Edit tour

Windows Analysis Report
https://hnt.zkg.mybluehost.me/CA/LET

Overview

General Information

Sample URL:	https://hnt.zkg.mybluehost.me/CA/LET
Analysis ID:	1529180

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish34

AI detected landing page (webpage, office document or email)

Phishing site detected (based on favicon image match)

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Invalid T&C link found

Stores files to the Windows start menu directory

Suspicious form URL found

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 2932 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6732 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1996,i,7815844777174740821,7351460656353072926,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7160 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hnt.zkg.mybluehost.me/CA/LET" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_34	Yara detected HtmlPhish_34	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://hnt.zkg.mybluehost.me/CA/ALMA/	LLM: Score: 9 Reasons: The brand 'DHL' is a well-known international logistics company., The legitimate domain for DHL is 'dhl.com'., The provided URL 'hnt.zkg.mybluehost.me' does not match the legitimate domain for DHL., The URL uses a subdomain structure that is not associated with DHL., The domain 'mybluehost.me' suggests a hosting service, which is often used for phishing attempts., There is no direct association between the URL and the DHL brand. DOM: 0.6.pages.csv
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/	LLM: Score: 9 Reasons: The brand 'DHL' is a well-known international logistics company., The legitimate domain for DHL is 'dhl.com'., The provided URL 'hnt.zkg.mybluehost.me' does not match the legitimate domain for DHL., The URL uses a subdomain structure that is not associated with DHL., The domain 'mybluehost.me' suggests a hosting service, which is often used for phishing attempts., There is no direct association between the URL and the DHL brand. DOM: 0.5.pages.csv
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/	LLM: Score: 9 Reasons: The brand 'DHL' is a well-known international logistics company., The legitimate domain for DHL is 'dhl.com'., The provided URL 'hnt.zkg.mybluehost.me' does not match the legitimate domain for DHL., The URL uses a subdomain structure that is not associated with DHL., The domain 'mybluehost.me' suggests a hosting service, which is often used for phishing attempts., There is no direct association between the brand DHL and the domain 'mybluehost.me'. DOM: 0.7.pages.csv
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/	LLM: Score: 9 Reasons: The brand 'DHL' is a well-known international logistics company., The legitimate domain for DHL is 'dhl.com'., The provided URL 'hnt.zkg.mybluehost.me' does not match the legitimate domain for DHL., The URL contains multiple subdomains and a domain that is not associated with DHL, which is suspicious., The use of 'mybluehost.me' suggests a hosting service, which is often used for phishing attempts. DOM: 0.8.pages.csv
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/cc.php	LLM: Score: 9 Reasons: The brand 'DHL' is a well-known international logistics company., The legitimate domain for DHL is 'dhl.com'., The provided URL 'hnt.zkg.mybluehost.me' does not match the legitimate domain for DHL., The URL uses a subdomain structure that is not associated with DHL., The domain 'mybluehost.me' suggests a hosting service, which is often used for phishing attempts., Presence of input fields for sensitive information like 'Card Number' on a non-legitimate domain is suspicious. DOM: 0.12.pages.csv

Yara detected HtmlPhish34

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Phishing site detected (based on favicon image match)

Source: https://hnt.zkg.mybluehost.me/CA/ALMA/	Matcher: Template: dhl matched with high similarity
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/home.php?enc=216cebe87e59f7d733a55cb34caac745&p=0&dispatch=2e859a3c5bf05618f3198065172f3e675b61b5f7	Matcher: Template: dhl matched with high similarity
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/load.php?code=action1	Matcher: Template: dhl matched with high similarity
Source: https://mybluehost.me	Matcher: Template: dhl matched with high similarity
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/cc.php	Matcher: Template: dhl matched with high similarity

Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/home.php?enc=216cebe87e59f7d733a55cb34caac745&p=0&dispatch=2e859a3c5bf05618f3198065172f3e675b61b5f7	HTTP Parser: Number of links: 0
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/cc.php	HTTP Parser: Number of links: 0

Source: https://hnt.zkg.mybluehost.me/CA/ALMA/

HTTP Parser: Base64 decoded: https://hnt.zkg.mybluehost.me:443

Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/home.php?enc=216cebe87e59f7d733a55cb34caac745&p=0&dispatch=2e859a3c5bf05618f3198065172f3e675b61b5f7	HTTP Parser: Title: Verification \| DHL does not match URL
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/cc.php	HTTP Parser: Title: Verification \| DHL does not match URL

Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/home.php?enc=216cebe87e59f7d733a55cb34caac745&p=0&dispatch=2e859a3c5bf05618f3198065172f3e675b61b5f7	HTTP Parser: Invalid link: Help and Supportsss
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/home.php?enc=216cebe87e59f7d733a55cb34caac745&p=0&dispatch=2e859a3c5bf05618f3198065172f3e675b61b5f7	HTTP Parser: Invalid link: Help & Support
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/home.php?enc=216cebe87e59f7d733a55cb34caac745&p=0&dispatch=2e859a3c5bf05618f3198065172f3e675b61b5f7	HTTP Parser: Invalid link: Help & Support
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/home.php?enc=216cebe87e59f7d733a55cb34caac745&p=0&dispatch=2e859a3c5bf05618f3198065172f3e675b61b5f7	HTTP Parser: Invalid link: Terms of Use (GTC)
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/home.php?enc=216cebe87e59f7d733a55cb34caac745&p=0&dispatch=2e859a3c5bf05618f3198065172f3e675b61b5f7	HTTP Parser: Invalid link: Privacy Notice
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/home.php?enc=216cebe87e59f7d733a55cb34caac745&p=0&dispatch=2e859a3c5bf05618f3198065172f3e675b61b5f7	HTTP Parser: Invalid link: Legal Mentions
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/cc.php	HTTP Parser: Invalid link: Help and Supportsss
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/cc.php	HTTP Parser: Invalid link: Help & Support

Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/home.php?enc=216cebe87e59f7d733a55cb34caac745&p=0&dispatch=2e859a3c5bf05618f3198065172f3e675b61b5f7	HTTP Parser: Form action: store/action1.php
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/cc.php	HTTP Parser: Form action: ./store/action2.php

Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/cc.php

HTTP Parser: <input type="password" .../> found

Source: https://hnt.zkg.mybluehost.me/CA/ALMA/	HTTP Parser: No favicon
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/	HTTP Parser: No favicon
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/	HTTP Parser: No favicon
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/	HTTP Parser: No favicon
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/	HTTP Parser: No favicon
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/	HTTP Parser: No favicon
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/load.php?code=action1	HTTP Parser: No favicon

Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/home.php?enc=216cebe87e59f7d733a55cb34caac745&p=0&dispatch=2e859a3c5bf05618f3198065172f3e675b61b5f7	HTTP Parser: No <meta name="author".. found
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/cc.php	HTTP Parser: No <meta name="author".. found

Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/home.php?enc=216cebe87e59f7d733a55cb34caac745&p=0&dispatch=2e859a3c5bf05618f3198065172f3e675b61b5f7	HTTP Parser: No <meta name="copyright".. found
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/cc.php	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49791 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197

Source: global traffic	DNS traffic detected: DNS query: hnt.zkg.mybluehost.me
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.livechatinc.com
Source: global traffic	DNS traffic detected: DNS query: api.livechatinc.com
Source: global traffic	DNS traffic detected: DNS query: cdn.lr-in.com
Source: global traffic	DNS traffic detected: DNS query: dispatching-centre.lasamericascargo.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49791 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@19/43@30/245

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1996,i,7815844777174740821,7351460656353072926,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hnt.zkg.mybluehost.me/CA/LET"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1996,i,7815844777174740821,7351460656353072926,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: https://hnt.zkg.mybluehost.me/CA/ALMA/	LLM: Page contains button: 'VERIFY' Source: '0.7.pages.csv'
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/	LLM: Page contains button: 'VERIFY' Source: '0.8.pages.csv'
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/	LLM: Page contains button: 'VERIFY' Source: '0.5.pages.csv'
Source: https://hnt.zkg.mybluehost.me/CA/ALMA/	LLM: Page contains button: 'VERIFY' Source: '0.6.pages.csv'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cdnjs.cloudflare.com	104.17.25.14	true	false	unknown
hnt.zkg.mybluehost.me	50.6.153.248	true	true	unknown
www.google.com	142.250.184.196	true	false	unknown
cdn.lr-in.com	104.21.234.145	true	false	unknown
dispatching-centre.lasamericascargo.com	135.181.58.223	true	false	unknown
api.livechatinc.com	unknown	unknown	false	unknown
cdn.livechatinc.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/home.php?enc=216cebe87e59f7d733a55cb34caac745&p=0&dispatch=2e859a3c5bf05618f3198065172f3e675b61b5f7	true	unknown
https://hnt.zkg.mybluehost.me/CA/ALMA/	true	unknown
https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/load.php?code=action1	true	unknown
https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/cc.php	true	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.38.98.94	unknown	United States	16625	AKAMAI-ASUS	false
142.250.186.174	unknown	United States	15169	GOOGLEUS	false
104.21.234.145	cdn.lr-in.com	United States	13335	CLOUDFLARENETUS	false
95.101.111.159	unknown	European Union	12956	TELEFONICATELXIUSES	false
23.38.98.79	unknown	United States	16625	AKAMAI-ASUS	false
142.250.186.132	unknown	United States	15169	GOOGLEUS	false
142.250.184.206	unknown	United States	15169	GOOGLEUS	false
142.250.186.138	unknown	United States	15169	GOOGLEUS	false
142.250.184.195	unknown	United States	15169	GOOGLEUS	false
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
108.177.15.84	unknown	United States	15169	GOOGLEUS	false
142.250.186.163	unknown	United States	15169	GOOGLEUS	false
172.217.18.4	unknown	United States	15169	GOOGLEUS	false
142.250.185.132	unknown	United States	15169	GOOGLEUS	false
50.6.153.248	hnt.zkg.mybluehost.me	United States	46606	UNIFIEDLAYER-AS-1US	true
135.181.58.223	dispatching-centre.lasamericascargo.com	Germany	24940	HETZNER-ASDE	false
142.250.186.106	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.131	unknown	United States	15169	GOOGLEUS	false
142.250.185.195	unknown	United States	15169	GOOGLEUS	false
172.217.16.195	unknown	United States	15169	GOOGLEUS	false
95.101.111.161	unknown	European Union	12956	TELEFONICATELXIUSES	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1529180
Start date and time:	2024-10-08 17:58:27 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://hnt.zkg.mybluehost.me/CA/LET
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@19/43@30/245

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.184.206, 108.177.15.84, 34.104.35.123, 142.250.185.195, 23.38.98.79, 23.38.98.94, 88.221.110.91, 95.101.111.159, 95.101.111.146, 95.101.111.174, 142.250.185.131, 142.250.186.106, 142.250.186.138, 216.58.206.74, 142.250.186.170, 142.250.186.74, 142.250.185.234, 172.217.16.202, 142.250.186.42, 216.58.212.170, 172.217.16.138, 142.250.185.138, 142.250.181.234, 172.217.23.106, 142.250.184.234, 142.250.184.202, 172.217.18.10, 95.101.111.161, 142.250.184.195
Excluded domains from analysis (whitelisted): e39296.b.akamaiedge.net, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, e39296.f.akamaiedge.net, content-autofill.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, www.gstatic.com, cdn.livechat.com.edgekey.net, api.livechat.com.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://hnt.zkg.mybluehost.me/CA/LET

LLM Input / Output

Input	Output
URL: https://hnt.zkg.mybluehost.me/CA/ALMA/ Model: jbxai	{ "brand":["DHL"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Why this process?", "has_visible_qrcode":false}

URL: https://hnt.zkg.mybluehost.me/CA/ALMA/ Model: jbxai	{ "brand":["DHL"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":true, "has_urgent_text":false, "text":"I'm not a robot", "has_visible_qrcode":false}

URL: https://hnt.zkg.mybluehost.me/CA/ALMA/ Model: jbxai	{ "brand":["DHL"], "contains_trigger_text":true, "trigger_text":"Select all images with traffic lights", "prominent_button_name":"VERIFY", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":true, "has_urgent_text":false, "text":"Select all images with traffic lights", "has_visible_qrcode":false}

URL: https://hnt.zkg.mybluehost.me/CA/ALMA/ Model: jbxai	{ "brand":["DHL"], "contains_trigger_text":true, "trigger_text":"Select all images with traffic lights", "prominent_button_name":"VERIFY", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":true, "has_urgent_text":false, "text":"Select all images with traffic lights", "has_visible_qrcode":false}

URL: https://hnt.zkg.mybluehost.me/CA/ALMA/ Model: jbxai	{ "brand":["DHL"], "contains_trigger_text":true, "trigger_text":"Select all images with traffic lights", "prominent_button_name":"VERIFY", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":true, "has_urgent_text":false, "text":"I'm not a robot reCAPTCHA Privacy - Terms Why this process?", "has_visible_qrcode":false}

URL: https://hnt.zkg.mybluehost.me/CA/ALMA/ Model: jbxai	{ "brand":["DHL"], "contains_trigger_text":true, "trigger_text":"Select all images with traffic lights", "prominent_button_name":"VERIFY", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":true, "has_urgent_text":false, "text":"I'm not a robot reCAPTCHA Privacy - Terms Why this process?", "has_visible_qrcode":false}

URL: https://hnt.zkg.mybluehost.me/CA/ALMA/ Model: jbxai	{ "phishing_score":9, "brands":"DHL", "legit_domain":"dhl.com", "classification":"wellknown", "reasons":["The brand 'DHL' is a well-known international logistics company.", "The legitimate domain for DHL is 'dhl.com'.", "The provided URL 'hnt.zkg.mybluehost.me' does not match the legitimate domain for DHL.", "The URL uses a subdomain structure that is not associated with DHL.", "The domain 'mybluehost.me' suggests a hosting service, which is often used for phishing attempts.", "There is no direct association between the URL and the DHL brand."], "brand_matches":[false], "url_match":false, "brand_input":"DHL", "input_fields":"unknown"}

URL: https://hnt.zkg.mybluehost.me/CA/ALMA/ Model: jbxai	{ "phishing_score":9, "brands":"DHL", "legit_domain":"dhl.com", "classification":"wellknown", "reasons":["The brand 'DHL' is a well-known international logistics company.", "The legitimate domain for DHL is 'dhl.com'.", "The provided URL 'hnt.zkg.mybluehost.me' does not match the legitimate domain for DHL.", "The URL uses a subdomain structure that is not associated with DHL.", "The domain 'mybluehost.me' suggests a hosting service, which is often used for phishing attempts.", "There is no direct association between the URL and the DHL brand."], "brand_matches":[false], "url_match":false, "brand_input":"DHL", "input_fields":"unknown"}

URL: https://hnt.zkg.mybluehost.me/CA/ALMA/ Model: jbxai	{ "phishing_score":9, "brands":"DHL", "legit_domain":"dhl.com", "classification":"wellknown", "reasons":["The brand 'DHL' is a well-known international logistics company.", "The legitimate domain for DHL is 'dhl.com'.", "The provided URL 'hnt.zkg.mybluehost.me' does not match the legitimate domain for DHL.", "The URL uses a subdomain structure that is not associated with DHL.", "The domain 'mybluehost.me' suggests a hosting service, which is often used for phishing attempts.", "There is no direct association between the brand DHL and the domain 'mybluehost.me'."], "brand_matches":[false], "url_match":false, "brand_input":"DHL", "input_fields":"unknown"}

URL: https://hnt.zkg.mybluehost.me/CA/ALMA/ Model: jbxai	{ "phishing_score":9, "brands":"DHL", "legit_domain":"dhl.com", "classification":"wellknown", "reasons":["The brand 'DHL' is a well-known international logistics company.", "The legitimate domain for DHL is 'dhl.com'.", "The provided URL 'hnt.zkg.mybluehost.me' does not match the legitimate domain for DHL.", "The URL contains multiple subdomains and a domain that is not associated with DHL, which is suspicious.", "The use of 'mybluehost.me' suggests a hosting service, which is often used for phishing attempts."], "brand_matches":[false], "url_match":false, "brand_input":"DHL", "input_fields":"unknown"}

URL: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/home.php?enc=216cebe87e59f7d733a55cb34caac745&p=0&dispatch=2e859a3c5bf05618f3198065172f3e675b61b5f7 Model: jbxai	{ "brand":["DHL"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"End of Day, Full Shipment Protection, Box 2 DHL - 1 piece - 1 (34 x 18 x 10), Shipping Date: Tue, Oct, 2024, Shipping: a 3.57, Meeting: Fri, Oct, 2024, Delivered by: End of Day, WORLDWIDE EXPRESS, Fri, Oct, 2024 - End of Day, Volumetric Weight 1.2 kg, Taxable Weight 1.3, Total Weight 2.5 kg, Transportation Fees: USD 1, 73, Local Delivery: USD 0, 70, Emergency Situation: USD 1, 14, Total: USD 3, 57, Address, First Name, Last Name, Email Address, Address, Postal Code, City, State", "has_visible_qrcode":false}

URL: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/cc.php Model: jbxai	{ "brand":["DHL"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Pay with PayPal", "text_input_field_labels":["Card Number", "Expiration Date", "PIN Code"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"End of Day Box 2 DHL - 1 piece - 1 (34 x 18 x 10) Shipping Date: Tue, Oct, 2024 Shipping: a 3.57 Meeting: Fri, Oct, 2024 Delivered by: End of Day WORLDWIDE EXPRESS Fri, Oct, 2024 - End of Day Volumetric Weight 1.2 kg Taxable Weight 1.3 Total Weight 2, 5 kg Transportation Fees: USD 2, 73 Local Delivery: USD 0, 70 Emergency Situation: USD 0, 14 Total USD 3, 57 Payment Form Choose Payment Method Pay with PayPal Card Number 1234 1234 1234 1234 Expiration Date MM/YY CVV 123 PIN Code", "has_visible_qrcode":false}

URL: https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/cc.php Model: jbxai	{ "phishing_score":9, "brands":"DHL", "legit_domain":"dhl.com", "classification":"wellknown", "reasons":["The brand 'DHL' is a well-known international logistics company.", "The legitimate domain for DHL is 'dhl.com'.", "The provided URL 'hnt.zkg.mybluehost.me' does not match the legitimate domain for DHL.", "The URL uses a subdomain structure that is not associated with DHL.", "The domain 'mybluehost.me' suggests a hosting service, which is often used for phishing attempts.", "Presence of input fields for sensitive information like 'Card Number' on a non-legitimate domain is suspicious."], "brand_matches":[false], "url_match":false, "brand_input":"DHL", "input_fields":"Card Number"}

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 14:58:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9825785239156137
Encrypted:	false
SSDEEP:
MD5:	9BBC6546532247BD0ED8ADCC8DA39909
SHA1:	53CE9A0FFECCCF0B65A2E3920A1E75C6AA46E9EB
SHA-256:	16A93394A60FE3D6A1F2B1D7A82F792308E67760A662FD6616CFFF18A87FF979
SHA-512:	6DBD1941EF8C531175AC854F1D41A565E72AB8F7DE3D3B05B353B8243AE88948D56F8B0D3A428C9A89F1BFB74E6CC135364957EA93C4D73B8898DFE1ADE1E157
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....P.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IHYT.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VHY\.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VHY\.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VHY\............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VHY]............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 14:58:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.000241590562707
Encrypted:	false
SSDEEP:
MD5:	D342D7A9BA97D6121A96B2A816132F3A
SHA1:	46C7F629D4881D161AA2A021D24782788C302F6E
SHA-256:	5915D8278FADE10CA72E7C7061CDFB9B0959D134FF86B3BF1645CC8EAF9171DB
SHA-512:	2DA1E6801375BD29F0D55C204AD3F40A26A8657D5F704D19742D4F8F4CA904E1881908345025BDC68336E6750A92124775DEA29FE809C2D19CE335ECCA04E78F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....;......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IHYT.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VHY\.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VHY\.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VHY\............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VHY]............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.005597317236649
Encrypted:	false
SSDEEP:
MD5:	1900DD5A50ED1A736C7FFC56A095F187
SHA1:	22D6C494E961FB9E40546C9B99694ABB3703DCA5
SHA-256:	BBEB53EC151DD60878DE28AD76161CFC8276A17C79379057D50E5B3BA5BD0C63
SHA-512:	A0306818AA440C73F02D2F476E713EA2F9EFD16329E11C9896E501B77FFBF5131B9113FCA53833714CEFAD6396B6137B03E5D01C066812D09C876FF03066FCF0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IHYT.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VHY\.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VHY\.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VHY\............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 14:58:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9970410262055536
Encrypted:	false
SSDEEP:
MD5:	607A375B134F7E0118859FB9495B848E
SHA1:	A7EF3AE037674169AB2B3A402B37F6ACC3A1C7A1
SHA-256:	7D2B48F5ADAFD625BE7C351446E2439DBF90C5B5BAC4294060AC2E21CA8005F0
SHA-512:	FC8C037AC5B2E22F730F7A7262E722FC740D1D28105897F39389990907FF73E75C080BBBED967302D19338E83F6D307F3C8680A234476F451AE0FDA9A72A4353
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IHYT.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VHY\.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VHY\.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VHY\............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VHY]............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 14:58:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.985185067154715
Encrypted:	false
SSDEEP:
MD5:	89C2B13739D4C8D67D052C8293928639
SHA1:	A0DCEEA6F453EB88209612833004729083ECFAC5
SHA-256:	B106FAB1F1F0C7E05C654C40840A6EEB674ED09303E210F93FA98A6AAE10CEAA
SHA-512:	F056325A4F02BB5289FDF4134D1F3A96B02A76C73DEB5BA9C11FEFCC45A37FCD81C583F9834B3F00DEDAB3F976F6021FFDCE050B3740F4438F6D3C90E89B7729
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IHYT.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VHY\.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VHY\.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VHY\............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VHY]............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 14:58:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9953524164599274
Encrypted:	false
SSDEEP:
MD5:	AA5A598C1F7B6C0F69933C9632232278
SHA1:	F839D76BFD66A2BDCAF06F0C23E21969B0BA6FE5
SHA-256:	72F29225CAA97F483686579871225BE77A0C4A2D88EE3B3B5C565C78DEF0591C
SHA-512:	E62A72F4A3CF31E2736233287DDE336C2ADD6E244761191D7F7863CFC7ED8D8E7F2239911F81A46706A685C56C6756DEC7A4BDA907F539C81018956D2BE39663
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IHYT.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VHY\.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VHY\.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VHY\............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VHY]............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Category:	downloaded
Size (bytes):	600
Entropy (8bit):	7.391634169810707
Encrypted:	false
SSDEEP:
MD5:	0F2A4639B8A4CB30C76E8333C00D30A6
SHA1:	57E273A270BB864970D747C74B3F0A7C8E515B13
SHA-256:	44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
SHA-512:	3EA72C7E8702D2E9D94B0FAA6FA095A33AB8BC6EC2891F8B3165CE29A9CCF2114FAEF424FA03FD4B9D06785326284C1BB2087CE05E249CCAC65418361BFA7C51
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/api2/refresh_2x.png
Preview:	.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..M+.Q.....&/....&......6...\|.I..).o.I.X..#.@.bb.D.'5....m...=..y........{....<.P..;.H......f...3l...M.I...j2.....3..1x..S......9..<m...E.'F'.. ...M.j...C..c.5.-..F..3H./F!.."V.e.i.}.Y....../.rw...@...].rp...`CQo(.....J...u.".!E...$.^$...k....b....@.^.;.u5........H/Q{..$..'..........w...r.+xS.uR..J.......GD.O./.. G7..l...J.t.3.S...N.7...e..s.-Jlj)..5E....E.;8w4.k..=.li.G...1.c....p,T6;....1.oW.%.2,..Z..a...*m.s}T1F....Hr.1......<x0.....-.i......IEND.B`.

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:
MD5:	AFB69DF47958EB78B4E941270772BD6A
SHA1:	D9FE9A625E906FF25C1F165E7872B1D9C731E78E
SHA-256:	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
SHA-512:	FD92B98859FFCCFD12AD57830887259F03C7396DA6569C0629B64604CD964E0DF15D695F1A770D2E7F8DF238140F0E6DA7E7D176B54E31C3BB75DDE9B9127C45
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkCNOcHAY28mBIFDVNaR8U=?alt=proto
Preview:	CgkKBw1TWkfFGgA=

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1434), with no line terminators
Category:	downloaded
Size (bytes):	1434
Entropy (8bit):	5.782287307315429
Encrypted:	false
SSDEEP:
MD5:	E7F4945A3458503BDEE0AD9476537604
SHA1:	CD049E2F8F9D05ABC087BBEF7EFEDA01EFB0F3A6
SHA-256:	8AB3BC08E25F6A7E24EF75EE66ED06360BCEEACE487D22822D7724B3F2BBED50
SHA-512:	BD30B50396E0015B723FFD185972E37094A5CFF4A42CB5AE5D439AE3B85F2735F33145B363E2657AC174D66ED2E3F97FC0C2BFC9FDEE6B06C61E5A01FD1CFF34
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/recaptcha/api.js
Preview:	/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']\|\|[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true; po.charset='utf-8';var v=w.navigator,m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A/kargTFyk8MR5ueravczef/wIlTkbVk1qXQesp39nV+xNECPdLBVeYffxrM8TmZT6RArWGQVCJ0LRivD7glcAUAAACQeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZzIiLCJleHBpcnkiOjE3NDIzNDIzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9';if(v&&v.cookieDeprecationLabel){v.cookieDeprecationLabel.getValue().then(function(l){if(l!=='treatment_1.1'&&l!=='treatment_1.2'&&l!=='control_1.1'){d.head.prepend(m)

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 20 x 18, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	469
Entropy (8bit):	7.288594655186755
Encrypted:	false
SSDEEP:
MD5:	16291265180A2DBCD246ADA0B44EA35A
SHA1:	63EB909A37D9730A40955BEBF35542CFC1A5EDE9
SHA-256:	B36E63B78F7AB077C9F74269DEEC4010AE803B687B27CA13E6AA58712520BB84
SHA-512:	85F687F93406B168E61A7AF0A169ACC3D7BC44FBEB0D2E6EC1A8748901691EBE41DDC1D25E4BA40BCAC0EFA75583E7D7C5B13EE7B95A84C5AAF26EFB0CBF9469
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............[.......sRGB.........gAMA......a.....pHYs..........o.d...jIDAT8O...k.@...g.:.'.f...cG7.....f.....B."..J.)'.QJ.T..XJ;T...z^.^....G ...r.../a..?@.N.+....]......3.p...I${.oL0........Y.&S..RI....Q.G..mb..=..6..G2L...8..m.w.(.....AX+..e.cu@.sz(\.a..U..].=G...a0..k..vI.>?.....l. ...j...1c..!\?...hZsV...t.......:.?...u....LJHY.8..2x....M...}../>..BJD/.V.Z.^.'_.hBF...c..d.!....1..1.0D....j..;..W.../.q`!..*T.........IEND.B`.

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Category:	downloaded
Size (bytes):	15344
Entropy (8bit):	7.984625225844861
Encrypted:	false
SSDEEP:
MD5:	5D4AEB4E5F5EF754E307D7FFAEF688BD
SHA1:	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
SHA-256:	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
SHA-512:	7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h\|.l....A....b6........(......@e.]...:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P\|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].\|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)\|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed..'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Category:	downloaded
Size (bytes):	665
Entropy (8bit):	7.42832670119013
Encrypted:	false
SSDEEP:
MD5:	07BF314AAB04047B9E9A959EE6F63DA3
SHA1:	17BEF6602672E2FD9956381E01356245144003E5
SHA-256:	55EAF62CB05DA20088DC12B39D7D254D046CB1FD61DDF3AE641F1439EFD0A5EE
SHA-512:	2A1D4EBC7FBA6951881FD1DDA745480B504E14E3ADAC3B27EC5CF4045DE14FF030D45DDA99DC056285C7980446BA0FC37F489B7534BE46107B21BD43CEE87BA0
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/api2/info_2x.png
Preview:	.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..W..DA.=.6O...H.,E.............b.....C.1...1..EbLPI.W......H..s.z5.:..._.d.0.u.......j.x.R..._.v..R...1..ir..`.yn..R..j.h./y..l......(`..5....l.E..0......B^......F.....F....Y\|p..._,p.............(3^.r.P.O......;<....z.,..yF....N..x.MS...Q.C%......D8G.+......oOk...)T..}\|..e...G.....'.R..G.Z.T}7(...&..@...G....$PGYv...A.c.]d....N..'.4b...R.%..)2Yd..b.M..^@.M....^.:h.N(dP*t..RQ%.o...{.vGH..S._".@./...g.....]...?..h..E.,r.m.%."."W.6G..t...->....q\.Kc.t"^......Kj~{l..C..).y..><@\|yB....=c.............!...<....IEND.B`.

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	85564
Entropy (8bit):	5.229924398061931
Encrypted:	false
SSDEEP:
MD5:	21FD12D4C4CD7D39C23A36F224A66EB9
SHA1:	5689730E4E82ACE438C8620CD5857DA5FF8FD7E9
SHA-256:	81DAE82116236F818E682C0A16E637AC112F7E47540E0CD39C145253C11F27C1
SHA-512:	9FC27CAA0EAE09A88DF7497F2C69B785326E7EE515579C6DD9CC5FD0A1222A82988D57B24569645A4E08D91BE2EF3F3739FF1FF0EDCBD8E529DEC67460E1FDD5
Malicious:	false
Reputation:	unknown
URL:	https://cdn.livechatinc.com/tracking.js
Preview:	!function(){"use strict";function e(e,t){return e+t}const{hasOwnProperty:t}={};function n(e,n){return t.call(n,e)}function i(){return(i=Object.assign\|\|function(e){for(var t=arguments.length,i=Array(t>1?t-1:0),o=1;t>o;o++)i[o-1]=arguments[o];return i.forEach((t=>{for(const i in t)n(i,t)&&(e[i]=t[i])})),e}).apply(void 0,arguments)}function o(e){return Array.isArray(e)}function r(e){return"object"==typeof e&&null!==e&&!o(e)}function a(e){if("keys"in Object&&"function"==typeof Object.keys)return Object.keys(e);const t=[];for(const n in e)Object.prototype.hasOwnProperty.call(e,n)&&t.push(n);return t}function s(e,t){return a(t).reduce(((n,i)=>(n[i]=e(t[i]),n)),{})}function c(e){return o(e)?e.map(c):r(e)?s(c,e):e}function l(e){return o(e)?e.filter((e=>null!=e&&!Number.isNaN(e))):Object.keys(e).reduce(((t,n)=>{const i=e[n];return null==i\|\|Number.isNaN(i)\|\|(t[n]=i),t}),{})}function d(e,t){for(let n=0;t.length>n;n++){const i=t[n];if(e(i))return i}}function u(e,t){for(let n=t.length-1;n>=0;n--)if

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 187 x 18, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	17648
Entropy (8bit):	3.1179926070389947
Encrypted:	false
SSDEEP:
MD5:	F748283F1BDEF35CBE2D225ECCBE3895
SHA1:	C03C1864CA13CC124D7FAF7D4BB11515FD40D814
SHA-256:	CAE9D5ADF2B0220C74A93B644C26D53E27C3A87F9B5D3FE57D06442E808074A2
SHA-512:	093DD0969F8C46A318B3F92885A84CC763C9A03D7EF81074DF92E27084BD8BE18AF807CAC4FBA28BC32DDF8A5BDDA2CFFC6071F6D6CB2AB5CDB4F4D021F15A73
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................L....pHYs...............8.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2023-04-28T21:29:09+03:00</xmp:CreateDate>. <xmp:ModifyDate>2023-04-28T21:37:46+03:00</xmp:ModifyDate>. <xmp:Metada

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3
Category:	dropped
Size (bytes):	32144
Entropy (8bit):	7.972124726978186
Encrypted:	false
SSDEEP:
MD5:	3802183531A8C02171AAD890ACD2A766
SHA1:	D07097FB8C4587C03F8C4EFDA49212F4C3DFB07F
SHA-256:	9D1509EC7B2C0242A0DC7A8D96BDFE38297B0F2ADFE9435CCEAD5DA4A2E2BEDE
SHA-512:	D790243B465A351F97305333882B9C4FBE2075ED59C20FFDFBBC7C0359DFC2A36476D2948C7CA96B9E1AAF47EC85C90811D351EDF2EC4CDF7A39D76B78A41DF5
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.............C..............................................!........."$".$.......C.......................................................................,.,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..8x.Y..ln.......i...Gb0...Es..."_.....!..1E<0m.B.......\xcH..........k..a.y..g...)....Jn.b80O.....G.}%J...\|.[c.c.....;.WM..$...rB.U..0...1........i..........I$h.v...@l..l}+.../.mB95...Q..C@R..=...>.s]Q...F`.....\|1...0.u.t.=......U9.+......L:.v...K.{VS...3]...#......DAS.q..x.R./.iJ.,."+..#..S.........Q...09.....k....#..=>..t.B.[..E09.x..U...$...v..O,.y

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1016
Entropy (8bit):	4.49400262382634
Encrypted:	false
SSDEEP:
MD5:	FC4D11AE088EA7CCE9416CBB4A83BAB0
SHA1:	4B8919F589AC9E848640CD1863CB4E018E1DDE1F
SHA-256:	EF1C4B96FAA10240BFD3E9FFC991947A9D32237ECF61A1399B2C2C2FCF55C47B
SHA-512:	94F437F9B651E0AE529DE1230A7C35CC4767585988BF60EBD4E39A7D60FB916D5EE4C1797BEACD959FBC0DD8F27053F2B474BDC56CDD38096929ECE5BAEE9B85
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="2500" height="1595" viewBox="0 0 46.986 29.979"><path fill="#ffcb01" d="M0 0h46.986v29.979H0z"/><g fill="#d80613"><path d="M8.731 11.413L7.276 13.39h7.93c.401 0 .396.151.2.418-.199.27-.532.737-.735 1.012-.103.139-.289.392.327.392h3.243l.961-1.306c.596-.809.052-2.492-2.079-2.492l-8.392-.001z"/><path d="M6.687 17.854l2.923-3.972h3.627c.401 0 .396.152.2.418l-.74 1.008c-.103.139-.289.392.327.392h4.858c-.403.554-1.715 2.154-4.067 2.154H6.687zM23.425 15.699l-1.585 2.155h-4.181l1.585-2.155zM29.829 15.211H19.604l2.796-3.798h4.179l-1.602 2.178h1.865l1.604-2.178h4.179zM29.47 15.699l-1.585 2.155h-4.179l1.585-2.155zM.722 16.549H6.88l-.336.457H.722zM.722 15.699h6.784l-.337.457H.722zM.722 17.399h5.533l-.335.455H.722zM46.265 17.006h-6.136l.337-.457h5.799zM46.265 17.854h-6.759l.334-.455h6.425zM41.091 15.699h5.174v.458h-5.51zM38.413 11.413l-2.796 3.798h-4.429l2.798-3.798zM30.83 15.699s-.305.418-.454.618c-.524.71-.061 1.536 1.652 1.536h6.712l1.585-2.154H30.

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (51786)
Category:	downloaded
Size (bytes):	58666
Entropy (8bit):	5.400779200714718
Encrypted:	false
SSDEEP:
MD5:	30E93A747BA8285615CFBC3643DC1A62
SHA1:	3A55F9D6AC708F519D351EA0B69083457778EC9D
SHA-256:	18C4B9B4C27233B541A47300A4EE98239E1F8DEC4BBCD9FABB6BDAD12CA82025
SHA-512:	9487532066928C5592C665834B229B2F3D4E277735A38566E855D182E287D47CCE54245217C629837D3ECA06BB8F94D4321E127F9885BC2F7F35042BD4ABA642
Malicious:	false
Reputation:	unknown
URL:	https://dispatching-centre.lasamericascargo.com/js/card.js
Preview:	var card=function(r){var e={};function t(a){if(e[a])return e[a].exports;var n=e[a]={i:a,l:!1,exports:{}};return r[a].call(n.exports,n,n.exports,t),n.l=!0,n.exports}return t.m=r,t.c=e,t.d=function(r,e,a){t.o(r,e)\|\|Object.defineProperty(r,e,{enumerable:!0,get:a})},t.r=function(r){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(r,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(r,"__esModule",{value:!0})},t.t=function(r,e){if(1&e&&(r=t(r)),8&e)return r;if(4&e&&"object"==typeof r&&r&&r.__esModule)return r;var a=Object.create(null);if(t.r(a),Object.defineProperty(a,"default",{enumerable:!0,value:r}),2&e&&"string"!=typeof r)for(var n in r)t.d(a,n,function(e){return r[e]}.bind(null,n));return a},t.n=function(r){var e=r&&r.__esModule?function(){return r.default}:function(){return r};return t.d(e,"a",e),e},t.o=function(r,e){return Object.prototype.hasOwnProperty.call(r,e)},t.p="",t(t.s=5)}([function(r,e,t){"use strict";var a=t(4),n=t.n(a)()((function(r){return r[

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	127
Entropy (8bit):	4.979513751267317
Encrypted:	false
SSDEEP:
MD5:	D59B2080D315804504A8452FB872F3C5
SHA1:	946D25788C32C6CEEB5D8D5AAF3ECDD3C4FF1A4B
SHA-256:	391E87738708E8C885A042E48BF2E13A755453CF5E2F3F56E472BF29B9C2596E
SHA-512:	1443AA34BD3C2FED8C79362FB6C65D9399B90F6ECB494D1654C660E8ADC017C4CC8703040C45AEFED85D21F0C80980039CB968B591316A5F72211661742D305F
Malicious:	false
Reputation:	unknown
Preview:	__0ov0ofmh3n3b({"organization_id":"08547466-4760-4c82-ab62-5a93156267ea","livechat_active":false,"default_widget":"livechat"});

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 125064, version 768.67
Category:	downloaded
Size (bytes):	125064
Entropy (8bit):	7.994213368618236
Encrypted:	true
SSDEEP:
MD5:	57B380D27F14F16E737BCCA7E849CF79
SHA1:	2E4280929D4D76FC0E31601C98F167F14630C209
SHA-256:	94E1BBC1C2A41EBC73FA5253FD563256C0035B4D69181E48F9AEF9E474A11251
SHA-512:	88DD2321CC4711333411A24DAB612DAA68CAF7CC31C892405BCBB9E89629CA15FCDD781BB26D7485F5819B5B48170EC8EAA2135701F4695CF94A1CB0C15BF649
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/webfonts/fa-solid-900.woff2
Preview:	wOF2.............R....=...C.....................8.$. .`..l...d....p.... .u)...........y....{XG.....PUUU....U........................................{......'R%........T.)Ue.)..d~O.....<.3R.hC..S3...ig.}.[........./._.NoxN...~/........{^h}&)..0+.b.....iofi.<......;..V......E.jF0.E6.V.......z-_..x s... ......DA).tk......JRE%..@.F,....$3.........9_..b....'.......-sg..R.i$..jw%.V...z...e...nk..........$./..H.A.)`9.>B.?.'.J.K.. .A..qj..e.K..4%....&E......f ...8K..a..{8.9b.q..}.%P~.fj.>....$.Yi...V+....@...N.....M.`S.([J.....w\..o....az.9"........-m....6.m..2ow.e.7.L:....... 0........I..a=\..............N.n.i........F....mP.m.M.S.G)5..-.........ouM.]/..nD.h$.].33..s.A..Gtf.2.\|..Y"D..b..~..?.7Z".L..#...%....~O:.....ncl.uQ.;3.....X.... ..$..P...]@......z>.t..D.9Jv.....@P.J.9uQ.S..........}....K..r...~...1.?N^..a.s.5....E.x.A#....hD.0...}..z.E...)%8d.IeV..2?)..E......H...R. ...eH.e...DR.nj..$eV......fUO.......6.......q.a...v{m....."[%.....-Q+..E.

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	78318
Entropy (8bit):	5.178659111862382
Encrypted:	false
SSDEEP:
MD5:	BCBBAE1082B38962E877FD490C47173A
SHA1:	323A7B29AB4B755D6204208C534804EED6497231
SHA-256:	182717D4E386CC3DA173CAD4562B61BD2CD9EF8BDCC19D7C7CA4C89254C1C340
SHA-512:	A6B6707096064C4F0DE5F3F3A50D5E2A56FA9C9B8CB3B10E51CDC5C8A49BFA0E0F5187F7F70BB36CB3C4730B2FE86581DC4417CD005131DF9A056C4BC201731B
Malicious:	false
Reputation:	unknown
URL:	https://hnt.zkg.mybluehost.me/CA/ALMA/log.css
Preview:	@font-face{font-family:ppf-utility;src:url(https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.eot?-acnm6v&_=999999);src:url(https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.eot?#iefix-acnm6v) format('embedded-opentype'),url(https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.woff?-acnm6v&_=999999) format('woff'),url(https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.ttf?-acnm6v&_=999999) format('truetype'),url(https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Utility-v1.1.svg?-acnm6v&_=999999#ppf-utility) format('svg')}@font-face{font-family:ppf-web;src:url(https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.eot?-acnm6v&_=999999);src:url(https://www.paypalobjects.com/webstatic/mktg/2014design/fonts/v1.1/PP-Web-v1.1.eot?#iefix-acnm6v) format('embedded-opentype'),url(https://www.paypalobjects.com/webstatic/mktg/201

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 39 x 28, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	682
Entropy (8bit):	7.551216573501762
Encrypted:	false
SSDEEP:
MD5:	F9F5C8CCD73ADC2DF4D9E3ACB9E24F85
SHA1:	AE26C7C6A83B6446179383C3B109FBAD8B92C034
SHA-256:	381941FC8B5DF86879D6E2FCF3392D281B796C33F430F045405A0E6AF0E474B9
SHA-512:	B8433C2F8767F3D0CE611B5A278310FC554ECECBD6F8AC567D30471BD21FC1DDFB7DE2922C0C905926D12B2B955FA849F8B0CB32D538F205E54A2F4E8104933A
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...'............[....sRGB.........gAMA......a.....pHYs..........o.d...?IDATXG...0........2.Ek.....t.NGp...X.....mF....6.^..^\|7m....{......\|U9.4ta3....Y`#.u..{...z...k.I.mH..C.l.. ..6....3$Irb1....{X......&...)......`..k. '?V....F...`..X...`3..........T......nAO.."h)H.eX.].!....2e...R..c..w.*%eA.bW..S...w..:W....c.....#..f.J".l....G...JpL.Rg:...jb..7...8c}..u...=.[../...\|$.>.W.fr.......Z.-..l.#.f....5..Qv..=z4....3$..\...P..8Na . .\|g.. j....A..8W.&.(..w/..(+...[.XG..o-.w.K......h..\.s....%.uz...L.ZN......k.>}"..}z.`..=W!/?N5:?=.3.......Y..g...rS.=L.Z.....n..3...d....z....>.==..^e.......C.\|....r....v......N..M.....Vpc3f{....IEND.B`.

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	78840
Entropy (8bit):	6.022413301778022
Encrypted:	false
SSDEEP:
MD5:	0CA290F7801B0434CFE66A0F300A324C
SHA1:	0891B431E5F2671A211DDD8F03ACF1D07792F076
SHA-256:	0C613DC5F9E10DFF735C7A102433381C97B89C4A26CE26C78D9FFAD1ADDDC528
SHA-512:	AF70C75F30B08D731042C45091681B55E398EA6E6D96189BC9935CE25584A57240C678FF44C0C0428F93BF1F6A504E0558BC63F233D66D1B9A5B477BA1EF1533
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/styles__ltr.css
Preview:	.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.recaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom}.recaptcha-checkbox-border{-webkit-border-radius:2px;-moz-border-radius:2px;border-radius:2px;background-color:#fff;border:2px solid #c1c1c1;font-size:1px;height:24px;position:absolute;width:24px;z-index:1}.recaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAAIGNIUk0AAHomAACAhAAA+gAAAIDoAAB1MAAA6mAAADqYAAAXcJy6UTwAAAAGYktHRAD/AP8A/6C9p5MAAHq9SURBVHja7Z15fFTl9f/fd9ZM9n1PgCyEXSSRNYKCgAuiIipuVSuudavV1tq6W/WrtnWrrZbWDZUqUqUoCoIEQhBI2JesELKvM9mTWe7c3x83d5xAlkky8fv92ft5vfKC19znOWfuZ571POc5B1SoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKHifwGCRqsTNFrdj6VPq9XqtNofT9+wvutQyEyad8t9IaPPntFUd

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (724)
Category:	downloaded
Size (bytes):	551834
Entropy (8bit):	5.646059185430787
Encrypted:	false
SSDEEP:
MD5:	33AFF52B82A1DF246136E75500D93220
SHA1:	4675754451AF81F996EAB925923C31EF5115A9F4
SHA-256:	B5E8EC5D4DCC080657DEB2D004F65D974BF4EC9E9AA5D621E10749182FFF8731
SHA-512:	2E1BAAE95052737BDB3613A6165589643516A1F4811D19C2F037D426265AA5ADF3C70334C1106B1B0EEF779244389F0D7C8C52B4CD55FCE9BAB2E4FCB0642720
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/recaptcha__en.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var z=function(){return[function(v,p,K,u,W,n){if(!((v>>2&(n=[6,"Unknown format requested type for int64",9],n[0])\|\|!U[22](11,this.U(),p)&&this.dispatchEvent("enter")&&this.isEnabled()&&R[23](n[2],this,2)&&R[3](n[0],2,!0,this),v-1)<20&&(v>>1&7)>=4&&(u=new vf,W=R[41](1,p,u,kV,K==p?K:P[8](37,K),5)),v<<1&11))throw Error(n[1]);return W},function(v,p,K,u,W){return((W=[17,7,46],v)<<2&W[1]\|\|(p=function(n){return K.call(p.src,p.listener,n)},K=UJ,u=p),(v-1\|12)<v&&(v-9\|59)>=v)&&(u=M[W[2]](15,p)&&!M[W[2]](13,."iPod")&&!M[W[2]](W[0],K)),((v\|8)&W[1])==1&&(u=p.Y?p.Y:p.I?"application/x-protobuffer":""),u},function(v,p,K,u,W){retu

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 27 x 29, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	475
Entropy (8bit):	7.334075153511776
Encrypted:	false
SSDEEP:
MD5:	E00004714CE72691E26F9B61C9810780
SHA1:	51385AF6CB9A9D372C3151E67D331DDC1B92B3C4
SHA-256:	B8B7E6C193F0B11BECE8C12B305CBF15130BC99B32AE92426EB747A3DA3264D6
SHA-512:	A2DFB57AB3C8458E0EED2A565C3355982F078DB347FE9AF4C67C13980E7E04DB243DE7D2681545DADDFEC375F9E5F0AE931BECC36EB40332135F87F8099407A0
Malicious:	false
Reputation:	unknown
URL:	https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/assets/clan.png
Preview:	.PNG........IHDR.............[..H....sRGB.........gAMA......a.....pHYs..........o.d...pIDATHK..j.0....o.SB..m...26.8...V..A.S..5......9..n~N..Ir....![bx...[.E..Q....G..O..5....}N@HM..j..........J&1.g.E...(..dM`r.J...mr~. ./..&)..y+..^=2..-b...d..U.).$i...#;....B.PPk1..t.".\z...u..}./...<....@lr..o........3L...r...4.]Y..4.09aH..!z..'7 -.%.5_H.]L.W..9..{...=p@f&......:.y..Y.'.+Y 4.Z6..}S."^...:AkP$#.L...F.........#...\....xs.].I...Q......+dH......IEND.B`.

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2228
Entropy (8bit):	7.82817506159911
Encrypted:	false
SSDEEP:
MD5:	EF9941290C50CD3866E2BA6B793F010D
SHA1:	4736508C795667DCEA21F8D864233031223B7832
SHA-256:	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
SHA-512:	A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6....Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6.....,xz.._......B."#...L(n..f..Yb....8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o..........x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.....-.A.}.......I .P.....S....\|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.\|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4\|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel
Category:	downloaded
Size (bytes):	2238
Entropy (8bit):	1.4858300861878153
Encrypted:	false
SSDEEP:
MD5:	A6F1AF8E79A11829BA9A66474B06BB97
SHA1:	D99E3EC7747C865033A8DFAD43C9F49634404BC1
SHA-256:	B0DBD00F3650FA6B931E678A9D8F79A405D23C7ADF111AB91B1A01A0E7109807
SHA-512:	F229B3A71EC1568DBC9F422097CDE564EAA6EA530B370D47B82756B660C3342E4402C40600A22C988A5973039860AD2FAF83C6721D8D1725C5D61DB6044A6D69
Malicious:	false
Reputation:	unknown
URL:	https://dispatching-centre.lasamericascargo.com/images/favicon.gif
Preview:	...... ..............(... ...@............................................................U...n...'.......$...c...7.......!...............h...{...'...f.......X...........>.......d...............}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15340, version 1.0
Category:	downloaded
Size (bytes):	15340
Entropy (8bit):	7.983406336508752
Encrypted:	false
SSDEEP:
MD5:	19B7A0ADFDD4F808B53AF7E2CE2AD4E5
SHA1:	81D5D4C7B5035AD10CCE63CF7100295E0C51FDDA
SHA-256:	C912A9CE0C3122D4B2B29AD26BFE06B0390D1A5BDAA5D6128692C0BEFD1DFBBD
SHA-512:	49DA16000687AC81FC4CA9E9112BDCA850BB9F32E0AF2FE751ABC57A8E9C3382451B50998CEB9DE56FC4196F1DC7EF46BBA47933FC47EB4538124870B7630036
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
Preview:	wOF2......;........d..;..........................d..z..J.`..L.Z..<.....\..`..^...x.6.$..6. ..\|. ..8..z%......Q.{..q...FF.kd .8.(..d..).!C...Y.JA...r. ..GH8F......nW...".2&....2<..+C...p...b..SC.......J......z.-..Q..#6&1zUe../\...l.....<.....9s...E~.]B-..B.wY..o......Q..A.F..1j.......-.`P% .. ,..@1.0..~.....WWW.d.u<c{..^.R.+..w....&.........A......+C....(.N.....0.~..0.J.;.Nu..7....]..m.H.....[h.GL3....?)....c.H...2.3.}y........SXI\|..iVN'%E.D.W....r..<`....i....6;E$.....U.$j.@...._.......R2....WS...k.vz.R.'a9!^...N....h.._.....c.%."..S.2.16B...o.2}.pmU[.\|.LI....2.....OWQLO1-....s..8.(...".\|6...6R.. ..M-.zO.}w)..v..mXxX...c..3#.+.v....F`.Z;.zQ.......r,....Yo.....g.h....+.....O.3Y..)Y.8.!....elX......._.3.}k~u.{ C..H.z..FP........@...d..)T.R...L.H.J.j.@..............$...E......y...3.b...I.h u.+%.HA.\..9..8..X.!....gx...].:..V..C...._..X..!....6..)...GM:E.....O.Z.}k.;.T.k..D.k.O..D5.r..."......?..T.Q.A...CF...3g.5.Dn<.QPy..G..1.9..Q..0..

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	80
Entropy (8bit):	4.827132546808606
Encrypted:	false
SSDEEP:
MD5:	F0D2E38A21FCABB439D0D6B37DEF93C0
SHA1:	1A99ADBD0420973769020D1B008B19326684510B
SHA-256:	26BC12F58A29277524339F1A3BE35C51A41078E9A423C59DB49351A889CDF772
SHA-512:	032B76951F266E71E008CA48FCE029CBD0B8E9A7D9E816C01EBCB7A593FF4840A6CCD092C661E988821240611364C8B558FCBEC2BE553AB67CA150D29A5FF89D
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAnU2t0q37vVDBIFDXzgTfwSEAmUl0qLh_JRhxIFDYOPjWcSJQmn5nRSH4_9VRIFDaOKs4QSBQ3NRZMrEgUNCL5bpxIFDS3bGyA=?alt=proto
Preview:	CgkKBw184E38GgAKCQoHDYOPjWcaAAokCgcNo4qzhBoACgcNzUWTKxoACgcNCL5bpxoACgcNLdsbIBoA

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=2], baseline, precision 8, 474x218, components 3
Category:	downloaded
Size (bytes):	12985
Entropy (8bit):	7.828068740605507
Encrypted:	false
SSDEEP:
MD5:	520EFF7678B3394540C9A96F96CC5F0A
SHA1:	5FD6255611AE63E3EE63D448A490142068968937
SHA-256:	E28BCF171178BD4731B024D70B21FD5BF931895399B397C9DCB28284B22DCC50
SHA-512:	FD81E0855504AE6F2E84EB46B5060CD3CEF197BFF64115FBA69610556A6E7401BCB19AE298BDFFC318E9DA8294E6BA9243E30F442A5BD2E969F1A5B735B381F3
Malicious:	false
Reputation:	unknown
URL:	https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/assets/npay.jpg
Preview:	......JFIF..............Exif..MM.......@...........@..................C...........................$ &%# #"(-90(6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...NO4.....h.....6..v..F..M........h..o>.o>..(.....6..v..F..M........h..o>.o>..(.....6..v..F..M........h..o>.o>..(.....6..v..F..M........h..o>.o>..(.....6..v..F..M........h..o>.o>..(.....6..v..F..M........h..o>.o>..(.....6..v..F..M........h..o>.o>..(...I.P....i...i..QE..QE..QE..QE..QEs......iN..W2..8.P.

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	874356
Entropy (8bit):	5.361488834882149
Encrypted:	false
SSDEEP:
MD5:	F72950DA27494D79A660FA85BDCADA9B
SHA1:	65761985B59A41AA4763163DFAC1B3C0DD4F0F61
SHA-256:	27022E814341E4D2E1CACF656B385A6F7F184C124E3122E990E7784096FF78B5
SHA-512:	0D7B20E6D3C9E2E96BBAE40395B00F7876069E333E4520473E32589BA2870E275993BB27C596E5EF4BFB1DA887A186B66B7937C76E5E64AB57DAE6EC370412A3
Malicious:	false
Reputation:	unknown
URL:	https://cdn.lr-in.com/logger-1.min.js
Preview:	!function(){var e={2706:function(e,t,r){"use strict";var n=r(4836);Object.defineProperty(t,"__esModule",{value:!0}),t.encode=function(e){return JSON.stringify(p(e))},t.encodeAsTable=function(e){return p(e)},t.decode=function(e){return function(e){if("number"==typeof e&&e<0)return n(e);var t=new Array(e.length);function r(e){return e in t?t[e]:t[e]=n(e)}function n(t){if(t<0){if(t===i)return;if(t===a)return;if(t===s)return NaN;if(t===u)return 1/0;if(t===c)return-1/0;throw new Error("invalid ARSON index: "+t)}var n=e[t];if(n&&"object"===(0,o.default)(n)){if(Array.isArray(n)){var p=n[0];if("string"==typeof p&&p in l){var h=l[p].reconstruct,g=h();return g&&f.push({reconstruct:h,empty:g,argIndexes:n.slice(1)}),e[t]=g\|\|h(n.slice(1).map(r))}}d.push(n)}return n}var f=[],d=[];return e.forEach((function(e,t){r(t)})),f.forEach((function(e){e.args=e.argIndexes.map(r)})),d.forEach((function(t){Object.keys(t).forEach((function(n){var o=t[n];if("number"==typeof o)if(o<0){if(o===a)return void delete t[

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	unknown
URL:	https://hnt.zkg.mybluehost.me/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	140
Entropy (8bit):	4.826313929997279
Encrypted:	false
SSDEEP:
MD5:	F0EFF7EE5D234E56CCA708A6C380528C
SHA1:	371C1FED2470DC5DC53E8A3C79D8810AA511A375
SHA-256:	19468D9485A94BB9B18A671AD8BB910AA07C1DE869087295AB00ECECF4E506BD
SHA-512:	5C8DBB360A0CACECEA63577B6E93A76E34071F615BC38BCC1DB78FF15412A49467771185DB77B8A4F0E54C91C1CADDE25951A45773F89E11773D443BD412735D
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAnU2t0q37vVDBIFDXzgTfwSEAmUl0qLh_JRhxIFDYOPjWcSSAnn2ITUSAUg2hIFDe-_jXMSBQ0AoAvKEgUNg6hbPRIFDf2GJkASBQ1u1ykLEgUNRmcVfRIFDfKo5J0SBQ0F1X72EgUNU_J1YQ==?alt=proto
Preview:	CgkKBw184E38GgAKCQoHDYOPjWcaAApRCgcN77+NcxoACgcNAKALyhoACgcNg6hbPRoACgcN/YYmQBoACgcNbtcpCxoACgcNRmcVfRoACgcN8qjknRoACgcNBdV+9hoACgcNU/J1YRoA

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65311)
Category:	downloaded
Size (bytes):	83981
Entropy (8bit):	4.7735566283508355
Encrypted:	false
SSDEEP:
MD5:	3D5EF2BF867C4054A2F336CDBAD9E1DC
SHA1:	07228D1FA3245EE156A27A353F45758A3207849F
SHA-256:	A361E7885C36BACB3FD9CB068DA207C3B9329962CAC022D06E28923939F575E8
SHA-512:	168DEB96B663FE4EEE8D39C78380864760FB912B34BF82CB6A7C36AA4B18B91944CCEFAD71A10F428810D0A6A818DDBAFF3AE7DB42264750DFB8B5A73A8EDA04
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
Preview:	/!. Font Awesome Free 6.0.0-beta3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2021 Fonticons, Inc.. */..fa{font-family:var(--fa-style-family,"Font Awesome 6 Free");font-weight:var(--fa-style,900)}.fa,.fa-brands,.fa-duotone,.fa-light,.fa-regular,.fa-solid,.fa-thin,.fab,.fad,.fal,.far,.fas,.fat{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:var(--fa-display,inline-block);font-style:normal;font-variant:normal;line-height:1;text-rendering:auto}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-2xs{font-size:.625em;line-height:.1em;vertical-align:.225em}.fa-xs{font-size:.75em;line-height:.08333em;vertical-align:.125em}.fa-sm{font-size:.875em;line-height:.07143em;vertical-align:.0

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	415045
Entropy (8bit):	4.865472000389467
Encrypted:	false
SSDEEP:
MD5:	B33E59C592EB453D12F6A53179D8EF19
SHA1:	5D1863F728B58D4456E1B1D824D98FE56810E69E
SHA-256:	A0B9419777F544B665051CAE80F11BF8FF9F925072A9F062A3D82C383E6CDFDE
SHA-512:	9AA37B0D4A45E03E532311D89CBE2D527FA31C31F8C2E88A3B162BF8E567120A878158FD24C94B3C9AFE6A2F22497055295D101C04AA8362C3B44B17E58CB596
Malicious:	false
Reputation:	unknown
URL:	https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/assets/app.css
Preview:	/!. Font Awesome Free 5.15.4 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */...fa,..fab,..fad,..fal,..far,..fas {. -moz-osx-font-smoothing: grayscale;. -webkit-font-smoothing: antialiased;. text-rendering: auto;. display: inline-block;. font-style: normal;. font-variant: normal;. line-height: 1.}...fa-lg {. font-size: 1.33333em;. line-height: .75em;. vertical-align: -.0667em.}...fa-xs {. font-size: .75em.}...fa-sm {. font-size: .875em.}...fa-1x {. font-size: 1em.}...fa-2x {. font-size: 2em.}...fa-3x {. font-size: 3em.}...fa-4x {. font-size: 4em.}...fa-5x {. font-size: 5em.}...fa-6x {. font-size: 6em.}...fa-7x {. font-size: 7em.}...fa-8x {. font-size: 8em.}...fa-9x {. font-size: 9em.}...fa-10x {. font-size: 10em.}...fa-fw {. text-align: center;. width: 1.25em.}...fa-ul {. list-style-type: none;. mar

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	102
Entropy (8bit):	4.921030304008144
Encrypted:	false
SSDEEP:
MD5:	59EE3965FCB16F88E9BDC20B9CD8612E
SHA1:	3D93A27E4DAC9DDA01DC5BBCCA9E1F53E827DAF2
SHA-256:	020A92F2FB27981D1398F916AE17400F8F11473962EBD858B7BF6901814EDD7B
SHA-512:	3E4C07D9CE3DEDE2998A59C32A3FE12D781AAE33C4AFE8D2B9B0D12C18EB96257373098497B5F3C909EC1EDE64FEB4B4074DBDB9678B4D6B019CD64360222849
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=xds0rzGrktR88uEZ2JUvdgOY
Preview:	importScripts('https://www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/recaptcha__en.js');

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 27, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	380
Entropy (8bit):	7.010478036190101
Encrypted:	false
SSDEEP:
MD5:	5C71F27C78F2FA4C03011A7C22B82496
SHA1:	686900B9EAD294FF018699E3FA65C023E5B41DE0
SHA-256:	EB6CA62C1E5D64C52BE3FFA63C298DCDA2483C04C4B17D1BFE605D134E52F91B
SHA-512:	CEB51685733CFE4F2D353A314E032A8FC7BDFB2AFA4B0F4991702DEB9264D4ACE7C949EE248963FF64E0FCD9C2337E141080C36875BF19B8E0F52721DE7FC371
Malicious:	false
Reputation:	unknown
URL:	https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/assets/pak.png
Preview:	.PNG........IHDR... ................sRGB.........gAMA......a.....pHYs..........o.d....IDATHK.j.0.E....E....!.%`.Y4.BD.....+neH........LO....}..w......JB..;...-v...:....1..p8U.B<CA.............R.....%YT.....$G@@..*g..Xh......aWYL u`.@d.+......kX..^.D..[C(pi Y#...!.\fy.@.3.u]'..8....Z.h....A ..._g...@.(.E.../....M[.?.q.q......[ ?[\.Y.'.x0...s....s2.......8......IEND.B`.

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	530
Entropy (8bit):	7.2576396280117494
Encrypted:	false
SSDEEP:
MD5:	88E0F42C9FA4F94AA8BCD54D1685C180
SHA1:	5AD9D47A49B82718BAA3BE88550A0B3350270C42
SHA-256:	89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
SHA-512:	FAFF842E9FF4CC838EC3C724E95EEE6D36B2F8C768DC23E48669E28FC5C19AA24B1B34CF1DBCBE877B3537D6A325B4C35AF440C2B6D58F6A77A04A208D9296F8
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX...JBA.....E-R... (#..-*$.}.%.Kt.A..Dx.I...AF.Q.4.......-.6..?.m:.,.......Q..D.L..e4..2.D..8)j4:......&>.s......p?......9.o5>.][H.}...&L.%.xh{~K.J\|.b..N..HMp....f.}dd..S..4%...$dK..!..Z..NNs.W&g..Fn....p...w..Ut...E\.e.......6......M.F...X.L......em.....R#'..%....j$/..-......@.l."..M.\|....OtW.H.,.-.~W`Z.s8..W...B...C-.8"H....6......9...A..aO.1`.M..A..eA.{...-...U.,.W........IEND.B`.

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 200 x 103
Category:	downloaded
Size (bytes):	17585
Entropy (8bit):	7.887872148050432
Encrypted:	false
SSDEEP:
MD5:	F3FFB13CF88B13EC557E6149371B361D
SHA1:	3C72F0855B4BD6E3B45675A5E8B08C8FB7A98F49
SHA-256:	CE6A239FDE88D8FB01C7A10D6F7B27D1BC23F5462D02F5EBB4927479FA32A302
SHA-512:	0A550E6436209D0E19611BB52C4530F578A056504D370D5ED48D95FE058200902D5A37FC7154FB3BB5CAA7013FDC4093421FD6D8D4A8125F31F4B2CA888564BF
Malicious:	false
Reputation:	unknown
URL:	https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/assets/loading.gif
Preview:	GIF89a..g.......................................................\|qZ.........zzz...ccb................Nmmm.....hhh.~..w)....<ffdtts.........E.....A........R....=............U..Y........}[....M.....n....i......sj\.....Q.................J..j.6.x.U..t....1.....j(.........s.>..m...Z.......l..[..........Q..............g.hA.............................```......!..NETSCAPE2.0.....!.......,......g.@...~.........................50)$ ......'!....$.....,..5.......$.}. $.).0... .}..}............ .)........$.........'.0......!}.....L0......`x..@?h."J.@.....=3a....72.P. .......P.eK.0...@....-.dx(..Og.0..z..../..Z.l..\|...,). .,_. ..`.0.X....L.eH`........hP...C.l.E.t..GE...<... @..C...;z..D.R.V.a....!...=9.\I..@....6a.../.b..A....s..b...O.0.J.dU..+[F..f 8..c..+..s+........7......a.CP ....L...@.\|....5l.4..O' ` ....... .Z..d..o.Th....]. `.. .&....d.i.U..6...}.<.....g!...."q..X..'...f!...W\....JQPZA.EI..T..@@.a....pe.`.).....0xp...T.@Y......

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 214 x 20, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1998
Entropy (8bit):	7.900986621763582
Encrypted:	false
SSDEEP:
MD5:	5D14AB93691604E826E1319D53599EB9
SHA1:	78724360E9D25DA584445B851E37BCA05ABE6B85
SHA-256:	3F0C62B5CCDCDBF3B3AE3885F1E6959E2D937EBA9B29DEA9A6BDB98788041756
SHA-512:	DC91304849C5D9B54124CE5A0FA47C9D0BFFB35090479FAFB4DCD7CFF9B75D0467A3AA3D7837D1E1EF418F3F961DC9D31D65387C701646FEBB792F1AB2EDEDAA
Malicious:	false
Reputation:	unknown
URL:	https://hnt.zkg.mybluehost.me/CA/ALMA/TM86/assets/logo.png
Preview:	.PNG........IHDR....................IDATx..Zi..E....]....../.F.......x.............F.....#J....x.....+.no....x.r.D...T.T.....N/K.J^v......}..^1V..c<...e.=5..]..Ir...2...Q..L...97.3...]...............J.....&.....1.-............N+w.]...X..[...t....X..jJ.jd..L.T...V.}.....aO.,..i......U.yW.a..jI...M..R....,..Q..i....?..{;Y.....gjz.YU...Z....f../"..X#.R..L.Qr......q\.@v.......s..4...bL..;.~wk.q.......Z......Jb..5I...oKH,.^c.V.`..?..]7..`(...=..)R.u..\|.}X....O4Z.s..(o.W..-...?.......g..$.rB..X...9.t..?..;.\|.K4=.@B.[..g..sM..!......._J..y......;n.....Ce.W\...D....3)ET..8.kz.{"t.K.Q.U.k.w....k..._s...*.k.g8....T2t.2.e..,.9o....l;E....I. ..7.4.."O...$Q...k...x....?...&J..y`).K.c.g...^z.!..`.._.F.g.Px8AF74.9...y.o....d..B...H...>.....D8t...b..WH..y3.{..q+].G.a...B.h..1'.S4."r{...4.M.....P~.hmFM?...=t.N..68..^.....Tx..b.N..7.C........y...8.q.f..}&.....,...e.M.r..,.._.Y.=B.).k...:7.qq..,.;..z.i?..[...x....A.I..X..B.'Y.\(.f...i-_...#....$]2.c....

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (9887)
Category:	dropped
Size (bytes):	71949
Entropy (8bit):	4.4179085591070795
Encrypted:	false
SSDEEP:
MD5:	4F963B0960B787ED07AA934CA27F8A17
SHA1:	448661C5BBEDCD8E91F613F783056341924A2075
SHA-256:	E3C09E3AE0138A6AEBEAAFE2BF96DD724EC7D6DC358A69344DAFA2697ADD3B81
SHA-512:	54DCF38BF562659A547BE86C2B9A6DC34899A99605F615059924F95F0F47101587E5A540756E4C2323772D9A737168BF170E60FE7DB06917F5562FF1B32E855D
Malicious:	false
Reputation:	unknown
Preview:	/. International Telephone Input v17.0.13. * https://github.com/jackocnr/intl-tel-input.git. * Licensed under the MIT license. */..// wrap in UMD.(function(factory) {. if (typeof module === "object" && module.exports) module.exports = factory(); else window.intlTelInput = factory();.})(function(undefined) {. "use strict";. return function() {. // Array of country objects for the flag dropdown.. // Here is the criteria for the plugin to support a given country/territory. // - It has an iso2 code: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2. // - It has it's own country calling code (it is not a sub-region of another country): https://en.wikipedia.org/wiki/List_of_country_calling_codes. // - It has a flag in the region-flags project: https://github.com/behdad/region-flags/tree/gh-pages/png. // - It is supported by libphonenumber (it must be listed on this page): https://github.com/googlei18n/libphonenumber/blob/master/resources/S

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
Category:	downloaded
Size (bytes):	15552
Entropy (8bit):	7.983966851275127
Encrypted:	false
SSDEEP:
MD5:	285467176F7FE6BB6A9C6873B3DAD2CC
SHA1:	EA04E4FF5142DDD69307C183DEF721A160E0A64E
SHA-256:	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
SHA-512:	5F9BB763406EA8CE978EC675BD51A0263E9547021EA71188DBD62F0212EB00C1421B750D3B94550B50425BEBFF5F881C41299F6A33BBFA12FB1FF18C12BC7FF1
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Preview:	wOF2......<...........<Z.........................d..z..J.`..L.\..<.....<.....^...x.6.$..6. .... ..S..}%.......\|....x..[j.E...d..-A...]=sjf$X.o.5......V....i?}.\...;...V......5..mO=,[.B..d'..=..M...q...8..U'..N..G...[..8....Jp..xP...'.?....}.-.1F.C.....%z..#...Q...~.~..3.............r.Xk..v..7t.+bw...f..b...q.W..'E.....O..a..HI.....Y.B..i.K.0.:.d.E.Lw....Q..~.6.}B...bT.F.,<./....Qu....\|...H....Fk.-..H..p4.$......{.2.....".T'..........Va.6+.9uv....RW..U$8...p...........H5...B..N..V...{.1....5}p.q6..T...U.P.N...U...!.w..?..mI..8q.}.... >.Z.K.....tq..}.><Ok..w.. ..v....W...{....o...."+#+,..vdt...p.WKK:.p1...3`. 3.......Q.].V.$}.......:.S..bb!I...c.of.2uq.n.MaJ..Cf.......w.$.9C...sj.=...=.Z7...h.w M.D..A.t.....]..GVpL...U(.+.)m..e)..H.}i.o.L...S.r..m..Ko....i..M..J..84.=............S..@......Z.V.E..b...0.....@h>...."$.?....../..?.....?.J.a,..\|..d...\|`.m5..b..LWc...L...?.G.].i...Q..1.:..LJV.J...bU.2.:\.kt.......t.....k....B..i.z+...........A.....

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (18053)
Category:	dropped
Size (bytes):	18673
Entropy (8bit):	5.593695094312822
Encrypted:	false
SSDEEP:
MD5:	61721B9FC4880C88E14E0251D0FFC033
SHA1:	27A8A3835B9F801E3D9302631D0DB87D7C5CD4E6
SHA-256:	4B36D33EB3E3D1164C877B0A91EEC39B6475100390683D65AC524A0219C9D2D1
SHA-512:	F7C3A9572E54ADC10991450521E16F89127965466E4500239E5A2B72646D212B2B8524E4BF0A761901F1A0232B1119C8ACE823AEEDD495A64A3ED812851E95E1
Malicious:	false
Reputation:	unknown
Preview:	/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t / (function(){var h=function(p,M){if((M=(p=null,t).trustedTypes,!M)\|\|!M.createPolicy)return p;try{p=M.createPolicy("bg",{createHTML:n,createScript:n,createScriptURL:n})}catch(f){t.console&&t.console.error(f.message)}return p},t=this\|\|self,n=function(p){return p};(0,eval)(function(p,M){return(M=h())&&p.eval(M.createScript("1"))===1?function(f){return M.createScript(f)}:function(f){return""+f}}(t)(Array(Math.random()7824\|0).join("\n")+['(function(){/',.'',.' Copyright Google LLC',.' SPDX-License-Identifier: Apache-2.0',.'/',.'var ot=function(M,p,n){return((n=b[M.S](M.pd),n)[M.S]=function(){return p},n).concat=function(f){p=f},n},p$=function(M,p,n,f,h){for(h=(f=p[2]\|0,p=p[3]\|0,0);h<15;h++)M=M>>>8\|M<<24,M+=n\|0,n=n<<3\|n>>>29,M^=f+2131,p=p>>>8\|p<<24,n^=M,p+=f\|0,p^=h+2131,f=f<<3\|f>>>29,f^=p;return[n>>>24&255,n>>>16&255,n>>>8&255,n>>>0&255,M>>>24&255,M>>>16&255,M>>>8&255,M>>>0&255]},I=function(M,p,n,f,h,

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (9887)
Category:	downloaded
Size (bytes):	89338
Entropy (8bit):	4.33317544061384
Encrypted:	false
SSDEEP:
MD5:	BE78A3E1D45F0451D605431C05961C22
SHA1:	13F65075B0AD9774F95406A2529423A631032A31
SHA-256:	691FF3918FB72CDDC3ABF2B84AF0D66E0D2875B18B032EF6864923789C7E4077
SHA-512:	45EF5C59CF21927EDA5AC3C71E55FE16EB26232ACD78A432D7B8A6B2AF4AC483DAB83C755C69C18499FBF88B568BB7F04F7E62FBCD690C9190B68945C2751766
Malicious:	false
Reputation:	unknown
URL:	https://dispatching-centre.lasamericascargo.com/js/intlTelInput.js
Preview:	/. International Telephone Input v17.0.13. * https://github.com/jackocnr/intl-tel-input.git. * Licensed under the MIT license. */..// wrap in UMD.(function(factory) {. if (typeof module === "object" && module.exports) module.exports = factory(); else window.intlTelInput = factory();.})(function(undefined) {. "use strict";. return function() {. // Array of country objects for the flag dropdown.. // Here is the criteria for the plugin to support a given country/territory. // - It has an iso2 code: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2. // - It has it's own country calling code (it is not a sub-region of another country): https://en.wikipedia.org/wiki/List_of_country_calling_codes. // - It has a flag in the region-flags project: https://github.com/behdad/region-flags/tree/gh-pages/png. // - It is supported by libphonenumber (it must be listed on this page): https://github.com/googlei18n/libphonenumber/blob/master/resources/S

Static File Info

⊘No static file info

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://hnt.zkg.mybluehost.me/CA/LET

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 115

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 134

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 143

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 151

Chrome Cache Entry: 155

Chrome Cache Entry: 157

Windows Analysis Report
https://hnt.zkg.mybluehost.me/CA/LET