Try VMRay Platform
Malicious
Classifications

Spyware Injector Downloader

Threat Names

FormBook Mal/Generic-S Mal/HTMLGen-A C2/Suppobox-A +2

Dynamic Analysis Report

Created on 2021-09-28T09:56:00

PO.doc.rtf

RTF Document
...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "4 hours, 22 seconds" to "6 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Remarks

(0x0200004A): 24 dumps were skipped because they exceeded the maximum dump size of 7 MB. The largest one was 9 MB.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\PO.doc.rtf Sample File RTF
malicious
...
»
MIME Type text/rtf
File Size 19.20 KB
MD5 601260b52c23f2be80998a22b2fc77dd Copy to Clipboard
SHA1 e4fd634040abd4f6b58aa7efe8fb59f7e64a395f Copy to Clipboard
SHA256 2dfd64c86cfb81ed8a280b74e6e7b244a8a98d3788c8c552266ddd5327e4f055 Copy to Clipboard
SSDeep 384:Ac8lCXedYICEJZv+c3zvYcK1CJ+8sgl+0nmhWnPo9lMVEdVACzl9Q2qmNj7aJ52E:AvcXe2ILvZ3tKtbvWbV1MQfEE Copy to Clipboard
ImpHash -
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Verdict
malicious
Names Mal/Generic-S
AV Matches (1)
»
Threat Name Verdict
Exploit.RTF-ObfsObjDat.Gen
malicious
Office Information
»
Document Content Snippet
» 
%[4&6)3?41/;?--4]?>?_8`?`*7$?/°7[=[=°/§4%9~~'47*1,~:0'|?][0-µ?'2??*)?0`9=%^'|_°~[|]_?@???*]`@14`#]*+=!3?µ4?(|,??70?<^6%µ%%725`4|9/<9:?&;|+'?<)4'°~]@%[,)+|?65>?7!0](;>#(=^|&?2$61(=6;9^?!9:.=%06#?#;|<?.?2|/;?81#'%<,|~§µ3]:?]`^*|&>_µ6*`|(/[6]?°0(µ51~=-°_[%<0?-!6%-)??&3+@%-,°;^?=]2'101=>1§?%/;`-41_?:?3^/^)>2>1=3](^'=.;1-?%;3,#<1/#/)<86.8_,`8&9%--.61]`?9@?°(?.;[$-$%?~('?=%]_*<@?=)??@-$[§µ'_!7.§.72*%??3?|0,/$3@8`7~#,[#?:%/%§?*=1_§§(%820-5>?~&!?2_@0!1[[$,;+°24)]§|1!]20?>/1$^([~(;:)&µ?.7#,49?,86?0?6.0|`-^5]?*0.@3§*'°?-<°.6<??9|5#36?)*.5!?µ![08(3?=?*(?:']%~-'=,5)3,].9?[3]>@*_9<].[.`?10-@2`[22?|5??*4~?-66[5&~8µ&°<(.?<$2<:;;=(3999=?>&?2*??%!->?%~.?>_5++62#4^!0')8<>3/_/??.?µ<%/&~+<:@9?)385`?4)@`(67$-%0))+;?µ3~|0>';-%~3µ:;|)%7*?%`[=1;1,]?°>1?°?].?^~%'326?>8.'>3?]9/?66!-^$!=* ...
C:\Users\kEecfMwgj\AppData\Roaming\ibeframnk863.exe Downloaded File Binary
malicious
...
»
Also Known As c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\ibefrankszx[1].exe (Downloaded File)
c:\users\keecfmwgj\appdata\local\temp\gjptlgbx0\regsvc1bg8pj9.exe (Downloaded File)
Parent File analysis.pcap
MIME Type application/vnd.microsoft.portable-executable
File Size 610.00 KB
MD5 ce20bd8f40f78da603dd17d756745b0a Copy to Clipboard
SHA1 2538f96fad951489cd9bb84f9b76b107ea70eaa5 Copy to Clipboard
SHA256 680993e1220c8d918f192ae23c5c01b6357c58ad68b7cc59fa122c09b7b85cdd Copy to Clipboard
SSDeep 12288:kzqzgNi+hBr7IUAYpHOSpUeR7/UbuxaWsbkUb+3tkvfY:kvNi+hBr8UAGFBVUbuoWsbkUmgfY Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x499786
Size Of Code 0x97c00
Size Of Initialized Data 0xa00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2021-09-28 02:59:59+00:00
Version Information (11)
»
Comments -
CompanyName Highland Appliance
FileDescription Castle Extensibility
FileVersion 4.0.0.0
InternalName SecurityContextSour.exe
LegalCopyright Highland Appliance © 2021
LegalTrademarks Capricorn
OriginalFilename SecurityContextSour.exe
ProductName Castle Extensibility
ProductVersion 4.0.0.0
Assembly Version 4.5.0.4
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x97b94 0x97c00 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.15
.rsrc 0x49a000 0x64c 0x800 0x97e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.53
.reloc 0x49c000 0xc 0x200 0x98600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x402000 0x9975c 0x9795c 0x0
c:\users\keecfmwgj\appdata\roaming\microsoft\windows\ietldcache\index.dat Modified File Stream
clean
...
»
MIME Type application/octet-stream
File Size 256.00 KB
MD5 54e4a29736de29ffb6be2338168ff79c Copy to Clipboard
SHA1 7cfae7e47d10bbfd9a4431b65ec0ca90b4940fd5 Copy to Clipboard
SHA256 3c7d38aff2dd9e697cd3cc6c0a5d338ff2d0bdb948fb469cd21c76d8c36e53ee Copy to Clipboard
SSDeep 384:p8JEJHNKTPA5ytRaGg1geH6UkLkW5w+oWvucCwvfoJobuWXKbkwnII5pwjIuuQKo:pTHvTNsJdjFQKb/wWcaqvngyfMwL+ Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\iconcache.db Modified File Stream
clean
...
»
MIME Type application/octet-stream
File Size 1.12 MB
MD5 79fc65c33ad2c21332f0813d8ac603a3 Copy to Clipboard
SHA1 999d9ca2b64d4031d562332a03bf5c466b995790 Copy to Clipboard
SHA256 6fb1ac3ef510d537e7b124b3b70a495df1b6222f9bb0598c62fdee6eb767b3c3 Copy to Clipboard
SSDeep 6144:BITBnAmpRBNYiAIRcxTpGp/ZMiUtlwvLCF/+aMBJc5:MBn7RYis3DwZw Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\temp\~dfb224b77c6ce17a99.tmp Dropped File Unknown
clean
...
  • Actions
»
MIME Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\roaming\0-m2cu8w\0-mlogri.ini Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 40 Bytes
MD5 d63a82e5d81e02e399090af26db0b9cb Copy to Clipboard
SHA1 91d0014c8f54743bba141fd60c9d963f869d76c9 Copy to Clipboard
SHA256 eaece2eba6310253249603033c744dd5914089b0bb26bde6685ec9813611baae Copy to Clipboard
SSDeep 3:+slXllAGQJhIl:dlIGQPY Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\roaming\0-m2cu8w\0-mlogrv.ini Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 40 Bytes
MD5 ba3b6bc807d4f76794c4b81b09bb9ba5 Copy to Clipboard
SHA1 24cb89501f0212ff3095ecc0aba97dd563718fb1 Copy to Clipboard
SHA256 6eebf968962745b2e9de2ca969af7c424916d4e3fe3cc0bb9b3d414abfce9507 Copy to Clipboard
SSDeep 3:AJlbeGQJhIl:tGQPY Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\roaming\0-m2cu8w\0-mlogim.jpeg Dropped File Image
clean
...
»
MIME Type image/jpeg
File Size 174.54 KB
MD5 499c9a17cc40e5859566df26246cf98b Copy to Clipboard
SHA1 b6969c444465eabad57d97af99659e4fcf6c9da6 Copy to Clipboard
SHA256 1b9b2f357ce2196d9cb4f804938ef8b10d224c04623b80e5cb17c4d28671d808 Copy to Clipboard
SSDeep 3072:IC0bj5a/bwp/pMa2riTps5Sfalq23kabtghRYq1rDaWepEZ7vMG+U:Iv60x4ilqHEkg/t1rOWeCZ4lU Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\microsoft\windows\caches\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db Dropped File Unknown
clean
...
»
MIME Type application/x-dbt
File Size 102.41 KB
MD5 5fc9559fb2156d07f828128f60320f77 Copy to Clipboard
SHA1 a91d4126819fd65de9bab98ee30fa6fcf1aa75d8 Copy to Clipboard
SHA256 00291ff66de0fe346271ea2ca8d55122323bf1fa2e4d17f3f6a77b4707d9cdb7 Copy to Clipboard
SSDeep 96:Nrsi0ef8JYw8m05BgO+y00MUd02DyCluyx74o0SkroxWvIkj:NWuW+Jz+DL5 Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\microsoft\internet explorer\recovery\active\recoverystore.{46ef7cd2-1c59-11ec-8a71-c89f1db658e4}.dat Dropped File OLE Compound
clean
...
»
MIME Type application/CDFV2
File Size 3.50 KB
MD5 99ce24a751a66cbedae04d0240fd2eb3 Copy to Clipboard
SHA1 ba09187fe31755cc8a9198868a0093795078bf1f Copy to Clipboard
SHA256 b2645634606e32ebe36dd486da84f85e94dfa16ec79f71a10756922e68d2ebab Copy to Clipboard
SSDeep 12:rl0YmGF2irEg5+IaCrI017+FaN/EDrEgmf+IaCy8qgQNlTqnTaP:rIi5/5VQGv/TQNlWnTaP Copy to Clipboard
ImpHash -
CFB Streams (3)
»
Name ID Size Actions
Root\KjjaqfajN2c0uzgv1l4qy5nfWe 1 168 Bytes
...
Root\FrameList 2 12 Bytes
...
Root\TS0 3 16 Bytes
...
c:\users\keecfmwgj\appdata\roaming\0-m2cu8w\0-mlogrc.ini Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 1.73 KB
MD5 0cf8a2ce499517ce4f0083fe1a157696 Copy to Clipboard
SHA1 18c889341035d7cec73753ccf7e4e0254fb89ca2 Copy to Clipboard
SHA256 f53d28b5f5bf229f1c0fdf8fbbbcc4b751ca95889627d16a6259319e6d292e17 Copy to Clipboard
SSDeep 24:YUd8ay3okH+gUca7b50WJ8a/6ti0ftR+t7tRBNtwWSSwmnTlLigXP7b5ROcd8aHU:bdNy3hWq2oWhZnTfdvq Copy to Clipboard
ImpHash -
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a Downloaded File HTML
clean
Known to be clean.
...
»
Parent File analysis.pcap
MIME Type text/html
File Size 162 Bytes
MD5 4f8e702cc244ec5d4de32740c0ecbd97 Copy to Clipboard
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff Copy to Clipboard
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a Copy to Clipboard
SSDeep 3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu Copy to Clipboard
ImpHash -
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880 Downloaded File HTML
clean
Known to be clean.
...
»
Parent File analysis.pcap
MIME Type text/html
File Size 196 Bytes
MD5 62962daa1b19bbcc2db10b7bfd531ea6 Copy to Clipboard
SHA1 d64bae91091eda6a7532ebec06aa70893b79e1f8 Copy to Clipboard
SHA256 80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880 Copy to Clipboard
SSDeep 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezocKqD:J0+oxBeRmR9etdzRxGez1T Copy to Clipboard
ImpHash -
68b7ced40765e349e063d48e10e292c2718892362f706c230c32e61c5d5b9ccb Downloaded File HTML
clean
...
»
Parent File analysis.pcap
MIME Type text/html
File Size 800 Bytes
MD5 6d4351eea5807d4927803225ce323584 Copy to Clipboard
SHA1 663cd8e2427f42fe64cbfe46f2012dc02e4a3cff Copy to Clipboard
SHA256 68b7ced40765e349e063d48e10e292c2718892362f706c230c32e61c5d5b9ccb Copy to Clipboard
SSDeep 24:irppZqxQv1gG0qwOw0cAL0W0dqoB4U7w0cAL0W0dqoB4Nu:iZqqvydUw7AbaWU7w7AbaWNu Copy to Clipboard
ImpHash -
Extracted URLs (1)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
http://i91w.com/4ajw/
Show WHOIS
N/A
-
...
Extracted JavaScripts (1)
»
JavaScript #1
» 
var sdata='https://tt.67ak.com/s?u=7378&g=gvd&c='+escape(document.referrer);document.write(unescape("%3Cscript src='"+sdata+"' type='text/javascript' %3E%3C/script%3E"));
650b12f93748bb37bef17e446e31d3805ab48db0f6801cb53bd1901c4e9ea134 Downloaded File HTML
clean
...
»
Parent File analysis.pcap
MIME Type text/html
File Size 275 Bytes
MD5 ece1bd41a388201a61430e51fb4ec523 Copy to Clipboard
SHA1 a32c1d8663c5a607de903924f8385b193a2e45a7 Copy to Clipboard
SHA256 650b12f93748bb37bef17e446e31d3805ab48db0f6801cb53bd1901c4e9ea134 Copy to Clipboard
SSDeep 6:hxuJzhqIzerQWR0iYBxuL8g0qQF7IAqMYkECozEdxqPyws0H34QL:hY2rY1x60hK8oz4xuds0HIQL Copy to Clipboard
ImpHash -
9d8f7e939812a0fb30584b4faddfb54e22556fc4a6292e4bf2f54ac0ecf8987e Downloaded File HTML
clean
...
»
Parent File analysis.pcap
MIME Type text/html
File Size 49.35 KB
MD5 812ffbff2749dd703a835681933df5f2 Copy to Clipboard
SHA1 70cee69164a21f2db48c498f7e8bc99c7aec2d33 Copy to Clipboard
SHA256 9d8f7e939812a0fb30584b4faddfb54e22556fc4a6292e4bf2f54ac0ecf8987e Copy to Clipboard
SSDeep 768:9A/d9SvRu2cBITYR+3LB4RUA57g1l+ggf53108wtkkA49fTSRhZhJdemCQ4x:90XKTYSR14h3F6rZWhXJdemW Copy to Clipboard
ImpHash -
Parser Error Remark Static engine was unable to completely parse the analyzed file
Extracted URLs (7)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
http://business.google.com
Show WHOIS
N/A
-
...
https://replacerglass.net
Show WHOIS
N/A
-
...
http://fonts.googleapis.com/icon?family=Material+Icons+Extended
Show WHOIS
N/A
-
...
http://fonts.googleapis.com/css?family=Open+Sans+Condensed:700|Lora:400
Show WHOIS
N/A
-
...
https://www.google.com/maps/dir//Replacer+glass/data=!4m8!4m7!1m0!1m5!1m1!1s0x6b916bf8a888eb6b:0xed8b5932212cca66!2m2!1d153.24466909999998!2d-27.765768899999998
Show WHOIS
N/A
-
...
https://www.gstatic.com/_/mss/boq-geo/_/js/k=boq-geo.GeoMerchantPrestoSiteUi.en_US.GSi0hTLSCeU.es5.O/am=BIEAAECI/d=1/excm=_b,_tp,siteview/ed=1/dg=0/wt=2/esmo=1/rs=AD4das3ERamfMLtFa4wTjB4pYxC-_LSJ4Q/m=_b,_tp
Show WHOIS
N/A
-
...
https://lh3.googleusercontent.com/gpzmI5Fx4yVeITiCFV1JVl9kuNco4r9vlwE8JlL8UtRNGuQzNDGNjDiiGVB01eouXEL7-D1jIyd3eOpU0w=w1080-h608-p-no-v0
Show WHOIS
N/A
-
...
Extracted JavaScripts (9)
»
JavaScript #1
» 
window.WIZ_global_data = {"DpimGf":false,"E5zAXe":"https://workspace.google.com","EP1ykd":["/_/*","/local/business","/local/business/*","/posts/l/:listingId","/restaurants","/restaurants/*","/website/_/*","/website/demo","/website/demo/","/website/demo/*"],"FdrFJe":"-1954564312768280978","Im6cmf":"/_/GeoMerchantPrestoSiteUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"NpZeBb":"%.@.3]","QrtxK":"","S06Grb":"","T44sLd":"","TmEjHd":0,"USwLPe":"https://business.google.com","W7VZyd":"","YYbdPc":"LEGACY_URL_PRESTO_NAME","Yllh3e":"%.@.1632823220448645,178577675,2500004125]","aMvRme":"NO_CLICK_ID","cfb2h":"boq_geomerchantprestoserver_20210916.07_p0","eNnkwf":"1632823220","eptZe":"/_/GeoMerchantPrestoSiteUi/","fPDxwd":[1763433,1772879,45814370,47825529],"gGcLoe":false,"huG48":false,"iSyyv":[37,42,41],"itAxi":"https://business.google.com","kOzZQ":"https://ads.google.com/localservices","nQyAE":{"toTC0d":"true","NRSeob":"true","fKfWJb":"true","ocCrNd":"false","n4nYUe":"true","sdhVsb":"false","EPs7mc":"true","nn8wqe":"false","sH6IRc":"false","ItKUvc":"true","aPDse":"false","u9L1lf":"false","visWib":"false","nDqp1c":"false","DvPMDc":"false","tBSlob":"false","KB6yl":"false","Zouwyc":"false","bowC1e":"false","i1GOPc":"20","pd3dPc":"false","hjjE8c":"false","mLu9zf":"false","SALIbc":"false","HZ66Zc":"true","LzNN5b":"true","KoK2of":"false","r6hcne":"true","l9NlMd":"true"},"o5oPrb":"","qwAQke":"GeoMerchantPrestoSiteUi","qyaodc":false,"qymVe":"JkdPIPygkWBuYIrwriitXSDVWSM","rtQCxc":-120,"rvOlFd":"PAGE_SOURCE_UNKNOWN","tHwb2":false,"v9NS6b":"27316894412965065","vVkaEb":"","vXmutd":"%.@.\"DE\",\"ZZ\",\"WJnHqQ\\u003d\\u003d\"]","w2btAe":"%.@.null,null,\"\",true,null,null,null,false]","zChJod":"%.@.]"};
JavaScript #2
» 
(function(){/*

 Copyright The Closure Library Authors.
 SPDX-License-Identifier: Apache-2.0
*/
'use strict';var a=window,d=a.performance,l=k();a.cc_latency_start_time=d&&d.now?0:d&&d.timing&&d.timing.navigationStart?d.timing.navigationStart:l;function k(){return d&&d.now?d.now():(new Date).getTime()}function n(f){if(d&&d.now&&d.mark){var h=d.mark(f);if(h)return h.startTime;if(d.getEntriesByName&&(f=d.getEntriesByName(f).pop()))return f.startTime}return k()}a.onaft=function(){n("aft")};a._isLazyImage=function(f){return f.hasAttribute("data-src")||f.hasAttribute("data-ils")||"lazy"===f.getAttribute("loading")};
a.l=function(f){function h(b){var c={};c[b]=k();a.cc_latency.push(c)}function m(b){var c=n("iml");b.setAttribute("data-iml",c);return c}a.cc_aid=f;a.iml_start=a.cc_latency_start_time;a.css_size=0;a.cc_latency=[];a.ccTick=h;a.onJsLoad=function(){h("jsl")};a.onCssLoad=function(){h("cssl")};a._isVisible=function(b,c,g){g=void 0===g?!1:g;if(!c||"none"==c.style.display)return!1;var e=b.defaultView;if(e&&e.getComputedStyle&&(e=e.getComputedStyle(c),"0px"==e.height||"0px"==e.width||"hidden"==e.visibility&&
!g))return!1;if(!c.getBoundingClientRect)return!0;e=c.getBoundingClientRect();c=e.left+a.pageXOffset;g=e.top+a.pageYOffset;if(0>g+e.height||0>c+e.width||0>=e.height||0>=e.width)return!1;b=b.documentElement;return g<=(a.innerHeight||b.clientHeight)&&c<=(a.innerWidth||b.clientWidth)};a._recordImlEl=m;document.documentElement.addEventListener("load",function(b){b=b.target;var c;"IMG"!=b.tagName||b.hasAttribute("data-iid")||a._isLazyImage(b)||b.hasAttribute("data-noaft")||(c=m(b));if(a.aft_counter&&(b=
a.aft_counter.indexOf(b),-1!==b&&(b=1===a.aft_counter.splice(b,1).length,0===a.aft_counter.length&&b&&c)))a.onaft(c)},!0);a.prt=-1;a.wiz_tick=function(){var b=n("prt");a.prt=b}};}).call(this);
l('Zab0Ef')
JavaScript #3
» 
var _F_cssRowKey = 'boq-geo.GeoMerchantPrestoSiteUi.yJgCPv_cil4.L.X.O';var _F_combinedSignature = 'AD4das3E99AfQVhUYEOwO8LoHYZaMoVkfg';function _DumpException(e) {throw e;}
JavaScript #4
» 
onCssLoad();
JavaScript #5
» 
(function(){/*

 Copyright The Closure Library Authors.
 SPDX-License-Identifier: Apache-2.0
*/
'use strict';var c=this||self;/*

 Copyright 2011 Google LLC.
 SPDX-License-Identifier: Apache-2.0
*/
/*

 Copyright 2013 Google LLC.
 SPDX-License-Identifier: Apache-2.0
*/
var d={};function aa(b,e){if(null===e)return!1;if("contains"in b&&1==e.nodeType)return b.contains(e);if("compareDocumentPosition"in b)return b==e||!!(b.compareDocumentPosition(e)&16);for(;e&&b!=e;)e=e.parentNode;return e==b};function ba(b,e){return function(g){g||(g=window.event);return e.call(b,g)}}function t(b){b=b.target||b.srcElement;!b.getAttribute&&b.parentNode&&(b=b.parentNode);return b}var x="undefined"!=typeof navigator&&/Macintosh/.test(navigator.userAgent),ca="undefined"!=typeof navigator&&!/Opera/.test(navigator.userAgent)&&/WebKit/.test(navigator.userAgent),ea={A:1,INPUT:1,TEXTAREA:1,SELECT:1,BUTTON:1};function fa(){this._mouseEventsPrevented=!0}
var y={A:13,BUTTON:0,CHECKBOX:32,COMBOBOX:13,FILE:0,GRIDCELL:13,LINK:13,LISTBOX:13,MENU:0,MENUBAR:0,MENUITEM:0,MENUITEMCHECKBOX:0,MENUITEMRADIO:0,OPTION:0,RADIO:32,RADIOGROUP:32,RESET:0,SUBMIT:0,SWITCH:32,TAB:0,TREE:13,TREEITEM:13},z={CHECKBOX:!0,FILE:!0,OPTION:!0,RADIO:!0},ha={COLOR:!0,DATE:!0,DATETIME:!0,"DATETIME-LOCAL":!0,EMAIL:!0,MONTH:!0,NUMBER:!0,PASSWORD:!0,RANGE:!0,SEARCH:!0,TEL:!0,TEXT:!0,TEXTAREA:!0,TIME:!0,URL:!0,WEEK:!0},ia={A:!0,AREA:!0,BUTTON:!0,DIALOG:!0,IMG:!0,INPUT:!0,LINK:!0,MENU:!0,
OPTGROUP:!0,OPTION:!0,PROGRESS:!0,SELECT:!0,TEXTAREA:!0};/*

 Copyright 2020 Google LLC.
 SPDX-License-Identifier: Apache-2.0
*/
var B=c._jsa||{};B._cfc=void 0;B._aeh=void 0;/*

 Copyright 2005 Google LLC.
 SPDX-License-Identifier: Apache-2.0
*/
function ja(){this.o=[];this.g=[];this.j=[];this.m={};this.h=null;this.l=[]}function ka(b){return String.prototype.trim?b.trim():b.replace(/^\s+/,"").replace(/\s+$/,"")}
function la(b,e){return function w(a,m){m=void 0===m?!0:m;var n=e;if("click"==n&&(x&&a.metaKey||!x&&a.ctrlKey||2==a.which||null==a.which&&4==a.button||a.shiftKey))n="clickmod";else{var h=a.which||a.keyCode;ca&&3==h&&(h=13);if(13!=h&&32!=h)h=!1;else{var f=t(a),k;(k="keydown"!=a.type||!!(!("getAttribute"in f)||(f.getAttribute("type")||f.tagName).toUpperCase()in ha||"BUTTON"==f.tagName.toUpperCase()||f.type&&"FILE"==f.type.toUpperCase()||f.isContentEditable)||a.ctrlKey||a.shiftKey||a.altKey||a.metaKey||
(f.getAttribute("type")||f.tagName).toUpperCase()in z&&32==h)||((k=f.tagName in ea)||(k=f.getAttributeNode("tabindex"),k=null!=k&&k.specified),k=!(k&&!f.disabled));if(k)h=!1;else{k=(f.getAttribute("role")||f.type||f.tagName).toUpperCase();var v=!(k in y)&&13==h;f="INPUT"!=f.tagName.toUpperCase()||!!f.type;h=(0==y[k]%h||v)&&f}}h&&(n="clickkey")}f=a.srcElement||a.target;h=C(n,a,f,"",null);for(k=f;k&&k!=this;k=k.__owner||k.parentNode){var l=k;var q=void 0;v=l;var r=n,ta=a;var p=v.__jsaction;if(!p){var D;
p=null;"getAttribute"in v&&(p=v.getAttribute("jsaction"));if(D=p){p=d[D];if(!p){p={};for(var J=D.split(ma),va=J?J.length:0,K=0;K<va;K++){var A=J[K];if(A){var L=A.indexOf(":"),da=-1!=L;p[da?ka(A.substr(0,L)):na]=da?ka(A.substr(L+1)):A}}d[D]=p}v.__jsaction=p}else p=oa,v.__jsaction=p}"maybe_click"==r&&p.click?(q=r,r="click"):"clickkey"==r?r="click":"click"!=r||p.click||(r="clickonly");q=B._cfc&&p.click?B._cfc(v,ta,p,r,q):{eventType:q?q:r,action:p[r]||"",event:null,ignore:!1};if(q.ignore||q.action)break}q&&
(h=C(q.eventType,q.event||a,f,q.action||"",l,h.timeStamp));h&&"touchend"==h.eventType&&(h.event._preventMouseEvents=fa);if(q&&q.action){if(f="clickkey"==n)f=t(a),f=(f.type||f.tagName).toUpperCase(),(f=32==(a.which||a.keyCode)&&"CHECKBOX"!=f)||(f=t(a),k=f.tagName.toUpperCase(),q=(f.getAttribute("role")||"").toUpperCase(),f="BUTTON"===k||"BUTTON"===q?!0:!(f.tagName.toUpperCase()in ia)||"A"===k||"SELECT"===k||(f.getAttribute("type")||f.tagName).toUpperCase()in z||(f.getAttribute("type")||f.tagName).toUpperCase()in
ha?!1:!0);f&&(a.preventDefault?a.preventDefault():a.returnValue=!1);if("mouseenter"==n||"mouseleave"==n)if(f=a.relatedTarget,!("mouseover"==a.type&&"mouseenter"==n||"mouseout"==a.type&&"mouseleave"==n)||f&&(f===l||aa(l,f)))h.action="",h.actionElement=null;else{n={};for(var u in a)"function"!==typeof a[u]&&"srcElement"!==u&&"target"!==u&&(n[u]=a[u]);n.type="mouseover"==a.type?"mouseenter":"mouseleave";n.target=n.srcElement=l;n.bubbles=!1;h.event=n;h.targetElement=l}}else h.action="",h.actionElement=
null;l=h;b.h&&!l.event.a11ysgd&&(u=C(l.eventType,l.event,l.targetElement,l.action,l.actionElement,l.timeStamp),"clickonly"==u.eventType&&(u.eventType="click"),b.h(u,!0));if(l.actionElement){if(b.h){if(!l.actionElement||"A"!=l.actionElement.tagName||"click"!=l.eventType&&"clickmod"!=l.eventType||(a.preventDefault?a.preventDefault():a.returnValue=!1),(a=b.h(l))&&m){w.call(this,a,!1);return}}else{if((m=c.document)&&!m.createEvent&&m.createEventObject)try{var M=m.createEventObject(a)}catch(Ba){M=a}else M=
a;l.event=M;b.l.push(l)}B._aeh&&B._aeh(l)}}}function C(b,e,g,a,m,w){return{eventType:b,event:e,targetElement:g,action:a,actionElement:m,timeStamp:w||Date.now()}}
function pa(b,e){return function(g){var a=b,m=e,w=!1;"mouseenter"==a?a="mouseover":"mouseleave"==a&&(a="mouseout");if(g.addEventListener){if("focus"==a||"blur"==a||"error"==a||"load"==a)w=!0;g.addEventListener(a,m,w)}else g.attachEvent&&("focus"==a?a="focusin":"blur"==a&&(a="focusout"),m=ba(g,m),g.attachEvent("on"+a,m));return{eventType:a,i:m,capture:w}}}
function E(b,e,g){if(!b.m.hasOwnProperty(e)){var a=la(b,e);g=pa(g||e,a);b.m[e]=a;b.o.push(g);for(a=0;a<b.g.length;++a){var m=b.g[a];m.h.push(g.call(null,m.g))}"click"==e&&E(b,"keydown")}}ja.prototype.i=function(b){return this.m[b]};function qa(b){var e=F,g=b.g;ra&&(g.style.cursor="pointer");for(g=0;g<e.o.length;++g)b.h.push(e.o[g].call(null,b.g))}function sa(b){for(var e=ua,g=0;g<e.length;++g)if(e[g].g!=b.g&&wa(e[g].g,b.g))return!0;return!1}
function wa(b,e){for(;b!=e&&e.parentNode;)e=e.parentNode;return b==e}var ra="undefined"!=typeof navigator&&/iPhone|iPad|iPod/.test(navigator.userAgent),ma=/\s*;\s*/,na="click",oa={};var G=window,F=new ja;var xa=G.document.documentElement,H=new function(b){this.g=b;this.h=[]}(xa),I;b:{for(var N=0;N<F.g.length;N++)if(wa(F.g[N].g,xa)){I=!0;break b}I=!1}
if(I)F.j.push(H);else{qa(H);F.g.push(H);for(var ua=F.j.concat(F.g),O=[],P=[],Q=0;Q<F.g.length;++Q){var R=F.g[Q];if(sa(R)){O.push(R);for(var S=0;S<R.h.length;++S){var T=R.g,U=R.h[S];T.removeEventListener?T.removeEventListener(U.eventType,U.i,U.capture):T.detachEvent&&T.detachEvent("on"+U.eventType,U.i)}R.h=[]}else P.push(R)}for(var V=0;V<F.j.length;++V){var W=F.j[V];sa(W)?O.push(W):(P.push(W),qa(W))}F.g=P;F.j=O}E(F,"click");E(F,"dblclick");E(F,"focus");E(F,"focusin");E(F,"blur");E(F,"error");E(F,"focusout");
E(F,"keydown");E(F,"keyup");E(F,"keypress");E(F,"load");E(F,"mouseover");E(F,"mouseout");E(F,"mouseenter");E(F,"mouseleave");E(F,"submit");E(F,"touchstart");E(F,"touchend");E(F,"touchmove");E(F,"auxclick");E(F,"change");E(F,"compositionstart");E(F,"compositionupdate");E(F,"compositionend");E(F,"input");E(F,"textinput");E(F,"copy");E(F,"cut");E(F,"paste");E(F,"mousedown");E(F,"mouseup");E(F,"wheel");E(F,"contextmenu");E(F,"dragover");E(F,"dragenter");E(F,"dragleave");E(F,"drop");E(F,"dragstart");
E(F,"dragend");E(F,"pointerdown");E(F,"pointerup");E(F,"ended");E(F,"loadedmetadata");E(F,"pagehide");E(F,"pageshow");E(F,"visibilitychange");var ya,za;"onwebkitanimationend"in G&&(ya="webkitAnimationEnd");E(F,"animationend",ya);"onwebkittransitionend"in G&&(za="webkitTransitionEnd");E(F,"transitionend",za);
var Aa=function(b){return{trigger:function(e){var g=b.i(e.type);g||(E(b,e.type),g=b.i(e.type));var a=e.target||e.srcElement;g&&g.call(a.ownerDocument.documentElement,e)},bind:function(e){b.h=e;b.l&&(0<b.l.length&&e(b.l),b.l=null)}}}(F),X=["BOQ_wizbind"],Y=window||c;X[0]in Y||"undefined"==typeof Y.execScript||Y.execScript("var "+X[0]);for(var Z;X.length&&(Z=X.shift());)X.length||void 0===Aa?Y[Z]&&Y[Z]!==Object.prototype[Z]?Y=Y[Z]:Y=Y[Z]={}:Y[Z]=Aa;}).call(this);
JavaScript #6
» 
if (window.BOQ_loadedInitialJS) {onJsLoad();} else {document.getElementById('base-js').addEventListener('load', onJsLoad, false);}
JavaScript #7
» 
window['_wjdc'] = function (d) {window['_wjdd'] = d};
JavaScript #8
» 
var AF_initDataKeys = ["ds:0","ds:1"]; var AF_dataServiceRequests = {'ds:0' : {id:'KUcOhc',request:["replacer-glass",null,false,"http://business.google.com/website/replacer-glass/if60/",true,null,null,[]]},'ds:1' : {id:'k9FGZe',request:["replacer-glass",null,null,5,3,null,[]]}}; var AF_initDataChunkQueue = []; var AF_initDataCallback; var AF_initDataInitializeCallback; if (AF_initDataInitializeCallback) {AF_initDataInitializeCallback(AF_initDataKeys, AF_initDataChunkQueue, AF_dataServiceRequests);}if (!AF_initDataCallback) {AF_initDataCallback = function(chunk) {AF_initDataChunkQueue.push(chunk);};}
JavaScript #9
» 
window.wiz_progress&&window.wiz_progress();
c33673be4cd70bd90b664c90e10baa76214c06b7f3268b216d4c94bbb5052ead Downloaded File HTML
clean
...
»
Parent File analysis.pcap
MIME Type text/html
File Size 1.59 KB
MD5 100e931930fb1c042b44aff84d835ba1 Copy to Clipboard
SHA1 a8dc75d1af1eb8b1bf70bb412481e571ba782616 Copy to Clipboard
SHA256 c33673be4cd70bd90b664c90e10baa76214c06b7f3268b216d4c94bbb5052ead Copy to Clipboard
SSDeep 24:bsF+03RSU6pepPQfkZbc6cn1BZdAe1nCr1LTHQ6D9viLRIxv+W:bK+wR+pAZewLDK4mW Copy to Clipboard
ImpHash -
Extracted URLs (1)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
http://www.google.com
Show WHOIS
N/A
-
...
940995c4ea62828b147900b1a156927d885a34bbd560f15358d17bb496d3ff1e Downloaded File HTML
clean
...
»
Parent File analysis.pcap
MIME Type text/html
File Size 4.62 KB
MD5 3bc6195aa817688498ef94520df0db5b Copy to Clipboard
SHA1 52d44b144e1868b61a3995a0cba05908f55a6479 Copy to Clipboard
SHA256 940995c4ea62828b147900b1a156927d885a34bbd560f15358d17bb496d3ff1e Copy to Clipboard
SSDeep 96:1uAd9hwVPcoGa/j5yntxI8vq/5K/u04XEwb4Qpy/:cAdbwWoX/j5sxI8vE4/uPUwbj4 Copy to Clipboard
ImpHash -
Parser Error Remark Static engine was unable to completely parse the analyzed file
Extracted URLs (12)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
http://www.bluehost.com/media/shared/info/index/_bh/home.css
Show WHOIS
N/A
-
...
http://www.bluehost.com/media/shared/general/_bh/main.css
Show WHOIS
N/A
-
...
http://www.bluehost.com
Show WHOIS
N/A
-
...
http://www.bluehost.com/cgi/help
Show WHOIS
N/A
-
...
http://www.bluehost.com/cgi/info/contact_us
Show WHOIS
N/A
-
...
http://www.bluehost.com/cgi/info/about_us
Show WHOIS
N/A
-
...
http://www.bluehost.com/cgi-bin/partner
Show WHOIS
N/A
-
...
http://www.bluehost.com/cgi/terms
Show WHOIS
N/A
-
...
http://www.bluehost.com/media/shared/general/cookies.js
Show WHOIS
N/A
-
...
http://www.bluehost.com/media/shared/info/index/_bh/logo.jpg
Show WHOIS
N/A
-
...
http://www.bluehost.com/media/shared/general/jquery/jquery.min.js
Show WHOIS
N/A
-
...
http://www.iyfubh.com/?dn=negativeminus.com&pid=9POJB64QD
Show WHOIS
N/A
-
...
Extracted JavaScripts (3)
»
JavaScript #1
» 
if (window.top !== window.self) {document.write = "";window.top.location = window.self.location; setTimeout(function(){document.body.innerHTML='';},1);window.self.onload=function(evt){document.body.innerHTML='';};}
JavaScript #2
» 
var gaJsHost = ("https:" == document.location.protocol) ? "https://ssl." : "http://www.";
document.write("<scr"+"ipt src='" +gaJsHost+ "google-analytics.com/ga.js'></scr"+"ipt>");
JavaScript #3
» 
var pageTracker = _gat._getTracker("UA-9156498-1");
pageTracker._initData();
pageTracker._trackPageview("/parked/[% parked_type %]/negativeminus.com/[% request_uri %]");
18d6fd0966311425bc9cd112ebeeccbdba04716e1496a917086b2b7ff95521e0 Downloaded File HTML
clean
...
»
Parent File analysis.pcap
MIME Type text/html
File Size 49.35 KB
MD5 4253a9b186a4499e822deb564b9befba Copy to Clipboard
SHA1 258196bb6e49f9dba118af8f7e071298d9a6bd8d Copy to Clipboard
SHA256 18d6fd0966311425bc9cd112ebeeccbdba04716e1496a917086b2b7ff95521e0 Copy to Clipboard
SSDeep 768:87/d9SvRu3cBuTYR+3LB4RUA57g1l+gg6O3108wBBgA49fTSRhZhJdemCQ4x:8ZoATYSR14L3FmSZWhXJdemW Copy to Clipboard
ImpHash -
Parser Error Remark Static engine was unable to completely parse the analyzed file
Extracted URLs (7)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
http://business.google.com
Show WHOIS
N/A
-
...
https://replacerglass.net
Show WHOIS
N/A
-
...
http://fonts.googleapis.com/icon?family=Material+Icons+Extended
Show WHOIS
N/A
-
...
http://fonts.googleapis.com/css?family=Open+Sans+Condensed:700|Lora:400
Show WHOIS
N/A
-
...
https://www.google.com/maps/dir//Replacer+glass/data=!4m8!4m7!1m0!1m5!1m1!1s0x6b916bf8a888eb6b:0xed8b5932212cca66!2m2!1d153.24466909999998!2d-27.765768899999998
Show WHOIS
N/A
-
...
https://www.gstatic.com/_/mss/boq-geo/_/js/k=boq-geo.GeoMerchantPrestoSiteUi.en_US.GSi0hTLSCeU.es5.O/am=BIEAAECI/d=1/excm=_b,_tp,siteview/ed=1/dg=0/wt=2/esmo=1/rs=AD4das3ERamfMLtFa4wTjB4pYxC-_LSJ4Q/m=_b,_tp
Show WHOIS
N/A
-
...
https://lh3.googleusercontent.com/gpzmI5Fx4yVeITiCFV1JVl9kuNco4r9vlwE8JlL8UtRNGuQzNDGNjDiiGVB01eouXEL7-D1jIyd3eOpU0w=w1080-h608-p-no-v0
Show WHOIS
N/A
-
...
Extracted JavaScripts (9)
»
JavaScript #1
» 
window.WIZ_global_data = {"DpimGf":false,"E5zAXe":"https://workspace.google.com","EP1ykd":["/_/*","/local/business","/local/business/*","/posts/l/:listingId","/restaurants","/restaurants/*","/website/_/*","/website/demo","/website/demo/","/website/demo/*"],"FdrFJe":"-2571279254043368869","Im6cmf":"/_/GeoMerchantPrestoSiteUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"NpZeBb":"%.@.3]","QrtxK":"","S06Grb":"","T44sLd":"","TmEjHd":0,"USwLPe":"https://business.google.com","W7VZyd":"","YYbdPc":"LEGACY_URL_PRESTO_NAME","Yllh3e":"%.@.1632823239071102,178557198,2433682443]","aMvRme":"NO_CLICK_ID","cfb2h":"boq_geomerchantprestoserver_20210916.07_p0","eNnkwf":"1632823239","eptZe":"/_/GeoMerchantPrestoSiteUi/","fPDxwd":[1763433,1772879,45814370,47825529],"gGcLoe":false,"huG48":false,"iSyyv":[37,42,41],"itAxi":"https://business.google.com","kOzZQ":"https://ads.google.com/localservices","nQyAE":{"toTC0d":"true","NRSeob":"true","fKfWJb":"true","ocCrNd":"false","n4nYUe":"true","sdhVsb":"false","EPs7mc":"true","nn8wqe":"false","sH6IRc":"false","ItKUvc":"true","aPDse":"false","u9L1lf":"false","visWib":"false","nDqp1c":"false","DvPMDc":"false","tBSlob":"false","KB6yl":"false","Zouwyc":"false","bowC1e":"false","i1GOPc":"20","pd3dPc":"false","hjjE8c":"false","mLu9zf":"false","SALIbc":"false","HZ66Zc":"true","LzNN5b":"true","KoK2of":"false","r6hcne":"true","l9NlMd":"true"},"o5oPrb":"","qwAQke":"GeoMerchantPrestoSiteUi","qyaodc":false,"qymVe":"oy2JUsTFLPItZYXsRr1_t5kj2HI","rtQCxc":-120,"rvOlFd":"PAGE_SOURCE_UNKNOWN","tHwb2":false,"v9NS6b":"27316894412965065","vVkaEb":"","vXmutd":"%.@.\"DE\",\"ZZ\",\"WJnHqQ\\u003d\\u003d\"]","w2btAe":"%.@.null,null,\"\",true,null,null,null,false]","zChJod":"%.@.]"};
JavaScript #2
» 
(function(){/*

 Copyright The Closure Library Authors.
 SPDX-License-Identifier: Apache-2.0
*/
'use strict';var a=window,d=a.performance,l=k();a.cc_latency_start_time=d&&d.now?0:d&&d.timing&&d.timing.navigationStart?d.timing.navigationStart:l;function k(){return d&&d.now?d.now():(new Date).getTime()}function n(f){if(d&&d.now&&d.mark){var h=d.mark(f);if(h)return h.startTime;if(d.getEntriesByName&&(f=d.getEntriesByName(f).pop()))return f.startTime}return k()}a.onaft=function(){n("aft")};a._isLazyImage=function(f){return f.hasAttribute("data-src")||f.hasAttribute("data-ils")||"lazy"===f.getAttribute("loading")};
a.l=function(f){function h(b){var c={};c[b]=k();a.cc_latency.push(c)}function m(b){var c=n("iml");b.setAttribute("data-iml",c);return c}a.cc_aid=f;a.iml_start=a.cc_latency_start_time;a.css_size=0;a.cc_latency=[];a.ccTick=h;a.onJsLoad=function(){h("jsl")};a.onCssLoad=function(){h("cssl")};a._isVisible=function(b,c,g){g=void 0===g?!1:g;if(!c||"none"==c.style.display)return!1;var e=b.defaultView;if(e&&e.getComputedStyle&&(e=e.getComputedStyle(c),"0px"==e.height||"0px"==e.width||"hidden"==e.visibility&&
!g))return!1;if(!c.getBoundingClientRect)return!0;e=c.getBoundingClientRect();c=e.left+a.pageXOffset;g=e.top+a.pageYOffset;if(0>g+e.height||0>c+e.width||0>=e.height||0>=e.width)return!1;b=b.documentElement;return g<=(a.innerHeight||b.clientHeight)&&c<=(a.innerWidth||b.clientWidth)};a._recordImlEl=m;document.documentElement.addEventListener("load",function(b){b=b.target;var c;"IMG"!=b.tagName||b.hasAttribute("data-iid")||a._isLazyImage(b)||b.hasAttribute("data-noaft")||(c=m(b));if(a.aft_counter&&(b=
a.aft_counter.indexOf(b),-1!==b&&(b=1===a.aft_counter.splice(b,1).length,0===a.aft_counter.length&&b&&c)))a.onaft(c)},!0);a.prt=-1;a.wiz_tick=function(){var b=n("prt");a.prt=b}};}).call(this);
l('Zab0Ef')
JavaScript #3
» 
var _F_cssRowKey = 'boq-geo.GeoMerchantPrestoSiteUi.yJgCPv_cil4.L.X.O';var _F_combinedSignature = 'AD4das3E99AfQVhUYEOwO8LoHYZaMoVkfg';function _DumpException(e) {throw e;}
JavaScript #4
» 
onCssLoad();
JavaScript #5
» 
(function(){/*

 Copyright The Closure Library Authors.
 SPDX-License-Identifier: Apache-2.0
*/
'use strict';var c=this||self;/*

 Copyright 2011 Google LLC.
 SPDX-License-Identifier: Apache-2.0
*/
/*

 Copyright 2013 Google LLC.
 SPDX-License-Identifier: Apache-2.0
*/
var d={};function aa(b,e){if(null===e)return!1;if("contains"in b&&1==e.nodeType)return b.contains(e);if("compareDocumentPosition"in b)return b==e||!!(b.compareDocumentPosition(e)&16);for(;e&&b!=e;)e=e.parentNode;return e==b};function ba(b,e){return function(g){g||(g=window.event);return e.call(b,g)}}function t(b){b=b.target||b.srcElement;!b.getAttribute&&b.parentNode&&(b=b.parentNode);return b}var x="undefined"!=typeof navigator&&/Macintosh/.test(navigator.userAgent),ca="undefined"!=typeof navigator&&!/Opera/.test(navigator.userAgent)&&/WebKit/.test(navigator.userAgent),ea={A:1,INPUT:1,TEXTAREA:1,SELECT:1,BUTTON:1};function fa(){this._mouseEventsPrevented=!0}
var y={A:13,BUTTON:0,CHECKBOX:32,COMBOBOX:13,FILE:0,GRIDCELL:13,LINK:13,LISTBOX:13,MENU:0,MENUBAR:0,MENUITEM:0,MENUITEMCHECKBOX:0,MENUITEMRADIO:0,OPTION:0,RADIO:32,RADIOGROUP:32,RESET:0,SUBMIT:0,SWITCH:32,TAB:0,TREE:13,TREEITEM:13},z={CHECKBOX:!0,FILE:!0,OPTION:!0,RADIO:!0},ha={COLOR:!0,DATE:!0,DATETIME:!0,"DATETIME-LOCAL":!0,EMAIL:!0,MONTH:!0,NUMBER:!0,PASSWORD:!0,RANGE:!0,SEARCH:!0,TEL:!0,TEXT:!0,TEXTAREA:!0,TIME:!0,URL:!0,WEEK:!0},ia={A:!0,AREA:!0,BUTTON:!0,DIALOG:!0,IMG:!0,INPUT:!0,LINK:!0,MENU:!0,
OPTGROUP:!0,OPTION:!0,PROGRESS:!0,SELECT:!0,TEXTAREA:!0};/*

 Copyright 2020 Google LLC.
 SPDX-License-Identifier: Apache-2.0
*/
var B=c._jsa||{};B._cfc=void 0;B._aeh=void 0;/*

 Copyright 2005 Google LLC.
 SPDX-License-Identifier: Apache-2.0
*/
function ja(){this.o=[];this.g=[];this.j=[];this.m={};this.h=null;this.l=[]}function ka(b){return String.prototype.trim?b.trim():b.replace(/^\s+/,"").replace(/\s+$/,"")}
function la(b,e){return function w(a,m){m=void 0===m?!0:m;var n=e;if("click"==n&&(x&&a.metaKey||!x&&a.ctrlKey||2==a.which||null==a.which&&4==a.button||a.shiftKey))n="clickmod";else{var h=a.which||a.keyCode;ca&&3==h&&(h=13);if(13!=h&&32!=h)h=!1;else{var f=t(a),k;(k="keydown"!=a.type||!!(!("getAttribute"in f)||(f.getAttribute("type")||f.tagName).toUpperCase()in ha||"BUTTON"==f.tagName.toUpperCase()||f.type&&"FILE"==f.type.toUpperCase()||f.isContentEditable)||a.ctrlKey||a.shiftKey||a.altKey||a.metaKey||
(f.getAttribute("type")||f.tagName).toUpperCase()in z&&32==h)||((k=f.tagName in ea)||(k=f.getAttributeNode("tabindex"),k=null!=k&&k.specified),k=!(k&&!f.disabled));if(k)h=!1;else{k=(f.getAttribute("role")||f.type||f.tagName).toUpperCase();var v=!(k in y)&&13==h;f="INPUT"!=f.tagName.toUpperCase()||!!f.type;h=(0==y[k]%h||v)&&f}}h&&(n="clickkey")}f=a.srcElement||a.target;h=C(n,a,f,"",null);for(k=f;k&&k!=this;k=k.__owner||k.parentNode){var l=k;var q=void 0;v=l;var r=n,ta=a;var p=v.__jsaction;if(!p){var D;
p=null;"getAttribute"in v&&(p=v.getAttribute("jsaction"));if(D=p){p=d[D];if(!p){p={};for(var J=D.split(ma),va=J?J.length:0,K=0;K<va;K++){var A=J[K];if(A){var L=A.indexOf(":"),da=-1!=L;p[da?ka(A.substr(0,L)):na]=da?ka(A.substr(L+1)):A}}d[D]=p}v.__jsaction=p}else p=oa,v.__jsaction=p}"maybe_click"==r&&p.click?(q=r,r="click"):"clickkey"==r?r="click":"click"!=r||p.click||(r="clickonly");q=B._cfc&&p.click?B._cfc(v,ta,p,r,q):{eventType:q?q:r,action:p[r]||"",event:null,ignore:!1};if(q.ignore||q.action)break}q&&
(h=C(q.eventType,q.event||a,f,q.action||"",l,h.timeStamp));h&&"touchend"==h.eventType&&(h.event._preventMouseEvents=fa);if(q&&q.action){if(f="clickkey"==n)f=t(a),f=(f.type||f.tagName).toUpperCase(),(f=32==(a.which||a.keyCode)&&"CHECKBOX"!=f)||(f=t(a),k=f.tagName.toUpperCase(),q=(f.getAttribute("role")||"").toUpperCase(),f="BUTTON"===k||"BUTTON"===q?!0:!(f.tagName.toUpperCase()in ia)||"A"===k||"SELECT"===k||(f.getAttribute("type")||f.tagName).toUpperCase()in z||(f.getAttribute("type")||f.tagName).toUpperCase()in
ha?!1:!0);f&&(a.preventDefault?a.preventDefault():a.returnValue=!1);if("mouseenter"==n||"mouseleave"==n)if(f=a.relatedTarget,!("mouseover"==a.type&&"mouseenter"==n||"mouseout"==a.type&&"mouseleave"==n)||f&&(f===l||aa(l,f)))h.action="",h.actionElement=null;else{n={};for(var u in a)"function"!==typeof a[u]&&"srcElement"!==u&&"target"!==u&&(n[u]=a[u]);n.type="mouseover"==a.type?"mouseenter":"mouseleave";n.target=n.srcElement=l;n.bubbles=!1;h.event=n;h.targetElement=l}}else h.action="",h.actionElement=
null;l=h;b.h&&!l.event.a11ysgd&&(u=C(l.eventType,l.event,l.targetElement,l.action,l.actionElement,l.timeStamp),"clickonly"==u.eventType&&(u.eventType="click"),b.h(u,!0));if(l.actionElement){if(b.h){if(!l.actionElement||"A"!=l.actionElement.tagName||"click"!=l.eventType&&"clickmod"!=l.eventType||(a.preventDefault?a.preventDefault():a.returnValue=!1),(a=b.h(l))&&m){w.call(this,a,!1);return}}else{if((m=c.document)&&!m.createEvent&&m.createEventObject)try{var M=m.createEventObject(a)}catch(Ba){M=a}else M=
a;l.event=M;b.l.push(l)}B._aeh&&B._aeh(l)}}}function C(b,e,g,a,m,w){return{eventType:b,event:e,targetElement:g,action:a,actionElement:m,timeStamp:w||Date.now()}}
function pa(b,e){return function(g){var a=b,m=e,w=!1;"mouseenter"==a?a="mouseover":"mouseleave"==a&&(a="mouseout");if(g.addEventListener){if("focus"==a||"blur"==a||"error"==a||"load"==a)w=!0;g.addEventListener(a,m,w)}else g.attachEvent&&("focus"==a?a="focusin":"blur"==a&&(a="focusout"),m=ba(g,m),g.attachEvent("on"+a,m));return{eventType:a,i:m,capture:w}}}
function E(b,e,g){if(!b.m.hasOwnProperty(e)){var a=la(b,e);g=pa(g||e,a);b.m[e]=a;b.o.push(g);for(a=0;a<b.g.length;++a){var m=b.g[a];m.h.push(g.call(null,m.g))}"click"==e&&E(b,"keydown")}}ja.prototype.i=function(b){return this.m[b]};function qa(b){var e=F,g=b.g;ra&&(g.style.cursor="pointer");for(g=0;g<e.o.length;++g)b.h.push(e.o[g].call(null,b.g))}function sa(b){for(var e=ua,g=0;g<e.length;++g)if(e[g].g!=b.g&&wa(e[g].g,b.g))return!0;return!1}
function wa(b,e){for(;b!=e&&e.parentNode;)e=e.parentNode;return b==e}var ra="undefined"!=typeof navigator&&/iPhone|iPad|iPod/.test(navigator.userAgent),ma=/\s*;\s*/,na="click",oa={};var G=window,F=new ja;var xa=G.document.documentElement,H=new function(b){this.g=b;this.h=[]}(xa),I;b:{for(var N=0;N<F.g.length;N++)if(wa(F.g[N].g,xa)){I=!0;break b}I=!1}
if(I)F.j.push(H);else{qa(H);F.g.push(H);for(var ua=F.j.concat(F.g),O=[],P=[],Q=0;Q<F.g.length;++Q){var R=F.g[Q];if(sa(R)){O.push(R);for(var S=0;S<R.h.length;++S){var T=R.g,U=R.h[S];T.removeEventListener?T.removeEventListener(U.eventType,U.i,U.capture):T.detachEvent&&T.detachEvent("on"+U.eventType,U.i)}R.h=[]}else P.push(R)}for(var V=0;V<F.j.length;++V){var W=F.j[V];sa(W)?O.push(W):(P.push(W),qa(W))}F.g=P;F.j=O}E(F,"click");E(F,"dblclick");E(F,"focus");E(F,"focusin");E(F,"blur");E(F,"error");E(F,"focusout");
E(F,"keydown");E(F,"keyup");E(F,"keypress");E(F,"load");E(F,"mouseover");E(F,"mouseout");E(F,"mouseenter");E(F,"mouseleave");E(F,"submit");E(F,"touchstart");E(F,"touchend");E(F,"touchmove");E(F,"auxclick");E(F,"change");E(F,"compositionstart");E(F,"compositionupdate");E(F,"compositionend");E(F,"input");E(F,"textinput");E(F,"copy");E(F,"cut");E(F,"paste");E(F,"mousedown");E(F,"mouseup");E(F,"wheel");E(F,"contextmenu");E(F,"dragover");E(F,"dragenter");E(F,"dragleave");E(F,"drop");E(F,"dragstart");
E(F,"dragend");E(F,"pointerdown");E(F,"pointerup");E(F,"ended");E(F,"loadedmetadata");E(F,"pagehide");E(F,"pageshow");E(F,"visibilitychange");var ya,za;"onwebkitanimationend"in G&&(ya="webkitAnimationEnd");E(F,"animationend",ya);"onwebkittransitionend"in G&&(za="webkitTransitionEnd");E(F,"transitionend",za);
var Aa=function(b){return{trigger:function(e){var g=b.i(e.type);g||(E(b,e.type),g=b.i(e.type));var a=e.target||e.srcElement;g&&g.call(a.ownerDocument.documentElement,e)},bind:function(e){b.h=e;b.l&&(0<b.l.length&&e(b.l),b.l=null)}}}(F),X=["BOQ_wizbind"],Y=window||c;X[0]in Y||"undefined"==typeof Y.execScript||Y.execScript("var "+X[0]);for(var Z;X.length&&(Z=X.shift());)X.length||void 0===Aa?Y[Z]&&Y[Z]!==Object.prototype[Z]?Y=Y[Z]:Y=Y[Z]={}:Y[Z]=Aa;}).call(this);
JavaScript #6
» 
if (window.BOQ_loadedInitialJS) {onJsLoad();} else {document.getElementById('base-js').addEventListener('load', onJsLoad, false);}
JavaScript #7
» 
window['_wjdc'] = function (d) {window['_wjdd'] = d};
JavaScript #8
» 
var AF_initDataKeys = ["ds:0","ds:1"]; var AF_dataServiceRequests = {'ds:0' : {id:'KUcOhc',request:["replacer-glass",null,false,"http://business.google.com/website/replacer-glass/if60/",true,null,null,[]]},'ds:1' : {id:'k9FGZe',request:["replacer-glass",null,null,5,3,null,[]]}}; var AF_initDataChunkQueue = []; var AF_initDataCallback; var AF_initDataInitializeCallback; if (AF_initDataInitializeCallback) {AF_initDataInitializeCallback(AF_initDataKeys, AF_initDataChunkQueue, AF_dataServiceRequests);}if (!AF_initDataCallback) {AF_initDataCallback = function(chunk) {AF_initDataChunkQueue.push(chunk);};}
JavaScript #9
» 
window.wiz_progress&&window.wiz_progress();
d7868dab9ad71f6862a9ea983e6f00beedfcaccc4bbad4e0e10deada0f15e61f Downloaded File HTML
clean
...
»
Parent File analysis.pcap
MIME Type text/html
File Size 279 Bytes
MD5 ab4317071d2ab1aee23ec1c321bbd327 Copy to Clipboard
SHA1 f304b67ca9589a03698f42d23c2c8fa1c438c5b1 Copy to Clipboard
SHA256 d7868dab9ad71f6862a9ea983e6f00beedfcaccc4bbad4e0e10deada0f15e61f Copy to Clipboard
SSDeep 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIRxnEM0K/gcXaoD:J0+oxBeRmR9etdzRxGezHDni2gma+ Copy to Clipboard
ImpHash -
6e7888c988c4fd6018614d0ded316da899fb4e7edc65d8860107a04f0e37a450 Downloaded File HTML
clean
...
»
Parent File analysis.pcap
MIME Type text/html
File Size 22.26 KB
MD5 d66b448cfad828da3b1175b06ee1a028 Copy to Clipboard
SHA1 128576a81564497d3e7ac5d17da16e56ebca37d1 Copy to Clipboard
SHA256 6e7888c988c4fd6018614d0ded316da899fb4e7edc65d8860107a04f0e37a450 Copy to Clipboard
SSDeep 384:CithvLIx/NJQ5LfDNDWDvD+yDGDVDDD9DGDfnGP4sB8H:CiDLIx/NJQlrRS75CJ/BCvGPhB8H Copy to Clipboard
ImpHash -
Parser Error Remark Static engine was unable to completely parse the analyzed file
Extracted URLs (14)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
http://admi673748.myorderbox.com/linkhandler/servlet/RenewDomainServlet?validatenow=false&orderid=98443590&role=customer
Show WHOIS
N/A
-
...
http://www.studyhandbook.com
Show WHOIS
N/A
-
...
http://www.studyhandbook.com/music_videos.cfm?fp=8f1wvqh%2BjBVqm6%2BE6L36WRFcANxUxL6KoKWQ5rQgzp3b3%2FAkD2c%2Fvd5OQEaUxOpkNonaQppLI6uJRgyp%2FkMt3Q%2Bnyl%2FpB0sT3UXptz9NkDQilYMk1cWLkQ5MDV9T62RP0Jfbmbt20zfhn%2Buu9G5S%2FMNeV%2BHDen3bCWyhKd2EOeYS5RS4XDJvnHY5UYmXszpCxhME7OTmZSSqVY4YxIestQ%3D%3D&kbetu=1&maxads=0&kld=1061&prvtof=lfFUPOQG0jEpdNAkaKjVIgfxzqXKQ6xvllUGzitrXqQ%3D&8pwtaR=e4uVBWbfkQwrgSz%2FJ+fc8UY1mnmOcdpvd+Msk1pfAJGx2Lxm%2FpSVYnXRuNsZKcSHft+AGS2W&fnnhw=QDKTRtS&&kt=112&&ki=19945831&ktd=0&kld=1061&kp=1
Show WHOIS
N/A
-
...
http://www.studyhandbook.com/fashion_trends.cfm?fp=8f1wvqh%2BjBVqm6%2BE6L36WRFcANxUxL6KoKWQ5rQgzp3b3%2FAkD2c%2Fvd5OQEaUxOpkNonaQppLI6uJRgyp%2FkMt3Q%2Bnyl%2FpB0sT3UXptz9NkDQilYMk1cWLkQ5MDV9T62RP0Jfbmbt20zfhn%2Buu9G5S%2FMNeV%2BHDen3bCWyhKd2EOeYS5RS4XDJvnHY5UYmXszpCxhME7OTmZSSqVY4YxIestQ%3D%3D&kbetu=1&maxads=0&kld=1061&prvtof=lfFUPOQG0jEpdNAkaKjVIgfxzqXKQ6xvllUGzitrXqQ%3D&8pwtaR=e4uVBWbfkQwrgSz%2FJ+fc8UY1mnmOcdpvd+Msk1pfAJGx2Lxm%2FpSVYnXRuNsZKcSHft+AGS2W&fnnhw=QDKTRtS&&kt=112&&ki=10542279&ktd=0&kld=1061&kp=2
Show WHOIS
N/A
-
...
http://www.studyhandbook.com/Work_from_Home.cfm?fp=8f1wvqh%2BjBVqm6%2BE6L36WRFcANxUxL6KoKWQ5rQgzp3b3%2FAkD2c%2Fvd5OQEaUxOpkNonaQppLI6uJRgyp%2FkMt3Q%2Bnyl%2FpB0sT3UXptz9NkDQilYMk1cWLkQ5MDV9T62RP0Jfbmbt20zfhn%2Buu9G5S%2FMNeV%2BHDen3bCWyhKd2EOeYS5RS4XDJvnHY5UYmXszpCxhME7OTmZSSqVY4YxIestQ%3D%3D&kbetu=1&maxads=0&kld=1061&prvtof=lfFUPOQG0jEpdNAkaKjVIgfxzqXKQ6xvllUGzitrXqQ%3D&8pwtaR=e4uVBWbfkQwrgSz%2FJ+fc8UY1mnmOcdpvd+Msk1pfAJGx2Lxm%2FpSVYnXRuNsZKcSHft+AGS2W&fnnhw=QDKTRtS&&kt=112&&ki=31091533&ktd=0&kld=1061&kp=3
Show WHOIS
N/A
-
...
http://www.studyhandbook.com/Top_Smart_Phones.cfm?fp=8f1wvqh%2BjBVqm6%2BE6L36WRFcANxUxL6KoKWQ5rQgzp3b3%2FAkD2c%2Fvd5OQEaUxOpkNonaQppLI6uJRgyp%2FkMt3Q%2Bnyl%2FpB0sT3UXptz9NkDQilYMk1cWLkQ5MDV9T62RP0Jfbmbt20zfhn%2Buu9G5S%2FMNeV%2BHDen3bCWyhKd2EOeYS5RS4XDJvnHY5UYmXszpCxhME7OTmZSSqVY4YxIestQ%3D%3D&kbetu=1&maxads=0&kld=1061&prvtof=lfFUPOQG0jEpdNAkaKjVIgfxzqXKQ6xvllUGzitrXqQ%3D&8pwtaR=e4uVBWbfkQwrgSz%2FJ+fc8UY1mnmOcdpvd+Msk1pfAJGx2Lxm%2FpSVYnXRuNsZKcSHft+AGS2W&fnnhw=QDKTRtS&&kt=112&&ki=28656260&ktd=0&kld=1061&kp=4
Show WHOIS
N/A
-
...
http://www.studyhandbook.com/Free_Credit_Report.cfm?fp=8f1wvqh%2BjBVqm6%2BE6L36WRFcANxUxL6KoKWQ5rQgzp3b3%2FAkD2c%2Fvd5OQEaUxOpkNonaQppLI6uJRgyp%2FkMt3Q%2Bnyl%2FpB0sT3UXptz9NkDQilYMk1cWLkQ5MDV9T62RP0Jfbmbt20zfhn%2Buu9G5S%2FMNeV%2BHDen3bCWyhKd2EOeYS5RS4XDJvnHY5UYmXszpCxhME7OTmZSSqVY4YxIestQ%3D%3D&kbetu=1&maxads=0&kld=1061&prvtof=lfFUPOQG0jEpdNAkaKjVIgfxzqXKQ6xvllUGzitrXqQ%3D&8pwtaR=e4uVBWbfkQwrgSz%2FJ+fc8UY1mnmOcdpvd+Msk1pfAJGx2Lxm%2FpSVYnXRuNsZKcSHft+AGS2W&fnnhw=QDKTRtS&&kt=112&&ki=11539660&ktd=0&kld=1061&kp=5
Show WHOIS
N/A
-
...
http://www.studyhandbook.com/Top_10_Luxury_Cars.cfm?fp=8f1wvqh%2BjBVqm6%2BE6L36WRFcANxUxL6KoKWQ5rQgzp3b3%2FAkD2c%2Fvd5OQEaUxOpkNonaQppLI6uJRgyp%2FkMt3Q%2Bnyl%2FpB0sT3UXptz9NkDQilYMk1cWLkQ5MDV9T62RP0Jfbmbt20zfhn%2Buu9G5S%2FMNeV%2BHDen3bCWyhKd2EOeYS5RS4XDJvnHY5UYmXszpCxhME7OTmZSSqVY4YxIestQ%3D%3D&kbetu=1&maxads=0&kld=1061&prvtof=lfFUPOQG0jEpdNAkaKjVIgfxzqXKQ6xvllUGzitrXqQ%3D&8pwtaR=e4uVBWbfkQwrgSz%2FJ+fc8UY1mnmOcdpvd+Msk1pfAJGx2Lxm%2FpSVYnXRuNsZKcSHft+AGS2W&fnnhw=QDKTRtS&&kt=112&&ki=28642044&ktd=0&kld=1061&kp=6
Show WHOIS
N/A
-
...
http://www.studyhandbook.com/Designer_Apparel.cfm?fp=8f1wvqh%2BjBVqm6%2BE6L36WRFcANxUxL6KoKWQ5rQgzp3b3%2FAkD2c%2Fvd5OQEaUxOpkNonaQppLI6uJRgyp%2FkMt3Q%2Bnyl%2FpB0sT3UXptz9NkDQilYMk1cWLkQ5MDV9T62RP0Jfbmbt20zfhn%2Buu9G5S%2FMNeV%2BHDen3bCWyhKd2EOeYS5RS4XDJvnHY5UYmXszpCxhME7OTmZSSqVY4YxIestQ%3D%3D&kbetu=1&maxads=0&kld=1061&prvtof=lfFUPOQG0jEpdNAkaKjVIgfxzqXKQ6xvllUGzitrXqQ%3D&8pwtaR=e4uVBWbfkQwrgSz%2FJ+fc8UY1mnmOcdpvd+Msk1pfAJGx2Lxm%2FpSVYnXRuNsZKcSHft+AGS2W&fnnhw=QDKTRtS&&kt=112&&ki=8158612&ktd=0&kld=1061&kp=7
Show WHOIS
N/A
-
...
http://www.studyhandbook.com/sk-privacy.php
Show WHOIS
N/A
-
...
http://www.studyhandbook.com/px.js?ch=1
Show WHOIS
N/A
-
...
http://www.studyhandbook.com/px.js?ch=2
Show WHOIS
N/A
-
...
http://i4.cdn-image.com/__media__/js/min.js?v2.3
Show WHOIS
N/A
-
...
http://www.studyhandbook.com/display.cfm
Show WHOIS
N/A
-
...
Extracted JavaScripts (5)
»
JavaScript #1
» 
var abp;
JavaScript #2
» 
function handleABPDetect(){try{if(!abp) return;var imglog = document.createElement("img");imglog.style.height="0px";imglog.style.width="0px";imglog.src="http://www.studyhandbook.com/sk-logabpstatus.php?a=UDNXWFJ2S1U3NUZ1dHlhMjl6SyttMjQ2bFFvRDRFMnNaQVhWeHVkbDNSMFBWT1BmYTk1SGFHaDlpci9BT0ZOQXAzendjL0ExVHRraHBPU0FkN1QrNXF2MXZHakpnK3ZOTnh3d1VYTkp6QmJ3b1N6VGFUTU0zeFpwOUwrVUdBcWc=&b="+abp;document.body.appendChild(imglog);if(typeof abperurl !== "undefined" && abperurl!="")window.top.location=abperurl;}catch(err){}}
JavaScript #3
» 
try{handleABPDetect();}catch(err){}
JavaScript #4
» 
if(setBrowserDetails) setBrowserDetails();
JavaScript #5
» 
var __pp = [];  atevt();
5a53e928fd12e7494c17ca8c55104377b036dd7a6eefc76790f4633dba13e5c8 Downloaded File Text
clean
...
»
Parent File analysis.pcap
MIME Type text/plain
File Size 2.35 KB
MD5 50d26c6243a5763ee18d6dbc7dd6af50 Copy to Clipboard
SHA1 fb240f0f12dac1b54a0119d37a79d3235751c87a Copy to Clipboard
SHA256 5a53e928fd12e7494c17ca8c55104377b036dd7a6eefc76790f4633dba13e5c8 Copy to Clipboard
SSDeep 48:CqDVZmbzHr3HdW1gtSZnu2LpPCtdqeOY+ysnlWH3IY1uUFcB:XDVMnr1tSZnu2LpPydqenmlzad+ Copy to Clipboard
ImpHash -
dbf1ed6baa5918a4189c72f3b2b5fad0b4dfea8d3daa838bc697303226902d14 Downloaded File Text
clean
...
»
Parent File analysis.pcap
MIME Type text/plain
File Size 2.34 KB
MD5 e6a37ccf4cac783402561d502898cdd3 Copy to Clipboard
SHA1 086beed375f2e17feb9c9cba6fb0dfc70b2f3d00 Copy to Clipboard
SHA256 dbf1ed6baa5918a4189c72f3b2b5fad0b4dfea8d3daa838bc697303226902d14 Copy to Clipboard
SSDeep 48:CjYISoM5ZyheprJgMpt+GGuTfE6iiGHjBKkaaBqci+JMEOd3uFZ:mHGZVprJNt+9uTfIiQjBlBqcFeF+Z Copy to Clipboard
ImpHash -
1d86ad203d9f732075a57918233257f12d7689499451b75db4bf8318b54b50d3 Downloaded File HTML
clean
...
»
Parent File analysis.pcap
MIME Type text/html
File Size 555 Bytes
MD5 066da7278d0dd5d9a4414eea91cfbddd Copy to Clipboard
SHA1 3d81951672ea450a68ca397cc5deb8ef6d7a7c62 Copy to Clipboard
SHA256 1d86ad203d9f732075a57918233257f12d7689499451b75db4bf8318b54b50d3 Copy to Clipboard
SSDeep 12:TjeRHVIdtklI5r3NGlTF5TF5TF5TF5TF5TFK:neRH68jTPTPTPTPTPTc Copy to Clipboard
ImpHash -
12b21857c53039d5c659c10290d5acd8c577721f3a14e385a86d99d9e771e3cb Downloaded File Text
clean
...
»
Parent File analysis.pcap
MIME Type text/plain
File Size 2.37 KB
MD5 75234d03ec9616180de09f284df17bbb Copy to Clipboard
SHA1 0035cb42a7307ac7797d76f64c80e27b60dafec5 Copy to Clipboard
SHA256 12b21857c53039d5c659c10290d5acd8c577721f3a14e385a86d99d9e771e3cb Copy to Clipboard
SSDeep 48:Cgwb5ulTAx7R0bC7laH3tqVURgHhUFVCPTbLgrgJtPVtbn577C:Wb5kTe4C7cHwmgOFcPT6gJtPVFnp7C Copy to Clipboard
ImpHash -
63eee93dea86901cd349b755345f1f7f24a479d6ce121510c54ce2c731cc68c0 Downloaded File Text
clean
...
»
Parent File analysis.pcap
MIME Type text/plain
File Size 8.07 KB
MD5 e4dccb0160daaf23bb7ff0b1f44759c5 Copy to Clipboard
SHA1 afbd1ed648ac7f612e55e2e62cf5d50e9ca4d4f9 Copy to Clipboard
SHA256 63eee93dea86901cd349b755345f1f7f24a479d6ce121510c54ce2c731cc68c0 Copy to Clipboard
SSDeep 192:kvgDYtB9RczOQ6WNkvTJUppcPVHgrtWr5Xc:OtB9qfNkF+WNXc Copy to Clipboard
ImpHash -
UNKNOWN_1 Embedded File Stream
clean
...
»
Parent File C:\Users\kEecfMwgj\Desktop\PO.doc.rtf
MIME Type application/octet-stream
File Size 2.16 KB
MD5 eba869ebafe63872c0b94e9806a3bf6b Copy to Clipboard
SHA1 d7b56206251d5b731f8fe665d1b0950c6a4d8610 Copy to Clipboard
SHA256 cdb3f8072945eb8bd1934d8f8e04d22edcba1f9ee22f35e526bbeb73de1ebe4d Copy to Clipboard
SSDeep 48:ak3+r7qwZRbs3qDwnptDQcLbiV2b68hMTn+M:RLw7bs6D0TcSf68hMt Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image