..8.....T$..)......U*..H..?2>...".Bw*w.+.Je.......oY.l}.a..p._...7P..K8I8..+..".....2....Vi../3.............{j.k.dS..WuQ.#R.&(.....G....t\.^#Z..\._.a..9.

        Chrome Cache Entry: 84

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 1200x900, components 3
        Category:downloaded
        Size (bytes):67712
        Entropy (8bit):7.767084529416638
        Encrypted:false
        SSDEEP:
        MD5:59024D8406C3217D9468482DE6DFF7EE
        SHA1:258E076667BA83DA2618F751DB48B3DC858FA340
        SHA-256:ACA952B077D7066B12C9071E9B48655A275E8FF8A5C0E0D460EDBD1ECE92074D
        SHA-512:1E4F46FFCDEDF6E6260AA0914D87630F5D2E9063882E2DB4D4F677FD86FF6473C6F8A8409479D716DC7C01BF8292E26F65789D992655D58EB2C32F206C02C9FF
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/img/contact.jpg
        Preview:......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(...(...(...(...(...(...)3Fh.h.......4f...L..Z)3Fh.h......(Vn.....K:.cnrsS...<..@...u..gcq4.P2c..t....s'Q./..a...j.z..l. ..9...E.P.E.P.E.P.E...I........ME.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.E

        Chrome Cache Entry: 85

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with no line terminators
        Category:downloaded
        Size (bytes):200
        Entropy (8bit):4.9471637368781485
        Encrypted:false
        SSDEEP:
        MD5:073411CFB08ED5D7FC32CE4506374DB3
        SHA1:39627E99C62A501E4A5D057D272F257367803404
        SHA-256:5E0D4F7A690B236B4040EA94B450C56DF4E005AA762DAC742855C9BD1A679B09
        SHA-512:35E751AD4FA117C4327E4A4D02FEBE54A7C6505AC8203B6257BE78B627631F84A2C1D28C5BF3494C8A56D4E3A603725655C9C1DD74CA546890AB17140BEFE9B5
        Malicious:false
        Reputation:unknown
        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISXQn39kIkWBtnjxIFDcy4IQYSBQ0kN9uyEgUNiyYB9xIFDS_mosESBQ3MzTkQEgUNz0KPtRIFDYu8WbESBQ2SGo3vEgUNMStkYRIFDd55im4SBQ1CP2qnEgUN6IzzzRIlCT0Rf0c2WqcmEgUNi5AUnxIFDbgxyEwSBQ03NoKuEgUNOB6_sA==?alt=proto
        Preview:CmwKBw3MuCEGGgAKBw0kN9uyGgAKBw2LJgH3GgAKBw0v5qLBGgAKBw3MzTkQGgAKBw3PQo+1GgAKBw2LvFmxGgAKBw2SGo3vGgAKBw0xK2RhGgAKBw3eeYpuGgAKBw1CP2qnGgAKBw3ojPPNGgAKJAoHDYuQFJ8aAAoHDbgxyEwaAAoHDTc2gq4aAAoHDTgev7AaAA==

        Chrome Cache Entry: 87

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Web Open Font Format (Version 2), TrueType, length 51300, version 1.0
        Category:downloaded
        Size (bytes):51300
        Entropy (8bit):7.99528756667416
        Encrypted:true
        SSDEEP:
        MD5:B55272C8D5196C7DC77CB39F95CDBA9D
        SHA1:310361E3AF471A938FC1B2BA0C2D9D696C5BE408
        SHA-256:BBBAC54860D140091BDB87A4149D18962A2CE0DE41F582FC28473A78C20858DA
        SHA-512:5DA6B45E2CFC42A44A523C24F4C2D374D2CBAEFFA1ED220ABC3152CC7C19C7EA786E4D6CDA7410F71BFEFC6148C48A1B0D6BB6A5F6A477130C684BF3ECBA6D6C
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/fonts/OpenSans-Light.woff2
        Preview:wOF2.......d.......l............................?FFTM.....\..D.`..n..*..4.....4..q..X..6.$..$. ..1.....:[.....r..c..:.B...XF..t.n..6.n..;...s.'.c..RO........I&2f..^.....C.9......EX `QjW..C..(......M...uY;,..~..G..m..3j?jvQI.T..0b..SU-=.upaX....%.H.DS.0.3n9.;.......}.&....O.7x.Kg.<..L.-G.;..Q.....5.oY.h...X.......P.K:.7....y..4A..M.S.F*..D....`.)^8.S....Sj?".pa........l..3i.K..i..OZ.dn3...^!ZA.(.._.R.$.$.F.........2..9..6...S......:P..Fa.3D6.oe0u..b......0.0.:......0T......vCS.'.......#v....s.S....9.P.O.{...e@......ZW.|...|gx..`"..6.i.. .........N....."...!..-..K.[UbTE&X...0.K....*Bvu.B.<.* .,..EU)....p.$xq|Ty,./...^.....6.....E..*F... % "%..`.FNg.f.rs.s..U9W....l.nf.4.4~s..~..6^.....!x.....,)..dZ.U.@Yr.w..a.y....w......!Z.....Y.%..!...$HE-\.M>6..6.r8,F!p.!.SN3.tBiA.3i..P.f..K.E..v^..E.k..w.......,.....$?..........e.-...7.c...a..I2.Q\2n!.-.&..J*........._.1.G2..D.>..Fb$.1..HN...%A....>/b....^.....i....C.M.......Z`....{3#.J{.*.%...O.wi.t..

        Chrome Cache Entry: 88

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:PNG image data, 32 x 32, 1-bit colormap, non-interlaced
        Category:dropped
        Size (bytes):1810
        Entropy (8bit):6.605664582999547
        Encrypted:false
        SSDEEP:
        MD5:332BDAF7E5A935462DF49D801AFEF7F5
        SHA1:641887E2CBF077AC83FBBFCE9ED82A899577B7D2
        SHA-256:30AD20123D80504149B9ACDF40A468B3507DAD51B4CCB89C8B300EC665CEB915
        SHA-512:01885FCA6E64E32C35EAF3D078DB95D4E46F4B46181EE61FD70416AEEC584A8CCE0E028E2879783D23381414F12D0054352FA9019C73BDA96CDFC86FF3A8947E
        Malicious:false
        Reputation:unknown
        Preview:.PNG........IHDR... ... .....I.....{iCCPicc..x..=H.@.._S....v.q.P..".K.B.*.Z.U..K..IC...(....X.:.8...*... ..N..R...B.P...~....{...2.....J..LvU......a...,cN...8.....].g..._.Y....1f.6.....mp.'.........tA.G.+..q..,...N.....B.+m..F<E.Q5...*.-.Z..../....e...A..X.....(...QZuR,.h?..?..%r).*..c..h.]?......ONxI.8...8..@`.h.....q.'.....[.J...$..."G@h...ni..p...=..)........g.MY`...].zk....HSW......+P.z.w.....f.?..r.0...... cHRM..z&..............u0...`..:....p..Q<....PLTE............bKGD...-.....pHYs...........~.....tIME.......$.......IDAT..c`........a%}G...%tEXtdate:create.2023-11-16T16:13:17+00:00M..s...%tEXtdate:modify.2023-11-16T16:13:17+00:00<U......tEXtexif:BitsPerSample.8, 8, 8..>'....tEXtexif:ColorSpace.1...I...!tEXtexif:DateTime.2023:11:16 13:13:00.]......tEXtexif:ExifOffset.190L.......tEXtexif:ImageLength.310g..*....tEXtexif:ImageWidth.310.z.....tEXtexif:Software.GIMP 2.10.30.......$tEXtexif:thumbnail:BitsPerSample.8, 8, 8 ..S....tEXtexif:thumbnail:Compression.6.epW....tEX

        Chrome Cache Entry: 89

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (317)
        Category:downloaded
        Size (bytes):29863
        Entropy (8bit):4.438969512652932
        Encrypted:false
        SSDEEP:
        MD5:49CF5E9E8EA89DBA4B392C8724AB7F8A
        SHA1:5683F20F42C78CDFED55E62B1CC3B7288ADD2DD8
        SHA-256:CA55AF49960B7AF0E42ED62A82239DABB425EA1D4E8A3FC3AC7C7CD5A0C89EBA
        SHA-512:ECD9B790B29B649B1683E4FCF8265142509AF2CF80DB65EC0F75D5378CCA2A3B67E55C5DAB20C0AA5A496224B19D68192AE8B6F4E1C909B3AB956C4CCBCD0A32
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/
        Preview: .<!DOCTYPE html>.<html lang="es">..<head>. <meta charset="utf-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1.0, user-scalable=no">. <meta name="description" content="Consultar RFC, Imprimir RFC, Cedula RFCl, Facturaci.n Masiva, Contabilidad. Consultora MXN">. <meta name="keywords" content="Consultora MXN, Consultar RFC, Cedula RFC, Facturaci.n Masiva, Constancia de Situaci.n Fiscal">. <meta name="Robots" content="noindex,nofollow">.. start: favicon / icon apps-->. <link rel="apple-touch-icon" sizes="57x57" href="img/favicon/apple-icon-57x57.png">. <link rel="apple-touch-icon" sizes="60x60" href="img/favicon/apple-icon-60x60.png">. <link rel="apple-touch-icon" sizes="72x72" href="img/favicon/apple-icon-72x72.png">. <link rel="apple-touch-icon" sizes="76x76" href="img/favicon/apple-icon-76x76.png">. <link rel="apple-touch-icon" sizes="114x114" href=

        Chrome Cache Entry: 90

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
        Category:dropped
        Size (bytes):1150
        Entropy (8bit):0.6153775001367379
        Encrypted:false
        SSDEEP:
        MD5:C014B9153F4F6EE4896933799837A890
        SHA1:F814369957E398E195EB2A85AB75D25F2AB74FEC
        SHA-256:D806E8C82228A9B51A69587B6DB6BE6C27DB040A8A8E82717ADD6FF25539EA4A
        SHA-512:A82000564C22BAE977C7296E528518BD5A983B23EC67328970996E5F73599B88F3F547FDA3E27CCB192FA2FA5FA653E0CEF1BAD30603E190E8873D8B447E1607
        Malicious:false
        Reputation:unknown
        Preview:............ .h.......(....... ..... ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        Chrome Cache Entry: 92

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Web Open Font Format (Version 2), TrueType, length 51932, version 1.0
        Category:downloaded
        Size (bytes):51932
        Entropy (8bit):7.995955883716231
        Encrypted:true
        SSDEEP:
        MD5:807C4E98897A908AE67063A7201F0C75
        SHA1:4B215FB22CE4780E39A4B0DF3EC6428DDA1D60F6
        SHA-256:D06144A46683423A96F079ECD2D23D01A59E450CF17BB5BD0F57DE7B55D5F428
        SHA-512:0839BE377AC70533B5E8D5CAC15E7426C4416A252FC50CDC3EE9656A7FBF832A1C959DE893587335037D84851D6AD922A3AA99B11894C31BA73E5713A52C19B2
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/fonts/OpenSans-Bold.woff2
        Preview:wOF2...................t........................?FFTM.....\..D.`..n..*..`.....0..X..X..6.$..$. ..-.....x[...-.x........5+.h7...10.Ww}..Z.!Z#.>..7.R...%.....%.B.{u.i"..j..6.r..HB.....!.8.[.@.wj.....1..\..r.r.............I.@j.8#0E............3......_...7.U3]pUf...g.!....F........x......X$CX.(b..._s.R....$..?._..l..g'i.m\'...k..LA....S..M..7.w....4..s5....;......,.&.....=wu.I_a.7....0..n.....H..Q........}..#.X,>.V..X(b..p..t^.f..O...oTc..q.lWs...2.`h..[3......D..........W....w=..3_..g.Sg.........o..?!.H..A.%z..TR..-.<...E......d..C-....9.jN.dX.%.!..e\s.^M..Ys....a.!......6..K..{...~@M.%\>..i.B<Q.........q.6..j..C..Q@..|..s..d.H..v.$.&...o.WI%......I......8../A...`...SW..7..sF.Bv.F.&YI.*mY.%v...;....u.:76....oq...sR.y.'....M...(......%....m.'..M..<\...<.L.y.Cpq...3...o.J7.v...X.&x....qg..........9 .....6....h...p6..Wz.V.6.k.....@.NM1A....s....#.9@..y.m..$J.0..\..c...4.k.[....X%..:.<.|.~1.s..M\&...NT;...6..o2.)j.l......`B0.H+.(..q..uv...O.w=...s.

        Chrome Cache Entry: 93

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with CRLF line terminators
        Category:downloaded
        Size (bytes):714
        Entropy (8bit):5.107939083746456
        Encrypted:false
        SSDEEP:
        MD5:DC40EA6BAAAD329DEBA9A0E01F097A3D
        SHA1:ADFCBE00885FA62AABA6DE48C34DF3C55B80F266
        SHA-256:2F1789640076CF223A541AD012DE0FDD464A3520BFBF6F73C9C7A08B620D33DB
        SHA-512:B07396DD097B1B9CEA7A7DEC7EDFBD9AA88BFE61BCF759736076143AAAF6DD410AB6A07CD0A0B7AD0C5FB8F7891C6ED16C0FCA9AB5ECBD3FC6B357472109552F
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/libs/notifications-js/notifications.min.css
        Preview:/*@import url(https://fonts.googleapis.com/css?family=Open+Sans:700,400);*/...notification {..width: 300px;..height: 80px;..position: absolute;..bottom: 0;..right: -300px;..background: #ecf0f1;..margin-bottom: 10px;..font-family: 'Open Sans', sans-serif;..font-size: 16px;..padding: 0 15px;..-webkit-box-sizing: border-box;..-moz-box-sizing: border-box;..box-sizing: border-box;..line-height: 80px;..border-left: 5px solid..}...notification-info {..border-left-color: #3498db;..color: #3498db..}...notification-success {..border-left-color: #2ecc71;..color: #2ecc71..}...notification-warning {..border-left-color: #e67e22;..color: #e67e22..}...notification-error {..border-left-color: #e74c3c;..color: #e74c3c..}..

        Chrome Cache Entry: 94

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Web Open Font Format (Version 2), TrueType, length 12188, version 1.0
        Category:downloaded
        Size (bytes):12188
        Entropy (8bit):7.982764191535376
        Encrypted:false
        SSDEEP:
        MD5:33F727CCDE4B05C0ED143C5CD78CDA0C
        SHA1:0654FEE7E908814ECC3BAF36BFC556520F491C17
        SHA-256:1B4C97A2809CDB53153139544E1F5DB34E4917C8F01D2DD94CB9519E24E1AB3C
        SHA-512:7E504D7C0BAC7B376586C6C4287D5CD0569BDA47A850A284E0DB6F51A9BFDD361A2FE45F53B3CA8605261C56E01CDF9CF4674F1E4DF38E7DB8A60399470802D0
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/libs/font-awesome/web-fonts-with-css/webfonts/fa-regular-400.woff2
        Preview:wOF2....../.......yD../H.........................T.V......L....6.$..\..p.. ........c...w.p..F.N|..a... .f..........%[....*..[....[w..J.*.je...C..T:F.#..!~...eO.....P..*qI..z..t0_~...x...C.......o.;.?&.5.D,.j.+.F..]|u..7;..-NK)..3^....G[.......z.....D..T@....(....')..c6.M.5...VVg..i.,;.w.l..6...c.{E.$em.P.F".Z>~...m.~be.......Y...m..'...m.];2...6_n.W.....h.q.1.$....r\;\.kr-....@h.i........iG.f..q.......M...P.....<. ".lj.|!.n:.B...XF....T.R..x.y...Jol..Z.c...... E...(s'....%...:.4O..9..q.u.Z.}gC.R.mll..D...e........)h;..~/m.F.`.9_.."._.\..7.{...`+.n.$.!.C_....aLu..|C3.....[..`..G...LW.Fh.........{...c..L.q.D.{..I.4~......h.,H>...<.A.+.&.|...f.9.7.......I.8.....tZ.......2..pN....Z....D.fd5.L\....@.R.U..L.-..p..#^.....i.K._#j.~..7...`C....}...#.c.XFiJ,."Weo...y*..7...|2...v.....A..1.."b{...V..3.S..Es..H.o......v.I.....u...n&.6..N..79=;..h..1H.......OF.o.....=..i....w......N..i..Pe....+...d0f.%..$z.;.F..?on....$.X*.(.....3f....O.PM.r@DB.0!}N.

        Chrome Cache Entry: 96

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text
        Category:downloaded
        Size (bytes):35768
        Entropy (8bit):5.2322308182230755
        Encrypted:false
        SSDEEP:
        MD5:4240946598B525F3BB169204E0AF3804
        SHA1:D6C6AFCDC029470A25EB470852EBE5AB1FA35E09
        SHA-256:4E7A719DFE32C966734934B106BD53CAB15317DCA5824D8CF6C71E7A8BDF1896
        SHA-512:052C9C09A09FE3D281B36F5D62366C9EDE33F45B5FBF98F580C96E72A3B390CA393327A3299024FA9226E4068AD508F39EB986F7D4D665B8DA1EBF428F3ECFBA
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/css/styles.css?v=12
        Preview:*{..outline:none;.}..a,.a:hover{..text-decoration: none;..color: inherit;.}..html,body{..min-height: 100vh;. display: flex;. justify-content: space-between;. flex-direction: column;...background-color: #ffffff;..font-family: "Open Sans";..font-weight: 500;..line-height: 1.3;...scroll-behavior: smooth;.}..@font-face {. font-family: 'Open Sans';. src: url('../fonts/OpenSans-Extrabold.eot');. src: url('../fonts/OpenSans-Extrabold.eot?#iefix') format('embedded-opentype'),. url('../fonts/OpenSans-Extrabold.woff2') format('woff2'),. url('../fonts/OpenSans-Extrabold.woff') format('woff'),. url('../fonts/OpenSans-Extrabold.ttf') format('truetype');. font-weight: 800;. font-style: normal;.}..@font-face {. font-family: 'Open Sans';. src: url('../fonts/OpenSansLight-Italic.eot');. src: url('../fonts/OpenSansLight-Italic.eot?#iefix') format('embedded-opentype'),. url('../fonts/OpenSansLight-Italic.woff2') format('woff2'),. url('..

        Chrome Cache Entry: 98

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Web Open Font Format (Version 2), TrueType, length 50116, version 1.0
        Category:downloaded
        Size (bytes):50116
        Entropy (8bit):7.995484446304371
        Encrypted:true
        SSDEEP:
        MD5:5EF05461D1158F05FA25662BBD968005
        SHA1:9875B9DF6ECD96B694B1E39E7DD40DEE4570FC56
        SHA-256:C1154260AF583DCEC8B77B36C7F06F4478534C0AEA7D618B541B542F09AF5042
        SHA-512:D04F9385D12AD575AFE7B3FEABF3B1C0D23DCA4AA9913F8AFAE3332D6EC93F83CE2EA317A800FC756895BEDEAB9F16D356EE7ADF678FF966E9C7ACE47822BF11
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/fonts/OpenSans.woff2
        Preview:wOF2...............P...Z........................?FFTM.....\..D.`..n.."..4.....x..U..X..6.$..$. .........[....ul....N.nC.)../......u....`)....N.t.....\....../J.1.f.`v....WET...b.@P.Y...z......R......1E...o..g...%.C..F..#[[...%.86P.>....f.#..8....(.f.h.Rk.L)a.2.[],y....=.B.TA..G..w..*j.e.+.q....q....Q....S.......6..l...d.x..X.p.=#fM...6-.=.|ZK..]..C...R...G.+..?......P...o+..G.S....r.%..p;...C.0..7.=w.O...q..W..Q....).E.....+Y...39.L..w!.....#....L=......y..sn.j.Uc...`5j.7w..V...`<..?~\..a.j.V.206F.?".9QU....'.._-y...x.(:..8%.h..N...6..{...........*nL.1.y..6u..sm.XU...L.....6.$.r+.s3s...75.l..CsPq........oP..J.n..\.-;.#A..O..F.7...s.. ...;..DgK..2.`#.-!..1.7..p.....z.r...K#sd.J<....3CS]g.....Dt.*"K^.2.......@.......K.%mR,..8....r..Y.|0.4..oo.SP..AB.. ."...I.....X....=3...._.._K}.3.D;...<I.5;....~|#..h"M..p..M.al.F.(`.N....(..,...@.0.b`..f...N.R......X.mn....3.l../].#...3...)...m.......Jj._s..|2I.'.3........T..88.p.T..L......4.N_..\.D.H..$..2....s....U

        Chrome Cache Entry: 99

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (65451)
        Category:downloaded
        Size (bytes):86927
        Entropy (8bit):5.289226719276158
        Encrypted:false
        SSDEEP:
        MD5:A09E13EE94D51C524B7E2A728C7D4039
        SHA1:0DC32DB4AA9C5F03F3B38C47D883DBD4FED13AAE
        SHA-256:160A426FF2894252CD7CEBBDD6D6B7DA8FCD319C65B70468F10B6690C45D02EF
        SHA-512:F8DA8F95B6ED33542A88AF19028E18AE3D9CE25350A06BFC3FBF433ED2B38FEFA5E639CDDFDAC703FC6CAA7F3313D974B92A3168276B3A016CEB28F27DB0714A
        Malicious:false
        Reputation:unknown
        URL:http://consultoramxn.com/js/jquery-3.3.1.min.js
        Preview:/*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},

        Static File Info

        No static file info