Edit tour

Windows Analysis Report
https://turbocards.com//wp-content/ledt/

Overview

General Information

Sample URL:	https://turbocards.com//wp-content/ledt/
Analysis ID:	1532350

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6836 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1988,i,279075549384836302,15906471619428326256,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://turbocards.com//wp-content/ledt/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://wordpress-44086035828.devrimsdemo.com/contact/?redirection=details	HTTP Parser: No favicon
Source: https://wordpress-44086035828.devrimsdemo.com/contact/?redirection=details	HTTP Parser: No favicon
Source: https://wordpress-44086035828.devrimsdemo.com/contact/?redirection=details	HTTP Parser: No favicon
Source: https://wordpress-44086035828.devrimsdemo.com/contact/?redirection=details	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49736 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212

Source: global traffic	DNS traffic detected: DNS query: turbocards.com
Source: global traffic	DNS traffic detected: DNS query: wordpress-44086035828.devrimsdemo.com
Source: global traffic	DNS traffic detected: DNS query: www.smartsuppchat.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: bootstrap.smartsuppchat.com
Source: global traffic	DNS traffic detected: DNS query: widget-v3.smartsuppcdn.com
Source: global traffic	DNS traffic detected: DNS query: translations.smartsuppcdn.com
Source: global traffic	DNS traffic detected: DNS query: websocket-visitors.smartsupp.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49736 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@18/21@30/185

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1988,i,279075549384836302,15906471619428326256,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://turbocards.com//wp-content/ledt/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1988,i,279075549384836302,15906471619428326256,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
1857279285.rsc.cdn77.org	195.181.170.19	true	false	unknown
1087630013.rsc.cdn77.org	195.181.170.18	true	false	unknown
turbocards.com	199.16.173.48	true	false	unknown
websocket-visitors.smartsupp.com	18.194.185.123	true	false	unknown
www.google.com	142.250.184.228	true	false	unknown
bootstrap.smartsuppchat.com	52.29.129.13	true	false	unknown
1161431244.rsc.cdn77.org	212.102.56.179	true	false	unknown
wordpress-44086035828.devrimsdemo.com	128.199.2.230	true	false	unknown
www.smartsuppchat.com	unknown	unknown	false	unknown
translations.smartsuppcdn.com	unknown	unknown	false	unknown
widget-v3.smartsuppcdn.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://wordpress-44086035828.devrimsdemo.com/contact/?redirection=details	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.78	unknown	United States	15169	GOOGLEUS	false
199.16.173.48	turbocards.com	United States	2635	AUTOMATTICUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.186.163	unknown	United States	15169	GOOGLEUS	false
195.181.170.19	1857279285.rsc.cdn77.org	United Kingdom	60068	CDN77GB	false
195.181.170.18	1087630013.rsc.cdn77.org	United Kingdom	60068	CDN77GB	false
128.199.2.230	wordpress-44086035828.devrimsdemo.com	United Kingdom	396425	UCCS-UNIVERSITY-OF-COLORADO-COLORADO-SPRINGSUS	false
142.250.185.227	unknown	United States	15169	GOOGLEUS	false
18.194.185.123	websocket-visitors.smartsupp.com	United States	16509	AMAZON-02US	false
212.102.56.179	1161431244.rsc.cdn77.org	Italy	60068	CDN77GB	false
142.250.186.106	unknown	United States	15169	GOOGLEUS	false
52.29.129.13	bootstrap.smartsuppchat.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.131	unknown	United States	15169	GOOGLEUS	false
64.233.184.84	unknown	United States	15169	GOOGLEUS	false
142.250.184.238	unknown	United States	15169	GOOGLEUS	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false
195.181.175.40	unknown	United Kingdom	60068	CDN77GB	false
169.150.255.184	unknown	United States	2711	SPIRITTEL-ASUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532350
Start date and time:	2024-10-13 01:17:58 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://turbocards.com//wp-content/ledt/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@18/21@30/185

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.250.184.238, 64.233.184.84, 34.104.35.123, 142.250.186.106, 142.250.186.163, 199.232.210.172
Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://turbocards.com//wp-content/ledt/

LLM Input / Output

Input	Output
URL: https://wordpress-44086035828.devrimsdemo.com/contact/?redirection=details Model: jbxai	{ "brands":["Freshworks"], "text":"Welcome to Freshworks help. For assistance, please click the chat icon located at the bottom-right corner of the page (indicated by a green bubble). Our support team will be available to help with any inquiries or issues you may encounter.", "contains_trigger_text":true, "trigger_text":"Welcome to Freshworks help.", "prominent_button_name":"Contact Freshworks", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: https://wordpress-44086035828.devrimsdemo.com/contact/?redirection=details Model: jbxai

{
"brands":["Freshworks"],
"text":"Welcome to Freshworks help. For assistance,
 please click the chat icon located at the bottom-right corner of the page (indicated by a green bubble). Our support team will be available to help with any inquiries or issues you may encounter.",
"contains_trigger_text":true,
"trigger_text":"Welcome to Freshworks help.",
"prominent_button_name":"Contact Freshworks",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Oct 12 22:18:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.988632344776488
Encrypted:	false
SSDEEP:
MD5:	EC1C2C586CBDF914BE2446E25858D230
SHA1:	8BA4AA100D40E751A12F700F7833B8A2D5E92554
SHA-256:	49E3E5D4FEEBFC1EF98FB13FC9BFC787513EEA2E38477CED31F36C2E4DDF5A71
SHA-512:	3483B2E80F90561CA882DE9F1C9FCD2E2C3FD50F2CF0A3390537BD6909FE963CFC9F1D99941A10B0DE5FA18EB04ADC7AFFD62D1252F4A63AD7ACF5C5CDD31DD7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....\|/.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ILYF.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VLYN.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VLYN.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VLYN............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VLYO............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Oct 12 22:18:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.005095650595658
Encrypted:	false
SSDEEP:
MD5:	99F97A762B65AB5FEB0B2BF4F05AE91A
SHA1:	A81BED52ADF3B48AA27E7812CE25A08042ADEA94
SHA-256:	2B999815D0EFCFA5790210210D04F0AABFC50B7A415142807890E221B8AE2001
SHA-512:	A3A6F33EEA40EDA35B2F9B36D912FAD7C53BA913C165EB024F1F27B998C18CCA011C1231BB81ADD91256B9B088E3B66C3E25448426F857F6DB4FE7ACA1BDB846
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....$!.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ILYF.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VLYN.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VLYN.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VLYN............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VLYO............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.011934943975504
Encrypted:	false
SSDEEP:
MD5:	A4461E0DB500C40BAF4ADDD73FA4DA9B
SHA1:	1DB147E94369EAE74F7C27699E84E51CF5419163
SHA-256:	E111054B2E49176943EE430A8F987D0946A7509F27ABF86DB0875D40169F51EB
SHA-512:	79B2660D43AC2AA223390FEFD43A86DB06F56A859324E53814092B41BA5484800BD2413EC1B2C4F5EA7286C67EFCB379DBDC213F341DD89AC4335B9273F76FCA
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ILYF.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VLYN.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VLYN.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VLYN............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Oct 12 22:18:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.003438605599734
Encrypted:	false
SSDEEP:
MD5:	BB196C65498DDE6FF136202CA1169D6D
SHA1:	D7315357D0FF791C321EAA2F5B63E14C952645A1
SHA-256:	78C39DE7BCC51AC916E30C9A5A5F64D28C9F3DE1E235AD2F93C2143471077E9B
SHA-512:	0D0BA1A984A80A8E0381D86272997D76C292BA70598F49CBCD196A9F6FEC30EB27EC778C832C54CA799B35927E09068AE04514BB4C28DDE5BBC52A7A145F8BDF
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ILYF.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VLYN.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VLYN.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VLYN............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VLYO............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Oct 12 22:18:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.992375680936797
Encrypted:	false
SSDEEP:
MD5:	30F3CB565064E7CCAEEE3E5EFD98B521
SHA1:	EC159A8CACA8C987B12F36EE987F6F15B0D6AEC9
SHA-256:	A4A58498336D6694B61783855DC7F394A87021D2C74E90098BD492E3C377FF77
SHA-512:	ABB524A0CDA513F62DDB4B7876AE9D2A24DBCCB54117913195926CCD9951C81EA70BA79120FB21FECFB0115F35ECE595CD115BF4A9B6751D38080F1B5CD5F764
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....Z.'.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ILYF.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VLYN.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VLYN.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VLYN............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VLYO............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Oct 12 22:18:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9983472828835205
Encrypted:	false
SSDEEP:
MD5:	59D57A89758521CCC733AC4BEB8E0520
SHA1:	EAF951FBF9908771F972F781DA16D3B98A588F75
SHA-256:	52142B029DF32A3E79CE18F3F77C786646F79B56C6FEFA3F6E1B5F26C4BCDBE8
SHA-512:	CDB14BAE7A38158962D8767CFA75AEA6ABA5C03A5F00505B3E8A421EEC0216F78AA75B04F80AC6ECCD8AACCE9AA1D4273543E69F53A227B668F31F309AB62F3A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....h.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ILYF.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VLYN.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VLYN.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VLYN............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VLYO............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1146
Entropy (8bit):	4.7267241888774985
Encrypted:	false
SSDEEP:
MD5:	B6B20ECA05E09FDE02DD863F13E28224
SHA1:	E792A54BC62AF7353DDF84919E00FB19D0E8F952
SHA-256:	0EF42F8DEF3CC8772D41B435E8C71C90A717D2B72766C0AAABFD8E30F1333EC1
SHA-512:	AB77EDD50BF5EA4E4D06CCBBFDE9FAE54445BACFC6C282BC44C1910CA725777D1D9AF22E047968BBC0B2D3625C35965CD1EB14935A10B10BA0F1F97BE504E2F7
Malicious:	false
Reputation:	unknown
Preview:	{"allowedDomains":[],"buttonStyle":"greeting","color":"#34af80","color2":null,"colorGradient":true,"consentModeEnabled":false,"customBrandingEnabled":false,"customBrandingLink":"","customBrandingText":"","emailControl":true,"features":{"api":true,"customize":true,"ga":false,"groups":true,"rating":true,"whiteLabel":false},"googleAnalyticsEnabled":false,"googleAnalyticsManual":false,"googleAnalyticsMeasurementIds":[],"groupSelectEnabled":false,"hideOfflineChat":false,"hideWidget":false,"host":"websocket-visitors.smartsupp.com","internalAnalyticsEnabled":false,"isBlocked":false,"lang":"en","mobilePopupsEnabled":true,"nameControl":false,"numberControl":false,"openOnTrigger":false,"orientation":"right","packageName":"trial","popupTextareaEnabled":false,"privacyNoticeCheckRequired":false,"privacyNoticeEnabled":false,"privacyNoticeUrl":"","ratingEnabled":true,"requireLogin":false,"translates":{},"urlCardsEnabled":true,"widgetVersion":3,"hasInternalApi":false,"config":{},"browserLang":"en","wi

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	6080
Entropy (8bit):	4.88485069213612
Encrypted:	false
SSDEEP:
MD5:	61C26B1DEB17ECEC2491046BE587BC58
SHA1:	9E7DF505BF21CD1A9462395EF3F930CBB985B5DE
SHA-256:	B2613395561B3B74F58EA58345C7F298F8FDAB3C2BFF2C640D680106EE52C42C
SHA-512:	775234DCBE840743EE0133991D8E333F963BDCFBF19763B78DAC3B2589F4B601D97CF3F5B8DF936D8DEB986A3C1A6C9ED08954844F5ED97D6E6A4EEB3556AA9B
Malicious:	false
Reputation:	unknown
URL:	https://translations.smartsuppcdn.com/api/v1/widget/translations/lang/en/defaults
Preview:	{"topBar.turnOffSounds":"Turn off sounds","topBar.turnOnSounds":"Turn on sounds","statusBar.offlineText":"Happy to answer you later","statusBar.onlineText":"We reply immediately","authForm.yourName":"Your name","rating.wasItHelpful":"How would you rate our support?","agentTransfer.joined":"joined the chat","agentTransfer.left":"left","agentTransfer.redirected":"is your new agent","timeago.rightNow":"right now","timeago.seconds":"in %s seconds","timeago.justNow":"just now","timeago.XSecondsAgo":"%s seconds ago","timeago.oneMinuteAgo":"1 minute ago","timeago.XMinutesAgo":"%s minutes ago","timeago.oneHourAgo":"1 hour ago","timeago.XHoursAgo":"%s hours ago","timeago.oneDayAgo":"1 day ago","timeago.XDaysAgo":"'%s days ago","timeago.oneWeekAgo":"1 week ago","timeago.XWeeksAgo":"%s weeks ago","timeago.oneMonthAgo":"1 month ago","timeago.XMonthsAgo":"%s months ago","timeago.oneYearAgo":"1 year ago","timeago.XYearsAgo":"%s years ago","topBar.emailTranscript":"Send email transcript","topBar.gdpr

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32239)
Category:	downloaded
Size (bytes):	32240
Entropy (8bit):	5.07312818889674
Encrypted:	false
SSDEEP:
MD5:	74933ECF026F6C2353521D0F8253805D
SHA1:	50C738BFCE09380A65553EB246A39B651FA0A35E
SHA-256:	C013669D16F3438247C82591C3A7E6189B5DF4FBC1330EBFD1A602D43FCD1351
SHA-512:	ECBA0B8389651A05F0C5A5544570B7426C54C85F649DAEB1E7C6BD6FB111C983F43C3CCF06B184EBAAD11991D61602AA297546D08B42EF1663EA02C07BB91704
Malicious:	false
Reputation:	unknown
URL:	https://widget-v3.smartsuppcdn.com/assets/style-C4qlA8RK.css
Preview:	*,:before,:after{box-sizing:border-box;border-width:0;border-style:solid;border-color:var(--un-default-border-color, #e5e7eb)}:before,:after{--un-content: ""}html,:host{line-height:1.5;-webkit-text-size-adjust:100%;-moz-tab-size:4;tab-size:4;font-family:ui-sans-serif,system-ui,sans-serif,"Apple Color Emoji","Segoe UI Emoji",Segoe UI Symbol,"Noto Color Emoji";font-feature-settings:normal;font-variation-settings:normal;-webkit-tap-highlight-color:transparent}body{margin:0;line-height:inherit}hr{height:0;color:inherit;border-top-width:1px}abbr:where([title]){text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,samp,pre{font-family:ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace;font-feature-settings:normal;font-variation-settings:normal;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33104)
Category:	dropped
Size (bytes):	259799
Entropy (8bit):	5.4900834838786325
Encrypted:	false
SSDEEP:
MD5:	E8D13DE7AD743E4DF59CA29D8ADB58B2
SHA1:	E20C628496872638870761D977EC5C0A0CF586F6
SHA-256:	B8BA9D2EE885BC6CCC44CBD30E36D8B087494A9FFCE3CB16F2B82D5C2D8C1E00
SHA-512:	0B480E65FF5208E7FAF0799E7D4604D25B235C819DCD2942472EB1D3B845824CC9D6ECD7B17FE022C36C235730798E445DC31E88CF243D46D55703FD8E780B58
Malicious:	false
Reputation:	unknown
Preview:	const __vite__fileDeps=[window.parent.smartsupp.getAssetUrl("assets/WidgetMessenger-BJcRpX3s.js"),window.parent.smartsupp.getAssetUrl("assets/WidgetMessengerInput-ColO5IPK.js"),window.parent.smartsupp.getAssetUrl("assets/WidgetPopup-hhbUULJX.js")],__vite__mapDeps=i=>i.map(i=>__vite__fileDeps[i]);.var fu=Object.defineProperty;var du=(e,t,n)=>t in e?fu(e,t,{enumerable:!0,configurable:!0,writable:!0,value:n}):e[t]=n;var et=(e,t,n)=>(du(e,typeof t!="symbol"?t+"":t,n),n);function W(){}const pr=e=>e;function Ct(e,t){for(const n in t)e[n]=t[n];return e}function Uo(e){return e()}function Li(){return Object.create(null)}function qe(e){e.forEach(Uo)}function ht(e){return typeof e=="function"}function Y(e,t){return e!=e?t==t:e!==t\|\|e&&typeof e=="object"\|\|typeof e=="function"}let Tn;function Xn(e,t){return e===t?!0:(Tn\|\|(Tn=document.createElement("a")),Tn.href=t,e===Tn.href)}function hu(e){return Object.keys(e).length===0}function Rs(e,...t){if(e==null){for(const r of t)r(void 0);return W}const n=

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17340)
Category:	dropped
Size (bytes):	17413
Entropy (8bit):	5.172902817057067
Encrypted:	false
SSDEEP:
MD5:	20BD039804DCEB618B76EA9C7FF988FA
SHA1:	8EF7D38B2B1B537DEBC18AE6C3ADAF7D63C9D2E0
SHA-256:	94C24B0DF45989AD3E0726DC61EFC2671235A109B00DF4F282372C7F1A39D099
SHA-512:	AF3845285C93FE3D568E9943779B85DE0FBED9734124464A7BE8BF2AB4FA1E54FDBF18B344446D6C151F77D6330492F6304956B3BE6E913DFA7325191F3E8AC4
Malicious:	false
Reputation:	unknown
Preview:	/! For license information please see loader.template.js.LICENSE.txt /.(()=>{var t={228:t=>{t.exports=function(){var t=!1;-1!==navigator.appVersion.indexOf("MSIE 10")&&(t=!0);var e,n=[],r="object"==typeof document&&document,o=t?r.documentElement.doScroll("left"):r.documentElement.doScroll,i="DOMContentLoaded",s=r&&(o?/^loaded\|^c/:/^loaded\|^i\|^c/).test(r.readyState);return!s&&r&&r.addEventListener(i,e=function(){for(r.removeEventListener(i,e),s=1;e=n.shift();)e()}),function(t){s?setTimeout(t,0):n.push(t)}}()},412:(t,e,n)=>{"use strict";n.r(e);const r=function(t){var e=this.constructor;return this.then((function(n){return e.resolve(t()).then((function(){return n}))}),(function(n){return e.resolve(t()).then((function(){return e.reject(n)}))}))},o=function(t){return new this((function(e,n){if(!t\|\|void 0===t.length)return n(new TypeError(typeof t+" "+t+" is not iterable(cannot read property Symbol(Symbol.iterator))"));var r=Array.prototype.slice.call(t);if(0===r.length)return e([]);var o=

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	967
Entropy (8bit):	4.764750180250335
Encrypted:	false
SSDEEP:
MD5:	BEFD8A398792E305B7FFD4A176B5B585
SHA1:	9E667BF3CA36885674A0410D0A4C5EB9CFE513C4
SHA-256:	E70B03EEC37D9C4BA1BCDAC4AF99A47E0281860C88F015C2902E0B0949445B27
SHA-512:	4052B10BE6044DF1E7C8FF2D5A11A9BA9059171BCFECD1B7CDA57ED5C489377F36A652B3FB4939F32087C322C09DD8594DEEA97D4A1E71390105C114E4BF4924
Malicious:	false
Reputation:	unknown
URL:	https://wordpress-44086035828.devrimsdemo.com/contact/assets/css/Navbar-With-Button-icons.css
Preview:	.bs-icon {. --bs-icon-size: .75rem;. display: flex;. flex-shrink: 0;. justify-content: center;. align-items: center;. font-size: var(--bs-icon-size);. width: calc(var(--bs-icon-size) * 2);. height: calc(var(--bs-icon-size) * 2);. color: var(--bs-primary);.}...bs-icon-xs {. --bs-icon-size: 1rem;. width: calc(var(--bs-icon-size) * 1.5);. height: calc(var(--bs-icon-size) * 1.5);.}...bs-icon-sm {. --bs-icon-size: 1rem;.}...bs-icon-md {. --bs-icon-size: 1.5rem;.}...bs-icon-lg {. --bs-icon-size: 2rem;.}...bs-icon-xl {. --bs-icon-size: 2.5rem;.}...bs-icon.bs-icon-primary {. color: var(--bs-white);. background: var(--bs-primary);.}...bs-icon.bs-icon-primary-light {. color: var(--bs-primary);. background: rgba(var(--bs-primary-rgb), .2);.}...bs-icon.bs-icon-semi-white {. color: var(--bs-primary);. background: rgba(255, 255, 255, .5);.}...bs-icon.bs-icon-rounded {. border-radius: .5rem;.}...bs-icon.bs-icon-circle {. border-radius: 50%;.}..

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	dropped
Size (bytes):	5908
Entropy (8bit):	7.929217419138256
Encrypted:	false
SSDEEP:
MD5:	2EC2C757C514EAC6CEF786AA7377AE3A
SHA1:	72D65EFF7FAE41AD9FAF55D257F363A7C4247B58
SHA-256:	C00EF5DCE3988872B0476D75B77E7E54CD965D4E5A5025A3609E4F37068E03F7
SHA-512:	810CD3506E0C971912D52212CC8DB444AE146B9CB723AA7DBD7CA98A944EF9C237B0D535F3778115BD77CDB750EB96142226F44F839DE175FDF01C782E75A59C
Malicious:	false
Reputation:	unknown
Preview:	RIFF....WEBPVP8X...........L..ALPH........."...=g5.q'8A..ww/.^.FI.w.......-.P..wo.$...I ..3.z.x..k2......@..{..jE.....m.l..IgT..Z.rTg....#.'.\....}DH....8...].j.w...s..F........../i............{...9..'...A... ?\..t+.m&..j...P...7.e.U.~...........[.-g.r..._..4...`..I.m...bp.!C.....+.n..h...~...5xv......b:..r:.9.....-.....dy.=u.....j...G.B..`..s...N1X...H.Rn........,...[...D....w..Jm....9m.a......].1[T.AO.......I..m....>).....#F.ybX.$...i..f.S....4.c...>.n...Jl.[T.HNI.U.u.=.7.H..F.Qa...#..Fo.N>.?3"L+..U.wu...O[....s...z...........z+I.......<~...m..3..G.W.:t1++..m+g6..yh..g.DB&.\..K$...;..y..MG....s..C.....q<.r.@".........jZ.5?\...6...3..s..'.m..~.b..WU..U.BRO\.(.*sso...^Y..f....K!..).@..N.....tY...X....'..h.......1.....j...z.....A.l......Q..1...:.'...>+...!....U.a$.........n.e.....;.'C.._\7.)..^.......SW.DoN....(O.}].B.}....{....m..I...1...\|.-.tU..aV.............d...e......k%,.W ....`h..(...f..>R.~'....u....q9sv..).s.w.......p5..l.

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65299)
Category:	dropped
Size (bytes):	80673
Entropy (8bit):	5.204715189396395
Encrypted:	false
SSDEEP:
MD5:	90C4B26D3DF2873954E05029AFCA8793
SHA1:	1369E33B050A4D7D37B00FCAB8168CCD26485656
SHA-256:	073254AFBFC06331B8B548B7FC0532B4FFE2CFDD588368DCC338E7ABD50810E1
SHA-512:	8A7DAB70EA4B4DD27BFE9C39AA31782D61C546D828043C570B2E3D1F860639C55D1A23DA42E70621B3AAC6DD49BE6A6F3A9AB727F0BB5536B41658A86A407681
Malicious:	false
Reputation:	unknown
Preview:	/!. Bootstrap v5.3.3 (https://getbootstrap.com/). * Copyright 2011-2024 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).bootstrap=e()}(this,(function(){"use strict";const t=new Map,e={set(e,i,n){t.has(e)\|\|t.set(e,new Map);const s=t.get(e);s.has(i)\|\|0===s.size?s.set(i,n):console.error(`Bootstrap doesn't allow more than one instance per element. Bound instance: ${Array.from(s.keys())[0]}.`)},get:(e,i)=>t.has(e)&&t.get(e).get(i)\|\|null,remove(e,i){if(!t.has(e))return;const n=t.get(e);n.delete(i),0===n.size&&t.delete(e)}},i="transitionend",n=t=>(t&&window.CSS&&window.CSS.escape&&(t=t.replace(/#([^\s"#']+)/g,((t,e)=>`#${CSS.escape(e)}`))),t),s=t=>{t.dispatchEvent(new Event(i))},o=t=>!(!t\|\|"o

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65342)
Category:	downloaded
Size (bytes):	232758
Entropy (8bit):	4.975935291155516
Encrypted:	false
SSDEEP:
MD5:	22FD4EEF025C7994ECC38A46F2D3D6A4
SHA1:	D60A3A89156225D8F1B27CCEC6460D97839A3CD2
SHA-256:	26DB49828D6701FCFCE37A96DA6EC3F0ED481ABAE49C8C9969A575B064413CAD
SHA-512:	648BAE05D3CCBC71CEFD65D2460B59DFB2842C21395B3E9BFC2B8748ED74C67EECEDFAB23ACD697D3B2144410A6CED4F16DABEAD7935A13CDE5A3D8F64F284DD
Malicious:	false
Reputation:	unknown
URL:	https://wordpress-44086035828.devrimsdemo.com/contact/assets/bootstrap/css/bootstrap.min.css
Preview:	@charset "UTF-8";/!. Bootstrap v5.3.3 (https://getbootstrap.com/). * Copyright 2011-2024 The Bootstrap Authors. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */:root,[data-bs-theme=light]{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-black:#000;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-gray-100:#f8f9fa;--bs-gray-200:#e9ecef;--bs-gray-300:#dee2e6;--bs-gray-400:#ced4da;--bs-gray-500:#adb5bd;--bs-gray-600:#6c757d;--bs-gray-700:#495057;--bs-gray-800:#343a40;--bs-gray-900:#212529;--bs-primary:#0d6efd;--bs-secondary:#6c757d;--bs-success:#198754;--bs-info:#0dcaf0;--bs-warning:#ffc107;--bs-danger:#dc3545;--bs-light:#f8f9fa;--bs-dark:#212529;--bs-primary-rgb:13,110,253;--bs-secondary-rgb:108,117,125;--bs-success-rgb:25,135,84;--bs-info-rgb:13,202,240;--bs-warning-rgb:255,193,7;--bs-danger-rgb:220,

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	1499
Entropy (8bit):	4.81646299800857
Encrypted:	false
SSDEEP:
MD5:	88FF695C2BE07E759D464ECCEBB7FA15
SHA1:	DB4EE7389DFFBF5340FFF892446455E4D7C5571C
SHA-256:	891A5F2142DF39FADE48DAB51204B5CC5BB5DE382FC2E578D809D368E547669D
SHA-512:	C6807FAEBF255D5F682D2A2109BF626AC0F88C9D31E2EDF83C81346BFE3E22B1A84A8DA4C18213258FFFCDD122468CE4BC9D2BC298A88C629823E82F288372B9
Malicious:	false
Reputation:	unknown
URL:	https://widget-v3.smartsuppcdn.com/manifest.json
Preview:	{. "_WidgetMessengerInput-ColO5IPK.js": {. "file": "assets/WidgetMessengerInput-ColO5IPK.js",. "name": "WidgetMessengerInput",. "imports": [. "src/main.ts". ],. "dynamicImports": [. "node_modules/.pnpm/emoji-mart@5.6.0/node_modules/emoji-mart/dist/module.js". ]. },. "node_modules/.pnpm/emoji-mart@5.6.0/node_modules/emoji-mart/dist/module.js": {. "file": "assets/module-BvCTiNll.js",. "name": "module",. "src": "node_modules/.pnpm/emoji-mart@5.6.0/node_modules/emoji-mart/dist/module.js",. "isDynamicEntry": true. },. "src/frames/messenger/WidgetMessenger.svelte": {. "file": "assets/WidgetMessenger-BJcRpX3s.js",. "name": "WidgetMessenger",. "src": "src/frames/messenger/WidgetMessenger.svelte",. "isDynamicEntry": true,. "imports": [. "src/main.ts",. "_WidgetMessengerInput-ColO5IPK.js". ]. },. "src/frames/popup/WidgetPopup.svelte": {. "file": "assets/WidgetPopup-hhbUULJX.js",. "name": "WidgetPopup",. "src": "s

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (16428)
Category:	dropped
Size (bytes):	52791
Entropy (8bit):	5.205202608123328
Encrypted:	false
SSDEEP:
MD5:	67BC6C7E48A1CF6CBAB6BF2FE7376D96
SHA1:	84A7A0ED6AEA50279AC0E431D38A3C6182AA8D9E
SHA-256:	13D95A76706655DCA5B1C65C13C58ED804702D24D2030255AC66CC69F8779A93
SHA-512:	6E73FBF608BEF7355BEF04BD3E4C632E03615B25C24460D9852A4B77CBDF2864FF20CEF5007BAB3ECF8314CC578F20B8BD0B19A746DF2C88FBA2B4A59FE6515E
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>.<html lang="en-US">.<head>..<meta charset="UTF-8" />..<meta name="viewport" content="width=device-width, initial-scale=1" />.<meta name='robots' content='max-image-preview:large' />.<title>stefan karmilo</title>.<link rel="alternate" type="application/rss+xml" title="stefan karmilo » Feed" href="https://wordpress-44086035828.devrimsdemo.com/?feed=rss2" />.<link rel="alternate" type="application/rss+xml" title="stefan karmilo » Comments Feed" href="https://wordpress-44086035828.devrimsdemo.com/?feed=comments-rss2" />.<script>.window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/wordpress-44086035828.devrimsdemo.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.6.2"}};./! This file is auto-generated /.!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).va

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	27860
Entropy (8bit):	7.975418428227448
Encrypted:	false
SSDEEP:
MD5:	2A8F10FB5AA211785C5C9FF20BAAC551
SHA1:	3E56C05003BAA332F5FF80C865BF2ACAD40A4A62
SHA-256:	4625804D779791ACE6DA8A0E4766E337E095A11DD2687781BA0729A226FC5505
SHA-512:	2AB8CA75526AB2F98AF13DDA8B33D897190BD3C6C3262EE870DA3F44AB96C3BED1FB3A43AA926ABC372FC709C4C583E7F5F7E98342B2C459BDA454CA233BA7C8
Malicious:	false
Reputation:	unknown
URL:	https://wordpress-44086035828.devrimsdemo.com/contact/assets/img/contact-image-01.webp
Preview:	RIFF.l..WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPHo....$"m.......dO.BZ..q.e.".W.U.DE0..;....!.. 2.d.Ta.a..A5..y...4.1.@....""1Qc.B....X....\.4...pGc...Z...3....v.O:+.-.].Os1.....m...lA,..'.. ..].............M.....,S\|.e.r....+....5..c.[.M9..8._ .1.cl~.r./.p./..}.[....ad...g.C.#..9.....S..\c.....g...l[}....{....Jz.S...4.R..x...;.X....OC..nU.".FMD..X&.r..@E...."o....q....V',.....F\2.F.X.Q.H.....>..>b......._.........................................................................................................................

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (312)
Category:	downloaded
Size (bytes):	3972
Entropy (8bit):	5.0141928420013375
Encrypted:	false
SSDEEP:
MD5:	8BE2EE8694BFDA2BAEAAA868C2698A46
SHA1:	9D2B0ECF55D24BEB74F1751484D29D98896529ED
SHA-256:	85EB2B27686AD51EBECC69543ABEEEFBCEDAB9674CAD1DCC2CBE6E8F0BB247F9
SHA-512:	BA83B330DFE7AD8538FE8218D077CC62E927B850E87E636ED2CA6B56B70E8240ECE1F107D26464F538FE7D924E24FD419640479D0D9DA80C26C74C7BFC91CC16
Malicious:	false
Reputation:	unknown
URL:	https://wordpress-44086035828.devrimsdemo.com/contact/?redirection=details
Preview:	<!DOCTYPE html>.<html data-bs-theme="light" lang="en">..<head>. Smartsupp Live Chat script -->.<script type="text/javascript">.var _smartsupp = _smartsupp \|\| {};._smartsupp.key = 'fe7c528ca530527de1c72eddc1ebe131ab392044';.window.smartsupp\|\|(function(d) {. var s,c,o=smartsupp=function(){ o._.push(arguments)};o._=[];. s=d.getElementsByTagName('script')[0];c=d.createElement('script');. c.type='text/javascript';c.charset='utf-8';c.async=true;. c.src='https://www.smartsuppchat.com/loader.js?';s.parentNode.insertBefore(c,s);.})(document);.</script>.<noscript> Powered by <a href=.https://www.smartsupp.com. target=._blank.>Smartsupp</a></noscript>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">. <title>Freshworks</title>. <link rel="stylesheet" href="assets/bootstrap/css/bootstrap.min.css">. <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto&display=swap">. <link re

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2316
Entropy (8bit):	5.410758028411293
Encrypted:	false
SSDEEP:
MD5:	545813869D7D7C5DA8886100CD024182
SHA1:	69B11FCBC3316FBA7B04A7DA7958C7046B241371
SHA-256:	EC34B6213AC38D00A879E30FE141B37C9BA2EA49C7C9EFBD7A35E8FDDFCEE2EE
SHA-512:	498362E36B3A251AEDE0C3F92695F4DD38F8A9316984603180DA4B408AD8B0337D264D9D1F6037476C55F35B3764BFA321CDFEAC2A1AA7CA34FB7AEA12888E6C
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css?family=Roboto&display=swap
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 18536, version 1.0
Category:	downloaded
Size (bytes):	18536
Entropy (8bit):	7.986571198050597
Encrypted:	false
SSDEEP:
MD5:	8EFF0B8045FD1959E117F85654AE7770
SHA1:	227FEE13CEB7C410B5C0BB8000258B6643CB6255
SHA-256:	89978E658E840B927DDDB5CB3A835C7D8526ECE79933BD9F3096B301FE1A8571
SHA-512:	2E4FB65CAAB06F02E341E9BA4FB217D682338881DABA3518A0DF8DF724E0496E1AF613DB8E2F65B42B9E82703BA58916B5F5ABB68C807C78A88577030A6C2058
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......Hh..........H..............................Z..\|.`..J.T..<.....H..U..Z...x.6.$..0. ..t. ..I....p.0.VU.......1....AQ...d..x.....R..4.-.c..C$fUc.c..IX..@..~g.xs.....%...O...eJ.w..U.\|.......%..{.......U+..T#.S......`.n.....V.w.4..~P"..zk.%..../........=3...F.........V.FL..;Bc.........A.Uk.U1.b!Y.BH.DL...s.s...F.m.9a..GJ..1..#.`m5..DI..X5#.........B.Akm.....&..0...{.L.....G......-(.......O4.@3....=......f..l...$.....j..NO...e.Y.tJ2J>F.(.c....08..e...~....D2S7s:.G'Gm........!.7.........r.c.`,.....~.).......c>1.......Y.g2^...T-1.7./r./....>...g.ov@u.?.U.+._...'M..,.,g....!g..9."..yBF.#r+.Ps...%.d=....U...5.b.$:`.4R.II.<A....Q)....e...k.....M.8.z....+.....5}..F........F.d._...].~-](.Lf....Y..W....;-z...;. .@x._v../.%UIm....=s...P.C....G...^..Q.!g.!b._.P....at..?.}....t.z...O(..Y6..R.2.X....k.R..K.gw(.F.K?m..R...7....dj..7. .r.U..be.4......8.].w.B..B......Y..:..8.N..U...NEm...\.^q..f}.......{..6.". ...y-.Y...N.+.M E..`......R.$T

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://turbocards.com//wp-content/ledt/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 74

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 97

Static File Info

Windows Analysis Report
https://turbocards.com//wp-content/ledt/