Edit tour

Windows Analysis Report
http://thekidneycliniclc.com/

Overview

General Information

Sample URL:	http://thekidneycliniclc.com/
Analysis ID:	1654833
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

Creates files inside the system directory

Deletes files inside the Windows folder

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,7302875059111210,7082492409452021955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6620 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://thekidneycliniclc.com/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ET EXPLOIT_KIT Malicious TA2726 TDS Domain in DNS Lookup (blessedwirrow .org)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-04-02T16:59:43.079731+0200	2059069	1	Exploit Kit Activity Detected	192.168.2.16	58016	1.1.1.1	53	UDP
2025-04-02T16:59:43.079888+0200	2059069	1	Exploit Kit Activity Detected	192.168.2.16	64398	1.1.1.1	53	UDP

ET EXPLOIT_KIT Malicious TA2726 TDS Domain in TLS SNI (blessedwirrow .org)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-04-02T16:59:43.969157+0200	2059078	1	Exploit Kit Activity Detected	192.168.2.16	49721	185.184.123.58	443	TCP

Joe Sandbox Signatures

• Compliance
• Software Vulnerabilities
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

Source: unknown	HTTPS traffic detected: 54.147.102.217:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.147.102.217:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.184.123.58:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.72.100:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.147.102.217:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.147.102.217:443 -> 192.168.2.16:49742 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 17MB later: 32MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2059069 - Severity 1 - ET EXPLOIT_KIT Malicious TA2726 TDS Domain in DNS Lookup (blessedwirrow .org) : 192.168.2.16:64398 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059069 - Severity 1 - ET EXPLOIT_KIT Malicious TA2726 TDS Domain in DNS Lookup (blessedwirrow .org) : 192.168.2.16:58016 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059078 - Severity 1 - ET EXPLOIT_KIT Malicious TA2726 TDS Domain in TLS SNI (blessedwirrow .org) : 192.168.2.16:49721 -> 185.184.123.58:443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.227

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/classy-child/style.css?ver=6.7.2 HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /qlZvFjfnSJFACbQAFa8YG HTTP/1.1Host: blessedwirrow.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/mts_schema/css/owl.carousel.css HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/mts_schema/css/animate.min.css?ver=6.7.2 HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/mts_schema/fonts/all.min.css?ver=6.7.2 HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/mts_schema/css/responsive.css?ver=6.7.2 HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/classy-child/assets/slick.css?ver=6.7.2 HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/mts_schema/theme-specific/services/ritzo-style.css?ver=6.7.2 HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/mts_schema/style.css HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://thekidneycliniclc.com/wp-content/themes/classy-child/style.css?ver=6.7.2Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/cache/minify/6affa.js HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/cache/minify/69cb2.js HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/cache/minify/5871f.js HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/cache/minify/6f7a3.js HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/mts_schema/fonts/FontAwesome.ttf HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveOrigin: https://thekidneycliniclc.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://thekidneycliniclc.com/wp-content/themes/mts_schema/fonts/all.min.css?ver=6.7.2Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/cache/minify/b6afb.js HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-16.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/mts_schema/images/nobg.png HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-15.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/10/ahadaftab_logo_RF01.png HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-20.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/03/badge-2.png HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/mts_schema/images/nobg.png HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/mts_schema/theme-specific/doctors/doctor-dup.css?ver=6.7.2 HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-16.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/mts_schema/css/slick.css?ver=6.7.2 HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-17.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/10/ahadaftab_logo_RF01.png HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-18.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-19.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-20.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-3.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-4.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/07/fahad-C-1-scaled.jpeg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/03/badge-2.png HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-15.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-17.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-4.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=6.7.2 HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-18.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-3.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/11/image-19.jpg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2023/07/fahad-C-1-scaled.jpeg HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/mts_schema/images/favicon.png HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/mts_schema/images/favicon.png HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988If-None-Match: "f5b4-63074fae15724"
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1Host: thekidneycliniclc.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thekidneycliniclc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988
Source: global traffic	HTTP traffic detected: GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1Host: thekidneycliniclc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _ga_FXNMZCXD5M=GS1.1.1743605987.1.0.1743605987.0.0.0; _ga=GA1.1.936273818.1743605988

Source: global traffic	DNS traffic detected: DNS query: thekidneycliniclc.com
Source: global traffic	DNS traffic detected: DNS query: blessedwirrow.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49673
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 54.147.102.217:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.147.102.217:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.184.123.58:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.72.100:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.147.102.217:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.147.102.217:443 -> 192.168.2.16:49742 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir3760_1767061653

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir3760_1767061653

Source: classification engine

Classification label: mal48.win@25/36@10/174

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,7302875059111210,7082492409452021955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://thekidneycliniclc.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,7302875059111210,7082492409452021955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

No bigger version

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://thekidneycliniclc.com/	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://thekidneycliniclc.com/wp-content/uploads/2022/10/ahadaftab_logo_RF01.png	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-3.jpg	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/themes/mts_schema/images/favicon.png	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-18.jpg	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/cache/minify/6affa.js	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-includes/js/wp-emoji-release.min.js?ver=6.7.2	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-20.jpg	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/themes/classy-child/assets/slick.css?ver=6.7.2	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-16.jpg	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/cache/minify/5871f.js	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/themes/mts_schema/images/nobg.png	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/themes/mts_schema/css/slick.css?ver=6.7.2	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/uploads/2024/03/badge-2.png	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/themes/mts_schema/fonts/all.min.css?ver=6.7.2	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-4.jpg	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/themes/mts_schema/css/responsive.css?ver=6.7.2	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-17.jpg	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/themes/mts_schema/css/animate.min.css?ver=6.7.2	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/themes/classy-child/style.css?ver=6.7.2	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/themes/mts_schema/theme-specific/services/ritzo-style.css?ver=6.7.2	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/themes/mts_schema/css/owl.carousel.css	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/cache/minify/69cb2.js	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/themes/mts_schema/fonts/FontAwesome.ttf	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/themes/mts_schema/theme-specific/doctors/doctor-dup.css?ver=6.7.2	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/uploads/2023/07/fahad-C-1-scaled.jpeg	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/cache/minify/6f7a3.js	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/themes/mts_schema/style.css	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/cache/minify/b6afb.js	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-19.jpg	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-15.jpg	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/favicon.ico	0%	Avira URL Cloud	safe
https://thekidneycliniclc.com/wp-includes/images/w-logo-blue-white-bg.png	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
thekidneycliniclc.com	54.147.102.217	true	false	high
blessedwirrow.org	185.184.123.58	true	false	high
www.google.com	142.250.72.100	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://thekidneycliniclc.com/wp-content/cache/minify/6affa.js	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/themes/mts_schema/images/favicon.png	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-3.jpg	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-includes/js/wp-emoji-release.min.js?ver=6.7.2	false	Avira URL Cloud: safe	unknown
https://blessedwirrow.org/qlZvFjfnSJFACbQAFa8YG	false		high
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-20.jpg	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/uploads/2022/10/ahadaftab_logo_RF01.png	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-18.jpg	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-16.jpg	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/themes/classy-child/assets/slick.css?ver=6.7.2	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/cache/minify/5871f.js	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/themes/mts_schema/images/nobg.png	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-4.jpg	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/uploads/2024/03/badge-2.png	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/themes/mts_schema/fonts/all.min.css?ver=6.7.2	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/themes/mts_schema/css/slick.css?ver=6.7.2	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-17.jpg	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/themes/mts_schema/css/responsive.css?ver=6.7.2	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/themes/mts_schema/css/animate.min.css?ver=6.7.2	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/themes/classy-child/style.css?ver=6.7.2	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/	false		unknown
https://thekidneycliniclc.com/wp-content/themes/mts_schema/theme-specific/services/ritzo-style.css?ver=6.7.2	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/themes/mts_schema/css/owl.carousel.css	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/themes/mts_schema/fonts/FontAwesome.ttf	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/cache/minify/69cb2.js	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/themes/mts_schema/theme-specific/doctors/doctor-dup.css?ver=6.7.2	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/themes/mts_schema/style.css	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/uploads/2023/07/fahad-C-1-scaled.jpeg	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/cache/minify/6f7a3.js	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/cache/minify/b6afb.js	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-19.jpg	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-includes/images/w-logo-blue-white-bg.png	false	Avira URL Cloud: safe	unknown
https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-15.jpg	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.80.46	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	true
142.250.65.174	unknown	United States	15169	GOOGLEUS	false
142.250.176.202	unknown	United States	15169	GOOGLEUS	false
142.250.65.195	unknown	United States	15169	GOOGLEUS	false
54.147.102.217	thekidneycliniclc.com	United States	14618	AMAZON-AESUS	false
142.250.80.42	unknown	United States	15169	GOOGLEUS	false
142.250.81.227	unknown	United States	15169	GOOGLEUS	false
142.251.40.110	unknown	United States	15169	GOOGLEUS	false
142.251.167.84	unknown	United States	15169	GOOGLEUS	false
142.251.40.232	unknown	United States	15169	GOOGLEUS	false
185.184.123.58	blessedwirrow.org	United Kingdom	6908	DATAHOPDatahop-SixDegreesGB	false
142.251.40.195	unknown	United States	15169	GOOGLEUS	false
142.250.72.100	www.google.com	United States	15169	GOOGLEUS	false
142.251.41.3	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.16

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1654833
Start date and time:	2025-04-02 16:59:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://thekidneycliniclc.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@25/36@10/174

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.40.110, 142.251.40.195, 142.250.65.174, 142.251.167.84, 142.251.40.206
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://thekidneycliniclc.com/

Created / dropped Files

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 37828, version 1.0
Category:	downloaded
Size (bytes):	37828
Entropy (8bit):	7.994199601770781
Encrypted:	true
SSDEEP:
MD5:	50B140B1E97D859D6D0603414F4298EE
SHA1:	500E4872EE1BA9CF89F1BA626D64987B0F9AB5C9
SHA-256:	FDC9964050BFA24C27A3C76C6791B3674292A5F352CBC83D7A4DC49595BC3FB1
SHA-512:	55EF84E956A7943E3FC61A8A349E64E9F35B7DFC63402AB52B995F43A7CD4B1D2ACD300126DCDD610D0B106AF426848F998CCF154F712034422D242D6AD9130D
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Preview:	wOF2..............~....C..........................^...V..D?HVAR.'?MVARF.`?STAT.8'2..L+..\|.../~.....$.u....0..x.6.$.... .....e..([.lq...{En.0..I..h...[....-y2..)..@(.....T...K....$E.U.uA.b...AO..CU"O.W.]7..'............a.@...kF9.3.....xV..7.tg4#Ol.x}o.M...w...Q..))..-.i.R..&.P.......N..[F.C...x..9.\|.;......d$..L.<......=.M.S..HlLHr.#+.S}..+..C....D..'^..~.}..TeT`%.......^..$....0....1 A.. ...bm..]T.E...n;._Qqm....RK.....=....\{.h.O&.D$.U......YS U..i...@.:W........p..pS....-.w.EQwp@.....},.G.@,....0IAV....P...~..0.....8..f...5..Os...5..P...n&wS+.P:.7.e.$t~.s_...z..3..Z.....}.A..2Uj...@{.:Ln.}.t.....i.>Kl.."RQ..h.;.........%...eY.E?...W..00(.z.ml.J.TPP...........G...6.=.Z%...\T....W..q...9D.m...)6..1..\.....v7......U..jr..-i.c.3iL..,\..!...b.d.A...d..C.....Ra:Q.!.M,.e.SMC$$M.w..c.151=.m..o@.G$.X..P'..\|.E."..Z.k......i"......S8..@.d.....2..t..........{..X.]SN..$....K....j5..e..,.%...T..)+.";@.v...9.R..]......,...W.iY...f..r...Q.FY.P.#...X...S

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 13 tables, 1st "FFTM", 28 names, Macintosh
Category:	downloaded
Size (bytes):	339104
Entropy (8bit):	6.353595676366028
Encrypted:	false
SSDEEP:
MD5:	BD3E7E8559D21DD8D091FDA4C4C54B92
SHA1:	698B7471A7CCE8FE8216306455493A5F5080FB8A
SHA-256:	22C1D6B7BE2833E4EF9CCB331B8DAAF4DC0DE952E7D99091A233F4779C54B482
SHA-512:	9D3F885130F5AA5FE38E3F08EFE7496BBF2E31C8649271C264D747D601BA94A2FE4D5EE605BA9E28577D58398AE96068200CA0760AFBF291718D9B931AD3EDBF
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/themes/mts_schema/fonts/FontAwesome.ttf
Preview:	...........PFFTM.<2...,.....GDEF......,`...$OS/21.V[...X...`cmap............gasp......,X....glyf......<4...(head.Y8........6hhea.C.........$hmtx3...........loca.q^...%\....maxp...@...8... name.......\....post^.l......Fq.....K....._.<..........v{........................................................................=.'...............@.................L.f...G.L.f....................................PfEd...............T.........:..... .......................@. .............@...............................@.......@. .........................@...........@...........................................................@.......................................................................................@...........................`.......................@.......@.......@...................................@...........................................@...@...................................@...............`...@.....@...............................@.....@...@......................................

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 512x512, components 3
Category:	downloaded
Size (bytes):	26481
Entropy (8bit):	7.907878019806591
Encrypted:	false
SSDEEP:
MD5:	67A7D369426AAFDC8E596C7C43569906
SHA1:	6E4E59624FBCC12F4FA18495B4A367C8CC730F1A
SHA-256:	29AD841B816832FC3DC657D104163B96E3959C76DB926E53194B5B137FEA2438
SHA-512:	71E2F355D5A7EC8167184FB60ED8D6BAF4F18AF85F9CED9D91BCBE5837B6988ACDE8BF989EC25276ABE694003275A656E4119C6E293EDB5B1D2CA8A41144A384
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-4.jpg
Preview:	......Exif..II*.................Ducky.......<...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c000 79.171c27fab, 2022/08/16-22:35:41 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.0 (Windows)" xmpMM:InstanceID="xmp.iid:0EC7B5D96CD411ED8300B1F3FCB686BB" xmpMM:DocumentID="xmp.did:0EC7B5DA6CD411ED8300B1F3FCB686BB"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0EC7B5D76CD411ED8300B1F3FCB686BB" stRef:documentID="xmp.did:0EC7B5D86CD411ED8300B1F3FCB686BB"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (304)
Category:	downloaded
Size (bytes):	6985
Entropy (8bit):	4.915687127801771
Encrypted:	false
SSDEEP:
MD5:	5EE5FA823D838954C3FF3CC29ED9EC60
SHA1:	D8A23B3FAB72A8AE1C884620FE995B9EFE20DADB
SHA-256:	629890A0AE8AA4F780BD165F019D704DD25297B8DD87DA2824D1B416FC23B361
SHA-512:	B47EC98BCAAA148F88BCC125B6BD3EDBE4C547AE038BD8C406E9EAF6C42839593EE6AF266E8EF8C31F7A468088943296D1A15C6FF8FCE6A7B4725C07136BCC91
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/themes/mts_schema/css/owl.carousel.css
Preview:	/* Feel free to change duration /..animated { -webkit-animation-duration : 1000 ms; animation-duration : 1000 ms; -webkit-animation-fill-mode : both; animation-fill-mode : both; }./ .owl-animated-out - only for current item /./ This is very important class. Use z-index if you want move Out item above In item /..owl-animated-out { z-index : 1 }./ .owl-animated-in - only for upcoming item./* This is very important class. Use z-index if you want move In item above Out item /..owl-animated-in { z-index : 0 }./ .fadeOut is style taken from Animation.css and this is how it looks in owl.carousel.css: /..fadeOut { -webkit-animation-name : fadeOut; animation-name : fadeOut; }.@-webkit-keyframes fadeOut { . 0% { opacity : 1 }. 100% { opacity : 0 }.}.@keyframes fadeOut { . 0% { opacity : 1 }. 100% { opacity : 0 }.}./ . * Owl Carousel - Animate Plugin. */..owl-carousel .animated { -webkit-animation-duration: 1000ms; animation-duration: 1000ms; -webkit-animation-fill-mode: both; an

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 57 x 57, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4166
Entropy (8bit):	7.838843642368445
Encrypted:	false
SSDEEP:
MD5:	9CD9877AC8B6F799CCA5D9EE2B784ECD
SHA1:	46696BEC58E775CF809DAB4969C8F1DA036C384B
SHA-256:	8A43AF0FA70295EB53F1ABD57FCDBE8A84B2B9345BFC07F544775AA09BE4689F
SHA-512:	6C091BC7481216BC9D746FEFBC871D96DDDEB057BA1AE2CFB88B0D23F06271BB8FA1A6A1F01B557C1A00D335DC3CEF07843DD9D6C37F6342288696E0D755E1F0
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/themes/mts_schema/images/favicon.png
Preview:	.PNG........IHDR...9...9.............tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:36F3A226576711E68479B9FB8FAA7F1E" xmpMM:DocumentID="xmp.did:36F3A227576711E68479B9FB8FAA7F1E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:36F3A224576711E68479B9FB8FAA7F1E" stRef:documentID="xmp.did:36F3A225576711E68479B9FB8FAA7F1E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..J.....IDATx..[Il$W..j.}..n......3.-.DJ.!.3.;DHpD......H.W....n.B@..&.$$..../.n.{_.....e{&..Q...'=..]....../.48."

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	6195
Entropy (8bit):	4.792344498218215
Encrypted:	false
SSDEEP:
MD5:	76659AF85E188FE29CEE79BAB802BC24
SHA1:	67F93EE7840BEEE965A9EC60B1AF7BFB4D6A9371
SHA-256:	401202228370BEE631070B036E71DBE4D47DA99200D7B88D5AADB11B0E212838
SHA-512:	3757D37A5EBFE4FF5C1A43AC52131F6EF1A195E993A873A6ABD6F0C70E72E4A8B4A6F66894933D9BCAE2960FBB6DE53CC1F230EA9D8F4D1C4703A4062D26FFD7
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/themes/mts_schema/css/slick.css?ver=6.7.2
Preview:	@charset 'UTF-8';...dm-slide-main .slide-caption {.. position: absolute;.. bottom: 100px;.. width: 100%;.. left: 0px;.. text-align: center;.. z-index: 10;.. padding: 30px 0px;.. box-sizing: border-box;.. background-color: transparent;..}.....dm-slide-main .slide-caption h2 {.. font-size: 30px;.. text-shadow: 0px 1px 1px #000;.. color: #fff;.. margin-bottom: 20px;.. font-weight: bold;.. font-size: 40px !important;..}...dm-slide-main .slide-caption p {.. text-align: center;.. color: #fff;.. font-size: 20px;..}.....video_holder {.. background-position: 50% 50%;.. background-size: cover;.. height: 680px;.. position: relative; ..}...newCon > a {.. display: block;.. height: 100%;.. position: relative;..}...dm-slide-main {.. height: 650px !important;.. position: relative;..}...dm-slide-main .newCon, ...dm-slide-main .video_holder {.. height: 100% !important;.. width: 100% !important;..}...video_holder video

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (43013)
Category:	downloaded
Size (bytes):	43955
Entropy (8bit):	5.098053149548773
Encrypted:	false
SSDEEP:
MD5:	646D1268596CDC9050CA3BAC50034A81
SHA1:	06D08B87115DF3A9EBB2A7DC4EEBEFE786223183
SHA-256:	CA33921489CB42EAE34B335DFCA47C86F6E7A69C79341487E8B7E9A5D456BE18
SHA-512:	159D2D26C2FE49BB5CEC19FAAB4E932BDE16D8ECF1EECCAD1052EFCE1A66C2BF982978612A1A95ABB7D8C79029D5DB5576995D5DB23BCB4A8791383481165390
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/cache/minify/b6afb.js
Preview:	!function(i){"use strict";"function"==typeof define&&define.amd?define(["jquery"],i):"undefined"!=typeof exports?module.exports=i(require("jquery")):i(jQuery)}(function(i){"use strict";var e=window.Slick\|\|{};(e=function(){var e=0;return function(t,o){var s,n=this;n.defaults={accessibility:!0,adaptiveHeight:!1,appendArrows:i(t),appendDots:i(t),arrows:!0,asNavFor:null,prevArrow:'<button class="slick-prev" aria-label="Previous" type="button">Previous</button>',nextArrow:'<button class="slick-next" aria-label="Next" type="button">Next</button>',autoplay:!1,autoplaySpeed:3e3,centerMode:!1,centerPadding:"50px",cssEase:"ease",customPaging:function(e,t){return i('<button type="button" />').text(t+1)},dots:!1,dotsClass:"slick-dots",draggable:!0,easing:"linear",edgeFriction:.35,fade:!1,focusOnSelect:!1,focusOnChange:!1,infinite:!0,initialSlide:0,lazyLoad:"ondemand",mobileFirst:!1,pauseOnHover:!0,pauseOnFocus:!0,pauseOnDotsHover:!1,respondTo:"window",responsive:null,rows:1,rtl:!1,slide:"",slidesP

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	68
Entropy (8bit):	4.090163392719035
Encrypted:	false
SSDEEP:
MD5:	73031B554FD75A3DF2B54C9FC5D2D654
SHA1:	447A248347BF2E003DF3DD1750403068575EE019
SHA-256:	01FC92B7704C3E3BAAEFD2CE87CE17E2EA266A1BB4244F032DA25931E9C6FB92
SHA-512:	106E94EDD40EE3D5B99AE6456BB928EA790347045DD8B198A407FF1F88F8BCEB5BCEF5C0811EBD12C8A09BD73911B8DB2EC3F1E958875866DF3D59ECA7A17CD7
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................IDAT..c``......OH......IEND.B`.

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1280, components 3
Category:	downloaded
Size (bytes):	568929
Entropy (8bit):	7.976509142226128
Encrypted:	false
SSDEEP:
MD5:	D5737DBC2C733DB98DA8C425128C32C1
SHA1:	1F5D319F71EC07BAC8893E8760FB877A1C996456
SHA-256:	80FC8B4DBFB729A7D508357F8198639C1AB738B7296E6C25A82EAE134340E40B
SHA-512:	D6E9AEB6B918DB5B1138B439078552CEC857D5CE498CEAFB9795079250DEC1822357C915D7D13F957A10C2DD48B41D220BE92474CC556DEB4A64DBF5EA450462
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-15.jpg
Preview:	......Exif..II*.................Ducky.......<...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c000 79.171c27fab, 2022/08/16-22:35:41 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.0 (Windows)" xmpMM:InstanceID="xmp.iid:58B4BE3E6CD311EDB7FBD4AEEDFC4FA6" xmpMM:DocumentID="xmp.did:58B4BE3F6CD311EDB7FBD4AEEDFC4FA6"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:58B4BE3C6CD311EDB7FBD4AEEDFC4FA6" stRef:documentID="xmp.did:58B4BE3D6CD311EDB7FBD4AEEDFC4FA6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1280, components 3
Category:	downloaded
Size (bytes):	323164
Entropy (8bit):	7.959780345204287
Encrypted:	false
SSDEEP:
MD5:	FC0FE4142D237BA971D55759B1BE863C
SHA1:	69A66591E0DCA591AA82D7D255BC90D52BD3578B
SHA-256:	DA3075D3D314923AA7BCA37B791A6755065011522136AC63030DB883747A4D81
SHA-512:	840ECB6150A8121A971A9860296D3F884728A253BD21A645DC132F2142B4E89A07B5B34297E9A43693E4A73BED9C88688DB3D90A48FB0E17B2E552B22685EB63
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-19.jpg
Preview:	......Exif..II*.................Ducky.......<...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c000 79.171c27fab, 2022/08/16-22:35:41 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.0 (Windows)" xmpMM:InstanceID="xmp.iid:75D5F2FC6CD311EDABE1B73F6E101C7E" xmpMM:DocumentID="xmp.did:75D5F2FD6CD311EDABE1B73F6E101C7E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:75D5F2FA6CD311EDABE1B73F6E101C7E" stRef:documentID="xmp.did:75D5F2FB6CD311EDABE1B73F6E101C7E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 2048x2560, components 3
Category:	downloaded
Size (bytes):	401320
Entropy (8bit):	7.796108255110589
Encrypted:	false
SSDEEP:
MD5:	42D40742E1C1BC451B9F1BDC1AC96131
SHA1:	4A6758C48451FFEE65C62D8BEF15C3856539A369
SHA-256:	9FE252A554405391112F5F811522454BBB937B2F39241208B4728EE920D22E52
SHA-512:	39AFEBB39242C9E50C37B9ABDCB1825C2C882EBD27F5E2990E599D0E7530496E7A999941982A210C30A5B9DDC8D83D04B17AB8EDC9BC5368718E832798B0E605
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/uploads/2023/07/fahad-C-1-scaled.jpeg
Preview:	......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	12345
Entropy (8bit):	4.487387927177544
Encrypted:	false
SSDEEP:
MD5:	19EAD6A0925A5D5CC26F52FE8D45F184
SHA1:	34F27D824A1500F5888F88E6A2D0FE8B368E31D6
SHA-256:	B50D51A4517D63A7A34181BBB8E677A143AA4BD60F99814587204610D853C173
SHA-512:	D1E590053DEC5327866D09C57715821DFD9A289148BE4D1FA5482252647E430CA9E432A62266FE5E89DBD7F271BDC293E93B852F25DDF244A10BF10CC6BCC743
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/themes/mts_schema/css/responsive.css?ver=6.7.2
Preview:	html {. overflow-x: hidden;. -webkit-text-size-adjust: 100%;.}..main-container { max-width: 100% }.@media screen and (max-width:1366px) { . .shareit { margin: 0 0 0 -140px }.}.@media screen and (max-width:1300px) { . .shareit {. position: relative!important;. width: 100%!important;. top: 0!important;. padding-left: 0!important;. padding-right: 0!important;. margin: 0!important;. padding-top: 10px!important;. border: none!important;. box-shadow: none!important;. }. .share-item { margin: 0 }.}.@media screen and (max-width:1152px) { . #page, .container { max-width: 100% !important; }.}.@media screen and (max-width:1024px) { . #move-to-top {. margin-right: 0;. right: 5px;. }. div.header-social-icons { margin-left: 20px }. #primary-navigation a { padding: 17px 5px 16px 5px }. .mts-cart span a { padding: 17px 3px 16px 3px!important }.}.@media screen and (max-width:960px) { . #s

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (8856), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	62900
Entropy (8bit):	5.239020767526209
Encrypted:	false
SSDEEP:
MD5:	47C366AF0884703A8A5C392BAA286C1B
SHA1:	E57D5D5A20A391AAB15B485FD6A740F0A2D1CD74
SHA-256:	A56B0C945324ABA741D6092568D087D626C585EDC0B363BC87721EFEFE320522
SHA-512:	D2175D734C76AFB6178AFA02F0A06EF185EE9FF4A9A9EDB117D37471E5429AA1EF56E74C220FD257AB957480B66415F43F48A6550603CAB72BD5BE6A6181C6B3
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/
Preview:	.<!DOCTYPE html>.<html class="no-js" lang="en-US">.<head itemscope itemtype="http://schema.org/WebSite">..<meta charset="UTF-8">.. Always force latest IE rendering engine (even in intranet) & Chrome Frame -->.. [if IE ]>..<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">..<![endif]-->..<link rel="profile" href="https://gmpg.org/xfn/11" />.. <link rel="icon" href="https://thekidneycliniclc.com/wp-content/themes/mts_schema/images/favicon.png" type="image/x-icon" />. ... . <meta name="msapplication-TileColor" content="#FFFFFF">. <meta name="msapplication-TileImage" content="https://thekidneycliniclc.com/wp-content/themes/mts_schema/images/apple-touch-icon-144-precomposed.png">. . . . . <link rel="apple-touch-icon-precomposed" href="https://thekidneycliniclc.com/wp-content/themes/mts_schema/im

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	17
Entropy (8bit):	3.969815782426811
Encrypted:	false
SSDEEP:
MD5:	DD90B06362F392E10F332608B00F4ACD
SHA1:	4E3177EDB2F027761B72D174CF82F58FAEF62D63
SHA-256:	DC3E47F68A5008D954EED8160A56F733AC5143E1153CF1EE8BFE4DDDB44B0BCE
SHA-512:	F7A27056E6D323FD7E64BFF1EEA5130B2DBDCFFD87A5BE419DEC68DC9712A1AE7C2A0E157CBAE077DB7E074BDA83292AA48DC8DAD79C17D866332EC0B79EDEEA
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/themes/classy-child/assets/slick.css?ver=6.7.2
Preview:	@charset 'UTF-8';

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59068)
Category:	downloaded
Size (bytes):	59517
Entropy (8bit):	4.7240531694478864
Encrypted:	false
SSDEEP:
MD5:	43E12298DAA0E9B62B0CDA25E25C1159
SHA1:	E0B006274F54CF31D1DBAECA98B435B75DCAE7FC
SHA-256:	D527425EBDD985E717EA1C50576261462C9365744ADC8190ACF9996E367D5A66
SHA-512:	CDF216171977F30CBF0488394A77E68996F3B2A0523EE5EB5F694C9B97B281048488D92DE3C4C8F9A92138E805D487595174344C8A11188767AB087D9E9A7AE3
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/themes/mts_schema/fonts/all.min.css?ver=6.7.2
Preview:	/!. Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */..fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pu

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 900x600, components 3
Category:	dropped
Size (bytes):	98179
Entropy (8bit):	7.981812177133156
Encrypted:	false
SSDEEP:
MD5:	3B29A23B1742E3B471065B8B13C8B073
SHA1:	26E2CA87A4E30C97AD06FBD5797FFACC9F4C51D7
SHA-256:	F09F65B9DDD04EC4A076F841C33BA4630B8EF480C64BC53E241BF703BA2883C8
SHA-512:	FA5EA73F51BF0C7D1C7D7C01CF1B1816E6188C338F85DB789D6811447CA1A5ECF8801F65643AEC35ED42ECD031929CE506E05926EAC19F11D3A274709EF746C2
Malicious:	false
Reputation:	unknown
Preview:	......Exif..II*.................Ducky.......<...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c000 79.171c27fab, 2022/08/16-22:35:41 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.0 (Windows)" xmpMM:InstanceID="xmp.iid:613BEB326CD311EDA75BCB63F562696C" xmpMM:DocumentID="xmp.did:613BEB336CD311EDA75BCB63F562696C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:613BEB306CD311EDA75BCB63F562696C" stRef:documentID="xmp.did:613BEB316CD311EDA75BCB63F562696C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1723 x 699, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	149676
Entropy (8bit):	7.943088092212449
Encrypted:	false
SSDEEP:
MD5:	E91B34F79DE04B2FDF3EA98D2DEDF59C
SHA1:	1E4E35CD21405068F2922FB032213815079CD2E1
SHA-256:	013C66BD0670E586492D2FB76772A15DDB96DF02F034A2024DAEF52C5138AA19
SHA-512:	4659D8DCA59C77787D990B3489A59F674CDA59976F440D34FD3D0D68FE55929D71F6760CB61DC95FCC5F3511C2B1E6D1AA7B6082C7BE53C70FEBAAE2705D1FF2
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/uploads/2022/10/ahadaftab_logo_RF01.png
Preview:	.PNG........IHDR.............B.4.....pHYs...#...#.x.?v....tEXtSoftware.Adobe ImageReadyq.e<..H9IDATx...x\Wy...]..e.%..'.L.8.b...$$...IHR.-q...SN{..#9...~i.&$`..C..=.N../v._.X&@...!.FI.Tr......f.....5.#.....Zk.=..=.~F.Y...Z.Z.../e....................K....................................Z v......................................]............... .@...................b.................-.................@h..................B...................Z v......................................]............... .@...................b.................-.................@h..%........ ...T[.M..e..4.XuO.%:.+.......(..............Hq.j...sb.J..N.....J..................@^z.R\h..U..ki..M.B...................N.@*+hq........p....D..............U......... .S..Y\$j&.se.....e..'Y.Zf..KX..Y....Z...6..................Y.....B..%+..ep.w...................(..P.Ya..B......x...........C v.......@...H..iQ+........PF.....x..Z...,........b..............Wj...W^[..`..!.......J.b........hHNXB.nm...Sd.K.A....1..c

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x757, components 3
Category:	downloaded
Size (bytes):	311914
Entropy (8bit):	7.9770133156970084
Encrypted:	false
SSDEEP:
MD5:	F3ECC9D04498FA81CF6A86E44091A4B5
SHA1:	D4C8AF69711B8E19D5906AC5D748E65E4742E406
SHA-256:	1D1DC7E9C99EBF2CAF4B9A959974C4C97904486EE38A082513FB43CFAAEEAD4D
SHA-512:	70B852B841CCE4D80E0BABAFCD50D58BD11CF33950DD1F836B2F1355DD16945CC16F43C1F1B33481726E5672F71FDFC556C2FE4126EE43D720FA3FB9A9958E0C
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-16.jpg
Preview:	......Exif..II*.................Ducky.......<...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c000 79.171c27fab, 2022/08/16-22:35:41 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.0 (Windows)" xmpMM:InstanceID="xmp.iid:6588AB386CD311ED9CF18166A3027BE5" xmpMM:DocumentID="xmp.did:6588AB396CD311ED9CF18166A3027BE5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6588AB366CD311ED9CF18166A3027BE5" stRef:documentID="xmp.did:6588AB376CD311ED9CF18166A3027BE5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 512x512, components 3
Category:	dropped
Size (bytes):	59791
Entropy (8bit):	7.952877315079384
Encrypted:	false
SSDEEP:
MD5:	B9AEA3883F902368665A082169763AF5
SHA1:	156FB064801DE7D23180732C6DA6EF461B3D27BD
SHA-256:	785E6A5AE7A2151E172FB622BC16850D0D4A6370C7933EF76EBB5FC8496EFE07
SHA-512:	485DB9B68E1AA34B686EDCDE070ECB28C9ED50FD183CB5714CD24168EE4B6A43672A30B37A5D6EC424C6B3A04A747E88230F8ACC9FCCF0A9A81957BBF066FA19
Malicious:	false
Reputation:	unknown
Preview:	......Exif..II*.................Ducky.......<...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c000 79.171c27fab, 2022/08/16-22:35:41 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.0 (Windows)" xmpMM:InstanceID="xmp.iid:0D00C0896CD411EDAAD2C175B2D2392B" xmpMM:DocumentID="xmp.did:0D00C08A6CD411EDAAD2C175B2D2392B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0D00C0876CD411EDAAD2C175B2D2392B" stRef:documentID="xmp.did:0D00C0886CD411EDAAD2C175B2D2392B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32068)
Category:	downloaded
Size (bytes):	50551
Entropy (8bit):	5.1334257426583685
Encrypted:	false
SSDEEP:
MD5:	6BC2365E4E9A7807A0FD5A14440FA734
SHA1:	C16E95D857099723E825597D249E8CCCD7CFC55B
SHA-256:	911857C9DC2636C53F689AC6EE4E7ED415A2CE978A7C7957F9927B028F258451
SHA-512:	177B8C22AFD42E89EFDF4D9CDEB67FE2F91134A196A73832FDCC62F11742B8ECD29FEEB5F1771E78DDFCE14B75D1682773E07691FD845F5DEC239C45CE048B4C
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/cache/minify/6f7a3.js
Preview:	!function(a,b,c,d){function e(b,c){this.settings=null,this.options=a.extend({},e.Defaults,c),this.$element=a(b),this.drag=a.extend({},m),this.state=a.extend({},n),this.e=a.extend({},o),this._plugins={},this._supress={},this._current=null,this._speed=null,this._coordinates=[],this._breakpoint=null,this._width=null,this._items=[],this._clones=[],this._mergers=[],this._invalidated={},this._pipe=[],a.each(e.Plugins,a.proxy(function(a,b){this._plugins[a[0].toLowerCase()+a.slice(1)]=new b(this)},this)),a.each(e.Pipe,a.proxy(function(b,c){this._pipe.push({filter:c.filter,run:a.proxy(c.run,this)})},this)),this.setup(),this.initialize()}function f(a){if(a.touches!==d)return{x:a.touches[0].pageX,y:a.touches[0].pageY};if(a.touches===d){if(a.pageX!==d)return{x:a.pageX,y:a.pageY};if(a.pageX===d)return{x:a.clientX,y:a.clientY}}}function g(a){var b,d,e=c.createElement("div"),f=a;for(b in f)if(d=f[b],"undefined"!=typeof e.style[d])return e=null,[d,b];return[!1]}function h(){return g(["transition","Web

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (42862), with CRLF line terminators
Category:	downloaded
Size (bytes):	43088
Entropy (8bit):	5.0956883365882195
Encrypted:	false
SSDEEP:
MD5:	FEC2E9C29A147DB455A0CB50AEC505B4
SHA1:	C61EAB93E122027F4C0BBC21FF6A305A3150D5D6
SHA-256:	C1D379E8309DC55888FE2C267B85AB348498A8A52AB16B8CE988940255870107
SHA-512:	2B5398F6969B4E4BEB49F6E8FE335A57AF3CFEC9EF27102DE870811ECC118251DEFD431991221DBE289D4A4C7EBAE7DEC642F0FEB8B9D63EF51D4F4A7C02FD75
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/cache/minify/5871f.js
Preview:	!function(i){"use strict";"function"==typeof define&&define.amd?define(["jquery"],i):"undefined"!=typeof exports?module.exports=i(require("jquery")):i(jQuery)}(function(i){"use strict";var e=window.Slick\|\|{};(e=function(){var e=0;return function(t,o){var s,n=this;n.defaults={accessibility:!0,adaptiveHeight:!1,appendArrows:i(t),appendDots:i(t),arrows:!0,asNavFor:null,prevArrow:'<button class="slick-prev" aria-label="Previous" type="button">Previous</button>',nextArrow:'<button class="slick-next" aria-label="Next" type="button">Next</button>',autoplay:!1,autoplaySpeed:3e3,centerMode:!1,centerPadding:"50px",cssEase:"ease",customPaging:function(e,t){return i('<button type="button" />').text(t+1)},dots:!1,dotsClass:"slick-dots",draggable:!0,easing:"linear",edgeFriction:.35,fade:!1,focusOnSelect:!1,focusOnChange:!1,infinite:!0,initialSlide:0,lazyLoad:"ondemand",mobileFirst:!1,pauseOnHover:!0,pauseOnFocus:!0,pauseOnDotsHover:!1,respondTo:"window",responsive:null,rows:1,rtl:!1,slide:"",slidesP

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1137, components 3
Category:	downloaded
Size (bytes):	277454
Entropy (8bit):	7.9639798548269
Encrypted:	false
SSDEEP:
MD5:	D3FD6EDFC8202727E1A707F23532969F
SHA1:	D10AED4F223C7B83BA11C7A837B19F16891125AF
SHA-256:	54D69E9D36726C3E19438397E2E18D0746FE1226F82EE25F0068B62B29628B25
SHA-512:	334E695EAA6352FA33B687CE0E5A24C29097CF2796DB2EAC5E392F068F4287D8BDBD8BED79A6FDF3281FA72FD655663A938797024B99E21CE1B2CEBCD41B6EED
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/uploads/2022/11/image-17.jpg
Preview:	......Exif..II*.................Ducky.......<...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c000 79.171c27fab, 2022/08/16-22:35:41 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.0 (Windows)" xmpMM:InstanceID="xmp.iid:7A97A34A6CD311ED9F6EFC974D0932CB" xmpMM:DocumentID="xmp.did:7A97A34B6CD311ED9F6EFC974D0932CB"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7A97A3486CD311ED9F6EFC974D0932CB" stRef:documentID="xmp.did:7A97A3496CD311ED9F6EFC974D0932CB"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5128)
Category:	downloaded
Size (bytes):	5795
Entropy (8bit):	5.178404812068299
Encrypted:	false
SSDEEP:
MD5:	6C364C55742C5196EB6CE7B6F53E07A0
SHA1:	EBA6F2A58001D8386CD530E3A5194CBC0D1542D2
SHA-256:	FB95A609902F13815E001E466A34DCDC4145837A8BF932D71FC5F967841AD25C
SHA-512:	F4DC2FB250252502D0F709599A344D39064AF6B153FE48FE45131BEA10F962A203F115527F848FFE4DA04517FFFD4DB65A8A6AB06C4CC26DBD5AAB05D827F9B6
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/cache/minify/69cb2.js
Preview:	/! WOW - v0.1.9 - 2014-05-10. Copyright (c) 2014 Matthieu Aussaguel; Licensed MIT */.(function(){var a,b,c=function(a,b){return function(){return a.apply(b,arguments)}};a=function(){function a(){}return a.prototype.extend=function(a,b){var c,d;for(c in a)d=a[c],null!=d&&(b[c]=d);return b},a.prototype.isMobile=function(a){return/Android\|webOS\|iPhone\|iPad\|iPod\|BlackBerry\|IEMobile\|Opera Mini/i.test(a)},a}(),b=this.WeakMap\|\|(b=function(){function a(){this.keys=[],this.values=[]}return a.prototype.get=function(a){var b,c,d,e,f;for(f=this.keys,b=d=0,e=f.length;e>d;b=++d)if(c=f[b],c===a)return this.values[b]},a.prototype.set=function(a,b){var c,d,e,f,g;for(g=this.keys,c=e=0,f=g.length;f>e;c=++e)if(d=g[c],d===a)return void(this.values[c]=b);return this.keys.push(a),this.values.push(b)},a}()),this.WOW=function(){function d(a){null==a&&(a={}),this.scrollCallback=c(this.scrollCallback,this),this.scrollHandler=c(this.scrollHandler,this),this.start=c(this.start,this),this.scrolled=!0,this.config=

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	7108
Entropy (8bit):	5.43327997425099
Encrypted:	false
SSDEEP:
MD5:	9267E67CFF43DB760472719387180208
SHA1:	DEEEA52CBDCE7612915DBDDA7415ED0F458CE75C
SHA-256:	084FC1B7813A254CD4E7945990943DD88063D55B8F8343105D96A248B5BFC672
SHA-512:	3BB325C55CADA44E348F99C397F9C1D819D41F2AC7843F289DEC1A57B949E4413A649FDB1CF87DDEE6AD3936EF15A848694AAB6CB5645A968A5D10B5AB41B3C2
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css?family=Montserrat:normal\|Montserrat:500\|Montserrat:700\|Montserrat:600&subset=latin
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ vietnamese /.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB;.}./ latin-ext */.@font-face {. font-f

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (2006)
Category:	downloaded
Size (bytes):	72023
Entropy (8bit):	4.866562223955333
Encrypted:	false
SSDEEP:
MD5:	F74BE406C90BB4DD1EA5F1E8FCEB5577
SHA1:	7C21D165FAAB48DBF0B6B68966FDEA1B8D5126EF
SHA-256:	E41212E732515AABEE0528FE224580C0338041E8038422C50E0343EA307A62AF
SHA-512:	A93CBCEAB4DF1DBFDF731B3DBE8EE17ED9A173FFB0DAC9B716E945DE41359F7A6F845BF6CEE35CA2B95B25CB3EDFAFF2A78E428EF64E2FA7658539838EA63A97
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/themes/mts_schema/style.css
Preview:	/.Theme Name: Parent Theme.Author: Parent Theme.Version: 10.0.5./.html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, img, ins, kbd, q, s, samp, small, strike, strong, sub, sup, tt, var, b, u, i, center, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td, article, aside, canvas, details, embed, figure, figcaption, footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video {. margin: 0;. padding: 0;. border: 0;. font-size: 100%;. font: inherit;. vertical-align: baseline;.}.body, p {. line-height: 1.6;.}.ul {. padding-left: 21px;. box-sizing: border-box;. margin-bottom: 20px;. font-size: 18px;.}.nav > ul {. padding: 0px;. list-style: none;.}.html { -webkit-font-smoothing: antialiased }.article, aside, details, figcaption, figure, footer, header, hgroup, menu, nav, sect

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (16755)
Category:	downloaded
Size (bytes):	16952
Entropy (8bit):	5.150032094876034
Encrypted:	false
SSDEEP:
MD5:	7DA1B41592F039EECD65D604482C10E1
SHA1:	E966EC2885D74306B80253EF057EA77546B2C149
SHA-256:	0ADD8FCB5A583B1C16238FBE9D0DE17C6272726B42BE17FDCD9B4686EF5287D1
SHA-512:	D7E98C416BA684D035ED581279AA30FC4DE291D8C15686336BCA6F4DF677C2AE3A50DE16CA56A3B8A26F2F07F20F8EF3C063385D49772F70835707372AABEE4F
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/themes/mts_schema/css/animate.min.css?ver=6.7.2
Preview:	@charset "UTF-8";../!. animate.css -http://daneden.me/animate. * Version - 3.5.2. * Licensed under the MIT license - http://opensource.org/licenses/MIT. . Copyright (c) 2017 Daniel Eden. */...animated{animation-duration:1s;animation-fill-mode:both}.animated.infinite{animation-iteration-count:infinite}.animated.hinge{animation-duration:2s}.animated.bounceIn,.animated.bounceOut,.animated.flipOutX,.animated.flipOutY{animation-duration:.75s}@keyframes bounce{0%,20%,53%,80%,to{animation-timing-function:cubic-bezier(.215,.61,.355,1);transform:translateZ(0)}40%,43%{animation-timing-function:cubic-bezier(.755,.05,.855,.06);transform:translate3d(0,-30px,0)}70%{animation-timing-function:cubic-bezier(.755,.05,.855,.06);transform:translate3d(0,-15px,0)}90%{transform:translate3d(0,-4px,0)}}.bounce{animation-name:bounce;transform-origin:center bottom}@keyframes flash{0%,50%,to{opacity:1}25%,75%{opacity:0}}.flash{animation-name:flash}@keyframes pulse{0%{transform:scaleX(1)}50%{transform:scale3d

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1280, components 3
Category:	dropped
Size (bytes):	508452
Entropy (8bit):	7.976647560524377
Encrypted:	false
SSDEEP:
MD5:	40A9F4713C560DD50B77F866C8277511
SHA1:	D03E5F013426759EB4FF7602197A35CDDB69959C
SHA-256:	708787C9EAA0517F551044C1007F89CC7B9B65A9A06FEA23BB709C3E70EA1881
SHA-512:	1E32B778FED770C582A410F98821F3A484DD4E77222752CF5F403A6CF965E2621E47BAF68B8EC1AD9034C12B86AE1DCB6BCC49D8F11523DC55132B0AB0123506
Malicious:	false
Reputation:	unknown
Preview:	......Exif..II*.................Ducky.......<...../http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c000 79.171c27fab, 2022/08/16-22:35:41 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.0 (Windows)" xmpMM:InstanceID="xmp.iid:7246407E6CD311EDB11DFB489B7A825C" xmpMM:DocumentID="xmp.did:7246407F6CD311EDB11DFB489B7A825C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7246407C6CD311EDB11DFB489B7A825C" stRef:documentID="xmp.did:7246407D6CD311EDB11DFB489B7A825C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................................................................

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5436)
Category:	downloaded
Size (bytes):	365659
Entropy (8bit):	5.598920676370649
Encrypted:	false
SSDEEP:
MD5:	492BE79805493E023C713A47568AD049
SHA1:	1960530B9E03021E525873B1303105D73CF4419F
SHA-256:	ABEA2944AE722CC9DFB51D54D4F552E23346C027AA59EE2E570752981944E408
SHA-512:	1F1775025C4D5B864D1DE650AF2CC80BD2B01FECBB960E1859B7B3A3C2F4157B2C90C0EEB28831D12FFDAD882E3E2884A1305B2E2C564A3D61FD20BDEE084408
Malicious:	false
Reputation:	unknown
URL:	https://www.googletagmanager.com/gtag/js?id=G-FXNMZCXD5M
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":12,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_autoAddressEnabled":false,"vtp_regionValue":"","vtp_countryValue":"",

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4119
Entropy (8bit):	7.949120703870044
Encrypted:	false
SSDEEP:
MD5:	000BF649CC8F6BF27CFB04D1BCDCD3C7
SHA1:	D73D2F6D74EC6CDCBAE07955592962E77D8AE814
SHA-256:	6BDB369337AC2496761C6F063BFFEA0AA6A91D4662279C399071A468251F51F0
SHA-512:	73D2EA5FFC572C1AE73F37F8F0FF25E945AFEE8E077B6EE42CE969E575CDC2D8444F90848EA1CB4D1C9EE4BD725AEE2B4576AFC25F17D7295A90E1CBFE6EDFD5
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-includes/images/w-logo-blue-white-bg.png
Preview:	.PNG........IHDR...P...P............IDATx..].xU...[..V..).Kk...V.k..J]jKEl?...t...!.{.,...E........@....F.%.....B...N.y..w.....I{.o...;.s..3...WH......./.zBp.o,XW.......#Z.f...\|mvD..9..F........y..o....1^.743l.......v..#.c.E&.e..hU1.{..........._cZ..We.v.....f.w....(..6\|.Y.. I:x..-.&.......D........<.6.6.l....T..)...\|....#..$g...VN.......!'/6.w..B.h.}....EV.......k.7" f.}.G.~#..M..+....G....iB......]..?+......'.j.GB..P%......\........../..%...&.8E...".........44.J...1.........S...........d.j..]ni%._..9.{.O?.H..6T.\|A.GC..g...U.oDEt,?.0....~....q=.y.~.9.Z......c...v.._....$.0.2...F.9a.L..)..l...2...w...I..&....Vg......H.I..r......./....z.`..+...Z.^U.=..5aBpb..0< ../>.9.c....".I..0.3N,}}....\|]Fb...Q.......W.....OQ..y;.....\|.37..}.....(c.....X..`xX).;......<5S....>.9..G.:..=..0^.......l_<G......H....C.O......Hk{..{....]Nc..B.8..}%>..w....Z...).....\..>....c..2...&..0'.DZJ.'~{Y....I....?........fR.a......;.<..lRG..n.....Q......Nf.6.

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (15752)
Category:	downloaded
Size (bytes):	18726
Entropy (8bit):	4.756109283632968
Encrypted:	false
SSDEEP:
MD5:	B976B651932BFD25B9DDB5B7693D88A7
SHA1:	7FCB7CB5C11227F9213B1E08A07D0212209E1432
SHA-256:	4E6CE5444C7F396CEF0EB1FA3611034151E485DD06FBE5573A5583E1EEBC98C3
SHA-512:	A241EBDCFAF153D5C2A86761145B2575CBE734B4F416ACBFAC082AE5C6EB7C706BD6CA3BC286B7E1A0F9E326729252DCB95B776750C4A3A0D81F2AA6258EA39F
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-includes/js/wp-emoji-release.min.js?ver=6.7.2
Preview:	/! This file is auto-generated /.// Source: wp-includes/js/twemoji.min.js.var twemoji=function(){"use strict";var h={base:"https://cdn.jsdelivr.net/gh/jdecked/twemoji@15.0.3/assets/",ext:".png",size:"72x72",className:"emoji",convert:{fromCodePoint:function(d){d="string"==typeof d?parseInt(d,16):d;if(d<65536)return e(d);return e(55296+((d-=65536)>>10),56320+(1023&d))},toCodePoint:o},onerror:function(){this.parentNode&&this.parentNode.replaceChild(x(this.alt,!1),this)},parse:function(d,u){u&&"function"!=typeof u\|\|(u={callback:u});return h.doNotParse=u.doNotParse,("string"==typeof d?function(d,a){return n(d,function(d){var u,f,c=d,e=N(d),b=a.callback(e,a);if(e&&b){for(f in c="<img ".concat('class="',a.className,'" ','draggable="false" ','alt="',d,'"',' src="',b,'"'),u=a.attributes(d,e))u.hasOwnProperty(f)&&0!==f.indexOf("on")&&-1===c.indexOf(" "+f+"=")&&(c=c.concat(" ",f,'="',u[f].replace(t,r),'"'));c=c.concat("/>")}return c})}:function(d,u){var f,c,e,b,a,t,r,n,o,s,i,l=function d(u,f){v

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (326)
Category:	downloaded
Size (bytes):	27743
Entropy (8bit):	4.800136764390031
Encrypted:	false
SSDEEP:
MD5:	EF4EB7E82B34BA53FB4FAC2629E8C340
SHA1:	1DBF1F65495D28AEEB1C23F1D5E3F887AFBE9349
SHA-256:	29DCB13B7B10E81CABD8F44B3D0C2E9213A005EECA59C99E0B953147DDBE094B
SHA-512:	4C8FEEB85251B6D5E27E4AAF01CEC959A7B470EEF4524787106E98A32BFF0EAEC7DC3B7CE56A18C6C47B7AD666049E701AEF80AD801F762588E7207A256DE316
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/themes/classy-child/style.css?ver=6.7.2
Preview:	/.Theme Name: Classy - Child.Version: 587.Description: A child theme of DMM by Almina.Template: mts_schema.Text Domain: schema./../* Carousel /.@import url("../mts_schema/style.css");../ general /.. {. box-sizing: border-box;.}.span.centerspan1 a{. padding: 0 20px;.}.#page {. padding: 0px;.}..home .resumebtn{. display: none;.}..page-template-template-contact .visit-us-today { display: none; }.a.btn {. color: #fff;. text-transform: uppercase;. font-size: 14px;. letter-spacing: 1px;. background: rgb(0,0,0);. background: linear-gradient(90deg, var(--aColor) 0%, var(--sColor) 100%);. color: #fff !important;. border-radius: 10px;.}..main-header { text-align: center; }.#header a.btn {. padding: 10px 20px;.}...container {. width: 100%;. max-width: 1200px;. padding: 0px 15px;.}..anchor-fix {. position: relative;. top: -160px;. width: 100%;. height: 1px;.}.html #secondary-navigation > nav > ul > li:hover,html #secondary-navigat

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32077)
Category:	downloaded
Size (bytes):	97163
Entropy (8bit):	5.373204330051448
Encrypted:	false
SSDEEP:
MD5:	4F252523D4AF0B478C810C2547A63E19
SHA1:	5A9DCFBEF655A2668E78BAEBEAA8DC6F41D8DABB
SHA-256:	668B046D12DB350CCBA6728890476B3EFEE53B2F42DBB84743E5E9F1AE0CC404
SHA-512:	8C6B0C1FCDE829EF5AB02A643959019D4AC30D3A7CC25F9A7640760FEFFF26D9713B84AB2E825D85B3B2B08150265A10143F82E05975ACCB10645EFA26357479
Malicious:	false
Reputation:	unknown
URL:	https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js?ver=1.12.4
Preview:	/! jQuery v1.12.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="1.12.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.ca

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2779
Entropy (8bit):	4.77627433616113
Encrypted:	false
SSDEEP:
MD5:	8719C6CA9184095C2A4BAF4BB7B3BC0F
SHA1:	2488E748C4960DBD7543896966D4141CE806C2D1
SHA-256:	666A1692BE2EB1D61686A810E004E0DB2ED24CB77B2F4CC0BA5800D390C6B1C9
SHA-512:	E1F90B38105B4A5DCF942F08EE4A169829D008C6F06A9D482280E323BBC50FAF40D01D5B47867CDFE345EEEE065414BDD07A0BB55D82FCF0AB2DAD38D78E40BD
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/themes/mts_schema/theme-specific/doctors/doctor-dup.css?ver=6.7.2
Preview:	.col55 {.. width: 40%;.. float: left;.. box-sizing: border-box;..}...doca .row {.. margin: 0px;..}...col55:nth-child(2) {.. width: 60%;..}...col55:nth-child(1) {.. text-align: center;.. padding-top: 15px;..}...col55:nth-child(1) a {.. display: block;.. position: relative;..}...col55 blockquote:after {.. display: none;..}...col55 blockquote span {.. display: inline-block;.. margin: 0 13px -6px 0;.. font-size: 6.5rem;.. line-height: 20px;.. font-family: Verdana;.. letter-spacing: -8px;.. vertical-align: bottom;.. opacity: .3;.. -webkit-transition: all 1s;.. -moz-transition: all 1s;.. transition: all 1s; ..}...col55 blockquote {.. color: #626c72;.. font-style: italic;..}...col55 h2 {.. font-weight: bold;..}.....col55:nth-child(1) a:after {.. content: attr(data-name);.. opacity: 0;.. position: absolute;.. top: 50%;.. font-size: 2rem;.. line-height: 1.4;.. font-weight: 300;.. color: #fff;.. te

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 168 x 155, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15596
Entropy (8bit):	7.9741015433504225
Encrypted:	false
SSDEEP:
MD5:	7A6E8E4B296FC684B8B161EA29E51887
SHA1:	25FA72D9E2E335D061E2A3C610A7038BD9EBD7B0
SHA-256:	F6D90B311A090516A50BAF4F135003CADDC23467C692AB66BF2DCC8592E350A6
SHA-512:	18DF045518081DD48ED6FE18DF40C6BA73658EC22447230AA5972BD246F77A5C0961B6322B770EDB62D307DD473D62BFB67BA98394CD0EB6E3C458CEBE4ACE0C
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.................. .IDATx..w\Sw...!.....q 8p..[.........}Z;..{h...j.{..AQ............\.@@V._..ps....w..9.d2...D$.......$G.H..X.........oB..........@..XD".......TO.Fo.zz4z..........@..h....G.7P==........TO.Fo.zz4z...1.......S.wg..7&...r.z.[0{.;....u7.._..`.........-2M..\$.{C\|.`..<l....&....T.I..H......N..kL%bVM.....c".w.......hu.T'.........{...0...^...o.@.......:)&...t..?.@..+Ys,.=1Y$..!..14..ikN/{.\|....Z.bfdH~y5Q.....EvIU....)s.x0...'K......".....rR...UA.L..H....s.<xnR...R..e..b.X.!....vai"a.Cc......e.c.t[T:w.?M.gYw9."......A^.}+].?....^......@&....3D..v..t..{.-.....NQ....@u..E......o...[..\.K6..~...o..QT.}?...J.=.....} ..q7..6:.}.Y.{(..o.S..n.~.O..Mg..6......a...6:.........X^....".S#..l..d......f8Z.`gn...P.PY[OQE-...d.$.....2.o.S\.kG..........vN.....Je...1\.(.s.;Z2..+c\|.....E..7...s.....q(>...e.r.^..:c.............(..P\|6.........B.....^....e..e.$....j&.F...~._.{sc&.qaZ?W..u.....{...hBn)./$.-....9...1......p..s..

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	5464
Entropy (8bit):	4.708190941269953
Encrypted:	false
SSDEEP:
MD5:	B5C7CE851BF7585B91D38DA9AA3DF8A2
SHA1:	2F5C0E41BFF7BB5B4D4E3ECE800A2B67543612CF
SHA-256:	48885CA6398ABD9660FBAC00DA96A52E1DD8E30FEAE32B14FE367A223DA3ECB1
SHA-512:	F1F4A507A4A6007310174C0560D13951D8A1739DB14A9C07C720F1611171E617CFB76BF1DB34BBE9DA80CDA288223CFC50A9F19188FBB737234EEAAA6A7A56FA
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/themes/mts_schema/theme-specific/services/ritzo-style.css?ver=6.7.2
Preview:	/* HD-SERVICES /...hd-services__list {.. display: flex;.. overflow-x: auto;..}...hd-services__item {.. position: relative;.. flex: 0 0 70%;.. margin-bottom: 40px;.. z-index: 2;.. min-height: 1px;.. padding-left: 20px;.. padding-right: 20px;.. margin-left: -20px;.. height: 58vw;..}../ .hd-services__link {.. display: block;..} /...hd-services__link::after {.. content: '';.. position: absolute;.. display: block;.. border: 1px solid #ae9364;.. left: calc((100% - 40px) / 10 + 40px/2);.. width: calc((100% - 40px) / 10 8);.. top: 10%;.. height: 80%;.. pointer-events: none;..}...hd-services__image {.. position: relative;.. width: 100%;.. height: 100%;.. display: flex;.. flex-direction: column;.. overflow: hidden;..}...hd-services__title + i {.. color: #fff !important;..}...hd-services__img {.. display: block;.. width: 100%;.. height: 100%;.. max-width: 150%;.. max-height: 150%;.. min-widt

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1778)
Category:	downloaded
Size (bytes):	11042
Entropy (8bit):	5.1994016876718705
Encrypted:	false
SSDEEP:
MD5:	6C15F5E7DA3988FC64CB0571E3271256
SHA1:	41983498BFDFE214F27116F92F5DCDCDF8827C25
SHA-256:	A20FCB42BCE316294829819460DB3CD3C22402A5B61E6DB01C88747C69EE7CA2
SHA-512:	EEB8600C1B321145B95BE7CEFB7280C06138D1707CA5AC2093A2785D88BC16B2B6F0AEFB3190A96B4056871639A826F6F2342F8522F5282F875F002A80A4C38D
Malicious:	false
Reputation:	unknown
URL:	https://thekidneycliniclc.com/wp-content/cache/minify/6affa.js
Preview:	jQuery.fn.exists=function(callback){var args=[].slice.call(arguments,1);if(this.length){callback.call(this,args);}.return this;};jQuery(document).ready(function($){jQuery("body").prepend("<a id='move-to-top' class='animate ' href='#blog'><i class='fa fa-angle-double-up'></i></a>");var scrollDes='html,body';if(navigator.userAgent.match(/opera/i)){scrollDes='html';}.jQuery(window).scroll(function(){if(jQuery(this).scrollTop()>160){jQuery('#move-to-top').addClass('filling').removeClass('hiding');}else{jQuery('#move-to-top').removeClass('filling').addClass('hiding');}});let hostname=window.location.host;let fresh_array=[];if(hostname.includes('www')){fresh_array=window.location.host.split('.');fresh_array.shift();hostname=fresh_array[0];}else{hostname=window.location.host.split('.');hostname=hostname[0];}.let allATags=document.body.querySelectorAll("a").allATags.forEach(function(entry){if(entry.href.includes('http')){if(entry.href.includes(hostname)){}else{entry.rel='noreferrer noopener';i

Static File Info

⊘No static file info

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://thekidneycliniclc.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 134

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 96

Chrome Cache Entry: 97

Static File Info

Windows Analysis Report
http://thekidneycliniclc.com/