Analysis

Category Package Started Completed Duration Options Log
URL ie 2019-10-09 05:26:20 2019-10-09 05:30:21 241 seconds Show Options Show Log
  • Info: Behavioral log 2540.bson too big to be processed, skipped. Increase analysis_size_limit in cuckoo.conf
route = internet
procdump = 1
2019-10-09 06:26:21,000 [root] INFO: Date set to: 10-09-19, time set to: 05:26:21, timeout set to: 200
2019-10-09 06:26:21,015 [root] DEBUG: Starting analyzer from: C:\zkcwmmdv
2019-10-09 06:26:21,015 [root] DEBUG: Storing results at: C:\swEVmhcO
2019-10-09 06:26:21,015 [root] DEBUG: Pipe server name: \\.\PIPE\lGcMBg
2019-10-09 06:26:21,015 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-10-09 06:26:21,015 [root] INFO: Automatically selected analysis package "ie"
2019-10-09 06:26:21,451 [root] DEBUG: Started auxiliary module Browser
2019-10-09 06:26:21,451 [root] DEBUG: Started auxiliary module Curtain
2019-10-09 06:26:21,451 [modules.auxiliary.digisig] DEBUG: Skipping authenticode validation, analysis is not a file.
2019-10-09 06:26:21,451 [root] DEBUG: Started auxiliary module DigiSig
2019-10-09 06:26:21,467 [root] DEBUG: Started auxiliary module Disguise
2019-10-09 06:26:21,467 [root] DEBUG: Started auxiliary module Human
2019-10-09 06:26:21,467 [root] DEBUG: Started auxiliary module Screenshots
2019-10-09 06:26:21,467 [root] DEBUG: Started auxiliary module Sysmon
2019-10-09 06:26:21,467 [root] DEBUG: Started auxiliary module Usage
2019-10-09 06:26:21,467 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL option
2019-10-09 06:26:21,467 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL_64 option
2019-10-09 06:26:21,638 [lib.api.process] INFO: Successfully executed process from path "C:\Program Files (x86)\Internet Explorer\iexplore.exe" with arguments ""http://louvre-dev.tk/productPages/product1.html"" with pid 1728
2019-10-09 06:26:21,638 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 06:26:21,654 [lib.api.process] INFO: 32-bit DLL to inject is C:\zkcwmmdv\dll\YDUUpL.dll, loader C:\zkcwmmdv\bin\TPsRvdl.exe
2019-10-09 06:26:21,795 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lGcMBg.
2019-10-09 06:26:21,795 [root] DEBUG: Loader: Injecting process 1728 (thread 2120) with C:\zkcwmmdv\dll\YDUUpL.dll.
2019-10-09 06:26:21,795 [root] DEBUG: Process image base: 0x001E0000
2019-10-09 06:26:21,795 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\zkcwmmdv\dll\YDUUpL.dll.
2019-10-09 06:26:21,795 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x00286000 - 0x00310000
2019-10-09 06:26:21,795 [root] DEBUG: InjectDllViaIAT: Allocated 0x214 bytes for new import table at 0x00290000.
2019-10-09 06:26:21,795 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-10-09 06:26:21,795 [root] DEBUG: Successfully injected DLL C:\zkcwmmdv\dll\YDUUpL.dll.
2019-10-09 06:26:21,795 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1728
2019-10-09 06:26:23,808 [lib.api.process] INFO: Successfully resumed process with pid 1728
2019-10-09 06:26:23,808 [root] INFO: Added new process to list with pid: 1728
2019-10-09 06:26:23,901 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 06:26:23,901 [root] DEBUG: Process dumps enabled.
2019-10-09 06:26:23,979 [root] INFO: Disabling sleep skipping.
2019-10-09 06:26:23,979 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-10-09 06:26:23,979 [root] INFO: Disabling sleep skipping.
2019-10-09 06:26:23,979 [root] INFO: Disabling sleep skipping.
2019-10-09 06:26:23,979 [root] INFO: Disabling sleep skipping.
2019-10-09 06:26:23,979 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1728 at 0x74940000, image base 0x1e0000, stack from 0x522000-0x530000
2019-10-09 06:26:23,979 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" "http:\louvre-dev.tk\productPages\product1.html".
2019-10-09 06:26:23,979 [root] INFO: Monitor successfully loaded in process with pid 1728.
2019-10-09 06:26:23,994 [root] DEBUG: DLL unloaded from 0x754F0000.
2019-10-09 06:26:24,042 [root] DEBUG: DLL loaded at 0x72F70000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-10-09 06:26:24,072 [root] DEBUG: DLL loaded at 0x74830000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-10-09 06:26:24,088 [root] DEBUG: DLL loaded at 0x743A0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-10-09 06:26:24,134 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\profapi (0xb000 bytes).
2019-10-09 06:26:24,151 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-10-09 06:26:24,151 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-10-09 06:26:24,151 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-10-09 06:26:24,151 [root] DEBUG: DLL loaded at 0x74810000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-10-09 06:26:24,165 [root] DEBUG: DLL loaded at 0x74800000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-10-09 06:26:24,165 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-10-09 06:26:24,181 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-10-09 06:26:24,197 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\System32\nlaapi (0x10000 bytes).
2019-10-09 06:26:24,213 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-10-09 06:26:24,213 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-10-09 06:26:24,213 [root] DEBUG: DLL loaded at 0x747F0000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-10-09 06:26:24,213 [root] DEBUG: DLL unloaded from 0x74340000.
2019-10-09 06:26:24,229 [root] DEBUG: DLL loaded at 0x750B0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-10-09 06:26:24,290 [root] DEBUG: DLL loaded at 0x74360000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-10-09 06:26:24,306 [root] DEBUG: DLL unloaded from 0x76C00000.
2019-10-09 06:26:24,306 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-10-09 06:26:24,306 [root] DEBUG: DLL unloaded from 0x74360000.
2019-10-09 06:26:24,306 [root] DEBUG: DLL loaded at 0x74870000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-10-09 06:26:24,306 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-10-09 06:26:24,322 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-10-09 06:26:24,354 [root] DEBUG: DLL loaded at 0x747E0000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-10-09 06:26:24,447 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-10-09 06:26:24,477 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-10-09 06:26:24,509 [root] INFO: Announced 32-bit process name: iexplore.exe pid: 812
2019-10-09 06:26:24,509 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 06:26:24,509 [lib.api.process] INFO: 32-bit DLL to inject is C:\zkcwmmdv\dll\YDUUpL.dll, loader C:\zkcwmmdv\bin\TPsRvdl.exe
2019-10-09 06:26:24,509 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lGcMBg.
2019-10-09 06:26:24,509 [root] DEBUG: Loader: Injecting process 812 (thread 1592) with C:\zkcwmmdv\dll\YDUUpL.dll.
2019-10-09 06:26:24,509 [root] DEBUG: Process image base: 0x001E0000
2019-10-09 06:26:24,509 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\zkcwmmdv\dll\YDUUpL.dll.
2019-10-09 06:26:24,509 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x00286000 - 0x002E0000
2019-10-09 06:26:24,509 [root] DEBUG: InjectDllViaIAT: Allocated 0x214 bytes for new import table at 0x00290000.
2019-10-09 06:26:24,509 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-10-09 06:26:24,509 [root] DEBUG: Successfully injected DLL C:\zkcwmmdv\dll\YDUUpL.dll.
2019-10-09 06:26:24,509 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 812
2019-10-09 06:26:24,509 [root] DEBUG: DLL unloaded from 0x001E0000.
2019-10-09 06:26:24,509 [root] INFO: Announced 32-bit process name: iexplore.exe pid: 812
2019-10-09 06:26:24,509 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 06:26:24,509 [lib.api.process] INFO: 32-bit DLL to inject is C:\zkcwmmdv\dll\YDUUpL.dll, loader C:\zkcwmmdv\bin\TPsRvdl.exe
2019-10-09 06:26:24,509 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lGcMBg.
2019-10-09 06:26:24,509 [root] DEBUG: Loader: Injecting process 812 (thread 1592) with C:\zkcwmmdv\dll\YDUUpL.dll.
2019-10-09 06:26:24,509 [root] DEBUG: Process image base: 0x001E0000
2019-10-09 06:26:24,509 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\zkcwmmdv\dll\YDUUpL.dll.
2019-10-09 06:26:24,509 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2019-10-09 06:26:24,509 [root] DEBUG: Successfully injected DLL C:\zkcwmmdv\dll\YDUUpL.dll.
2019-10-09 06:26:24,509 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 812
2019-10-09 06:26:24,509 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-10-09 06:26:24,525 [root] DEBUG: DLL loaded at 0x74320000: C:\Windows\system32\rasman (0x15000 bytes).
2019-10-09 06:26:24,525 [root] DEBUG: DLL unloaded from 0x74340000.
2019-10-09 06:26:24,525 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 06:26:24,525 [root] DEBUG: Process dumps enabled.
2019-10-09 06:26:24,525 [root] INFO: Disabling sleep skipping.
2019-10-09 06:26:24,525 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-10-09 06:26:24,525 [root] DEBUG: DLL unloaded from 0x747D0000.
2019-10-09 06:26:24,525 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-10-09 06:26:24,525 [root] DEBUG: DLL unloaded from 0x74320000.
2019-10-09 06:26:24,525 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 812 at 0x74940000, image base 0x1e0000, stack from 0x3d2000-0x3e0000
2019-10-09 06:26:24,525 [root] DEBUG: Commandline: C:\Users\user\Desktop\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1728 CREDAT:79873.
2019-10-09 06:26:24,525 [root] INFO: Added new process to list with pid: 812
2019-10-09 06:26:24,525 [root] INFO: Monitor successfully loaded in process with pid 812.
2019-10-09 06:26:24,525 [root] DEBUG: DLL unloaded from 0x754F0000.
2019-10-09 06:26:24,525 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 06:26:24,525 [root] DEBUG: DLL loaded at 0x72F70000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-10-09 06:26:24,525 [root] DEBUG: DLL loaded at 0x74310000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-10-09 06:26:24,525 [root] DEBUG: DLL loaded at 0x74830000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-10-09 06:26:24,540 [root] DEBUG: DLL loaded at 0x743A0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-10-09 06:26:24,540 [root] DEBUG: DLL loaded at 0x750B0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-10-09 06:26:24,540 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-10-09 06:26:24,555 [root] DEBUG: DLL loaded at 0x74BC0000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-10-09 06:26:24,555 [root] DEBUG: DLL loaded at 0x74BA0000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-10-09 06:26:24,572 [root] DEBUG: DLL loaded at 0x742D0000: C:\Program Files (x86)\Internet Explorer\IEShims (0x35000 bytes).
2019-10-09 06:26:24,588 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-10-09 06:26:24,588 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-10-09 06:26:24,588 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-10-09 06:26:24,588 [root] DEBUG: DLL loaded at 0x742C0000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-10-09 06:26:24,588 [root] DEBUG: DLL loaded at 0x747F0000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-10-09 06:26:24,588 [root] DEBUG: DLL loaded at 0x742B0000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-10-09 06:26:24,602 [root] INFO: Announced 64-bit process name: explorer.exe pid: 1632
2019-10-09 06:26:24,602 [root] DEBUG: DLL loaded at 0x74270000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-10-09 06:26:24,618 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 06:26:24,618 [lib.api.process] INFO: 64-bit DLL to inject is C:\zkcwmmdv\dll\YBpAzCht.dll, loader C:\zkcwmmdv\bin\tyfXrVbn.exe
2019-10-09 06:26:24,618 [root] DEBUG: DLL loaded at 0x74230000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-10-09 06:26:24,618 [root] DEBUG: DLL unloaded from 0x76C00000.
2019-10-09 06:26:24,618 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-10-09 06:26:24,618 [root] DEBUG: DLL unloaded from 0x74230000.
2019-10-09 06:26:24,618 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lGcMBg.
2019-10-09 06:26:24,618 [root] DEBUG: Loader: Injecting process 1632 (thread 0) with C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:26:24,618 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed.
2019-10-09 06:26:24,634 [root] DEBUG: DLL loaded at 0x74130000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-10-09 06:26:24,634 [root] DEBUG: DLL loaded at 0x74110000: C:\Windows\system32\DHCPCSVC (0x12000 bytes).
2019-10-09 06:26:24,634 [root] DEBUG: DLL loaded at 0x74100000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-10-09 06:26:24,634 [root] DEBUG: DLL unloaded from 0x74810000.
2019-10-09 06:26:24,634 [root] DEBUG: DLL unloaded from 0x74110000.
2019-10-09 06:26:24,650 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 06:26:24,650 [root] DEBUG: Process dumps enabled.
2019-10-09 06:26:24,665 [root] INFO: Disabling sleep skipping.
2019-10-09 06:26:24,665 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-10-09 06:26:24,665 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-10-09 06:26:24,665 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-10-09 06:26:24,680 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-10-09 06:26:24,697 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-10-09 06:26:24,697 [root] DEBUG: DLL loaded at 0x74000000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-10-09 06:26:24,711 [root] DEBUG: DLL loaded at 0x74870000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-10-09 06:26:24,727 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-10-09 06:26:24,727 [root] WARNING: Unable to place hook on LockResource
2019-10-09 06:26:24,727 [root] WARNING: Unable to hook LockResource
2019-10-09 06:26:24,743 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\profapi (0xb000 bytes).
2019-10-09 06:26:24,789 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 1632 at 0x0000000074190000, image base 0x00000000FF900000, stack from 0x0000000004562000-0x0000000004570000
2019-10-09 06:26:24,789 [root] DEBUG: Commandline: C:\Windows\explorer.exe.
2019-10-09 06:26:24,789 [root] INFO: Added new process to list with pid: 1632
2019-10-09 06:26:24,789 [root] INFO: Monitor successfully loaded in process with pid 1632.
2019-10-09 06:26:24,805 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-10-09 06:26:24,805 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-10-09 06:26:24,805 [root] DEBUG: Successfully injected DLL C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:26:24,836 [root] DEBUG: DLL loaded at 0x73FD0000: C:\Windows\system32\IEUI (0x2d000 bytes).
2019-10-09 06:26:24,884 [root] DEBUG: DLL loaded at 0x73FC0000: C:\Windows\system32\MSIMG32 (0x5000 bytes).
2019-10-09 06:26:24,946 [root] DEBUG: DLL loaded at 0x73F90000: C:\Program Files (x86)\Internet Explorer\ieproxy (0x2b000 bytes).
2019-10-09 06:26:24,961 [root] DEBUG: DLL loaded at 0x74000000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-10-09 06:26:24,977 [root] DEBUG: DLL unloaded from 0x74000000.
2019-10-09 06:26:24,993 [root] DEBUG: DLL loaded at 0x73F80000: C:\Windows\system32\mssprxy (0xc000 bytes).
2019-10-09 06:26:25,009 [root] DEBUG: DLL loaded at 0x73F00000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-10-09 06:26:25,180 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-10-09 06:26:25,180 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-10-09 06:26:25,180 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-10-09 06:26:25,180 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-10-09 06:26:25,196 [root] DEBUG: DLL loaded at 0x73ED0000: C:\Windows\system32\xmllite (0x2f000 bytes).
2019-10-09 06:26:25,289 [root] DEBUG: DLL loaded at 0x73D60000: C:\Windows\system32\explorerframe (0x16f000 bytes).
2019-10-09 06:26:25,335 [root] DEBUG: DLL loaded at 0x73D30000: C:\Windows\system32\DUser (0x2f000 bytes).
2019-10-09 06:26:25,351 [root] DEBUG: DLL loaded at 0x73C70000: C:\Windows\system32\DUI70 (0xb2000 bytes).
2019-10-09 06:26:25,492 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-10-09 06:26:25,492 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-10-09 06:26:25,492 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-10-09 06:26:25,492 [root] DEBUG: DLL loaded at 0x74810000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-10-09 06:26:25,492 [root] DEBUG: DLL loaded at 0x74800000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-10-09 06:26:25,492 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-10-09 06:26:25,507 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-10-09 06:26:25,507 [root] DEBUG: DLL loaded at 0x73F90000: C:\Program Files (x86)\Internet Explorer\ieproxy (0x2b000 bytes).
2019-10-09 06:26:25,523 [root] DEBUG: DLL loaded at 0x73BD0000: C:\Windows\system32\msfeeds (0x96000 bytes).
2019-10-09 06:26:25,601 [root] DEBUG: DLL loaded at 0x73BA0000: C:\Windows\system32\MLANG (0x2e000 bytes).
2019-10-09 06:26:25,601 [root] DEBUG: DLL loaded at 0x751A0000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-10-09 06:26:25,617 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-10-09 06:26:25,617 [root] DEBUG: DLL loaded at 0x747E0000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-10-09 06:26:25,617 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-10-09 06:26:25,664 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-10-09 06:26:25,664 [root] DEBUG: DLL loaded at 0x74320000: C:\Windows\system32\rasman (0x15000 bytes).
2019-10-09 06:26:25,664 [root] DEBUG: DLL unloaded from 0x74340000.
2019-10-09 06:26:25,664 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-10-09 06:26:25,664 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 06:26:25,664 [root] DEBUG: DLL loaded at 0x74310000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-10-09 06:26:25,664 [root] DEBUG: DLL unloaded from 0x74320000.
2019-10-09 06:26:25,664 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-10-09 06:26:25,664 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\system32\mswsock (0x3c000 bytes).
2019-10-09 06:26:25,664 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-10-09 06:26:25,664 [root] DEBUG: DLL loaded at 0x751A0000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-10-09 06:26:25,680 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-10-09 06:26:25,680 [root] DEBUG: DLL loaded at 0x74BC0000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-10-09 06:26:25,680 [root] DEBUG: DLL loaded at 0x74BA0000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-10-09 06:26:25,680 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-10-09 06:26:25,680 [root] DEBUG: DLL loaded at 0x742C0000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-10-09 06:26:25,680 [root] DEBUG: DLL loaded at 0x742B0000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-10-09 06:26:25,680 [root] DEBUG: DLL loaded at 0x74270000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-10-09 06:26:25,680 [root] DEBUG: DLL loaded at 0x74130000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-10-09 06:26:25,694 [root] DEBUG: DLL loaded at 0x74110000: C:\Windows\system32\DHCPCSVC (0x12000 bytes).
2019-10-09 06:26:25,694 [root] DEBUG: DLL loaded at 0x74100000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-10-09 06:26:25,694 [root] DEBUG: DLL loaded at 0x73BA0000: C:\Windows\system32\MLANG (0x2e000 bytes).
2019-10-09 06:26:25,694 [root] DEBUG: DLL unloaded from 0x74810000.
2019-10-09 06:26:25,694 [root] DEBUG: DLL unloaded from 0x74110000.
2019-10-09 06:26:25,710 [root] DEBUG: DLL loaded at 0x73F00000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-10-09 06:26:25,726 [root] DEBUG: DLL loaded at 0x73B80000: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim (0x11000 bytes).
2019-10-09 06:26:25,726 [root] DEBUG: DLL loaded at 0x73AE0000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80 (0x9b000 bytes).
2019-10-09 06:26:25,742 [root] DEBUG: DLL loaded at 0x72EE0000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCP80 (0x87000 bytes).
2019-10-09 06:26:25,757 [root] DEBUG: DLL loaded at 0x73AD0000: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper (0x10000 bytes).
2019-10-09 06:26:26,053 [root] DEBUG: DLL loaded at 0x74CE0000: C:\PROGRA~2\MICROS~1\Office14\URLREDIR (0x91000 bytes).
2019-10-09 06:26:26,131 [root] DEBUG: DLL loaded at 0x74CD0000: C:\Windows\system32\Secur32 (0x8000 bytes).
2019-10-09 06:26:26,131 [root] DEBUG: DLL loaded at 0x74D80000: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90 (0xa3000 bytes).
2019-10-09 06:26:26,148 [root] DEBUG: DLL loaded at 0x74CB0000: C:\PROGRA~2\MICROS~1\Office14\MSOHEV (0x14000 bytes).
2019-10-09 06:26:26,226 [root] DEBUG: DLL loaded at 0x74CA0000: C:\Program Files (x86)\Java\jre7\bin\jp2ssv (0xf000 bytes).
2019-10-09 06:26:26,272 [root] DEBUG: DLL loaded at 0x74710000: C:\Program Files (x86)\Java\jre7\bin\MSVCR100 (0xbe000 bytes).
2019-10-09 06:26:26,303 [root] DEBUG: set_caller_info: Adding region at 0x044B0000 to caller regions list (ntdll::LdrLoadDll).
2019-10-09 06:26:26,335 [root] DEBUG: set_caller_info: Adding region at 0x01FD0000 to caller regions list (advapi32::RegOpenKeyExA).
2019-10-09 06:26:26,349 [root] DEBUG: DLL loaded at 0x746B0000: C:\Windows\system32\SXS (0x5f000 bytes).
2019-10-09 06:26:26,569 [root] DEBUG: DLL loaded at 0x74690000: C:\Windows\system32\DWMAPI (0x13000 bytes).
2019-10-09 06:26:26,615 [root] DEBUG: DLL loaded at 0x746B0000: C:\Windows\system32\SXS (0x5f000 bytes).
2019-10-09 06:26:26,661 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-10-09 06:26:26,661 [root] INFO: Announced 64-bit process name: explorer.exe pid: 880
2019-10-09 06:26:26,661 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 06:26:26,661 [lib.api.process] INFO: 64-bit DLL to inject is C:\zkcwmmdv\dll\YBpAzCht.dll, loader C:\zkcwmmdv\bin\tyfXrVbn.exe
2019-10-09 06:26:26,661 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lGcMBg.
2019-10-09 06:26:26,694 [root] DEBUG: Loader: Injecting process 880 (thread 0) with C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:26:26,694 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 624, handle 0x84
2019-10-09 06:26:26,694 [root] DEBUG: Process image base: 0x00000000FF790000
2019-10-09 06:26:26,694 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2019-10-09 06:26:26,694 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2019-10-09 06:26:26,709 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 06:26:26,709 [root] DEBUG: Process dumps enabled.
2019-10-09 06:26:26,709 [root] INFO: Disabling sleep skipping.
2019-10-09 06:26:26,726 [root] WARNING: Unable to place hook on LockResource
2019-10-09 06:26:26,733 [root] WARNING: Unable to hook LockResource
2019-10-09 06:26:26,734 [root] DEBUG: set_caller_info: Adding region at 0x00000000FF790000 to caller regions list (ole32::CoCreateInstance).
2019-10-09 06:26:26,734 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 880 at 0x00000000745B0000, image base 0x00000000FF790000, stack from 0x0000000004ED2000-0x0000000004EE0000
2019-10-09 06:26:26,734 [root] DEBUG: Commandline: C:\Windows\sysnative\explorer.exe.
2019-10-09 06:26:26,734 [root] INFO: Added new process to list with pid: 880
2019-10-09 06:26:26,734 [root] INFO: Monitor successfully loaded in process with pid 880.
2019-10-09 06:26:26,734 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-10-09 06:26:26,734 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-10-09 06:26:26,734 [root] DEBUG: Successfully injected DLL C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:26:26,815 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-10-09 06:26:26,845 [root] INFO: Process with pid 1632 has terminated
2019-10-09 06:26:26,923 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 06:26:27,000 [modules.auxiliary.human] INFO: Found button "Close the program", clicking it
2019-10-09 06:26:27,282 [root] WARNING: File at path "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\favicon[1].ico" does not exist, skip.
2019-10-09 06:26:27,999 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 06:26:28,686 [root] DEBUG: DLL loaded at 0x72920000: C:\Windows\SysWOW64\mshtml (0x5b7000 bytes).
2019-10-09 06:26:28,717 [root] DEBUG: DLL loaded at 0x74580000: C:\Windows\SysWOW64\msls31 (0x2a000 bytes).
2019-10-09 06:26:28,763 [root] DEBUG: DLL loaded at 0x74560000: C:\Windows\system32\USERENV (0x17000 bytes).
2019-10-09 06:26:28,763 [root] DEBUG: DLL loaded at 0x75470000: C:\Windows\syswow64\wintrust (0x2d000 bytes).
2019-10-09 06:26:28,795 [root] DEBUG: DLL loaded at 0x74230000: C:\Windows\system32\schannel (0x3a000 bytes).
2019-10-09 06:26:28,825 [root] DEBUG: DLL loaded at 0x74200000: C:\Windows\SysWOW64\iepeers (0x30000 bytes).
2019-10-09 06:26:28,857 [root] DEBUG: DLL loaded at 0x741A0000: C:\Windows\SysWOW64\WINSPOOL.DRV (0x51000 bytes).
2019-10-09 06:26:28,904 [root] DEBUG: DLL loaded at 0x74550000: C:\Windows\system32\msimtf (0xb000 bytes).
2019-10-09 06:26:28,997 [root] DEBUG: DLL loaded at 0x72860000: C:\Windows\SysWOW64\jscript (0xb2000 bytes).
2019-10-09 06:26:29,029 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-10-09 06:26:29,184 [root] DEBUG: DLL loaded at 0x74540000: C:\Windows\system32\credssp (0x8000 bytes).
2019-10-09 06:26:29,184 [root] DEBUG: DLL unloaded from 0x74C70000.
2019-10-09 06:26:29,480 [root] DEBUG: DLL loaded at 0x72820000: C:\Windows\system32\ncrypt (0x38000 bytes).
2019-10-09 06:26:29,496 [root] DEBUG: DLL loaded at 0x72800000: C:\Windows\system32\bcrypt (0x17000 bytes).
2019-10-09 06:26:29,496 [root] DEBUG: DLL loaded at 0x727C0000: C:\Windows\SysWOW64\bcryptprimitives (0x3d000 bytes).
2019-10-09 06:26:29,528 [root] DEBUG: DLL loaded at 0x727A0000: C:\Windows\system32\GPAPI (0x16000 bytes).
2019-10-09 06:26:29,543 [root] DEBUG: DLL loaded at 0x72780000: C:\Windows\system32\cryptnet (0x1c000 bytes).
2019-10-09 06:26:29,637 [root] DEBUG: DLL loaded at 0x72760000: C:\Windows\system32\Cabinet (0x15000 bytes).
2019-10-09 06:26:29,667 [root] DEBUG: DLL loaded at 0x74190000: C:\Windows\system32\DEVRTL (0xe000 bytes).
2019-10-09 06:26:29,667 [root] DEBUG: DLL unloaded from 0x75A70000.
2019-10-09 06:26:29,700 [root] DEBUG: DLL loaded at 0x72740000: C:\Windows\system32\T2EMBED (0x1e000 bytes).
2019-10-09 06:26:29,762 [root] DEBUG: DLL loaded at 0x726E0000: C:\Windows\system32\WINHTTP (0x58000 bytes).
2019-10-09 06:26:29,762 [root] DEBUG: DLL loaded at 0x72690000: C:\Windows\system32\webio (0x4f000 bytes).
2019-10-09 06:26:29,778 [root] DEBUG: set_caller_info: Adding region at 0x72690000 to caller regions list (ntdll::LdrLoadDll).
2019-10-09 06:26:29,778 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-10-09 06:26:29,778 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-10-09 06:26:29,792 [root] DEBUG: DLL unloaded from 0x726E0000.
2019-10-09 06:26:29,792 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-10-09 06:26:29,809 [root] DEBUG: DLL unloaded from 0x726E0000.
2019-10-09 06:26:30,355 [root] DEBUG: DLL unloaded from 0x72780000.
2019-10-09 06:26:30,355 [root] DEBUG: DLL unloaded from 0x75A70000.
2019-10-09 06:26:30,494 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-10-09 06:26:30,494 [root] DEBUG: DLL unloaded from 0x726E0000.
2019-10-09 06:26:30,494 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-10-09 06:26:30,510 [root] DEBUG: DLL unloaded from 0x726E0000.
2019-10-09 06:26:30,792 [root] DEBUG: DLL unloaded from 0x72780000.
2019-10-09 06:26:30,979 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-10-09 06:26:31,664 [root] DEBUG: DLL loaded at 0x000007FEF96C0000: C:\Windows\system32\stobject (0x43000 bytes).
2019-10-09 06:26:31,711 [root] DEBUG: DLL loaded at 0x000007FEF7FB0000: C:\Windows\system32\BatMeter (0xba000 bytes).
2019-10-09 06:26:31,711 [root] DEBUG: DLL unloaded from 0x726E0000.
2019-10-09 06:26:31,727 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-10-09 06:26:31,727 [root] DEBUG: DLL unloaded from 0x726E0000.
2019-10-09 06:26:31,743 [root] DEBUG: DLL loaded at 0x000007FEFAFA0000: C:\Windows\system32\WTSAPI32 (0x11000 bytes).
2019-10-09 06:26:31,868 [root] DEBUG: DLL loaded at 0x000007FEFB0D0000: C:\Windows\system32\es (0x67000 bytes).
2019-10-09 06:26:31,868 [root] DEBUG: DLL loaded at 0x000007FEF7DB0000: C:\Windows\system32\prnfldr (0x69000 bytes).
2019-10-09 06:26:31,884 [root] DEBUG: DLL loaded at 0x000007FEF8A20000: C:\Windows\system32\WINSPOOL.DRV (0x71000 bytes).
2019-10-09 06:26:31,898 [root] DEBUG: DLL unloaded from 0x72780000.
2019-10-09 06:26:32,257 [root] DEBUG: DLL loaded at 0x000007FEF7D30000: C:\Windows\system32\dxp (0x74000 bytes).
2019-10-09 06:26:32,289 [root] DEBUG: DLL loaded at 0x000007FEFEB00000: C:\Windows\system32\urlmon (0x178000 bytes).
2019-10-09 06:26:32,305 [root] DEBUG: DLL loaded at 0x000007FEFEC80000: C:\Windows\system32\WININET (0x12a000 bytes).
2019-10-09 06:26:32,305 [root] DEBUG: DLL loaded at 0x000007FEFF1C0000: C:\Windows\system32\iertutil (0x259000 bytes).
2019-10-09 06:26:32,305 [root] DEBUG: DLL unloaded from 0x75700000.
2019-10-09 06:26:32,319 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFF1C0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:32,351 [root] DEBUG: DLL loaded at 0x000007FEFB000000: C:\Windows\system32\Syncreg (0x16000 bytes).
2019-10-09 06:26:32,367 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFB000000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:32,476 [root] DEBUG: DLL loaded at 0x000007FEFAFF0000: C:\Windows\ehome\ehSSO (0xb000 bytes).
2019-10-09 06:26:32,476 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFAFF0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:32,476 [root] DEBUG: DLL unloaded from 0x000007FEFAFF0000.
2019-10-09 06:26:32,569 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 06:26:32,569 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 06:26:32,585 [root] DEBUG: DLL loaded at 0x000007FEF6F60000: C:\Windows\System32\netshell (0x28b000 bytes).
2019-10-09 06:26:32,585 [root] DEBUG: DLL loaded at 0x000007FEFAF10000: C:\Windows\System32\IPHLPAPI (0x27000 bytes).
2019-10-09 06:26:32,585 [root] DEBUG: DLL loaded at 0x000007FEFE2F0000: C:\Windows\system32\NSI (0x8000 bytes).
2019-10-09 06:26:32,585 [root] DEBUG: DLL loaded at 0x000007FEFAED0000: C:\Windows\System32\WINNSI (0xb000 bytes).
2019-10-09 06:26:32,585 [root] DEBUG: DLL loaded at 0x000007FEFB300000: C:\Windows\System32\nlaapi (0x15000 bytes).
2019-10-09 06:26:32,601 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFAED0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:32,617 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFAF10000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:32,617 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFB300000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:32,631 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF6F60000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:32,710 [root] DEBUG: DLL unloaded from 0x000007FEFD560000.
2019-10-09 06:26:32,819 [root] DEBUG: DLL loaded at 0x000007FEFA990000: C:\Windows\System32\AltTab (0x10000 bytes).
2019-10-09 06:26:32,819 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFA990000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:32,928 [root] DEBUG: DLL loaded at 0x000007FEF96A0000: C:\Windows\system32\wpdshserviceobj (0x20000 bytes).
2019-10-09 06:26:32,944 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF96A0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:32,944 [root] DEBUG: DLL loaded at 0x000007FEF8710000: C:\Windows\system32\PortableDeviceTypes (0x39000 bytes).
2019-10-09 06:26:32,960 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF8710000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:32,960 [root] DEBUG: DLL loaded at 0x000007FEF91F0000: C:\Windows\system32\PortableDeviceApi (0xbd000 bytes).
2019-10-09 06:26:32,990 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF91F0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,022 [root] DEBUG: DLL loaded at 0x000007FEF6880000: C:\Windows\System32\pnidui (0x1bd000 bytes).
2019-10-09 06:26:33,022 [root] DEBUG: DLL loaded at 0x000007FEF9680000: C:\Windows\System32\QUtil (0x1f000 bytes).
2019-10-09 06:26:33,022 [root] DEBUG: DLL loaded at 0x000007FEFCB00000: C:\Windows\System32\wevtapi (0x6d000 bytes).
2019-10-09 06:26:33,053 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFCB00000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,085 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF9680000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,085 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF6880000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,085 [root] DEBUG: DLL unloaded from 0x000007FEFB9C0000.
2019-10-09 06:26:33,085 [root] DEBUG: DLL loaded at 0x000007FEFD360000: C:\Windows\system32\WINTRUST (0x3a000 bytes).
2019-10-09 06:26:33,115 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFD360000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,131 [root] DEBUG: DLL loaded at 0x000007FEFEAE0000: C:\Windows\system32\imagehlp (0x17000 bytes).
2019-10-09 06:26:33,147 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFEAE0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,163 [root] DEBUG: DLL unloaded from 0x000007FEFBD00000.
2019-10-09 06:26:33,163 [root] DEBUG: DLL loaded at 0x000007FEF7790000: C:\Windows\System32\cscobj (0x3f000 bytes).
2019-10-09 06:26:33,177 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF7790000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,194 [root] DEBUG: DLL loaded at 0x000007FEF7CF0000: C:\Windows\System32\ncsi (0x38000 bytes).
2019-10-09 06:26:33,210 [root] DEBUG: DLL loaded at 0x000007FEF4950000: C:\Windows\system32\WINHTTP (0x71000 bytes).
2019-10-09 06:26:33,210 [root] DEBUG: DLL loaded at 0x000007FEF4500000: C:\Windows\system32\webio (0x64000 bytes).
2019-10-09 06:26:33,210 [root] DEBUG: DLL loaded at 0x000007FEFAE20000: C:\Windows\system32\fwpuclnt (0x53000 bytes).
2019-10-09 06:26:33,224 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF4500000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,240 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF4950000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,272 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFAE20000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,272 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF7CF0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,272 [root] DEBUG: DLL loaded at 0x000007FEF75B0000: C:\Windows\System32\srchadmin (0x58000 bytes).
2019-10-09 06:26:33,288 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF75B0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,319 [root] DEBUG: DLL loaded at 0x000007FEFAD90000: C:\Windows\system32\dhcpcsvc6 (0x11000 bytes).
2019-10-09 06:26:33,319 [root] DEBUG: DLL loaded at 0x000007FEFEE90000: C:\Windows\system32\WS2_32 (0x4d000 bytes).
2019-10-09 06:26:33,319 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFEE90000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,334 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFAD90000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,334 [root] DEBUG: DLL unloaded from 0x000007FEF75B0000.
2019-10-09 06:26:33,334 [root] DEBUG: DLL loaded at 0x000007FEF57C0000: C:\Windows\system32\mssprxy (0x1d000 bytes).
2019-10-09 06:26:33,349 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF57C0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,349 [root] DEBUG: DLL loaded at 0x000007FEFAD70000: C:\Windows\system32\dhcpcsvc (0x18000 bytes).
2019-10-09 06:26:33,349 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFAD70000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,349 [root] DEBUG: DLL unloaded from 0x0000000077110000.
2019-10-09 06:26:33,365 [root] DEBUG: DLL unloaded from 0x0000000076FF0000.
2019-10-09 06:26:33,365 [root] DEBUG: DLL unloaded from 0x000007FEF57C0000.
2019-10-09 06:26:33,365 [root] DEBUG: DLL unloaded from 0x000007FEFD560000.
2019-10-09 06:26:33,365 [root] DEBUG: DLL loaded at 0x000007FEFC500000: C:\Windows\system32\credssp (0xa000 bytes).
2019-10-09 06:26:33,381 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFC500000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,381 [root] DEBUG: DLL unloaded from 0x000007FEFC8F0000.
2019-10-09 06:26:33,397 [root] DEBUG: DLL loaded at 0x000007FEF6830000: C:\Windows\system32\webcheck (0x4a000 bytes).
2019-10-09 06:26:33,411 [root] DEBUG: DLL loaded at 0x000007FEF23F0000: C:\Windows\system32\IEFRAME (0xbb7000 bytes).
2019-10-09 06:26:33,411 [root] DEBUG: DLL loaded at 0x000007FEF67D0000: C:\Windows\system32\OLEACC (0x54000 bytes).
2019-10-09 06:26:33,427 [root] DEBUG: DLL loaded at 0x000007FEF6790000: C:\Windows\system32\MLANG (0x3b000 bytes).
2019-10-09 06:26:33,427 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF67D0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,444 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF23F0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,459 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF6790000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,459 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF6830000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,474 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFE2F0000 to caller regions list (ntdll::NtCreateEvent).
2019-10-09 06:26:33,474 [root] DEBUG: DLL unloaded from 0x000007FEF6830000.
2019-10-09 06:26:33,474 [root] DEBUG: DLL unloaded from 0x000007FEF7CF0000.
2019-10-09 06:26:33,474 [root] DEBUG: DLL unloaded from 0x0000000076FF0000.
2019-10-09 06:26:33,506 [root] DEBUG: DLL unloaded from 0x000007FEF75B0000.
2019-10-09 06:26:33,786 [root] DEBUG: DLL loaded at 0x000007FEF67B0000: C:\Windows\System32\Actioncenter (0xc2000 bytes).
2019-10-09 06:26:33,818 [root] INFO: Stopped Task Scheduler Service
2019-10-09 06:26:33,848 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF67B0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:33,943 [root] DEBUG: DLL unloaded from 0x000007FEFD560000.
2019-10-09 06:26:34,005 [root] INFO: Started Task Scheduler Service
2019-10-09 06:26:34,005 [root] DEBUG: DLL loaded at 0x000007FEF6580000: C:\Windows\System32\SyncCenter (0x22b000 bytes).
2019-10-09 06:26:34,005 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 06:26:34,005 [lib.api.process] INFO: 64-bit DLL to inject is C:\zkcwmmdv\dll\YBpAzCht.dll, loader C:\zkcwmmdv\bin\tyfXrVbn.exe
2019-10-09 06:26:34,020 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lGcMBg.
2019-10-09 06:26:34,020 [root] DEBUG: Loader: Injecting process 816 (thread 0) with C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:26:34,020 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 820, handle 0x84
2019-10-09 06:26:34,020 [root] DEBUG: Process image base: 0x00000000FFA10000
2019-10-09 06:26:34,020 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF6580000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:34,020 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2019-10-09 06:26:34,020 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2019-10-09 06:26:34,020 [root] DEBUG: DLL loaded at 0x000007FEF7CF0000: C:\Windows\system32\Wlanapi (0x20000 bytes).
2019-10-09 06:26:34,020 [root] DEBUG: DLL loaded at 0x000007FEFA740000: C:\Windows\system32\wlanutil (0x7000 bytes).
2019-10-09 06:26:34,020 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 06:26:34,020 [root] DEBUG: Process dumps enabled.
2019-10-09 06:26:34,020 [root] INFO: Disabling sleep skipping.
2019-10-09 06:26:34,036 [root] WARNING: Unable to place hook on LockResource
2019-10-09 06:26:34,036 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFA740000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:34,036 [root] WARNING: Unable to hook LockResource
2019-10-09 06:26:34,036 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 816 at 0x00000000745B0000, image base 0x00000000FFA10000, stack from 0x0000000001AB6000-0x0000000001AC0000
2019-10-09 06:26:34,036 [root] DEBUG: Commandline: C:\Windows\sysnative\svchost.exe -k netsvcs.
2019-10-09 06:26:34,036 [root] INFO: Added new process to list with pid: 816
2019-10-09 06:26:34,036 [root] INFO: Monitor successfully loaded in process with pid 816.
2019-10-09 06:26:34,036 [root] DEBUG: DLL loaded at 0x000007FEF6520000: C:\Windows\system32\wwanapi (0x5e000 bytes).
2019-10-09 06:26:34,052 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-10-09 06:26:34,052 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-10-09 06:26:34,052 [root] DEBUG: DLL loaded at 0x000007FEFA540000: C:\Windows\system32\wwapi (0xd000 bytes).
2019-10-09 06:26:34,052 [root] DEBUG: Successfully injected DLL C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:26:34,068 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFA540000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:34,082 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF6520000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:34,082 [root] DEBUG: DLL unloaded from 0x000007FEF6520000.
2019-10-09 06:26:34,082 [root] DEBUG: DLL loaded at 0x000007FEF64A0000: C:\Windows\system32\imapi2 (0x7f000 bytes).
2019-10-09 06:26:34,098 [root] DEBUG: DLL unloaded from 0x000007FEFADB0000.
2019-10-09 06:26:34,161 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF64A0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:34,161 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF9A00000 to caller regions list (msvcrt::memcpy).
2019-10-09 06:26:34,191 [root] DEBUG: DLL loaded at 0x000007FEF6440000: C:\Windows\System32\hgcpl (0x55000 bytes).
2019-10-09 06:26:34,207 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF97C0000 to caller regions list (msvcrt::memcpy).
2019-10-09 06:26:34,207 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF6440000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:34,207 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF80F0000 to caller regions list (msvcrt::memcpy).
2019-10-09 06:26:34,207 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF90B0000 to caller regions list (msvcrt::memcpy).
2019-10-09 06:26:34,207 [root] DEBUG: DLL loaded at 0x000007FEF6400000: C:\Windows\System32\provsvc (0x31000 bytes).
2019-10-09 06:26:34,207 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF6400000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:34,223 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF94D0000 to caller regions list (msvcrt::memcpy).
2019-10-09 06:26:34,223 [root] DEBUG: DLL loaded at 0x000007FEF9450000: C:\Windows\System32\netprofm (0x74000 bytes).
2019-10-09 06:26:34,255 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF9450000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:34,255 [root] DEBUG: DLL loaded at 0x000007FEF63B0000: C:\Windows\System32\QAgent (0x45000 bytes).
2019-10-09 06:26:34,269 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF63B0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:34,269 [root] DEBUG: DLL unloaded from 0x000007FEF6440000.
2019-10-09 06:26:34,269 [root] DEBUG: DLL unloaded from 0x000007FEF6880000.
2019-10-09 06:26:34,269 [root] DEBUG: DLL loaded at 0x000007FEF62F0000: C:\Windows\System32\bthprops.cpl (0xb5000 bytes).
2019-10-09 06:26:34,302 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF62F0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:34,302 [root] DEBUG: DLL unloaded from 0x000007FEF6440000.
2019-10-09 06:26:34,302 [root] DEBUG: DLL loaded at 0x000007FEF1830000: C:\Windows\System32\ieframe (0xbb7000 bytes).
2019-10-09 06:26:34,316 [root] DEBUG: DLL loaded at 0x000007FEF6290000: C:\Windows\System32\OLEACC (0x54000 bytes).
2019-10-09 06:26:34,316 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF6290000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:34,316 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF1830000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:34,457 [root] DEBUG: DLL unloaded from 0x000007FEFD560000.
2019-10-09 06:26:35,237 [root] DEBUG: DLL loaded at 0x722C0000: C:\Windows\System32\msxml3 (0x133000 bytes).
2019-10-09 06:26:35,361 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF4500000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:36,063 [root] DEBUG: DLL loaded at 0x000007FEFB140000: C:\Windows\system32\taskschd (0x127000 bytes).
2019-10-09 06:26:36,127 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFB140000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:36,453 [root] DEBUG: DLL unloaded from 0x000007FEF96A0000.
2019-10-09 06:26:36,859 [root] DEBUG: DLL loaded at 0x000007FEF60E0000: C:\Windows\system32\fxsst (0xd7000 bytes).
2019-10-09 06:26:36,875 [root] DEBUG: DLL loaded at 0x000007FEF5B50000: C:\Windows\system32\FXSAPI (0x9d000 bytes).
2019-10-09 06:26:36,891 [root] DEBUG: DLL loaded at 0x739F0000: C:\Windows\system32\ImgUtil (0xb000 bytes).
2019-10-09 06:26:36,907 [root] DEBUG: set_caller_info: Adding region at 0x739F0000 to caller regions list (ole32::CoCreateInstance).
2019-10-09 06:26:36,907 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF5B50000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:36,921 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF60E0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:26:36,921 [root] DEBUG: DLL unloaded from 0x000007FEFB0B0000.
2019-10-09 06:26:36,953 [root] DEBUG: DLL loaded at 0x00000000721C0000: C:\Windows\system32\FXSRESM (0xe3000 bytes).
2019-10-09 06:26:36,953 [root] DEBUG: DLL loaded at 0x722B0000: C:\Windows\SysWOW64\pngfilt (0xe000 bytes).
2019-10-09 06:26:36,984 [root] DEBUG: DLL unloaded from 0x000007FEFB9C0000.
2019-10-09 06:26:44,176 [root] DEBUG: DLL unloaded from 0x000007FEFA9C0000.
2019-10-09 06:26:44,176 [root] DEBUG: DLL unloaded from 0x000007FEFA9C0000.
2019-10-09 06:26:44,191 [root] DEBUG: DLL unloaded from 0x000007FEFE8C0000.
2019-10-09 06:26:54,971 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-10-09 06:26:56,375 [root] DEBUG: DLL unloaded from 0x000007FEFD560000.
2019-10-09 06:27:03,161 [root] DEBUG: DLL unloaded from 0x000007FEFD360000.
2019-10-09 06:27:03,161 [root] DEBUG: DLL unloaded from 0x000007FEFD1F0000.
2019-10-09 06:27:03,941 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF45C0000 to caller regions list (ntdll::NtDuplicateObject).
2019-10-09 06:27:04,207 [root] DEBUG: DLL unloaded from 0x000007FEFB140000.
2019-10-09 06:27:04,207 [root] DEBUG: DLL unloaded from 0x000007FEF9450000.
2019-10-09 06:27:23,924 [root] DEBUG: DLL unloaded from 0x000007FEF9540000.
2019-10-09 06:27:24,081 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF9860000 to caller regions list (msvcrt::memcpy).
2019-10-09 06:27:24,111 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFCEF0000 to caller regions list (ntdll::NtCreateFile).
2019-10-09 06:27:24,111 [root] DEBUG: DLL unloaded from 0x000007FEFA1C0000.
2019-10-09 06:27:24,361 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF8070000 to caller regions list (msvcrt::memcpy).
2019-10-09 06:27:26,576 [root] DEBUG: DLL unloaded from 0x000007FEFD560000.
2019-10-09 06:27:26,686 [root] DEBUG: DLL unloaded from 0x000007FEFB060000.
2019-10-09 06:27:26,749 [root] DEBUG: DLL unloaded from 0x000007FEFD560000.
2019-10-09 06:27:26,983 [root] DEBUG: DLL unloaded from 0x000007FEF9B80000.
2019-10-09 06:27:27,466 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 06:27:32,677 [root] DEBUG: DLL loaded at 0x000007FEFB0D0000: C:\Windows\system32\es (0x67000 bytes).
2019-10-09 06:27:32,786 [root] DEBUG: DLL unloaded from 0x000007FEFA1C0000.
2019-10-09 06:27:32,786 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFB0D0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:27:33,487 [root] DEBUG: DLL unloaded from 0x000007FEF4950000.
2019-10-09 06:27:34,111 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF4E10000 to caller regions list (msvcrt::memcpy).
2019-10-09 06:27:35,187 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFA0C0000 to caller regions list (ntdll::NtWaitForSingleObject).
2019-10-09 06:27:35,796 [root] DEBUG: DLL unloaded from 0x000007FEF9540000.
2019-10-09 06:27:35,796 [root] DEBUG: DLL unloaded from 0x000007FEFB0D0000.
2019-10-09 06:27:35,905 [root] DEBUG: DLL unloaded from 0x000007FEF8ED0000.
2019-10-09 06:27:36,030 [root] DEBUG: DLL unloaded from 0x000007FEF45C0000.
2019-10-09 06:27:36,124 [root] DEBUG: DLL unloaded from 0x000007FEF9950000.
2019-10-09 06:27:36,140 [root] DEBUG: DLL unloaded from 0x000007FEF4E10000.
2019-10-09 06:27:36,171 [root] DEBUG: DLL unloaded from 0x000007FEF94D0000.
2019-10-09 06:27:36,171 [root] DEBUG: DLL unloaded from 0x000007FEF8070000.
2019-10-09 06:27:36,312 [root] DEBUG: DLL unloaded from 0x000007FEFA1C0000.
2019-10-09 06:27:38,292 [root] INFO: Stopped WMI Service
2019-10-09 06:27:38,292 [root] INFO: Attaching to DcomLaunch service (pid 564)
2019-10-09 06:27:38,308 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 06:27:38,308 [lib.api.process] INFO: 64-bit DLL to inject is C:\zkcwmmdv\dll\YBpAzCht.dll, loader C:\zkcwmmdv\bin\tyfXrVbn.exe
2019-10-09 06:27:38,308 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lGcMBg.
2019-10-09 06:27:38,308 [root] DEBUG: Loader: Injecting process 564 (thread 0) with C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:27:38,308 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 568, handle 0x84
2019-10-09 06:27:38,323 [root] DEBUG: Process image base: 0x00000000FFA10000
2019-10-09 06:27:38,323 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2019-10-09 06:27:38,323 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2019-10-09 06:27:38,323 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 06:27:38,339 [root] DEBUG: Process dumps enabled.
2019-10-09 06:27:38,339 [root] INFO: Disabling sleep skipping.
2019-10-09 06:27:38,339 [root] WARNING: Unable to place hook on LockResource
2019-10-09 06:27:38,355 [root] WARNING: Unable to hook LockResource
2019-10-09 06:27:38,355 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 564 at 0x00000000745B0000, image base 0x00000000FFA10000, stack from 0x00000000022A6000-0x00000000022B0000
2019-10-09 06:27:38,355 [root] DEBUG: Commandline: C:\Windows\sysnative\svchost.exe -k DcomLaunch.
2019-10-09 06:27:38,355 [root] INFO: Added new process to list with pid: 564
2019-10-09 06:27:38,355 [root] INFO: Monitor successfully loaded in process with pid 564.
2019-10-09 06:27:38,355 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-10-09 06:27:38,355 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-10-09 06:27:38,371 [root] DEBUG: Successfully injected DLL C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:27:43,285 [root] INFO: Started WMI Service
2019-10-09 06:27:43,285 [root] INFO: Attaching to WMI service (pid 2540)
2019-10-09 06:27:43,285 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 06:27:43,285 [lib.api.process] INFO: 64-bit DLL to inject is C:\zkcwmmdv\dll\YBpAzCht.dll, loader C:\zkcwmmdv\bin\tyfXrVbn.exe
2019-10-09 06:27:43,346 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lGcMBg.
2019-10-09 06:27:43,346 [root] DEBUG: Loader: Injecting process 2540 (thread 0) with C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:27:43,346 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 2572, handle 0x84
2019-10-09 06:27:43,362 [root] DEBUG: Process image base: 0x00000000FFA10000
2019-10-09 06:27:43,362 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2019-10-09 06:27:43,362 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2019-10-09 06:27:43,362 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 06:27:43,394 [root] DEBUG: Process dumps enabled.
2019-10-09 06:27:43,394 [root] INFO: Disabling sleep skipping.
2019-10-09 06:27:43,410 [root] WARNING: Unable to place hook on LockResource
2019-10-09 06:27:43,410 [root] WARNING: Unable to hook LockResource
2019-10-09 06:27:43,410 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 2540 at 0x00000000745B0000, image base 0x00000000FFA10000, stack from 0x0000000001696000-0x00000000016A0000
2019-10-09 06:27:43,410 [root] DEBUG: Commandline: C:\Windows\sysnative\svchost.exe -k netsvcs.
2019-10-09 06:27:43,410 [root] INFO: Added new process to list with pid: 2540
2019-10-09 06:27:43,410 [root] INFO: Monitor successfully loaded in process with pid 2540.
2019-10-09 06:27:43,424 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-10-09 06:27:43,424 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-10-09 06:27:43,424 [root] DEBUG: Successfully injected DLL C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:27:46,046 [root] DEBUG: DLL loaded at 0x000007FEF9E80000: C:\Windows\system32\VSSAPI (0x1b0000 bytes).
2019-10-09 06:27:46,046 [root] DEBUG: DLL loaded at 0x000007FEFB270000: C:\Windows\system32\ATL (0x19000 bytes).
2019-10-09 06:27:46,062 [root] DEBUG: DLL loaded at 0x000007FEF9E60000: C:\Windows\system32\VssTrace (0x17000 bytes).
2019-10-09 06:27:46,233 [root] DEBUG: DLL loaded at 0x000007FEFA870000: C:\Windows\system32\samcli (0x14000 bytes).
2019-10-09 06:27:46,279 [root] DEBUG: DLL unloaded from 0x000007FEFE8C0000.
2019-10-09 06:27:46,279 [root] DEBUG: DLL loaded at 0x000007FEFB820000: C:\Windows\system32\SAMLIB (0x1d000 bytes).
2019-10-09 06:27:46,311 [root] DEBUG: DLL loaded at 0x000007FEFAC20000: C:\Windows\system32\netutils (0xc000 bytes).
2019-10-09 06:27:46,436 [root] DEBUG: DLL loaded at 0x000007FEFB0D0000: C:\Windows\system32\es (0x67000 bytes).
2019-10-09 06:27:46,966 [root] DEBUG: DLL loaded at 0x000007FEFB840000: C:\Windows\system32\PROPSYS (0x12c000 bytes).
2019-10-09 06:27:47,996 [root] DEBUG: DLL loaded at 0x000007FEF9540000: C:\Windows\system32\wbem\wbemcore (0x12f000 bytes).
2019-10-09 06:27:48,012 [root] DEBUG: DLL loaded at 0x000007FEF94D0000: C:\Windows\system32\wbem\esscli (0x6f000 bytes).
2019-10-09 06:27:48,073 [root] DEBUG: DLL loaded at 0x000007FEF9A00000: C:\Windows\system32\wbem\FastProx (0xe2000 bytes).
2019-10-09 06:27:48,073 [root] DEBUG: DLL loaded at 0x000007FEF9980000: C:\Windows\system32\NTDSAPI (0x27000 bytes).
2019-10-09 06:27:48,135 [root] DEBUG: DLL unloaded from 0x000007FEF9540000.
2019-10-09 06:27:48,135 [root] DEBUG: DLL loaded at 0x000007FEFA0A0000: C:\Windows\system32\wbem\wbemsvc (0x14000 bytes).
2019-10-09 06:27:48,246 [root] DEBUG: DLL loaded at 0x000007FEFCAC0000: C:\Windows\system32\authZ (0x2f000 bytes).
2019-10-09 06:27:48,323 [root] DEBUG: DLL loaded at 0x000007FEF97C0000: C:\Windows\system32\wbem\wmiutils (0x26000 bytes).
2019-10-09 06:27:48,338 [root] DEBUG: DLL loaded at 0x000007FEF90B0000: C:\Windows\system32\wbem\repdrvfs (0x73000 bytes).
2019-10-09 06:27:48,401 [root] WARNING: File at path "C:\Windows\sysnative\wbem\repository\WRITABLE.TST" does not exist, skip.
2019-10-09 06:27:48,401 [root] DEBUG: DLL loaded at 0x000007FEFCB00000: C:\Windows\system32\Wevtapi (0x6d000 bytes).
2019-10-09 06:27:48,558 [root] DEBUG: DLL unloaded from 0x000007FEFCB00000.
2019-10-09 06:27:49,509 [root] DEBUG: DLL loaded at 0x000007FEF80F0000: C:\Windows\system32\wbem\wmiprvsd (0xbc000 bytes).
2019-10-09 06:27:49,525 [root] DEBUG: DLL loaded at 0x000007FEFA0C0000: C:\Windows\system32\NCObjAPI (0x16000 bytes).
2019-10-09 06:27:49,680 [root] DEBUG: DLL loaded at 0x000007FEF7F30000: C:\Windows\system32\wbem\wbemess (0x7e000 bytes).
2019-10-09 06:27:50,039 [root] DEBUG: DLL unloaded from 0x0000000076FF0000.
2019-10-09 06:27:51,474 [root] INFO: Announced 64-bit process name: WmiPrvSE.exe pid: 1092
2019-10-09 06:27:51,474 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 06:27:51,474 [lib.api.process] INFO: 64-bit DLL to inject is C:\zkcwmmdv\dll\YBpAzCht.dll, loader C:\zkcwmmdv\bin\tyfXrVbn.exe
2019-10-09 06:27:51,490 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lGcMBg.
2019-10-09 06:27:51,490 [root] DEBUG: Loader: Injecting process 1092 (thread 2044) with C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:27:51,490 [root] DEBUG: DLL loaded at 0x000007FEFB060000: C:\Windows\system32\wbem\ncprov (0x16000 bytes).
2019-10-09 06:27:51,490 [root] DEBUG: Process image base: 0x00000000FF620000
2019-10-09 06:27:51,506 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:27:51,506 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x00000000FF67F000 - 0x000007FEFF430000
2019-10-09 06:27:51,615 [root] DEBUG: InjectDllViaIAT: Allocated 0x238 bytes for new import table at 0x00000000FF680000.
2019-10-09 06:27:51,615 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-10-09 06:27:51,631 [root] DEBUG: Successfully injected DLL C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:27:51,631 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 1092
2019-10-09 06:27:51,631 [root] INFO: Announced 64-bit process name: WmiPrvSE.exe pid: 1092
2019-10-09 06:27:51,631 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 06:27:51,631 [lib.api.process] INFO: 64-bit DLL to inject is C:\zkcwmmdv\dll\YBpAzCht.dll, loader C:\zkcwmmdv\bin\tyfXrVbn.exe
2019-10-09 06:27:51,927 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lGcMBg.
2019-10-09 06:27:52,161 [root] DEBUG: Loader: Injecting process 1092 (thread 2044) with C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:27:52,161 [root] DEBUG: Process image base: 0x00000000FF620000
2019-10-09 06:27:52,255 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:27:52,302 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2019-10-09 06:27:52,380 [root] DEBUG: Successfully injected DLL C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:27:52,411 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 1092
2019-10-09 06:27:52,457 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 06:27:52,614 [root] DEBUG: Process dumps enabled.
2019-10-09 06:27:52,676 [root] INFO: Disabling sleep skipping.
2019-10-09 06:27:52,691 [root] WARNING: Unable to place hook on LockResource
2019-10-09 06:27:52,707 [root] WARNING: Unable to hook LockResource
2019-10-09 06:27:52,707 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-10-09 06:27:52,926 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 1092 at 0x00000000745B0000, image base 0x00000000FF620000, stack from 0x00000000000D0000-0x00000000000E0000
2019-10-09 06:27:52,926 [root] DEBUG: Commandline: C:\Windows\sysnative\wbem\wmiprvse.exe -Embedding.
2019-10-09 06:27:53,096 [root] INFO: Added new process to list with pid: 1092
2019-10-09 06:27:53,096 [root] INFO: Monitor successfully loaded in process with pid 1092.
2019-10-09 06:27:53,221 [root] DEBUG: DLL loaded at 0x000007FEFCF50000: C:\Windows\system32\CRYPTBASE (0xf000 bytes).
2019-10-09 06:27:53,299 [root] DEBUG: DLL loaded at 0x000007FEFC190000: C:\Windows\system32\ntmarta (0x2d000 bytes).
2019-10-09 06:27:53,299 [root] DEBUG: DLL loaded at 0x000007FEFE860000: C:\Windows\system32\WLDAP32 (0x52000 bytes).
2019-10-09 06:27:54,313 [root] DEBUG: DLL unloaded from 0x000007FEF7210000.
2019-10-09 06:27:54,595 [root] DEBUG: DLL loaded at 0x000007FEFE400000: C:\Windows\system32\CLBCatQ (0x99000 bytes).
2019-10-09 06:27:54,766 [root] DEBUG: DLL loaded at 0x000007FEF9D50000: C:\Windows\system32\wbem\wbemprox (0xf000 bytes).
2019-10-09 06:27:54,921 [root] DEBUG: DLL loaded at 0x000007FEFC8F0000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2019-10-09 06:27:55,094 [root] DEBUG: DLL loaded at 0x000007FEFC5F0000: C:\Windows\system32\rsaenh (0x47000 bytes).
2019-10-09 06:27:55,141 [root] DEBUG: DLL loaded at 0x000007FEFD000000: C:\Windows\system32\RpcRtRemote (0x14000 bytes).
2019-10-09 06:27:56,654 [root] DEBUG: DLL loaded at 0x000007FEFA0A0000: C:\Windows\system32\wbem\wbemsvc (0x14000 bytes).
2019-10-09 06:27:57,762 [root] DEBUG: DLL loaded at 0x000007FEF97C0000: C:\Windows\system32\wbem\wmiutils (0x26000 bytes).
2019-10-09 06:27:59,976 [root] DEBUG: DLL loaded at 0x000007FEFA1C0000: C:\Windows\system32\wbem\wmiprov (0x3c000 bytes).
2019-10-09 06:28:00,381 [root] DEBUG: DLL unloaded from 0x000007FEF9540000.
2019-10-09 06:28:30,365 [root] DEBUG: DLL unloaded from 0x000007FEFB0D0000.
2019-10-09 06:28:33,859 [root] DEBUG: DLL loaded at 0x000007FEF9920000: C:\Windows\System32\wscinterop (0x28000 bytes).
2019-10-09 06:28:33,891 [root] DEBUG: DLL loaded at 0x000007FEF9C40000: C:\Windows\System32\WSCAPI (0x13000 bytes).
2019-10-09 06:28:33,907 [root] DEBUG: DLL loaded at 0x000007FEF7290000: C:\Windows\System32\wscui.cpl (0x11f000 bytes).
2019-10-09 06:28:33,907 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF9C40000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:28:33,937 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF9920000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:28:34,000 [root] DEBUG: DLL loaded at 0x000007FEF5310000: C:\Windows\System32\werconcpl (0x13c000 bytes).
2019-10-09 06:28:34,000 [root] DEBUG: DLL loaded at 0x000007FEF80A0000: C:\Windows\System32\framedynos (0x4c000 bytes).
2019-10-09 06:28:34,016 [root] DEBUG: DLL loaded at 0x000007FEF9B80000: C:\Windows\System32\wercplsupport (0x19000 bytes).
2019-10-09 06:28:34,062 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF80A0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:28:34,062 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF9B80000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:28:34,109 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF5310000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:28:34,141 [root] DEBUG: DLL loaded at 0x000007FEF8390000: C:\Windows\System32\msxml6 (0x1f2000 bytes).
2019-10-09 06:28:34,157 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF8390000 to caller regions list (ntdll::LdrLoadDll).
2019-10-09 06:28:34,171 [root] DEBUG: DLL loaded at 0x000007FEFB330000: C:\Windows\System32\hcproviders (0xb000 bytes).
2019-10-09 06:28:34,187 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFB330000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:28:34,203 [root] DEBUG: DLL loaded at 0x000007FEF7EB0000: C:\Program Files\Internet Explorer\ieproxy (0x73000 bytes).
2019-10-09 06:28:34,203 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF7EB0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:28:54,312 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-10-09 06:29:04,436 [root] DEBUG: DLL unloaded from 0x000007FEFE8C0000.
2019-10-09 06:29:17,368 [root] INFO: Announced 64-bit process name: WerFault.exe pid: 3000
2019-10-09 06:29:17,509 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 06:29:17,509 [lib.api.process] INFO: 64-bit DLL to inject is C:\zkcwmmdv\dll\YBpAzCht.dll, loader C:\zkcwmmdv\bin\tyfXrVbn.exe
2019-10-09 06:29:17,946 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\lGcMBg.
2019-10-09 06:29:18,085 [root] DEBUG: Loader: Injecting process 3000 (thread 544) with C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:29:18,085 [root] DEBUG: Process image base: 0x00000000FFEF0000
2019-10-09 06:29:18,226 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\zkcwmmdv\dll\YBpAzCht.dll.
2019-10-09 06:29:18,242 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x00000000FFF59000 - 0x000007FEFF430000
2019-10-09 06:29:18,335 [root] DEBUG: InjectDllViaIAT: Allocated 0x260 bytes for new import table at 0x00000000FFF60000.
2019-10-09 06:29:18,335 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-10-09 06:29:18,367 [root] ERROR: Traceback (most recent call last):
  File "C:\zkcwmmdv\analyzer.py", line 831, in run
    handler.start()
  File "C:\Python27\lib\threading.py", line 745, in start
    _start_new_thread(self.__bootstrap, ())
error: can't start new thread
Traceback (most recent call last):
  File "C:\zkcwmmdv\analyzer.py", line 831, in run
    handler.start()
  File "C:\Python27\lib\threading.py", line 745, in start
    _start_new_thread(self.__bootstrap, ())
error: can't start new thread
2019-10-09 06:29:27,025 [root] DEBUG: DLL unloaded from 0x000007FEFE8C0000.
2019-10-09 06:29:54,309 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2019-10-09 06:29:54,309 [root] INFO: Created shutdown mutex.
2019-10-09 06:29:55,322 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 1728
2019-10-09 06:29:55,322 [root] INFO: Terminate event set for process 1728.
2019-10-09 06:29:55,322 [root] INFO: Terminating process 1728 before shutdown.
2019-10-09 06:29:55,322 [root] INFO: Waiting for process 1728 to exit.
2019-10-09 06:29:55,369 [root] DEBUG: Terminate Event: Attempting to dump process 1728
2019-10-09 06:29:55,369 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x001E0000.
2019-10-09 06:29:55,401 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x001E0000.
2019-10-09 06:29:55,401 [root] DEBUG: DumpProcess: Module entry point VA is 0x00001C9A.
2019-10-09 06:29:55,619 [root] INFO: Added new CAPE file to list with path: C:\swEVmhcO\CAPE\1728_16062083495529593102019
2019-10-09 06:29:55,619 [root] DEBUG: DumpProcess: Module image dump success - dump size 0xa1e00.
2019-10-09 06:29:55,651 [root] WARNING: Unable to access file at path "C:\Users\user\AppData\Local\Temp\~DF3D3FD040C4200639.TMP": [Errno 13] Permission denied: u'C:\\Users\\user\\AppData\\Local\\Temp\\~DF3D3FD040C4200639.TMP'
2019-10-09 06:29:55,667 [root] WARNING: Unable to access file at path "C:\Users\user\AppData\Local\Temp\~DFC981022FB9C27C2B.TMP": [Errno 13] Permission denied: u'C:\\Users\\user\\AppData\\Local\\Temp\\~DFC981022FB9C27C2B.TMP'
2019-10-09 06:29:55,806 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 1728
2019-10-09 06:29:56,336 [root] INFO: Terminating process 812 before shutdown.
2019-10-09 06:29:56,336 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 880
2019-10-09 06:29:56,336 [root] INFO: Terminate event set for process 880.
2019-10-09 06:29:56,336 [root] DEBUG: Terminate Event: Attempting to dump process 880
2019-10-09 06:29:56,336 [root] INFO: Terminating process 880 before shutdown.
2019-10-09 06:29:56,336 [root] INFO: Waiting for process 880 to exit.
2019-10-09 06:29:56,352 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00000000FF790000.
2019-10-09 06:29:56,352 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00000000FF790000.
2019-10-09 06:29:56,352 [root] DEBUG: DumpProcess: Module entry point VA is 0x000000000002B790.
2019-10-09 06:29:56,447 [root] INFO: Added new CAPE file to list with path: C:\swEVmhcO\CAPE\880_4409095945629593102019
2019-10-09 06:29:56,447 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x2baa00.
2019-10-09 06:29:56,461 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 880
2019-10-09 06:29:57,351 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 1092
2019-10-09 06:29:57,351 [root] DEBUG: Terminate Event: Attempting to dump process 1092
2019-10-09 06:29:57,351 [root] INFO: Terminate event set for process 1092.
2019-10-09 06:29:57,351 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00000000FF620000.
2019-10-09 06:29:57,351 [root] INFO: Terminating process 1092 before shutdown.
2019-10-09 06:29:57,351 [root] INFO: Waiting for process 1092 to exit.
2019-10-09 06:29:57,351 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00000000FF620000.
2019-10-09 06:29:57,351 [root] DEBUG: DumpProcess: Module entry point VA is 0x000000000000A9B4.
2019-10-09 06:29:57,382 [root] INFO: Added new CAPE file to list with path: C:\swEVmhcO\CAPE\1092_13687646665729593102019
2019-10-09 06:29:57,398 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x5a400.
2019-10-09 06:29:57,398 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 1092
2019-10-09 06:29:57,756 [root] DEBUG: DLL loaded at 0x000007FEFA780000: C:\Windows\system32\actxprxy (0xee000 bytes).
2019-10-09 06:29:57,773 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFA780000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 06:29:58,365 [root] INFO: Shutting down package.
2019-10-09 06:29:58,365 [root] INFO: Stopping auxiliary modules.
2019-10-09 06:29:58,427 [root] INFO: Finishing auxiliary modules.
2019-10-09 06:29:58,427 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-10-09 06:29:58,427 [root] WARNING: File at path "C:\swEVmhcO\debugger" does not exist, skip.
2019-10-09 06:29:58,427 [root] WARNING: Monitor injection attempted but failed for process 3000.
2019-10-09 06:29:58,427 [root] INFO: Analysis completed.

MalScore

6.0

Suspicious

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2019-10-09 05:26:20 2019-10-09 05:30:20

URL Details

URL
http://louvre-dev.tk/productPages/product1.html

Signatures

Behavioural detection: Executable code extraction
SetUnhandledExceptionFilter detected (possible anti-debug)
Guard pages use detected - possible anti-debugging.
A process attempted to delay the analysis task.
Process: WmiPrvSE.exe tried to sleep 480 seconds, actually delayed analysis time by 0 seconds
Attempts to connect to a dead IP:Port (6 unique times)
IP: 204.79.197.200:80 (United States)
IP: 209.197.3.15:443 (United States)
IP: 151.139.128.14:80 (United States)
IP: 93.184.221.240:80 (Europe)
IP: 127.0.0.1:80
IP: 157.245.205.47:80 (United States)
Dynamic (imported) function loading detected
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: comctl32.dll/LoadIconWithScaleDown
DynamicLoader: IEUI.dll/InitGadgets
DynamicLoader: ieproxy.dll/DllGetClassObject
DynamicLoader: ieproxy.dll/DllCanUnloadNow
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: propsys.dll/PSGetPropertyKeyFromName
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: comctl32.dll/ImageList_LoadImageW
DynamicLoader: comctl32.dll/ImageList_GetIconSize
DynamicLoader: UxTheme.dll/IsCompositionActive
DynamicLoader: UxTheme.dll/SetWindowTheme
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/ImageList_Create
DynamicLoader: comctl32.dll/ImageList_ReplaceIcon
DynamicLoader: OLEAUT32.dll/
DynamicLoader: comctl32.dll/ImageList_AddMasked
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IMM32.DLL/ImmIsIME
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: MSCTF.dll/SetInputScopes2
DynamicLoader: UxTheme.dll/EnableThemeDialogTexture
DynamicLoader: urlmon.dll/
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: IEUI.dll/CreateGadget
DynamicLoader: IEUI.dll/SetGadgetMessageFilter
DynamicLoader: IEUI.dll/SetGadgetStyle
DynamicLoader: IEUI.dll/SetGadgetRootInfo
DynamicLoader: SHELL32.dll/
DynamicLoader: xmllite.dll/CreateXmlReader
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: xmllite.dll/CreateXmlReaderInputWithEncodingName
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PSPropertyBag_WriteGUID
DynamicLoader: propsys.dll/PSPropertyBag_ReadGUID
DynamicLoader: IEUI.dll/FindStdColor
DynamicLoader: IEUI.dll/InvalidateGadget
DynamicLoader: IEUI.dll/SetGadgetParent
DynamicLoader: IEUI.dll/GetGadgetTicket
DynamicLoader: IEUI.dll/SetGadgetRect
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: kernel32.dll/GetThreadUILanguage
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: SHELL32.dll/SHGetInstanceExplorer
DynamicLoader: WININET.dll/InternetSetOptionW
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: RPCRT4.dll/RpcBindingToStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringBindingParseW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/I_RpcBindingInqLocalClientPID
DynamicLoader: RPCRT4.dll/RpcServerInqCallAttributesW
DynamicLoader: RPCRT4.dll/RpcImpersonateClient
DynamicLoader: RPCRT4.dll/RpcRevertToSelf
DynamicLoader: RPCRT4.dll/NdrServerCall2
DynamicLoader: RPCRT4.dll/RpcBindingInqObject
DynamicLoader: IEUI.dll/PeekMessageExW
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: msfeeds.dll/MsfeedsCreateInstance
DynamicLoader: SHELL32.dll/SHGetSpecialFolderPathW
DynamicLoader: SHELL32.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: SHELL32.dll/SHCreateDirectoryExW
DynamicLoader: WININET.dll/FindFirstUrlCacheContainerW
DynamicLoader: WININET.dll/FindNextUrlCacheContainerW
DynamicLoader: WININET.dll/FindCloseUrlCache
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: MSIMG32.dll/GradientFill
DynamicLoader: GDI32.dll/GetTextExtentExPointWPri
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: IEUI.dll/WaitMessageEx
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: SXS.DLL/SxsOleAut32MapIIDToProxyStubCLSID
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SXS.DLL/SxsOleAut32MapIIDToTLBPath
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: propsys.dll/PSStringFromPropertyKey
DynamicLoader: propsys.dll/PSGetPropertyDescription
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: propsys.dll/PropVariantToString
DynamicLoader: propsys.dll/InitPropVariantFromStringAsVector
DynamicLoader: propsys.dll/PSCoerceToCanonicalValue
DynamicLoader: USP10.dll/ScriptIsComplex
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetKnownFolderPath
DynamicLoader: urlmon.dll/URLDownloadToFileW
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabledForUrl
DynamicLoader: MSIMG32.dll/AlphaBlend
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: OLEAUT32.dll/
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoW
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: RPCRT4.dll/UuidCreateSequential
DynamicLoader: ole32.dll/StgOpenStorageEx
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/SetProcessDEPPolicy
DynamicLoader: USER32.dll/SetProcessDPIAware
DynamicLoader: SHELL32.dll/SetCurrentProcessExplicitAppUserModelID
DynamicLoader: USER32.dll/GetShellWindow
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: IEFRAME.dll/
DynamicLoader: kernel32.dll/WerSetFlags
DynamicLoader: comctl32.dll/PropertySheetW
DynamicLoader: comctl32.dll/PropertySheetA
DynamicLoader: comdlg32.dll/PageSetupDlgW
DynamicLoader: comdlg32.dll/PrintDlgW
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: IEShims.dll/IEShims_Initialize
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: USER32.dll/SetWindowsHookExW
DynamicLoader: USER32.dll/FindWindowExA
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/CreateProcessW
DynamicLoader: kernel32.dll/CreateProcessA
DynamicLoader: ADVAPI32.dll/RegQueryValueA
DynamicLoader: ntdll.dll/LdrRegisterDllNotification
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: kernel32.dll/WerRegisterMemoryBlock
DynamicLoader: kernel32.dll/WerUnregisterMemoryBlock
DynamicLoader: USER32.dll/RegisterWindowMessageW
DynamicLoader: RPCRT4.dll/RpcServerUseProtseqW
DynamicLoader: RPCRT4.dll/RpcServerRegisterIfEx
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: RPCRT4.dll/RpcServerInqBindings
DynamicLoader: RPCRT4.dll/RpcEpRegisterW
DynamicLoader: RPCRT4.dll/RpcServerListen
DynamicLoader: SHELL32.dll/SHGetInstanceExplorer
DynamicLoader: USER32.dll/RegisterClassExW
DynamicLoader: USER32.dll/CreateWindowExW
DynamicLoader: USER32.dll/DefWindowProcW
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: ADVAPI32.dll/TraceMessage
DynamicLoader: ADVAPI32.dll/TraceMessageVa
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: sqmapi.dll/SqmGetSession
DynamicLoader: sqmapi.dll/SqmEndSession
DynamicLoader: sqmapi.dll/SqmStartSession
DynamicLoader: sqmapi.dll/SqmStartUpload
DynamicLoader: sqmapi.dll/SqmWaitForUploadComplete
DynamicLoader: sqmapi.dll/SqmSet
DynamicLoader: sqmapi.dll/SqmSetBool
DynamicLoader: sqmapi.dll/SqmSetBits
DynamicLoader: sqmapi.dll/SqmSetString
DynamicLoader: sqmapi.dll/SqmIncrement
DynamicLoader: sqmapi.dll/SqmSetIfMax
DynamicLoader: sqmapi.dll/SqmSetIfMin
DynamicLoader: sqmapi.dll/SqmAddToAverage
DynamicLoader: sqmapi.dll/SqmAddToStreamDWord
DynamicLoader: sqmapi.dll/SqmAddToStreamString
DynamicLoader: sqmapi.dll/SqmSetAppId
DynamicLoader: sqmapi.dll/SqmSetAppVersion
DynamicLoader: sqmapi.dll/SqmSetMachineId
DynamicLoader: sqmapi.dll/SqmSetUserId
DynamicLoader: sqmapi.dll/SqmCreateNewId
DynamicLoader: sqmapi.dll/SqmReadSharedMachineId
DynamicLoader: sqmapi.dll/SqmReadSharedUserId
DynamicLoader: sqmapi.dll/SqmWriteSharedMachineId
DynamicLoader: sqmapi.dll/SqmWriteSharedUserId
DynamicLoader: sqmapi.dll/SqmIsWindowsOptedIn
DynamicLoader: ADVAPI32.dll/OpenThreadToken
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PSPropertyBag_WriteGUID
DynamicLoader: propsys.dll/PSPropertyBag_ReadGUID
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: WININET.dll/InternetSetOptionW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ieproxy.dll/DllGetClassObject
DynamicLoader: ieproxy.dll/DllCanUnloadNow
DynamicLoader: SHELL32.dll/SHChangeNotifyRegisterThread
DynamicLoader: comctl32.dll/
DynamicLoader: RPCRT4.dll/RpcBindingToStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringBindingParseW
DynamicLoader: RPCRT4.dll/I_RpcBindingInqLocalClientPID
DynamicLoader: RPCRT4.dll/RpcServerInqCallAttributesW
DynamicLoader: RPCRT4.dll/RpcImpersonateClient
DynamicLoader: RPCRT4.dll/RpcRevertToSelf
DynamicLoader: RPCRT4.dll/NdrServerCall2
DynamicLoader: RPCRT4.dll/RpcBindingInqObject
DynamicLoader: IEShims.dll/IEShims_SetRedirectRegistryForThread
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: ADVAPI32.dll/AddMandatoryAce
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoW
DynamicLoader: urlmon.dll/CreateURLMonikerEx
DynamicLoader: urlmon.dll/CreateAsyncBindCtxEx
DynamicLoader: urlmon.dll/RegisterBindStatusCallback
DynamicLoader: urlmon.dll/UrlMkGetSessionOption
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: RASAPI32.dll/RasConnectionNotificationW
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: NLAapi.dll/NSPStartup
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: MLANG.dll/
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: comctl32.dll/ImageList_Destroy
DynamicLoader: comctl32.dll/ImageList_LoadImageW
DynamicLoader: comctl32.dll/ImageList_Add
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExW
DynamicLoader: MLANG.dll/
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExA
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: WININET.dll/InternetQueryOptionA
DynamicLoader: GDI32.dll/GetLayout
DynamicLoader: GDI32.dll/GdiRealizationInfo
DynamicLoader: GDI32.dll/FontIsLinked
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: GDI32.dll/GetFontAssocStatus
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: UxTheme.dll/SetWindowTheme
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: GDI32.dll/GetTextExtentExPointWPri
DynamicLoader: urlmon.dll/
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryW
DynamicLoader: AcroIEHelper.dll/StubInit
DynamicLoader: AcroIEHelper.dll/StubSetSite
DynamicLoader: AcroIEHelper.dll/StubOnQuit
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/RegQueryValueA
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: comctl32.dll/ImageList_Create
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/ImageList_AddMasked
DynamicLoader: comctl32.dll/LoadIconWithScaleDown
DynamicLoader: comctl32.dll/ImageList_ReplaceIcon
DynamicLoader: urlmon.dll/RevokeBindStatusCallback
DynamicLoader: urlmon.dll/CreateFormatEnumerator
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: urlmon.dll/CreateIUriBuilder
DynamicLoader: urlmon.dll/IntlPercentEncodeNormalize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: USER32.dll/ChangeWindowMessageFilter
DynamicLoader: DWMAPI.DLL/DwmSetWindowAttribute
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: UxTheme.dll/BufferedPaintInit
DynamicLoader: UxTheme.dll/BufferedPaintRenderAnimation
DynamicLoader: UxTheme.dll/BeginBufferedAnimation
DynamicLoader: UxTheme.dll/DrawThemeParentBackground
DynamicLoader: UxTheme.dll/EndBufferedAnimation
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabledForUrl
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoA
DynamicLoader: urlmon.dll/CoInternetQueryInfo
DynamicLoader: WININET.dll/CommitUrlCacheEntryA
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IEFRAME.dll/
DynamicLoader: urlmon.dll/RegisterFormatEnumerator
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IEFRAME.dll/
DynamicLoader: WININET.dll/InternetUnlockRequestFile
DynamicLoader: OLEAUT32.dll/
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabled
DynamicLoader: OLEAUT32.dll/VariantClear
DynamicLoader: urlmon.dll/
DynamicLoader: OLEACC.dll/LresultFromObject
DynamicLoader: USER32.dll/GetGUIThreadInfo
DynamicLoader: USER32.dll/GetAccCursorInfo
DynamicLoader: USER32.dll/GetCursorInfo
DynamicLoader: USER32.dll/GetWindowInfo
DynamicLoader: USER32.dll/GetTitleBarInfo
DynamicLoader: USER32.dll/GetScrollBarInfo
DynamicLoader: USER32.dll/GetComboBoxInfo
DynamicLoader: USER32.dll/GetAncestor
DynamicLoader: USER32.dll/RealChildWindowFromPoint
DynamicLoader: USER32.dll/RealGetWindowClassW
DynamicLoader: USER32.dll/GetAltTabInfoW
DynamicLoader: USER32.dll/GetListBoxInfo
DynamicLoader: USER32.dll/GetMenuBarInfo
DynamicLoader: USER32.dll/SendInput
DynamicLoader: USER32.dll/BlockInput
DynamicLoader: USER32.dll/LogicalToPhysicalPoint
DynamicLoader: USER32.dll/PhysicalToLogicalPoint
DynamicLoader: USER32.dll/WindowFromPhysicalPoint
DynamicLoader: USER32.dll/GetPhysicalCursorPos
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/VirtualAllocEx
DynamicLoader: kernel32.dll/VirtualFreeEx
DynamicLoader: ntdll.dll/NtQueryInformationProcess
DynamicLoader: ntdll.dll/NtAllocateVirtualMemory
DynamicLoader: ntdll.dll/NtFreeVirtualMemory
DynamicLoader: OLEACC.dll/ObjectFromLresult
DynamicLoader: urlmon.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ole32.dll/CoGetObjectContext
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: OLEAUT32.dll/BSTR_UserSize
DynamicLoader: OLEAUT32.dll/BSTR_UserMarshal
DynamicLoader: OLEAUT32.dll/BSTR_UserUnmarshal
DynamicLoader: OLEAUT32.dll/BSTR_UserFree
DynamicLoader: OLEAUT32.dll/VARIANT_UserSize
DynamicLoader: OLEAUT32.dll/VARIANT_UserMarshal
DynamicLoader: OLEAUT32.dll/VARIANT_UserUnmarshal
DynamicLoader: OLEAUT32.dll/VARIANT_UserFree
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserSize
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserMarshal
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserUnmarshal
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserFree
DynamicLoader: urlmon.dll/
DynamicLoader: CRYPTSP.dll/SystemFunction035
DynamicLoader: schannel.DLL/SpUserModeInitialize
DynamicLoader: ADVAPI32.dll/RegCreateKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: CRYPT32.dll/CertDuplicateStore
DynamicLoader: CRYPT32.dll/CertControlStore
DynamicLoader: CRYPT32.dll/CertCloseStore
DynamicLoader: Secur32.dll/FreeContextBuffer
DynamicLoader: ncrypt.dll/SslOpenProvider
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: SHELL32.dll/
DynamicLoader: ncrypt.dll/GetSChannelInterface
DynamicLoader: WININET.dll/CreateUrlCacheContainerW
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoA
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: ncrypt.dll/SslIncrementProviderReferenceCount
DynamicLoader: ncrypt.dll/SslImportKey
DynamicLoader: bcryptprimitives.dll/GetCipherInterface
DynamicLoader: ncrypt.dll/SslLookupCipherSuiteInfo
DynamicLoader: CRYPT32.dll/CertDuplicateCertificateContext
DynamicLoader: wintrust.dll/HTTPSCertificateTrust
DynamicLoader: wintrust.dll/HTTPSFinalProv
DynamicLoader: wintrust.dll/SoftpubInitialize
DynamicLoader: wintrust.dll/SoftpubLoadMessage
DynamicLoader: wintrust.dll/SoftpubLoadSignature
DynamicLoader: wintrust.dll/SoftpubCheckCert
DynamicLoader: wintrust.dll/SoftpubCleanup
DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
DynamicLoader: T2EMBED.DLL/TTLoadEmbeddedFont
DynamicLoader: WINHTTP.dll/WinHttpOpen
DynamicLoader: WINHTTP.dll/WinHttpSetTimeouts
DynamicLoader: WINHTTP.dll/WinHttpSetOption
DynamicLoader: WINHTTP.dll/WinHttpCrackUrl
DynamicLoader: SHLWAPI.dll/StrCmpNW
DynamicLoader: WINHTTP.dll/WinHttpConnect
DynamicLoader: WINHTTP.dll/WinHttpOpenRequest
DynamicLoader: WINHTTP.dll/WinHttpGetDefaultProxyConfiguration
DynamicLoader: WINHTTP.dll/WinHttpGetIEProxyConfigForCurrentUser
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: NSI.dll/NsiAllocateAndGetTable
DynamicLoader: CFGMGR32.dll/CM_Open_Class_Key_ExW
DynamicLoader: iphlpapi.DLL/ConvertInterfaceGuidToLuid
DynamicLoader: iphlpapi.DLL/GetIfEntry2
DynamicLoader: iphlpapi.DLL/GetIpForwardTable2
DynamicLoader: iphlpapi.DLL/GetIpNetEntry2
DynamicLoader: iphlpapi.DLL/FreeMibTable
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: NSI.dll/NsiFreeTable
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: WINHTTP.dll/WinHttpGetProxyForUrl
DynamicLoader: WINHTTP.dll/WinHttpTimeFromSystemTime
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: WINHTTP.dll/WinHttpSendRequest
DynamicLoader: ws2_32.DLL/GetAddrInfoW
DynamicLoader: ws2_32.DLL/WSASocketW
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/WSAIoctl
DynamicLoader: ws2_32.DLL/FreeAddrInfoW
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/WSARecv
DynamicLoader: ws2_32.DLL/WSASend
DynamicLoader: WINHTTP.dll/WinHttpReceiveResponse
DynamicLoader: WINHTTP.dll/WinHttpQueryHeaders
DynamicLoader: SHLWAPI.dll/StrStrIW
DynamicLoader: WINHTTP.dll/WinHttpQueryDataAvailable
DynamicLoader: WINHTTP.dll/WinHttpReadData
DynamicLoader: WINHTTP.dll/WinHttpCloseHandle
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: CRYPT32.dll/CertDuplicateCertificateChain
DynamicLoader: CRYPT32.dll/CertGetCertificateContextProperty
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: CRYPT32.dll/CertFreeCertificateChain
DynamicLoader: CRYPT32.dll/CertFreeCertificateContext
DynamicLoader: ncrypt.dll/SslEncryptPacket
DynamicLoader: ncrypt.dll/SslDecryptPacket
DynamicLoader: WININET.dll/CommitUrlCacheEntryA
DynamicLoader: ncrypt.dll/SslDecrementProviderReferenceCount
DynamicLoader: ncrypt.dll/SslFreeObject
DynamicLoader: kernel32.dll/GetThreadUILanguage
DynamicLoader: ImgUtil.dll/DecodeImage
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: PROPSYS.dll/PSCoerceToCanonicalValue
DynamicLoader: CFGMGR32.dll/CMP_UnregisterNotification
DynamicLoader: OLEAUT32.dll/BSTR_UserSize
DynamicLoader: OLEAUT32.dll/BSTR_UserMarshal
DynamicLoader: OLEAUT32.dll/BSTR_UserUnmarshal
DynamicLoader: OLEAUT32.dll/BSTR_UserFree
DynamicLoader: OLEAUT32.dll/VARIANT_UserSize
DynamicLoader: OLEAUT32.dll/VARIANT_UserMarshal
DynamicLoader: OLEAUT32.dll/VARIANT_UserUnmarshal
DynamicLoader: OLEAUT32.dll/VARIANT_UserFree
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserSize
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserMarshal
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserUnmarshal
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserFree
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: WINSTA.dll/WinStationRegisterConsoleNotification
DynamicLoader: RPCRT4.dll/RpcAsyncInitializeHandle
DynamicLoader: RPCRT4.dll/Ndr64AsyncClientCall
DynamicLoader: WTSAPI32.dll/WTSRegisterSessionNotification
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: WINSTA.dll/WinStationRegisterConsoleNotification
DynamicLoader: DUI70.dll/InitProcessPriv
DynamicLoader: DUI70.dll/InitThread
DynamicLoader: USER32.dll/RegisterMessagePumpHook
DynamicLoader: DUI70.dll/?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
DynamicLoader: DUI70.dll/?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
DynamicLoader: DUI70.dll/??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
DynamicLoader: DUI70.dll/?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
DynamicLoader: DUI70.dll/??0ClassInfoBase@DirectUI@@QEAA@XZ
DynamicLoader: DUI70.dll/?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
DynamicLoader: DUI70.dll/?Register@ClassInfoBase@DirectUI@@QEAAJXZ
DynamicLoader: DUI70.dll/?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
DynamicLoader: DUI70.dll/?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
DynamicLoader: DUI70.dll/?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
DynamicLoader: DUI70.dll/??1CritSecLock@DirectUI@@QEAA@XZ
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegGetValueW
DynamicLoader: ole32.dll/CLSIDFromString
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: UxTheme.dll/IsCompositionActive
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: SHELL32.dll/SHAppBarMessage
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: SHELL32.dll/SHFileOperationW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PROPSYS.dll/InitPropVariantFromBuffer
DynamicLoader: PROPSYS.dll/PropVariantToBuffer
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: POWRPROF.dll/PowerSettingRegisterNotification
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: sechost.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW
DynamicLoader: srvcli.dll/NetShareGetInfo
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: netutils.dll/NetApiBufferFree
DynamicLoader: sechost.dll/OpenSCManagerW
DynamicLoader: sechost.dll/OpenServiceW
DynamicLoader: sechost.dll/NotifyServiceStatusChangeW
DynamicLoader: sechost.dll/CloseServiceHandle
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ADVAPI32.dll/GetNamedSecurityInfoW
DynamicLoader: ncsi.dll/NcsiIdentifyUserSpecificProxies
DynamicLoader: sechost.dll/ConvertStringSidToSidW
DynamicLoader: sechost.dll/ConvertStringSidToSidW
DynamicLoader: comctl32.dll/
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: sechost.dll/OpenSCManagerW
DynamicLoader: sechost.dll/OpenServiceW
DynamicLoader: sechost.dll/NotifyServiceStatusChangeW
DynamicLoader: sechost.dll/CloseServiceHandle
DynamicLoader: CSCAPI.dll/OfflineFilesQueryStatus
DynamicLoader: ADVAPI32.dll/RegNotifyChangeKeyValue
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: SETUPAPI.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: ADVAPI32.dll/RegGetValueW
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemRealloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/RegCreateKeyExW
DynamicLoader: comctl32.dll/
DynamicLoader: USER32.dll/ChangeWindowMessageFilter
DynamicLoader: webcheck.dll/SystemFunction009
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: NSI.dll/NsiAllocateAndGetTable
DynamicLoader: CFGMGR32.dll/CM_Open_Class_Key_ExW
DynamicLoader: IPHLPAPI.DLL/ConvertInterfaceGuidToLuid
DynamicLoader: IPHLPAPI.DLL/GetIfEntry2
DynamicLoader: IPHLPAPI.DLL/GetIpForwardTable2
DynamicLoader: IPHLPAPI.DLL/GetIpNetEntry2
DynamicLoader: IPHLPAPI.DLL/FreeMibTable
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: NSI.dll/NsiFreeTable
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoSetProxyBlanket
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/IsValidSid
DynamicLoader: ADVAPI32.dll/GetLengthSid
DynamicLoader: ADVAPI32.dll/CopySid
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PROPSYS.dll/VariantCompare
DynamicLoader: Wlanapi.dll/WlanOpenHandle
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: comctl32.dll/DPA_Create
DynamicLoader: comctl32.dll/DPA_InsertPtr
DynamicLoader: PROPSYS.dll/VariantToPropVariant
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/BSTR_UserUnmarshal64
DynamicLoader: sechost.dll/OpenSCManagerW
DynamicLoader: sechost.dll/OpenServiceW
DynamicLoader: sechost.dll/QueryServiceConfigW
DynamicLoader: sechost.dll/CloseServiceHandle
DynamicLoader: sechost.dll/QueryServiceStatus
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/RpcBindingSetOption
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcAsyncInitializeHandle
DynamicLoader: RPCRT4.dll/NdrClientCall3
DynamicLoader: RPCRT4.dll/Ndr64AsyncClientCall
DynamicLoader: SSPICLI.DLL/GetUserNameExW
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: fxsst.dll/FaxMonitorStartup
DynamicLoader: slc.dll/SLGetWindowsInformationDWORD
DynamicLoader: ole32.dll/StringFromGUID2
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: fxsst.dll/IsFaxMessage
DynamicLoader: fxsst.dll/FaxMonitorShutdown
DynamicLoader: POWRPROF.dll/PowerSettingRegisterNotification
DynamicLoader: slc.dll/SLGetWindowsInformationDWORD
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: ADVAPI32.dll/RegNotifyChangeKeyValue
DynamicLoader: sechost.dll/OpenSCManagerW
DynamicLoader: sechost.dll/OpenServiceW
DynamicLoader: sechost.dll/QueryServiceStatus
DynamicLoader: sechost.dll/CloseServiceHandle
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoSetProxyBlanket
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: sechost.dll/OpenSCManagerW
DynamicLoader: sechost.dll/OpenServiceW
DynamicLoader: sechost.dll/QueryServiceStatus
DynamicLoader: sechost.dll/QueryServiceConfigW
DynamicLoader: sechost.dll/CloseServiceHandle
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/NdrClientCall3
DynamicLoader: CRYPTBASE.dll/SystemFunction041
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegGetValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/IsValidSid
DynamicLoader: ADVAPI32.dll/GetLengthSid
DynamicLoader: ADVAPI32.dll/CopySid
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: SHELL32.dll/SHGetFolderPathEx
DynamicLoader: ieproxy.dll/DllGetClassObject
DynamicLoader: ieproxy.dll/DllCanUnloadNow
DynamicLoader: ntdll.dll/RtlDllShutdownInProgress
DynamicLoader: ntdll.dll/RtlDllShutdownInProgress
DynamicLoader: CRYPTBASE.dll/SystemFunction040
DynamicLoader: comctl32.dll/DPA_Create
DynamicLoader: comctl32.dll/DPA_Search
DynamicLoader: comctl32.dll/DPA_InsertPtr
DynamicLoader: WSCAPI.dll/WscGetSecurityProviderHealth
DynamicLoader: comctl32.dll/LoadIconMetric
DynamicLoader: WINTRUST.dll/DllCanUnloadNow
DynamicLoader: WINTRUST.dll/CryptSIPPutSignedDataMsg
DynamicLoader: WINTRUST.dll/CryptSIPGetSignedDataMsg
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: pcwum.dll/PerfDeleteInstance
DynamicLoader: pcwum.dll/PerfStopProvider
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/WmiCloseBlock
DynamicLoader: PROPSYS.dll/PropVariantToVariant
DynamicLoader: ole32.dll/CoDisconnectObject
DynamicLoader: wbemcore.dll/Shutdown
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoDisconnectObject
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ADVAPI32.dll/RegDeleteKeyExW
DynamicLoader: kernel32.dll/RegDeleteValueW
DynamicLoader: WTSAPI32.dll/WTSQueryUserToken
DynamicLoader: kernel32.dll/RegCreateKeyExW
DynamicLoader: kernel32.dll/RegQueryValueExW
DynamicLoader: kernel32.dll/RegCloseKey
DynamicLoader: ntdll.dll/EtwRegisterTraceGuidsW
DynamicLoader: ntdll.dll/EtwRegisterTraceGuidsW
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: wbemsvc.dll/DllGetClassObject
DynamicLoader: wbemsvc.dll/DllCanUnloadNow
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/RegOpenKeyExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: sechost.dll/LookupAccountSidLocalW
Performs HTTP requests potentially not found in PCAP.
url: stackpath.bootstrapcdn.com:443//font-awesome/4.7.0/css/font-awesome.min.css
url: stackpath.bootstrapcdn.com:443//font-awesome/4.7.0/css/font-awesome.min.css
url: stackpath.bootstrapcdn.com:443//font-awesome/4.7.0/fonts/fontawesome-webfont.eot?
url: louvre-dev.tk:80//productPages/product1.html
url: louvre-dev.tk:80//productPages/css/style.min.css
url: louvre-dev.tk:80//productPages/css/theme.min.css
url: louvre-dev.tk:80//productPages/css/style.css
url: louvre-dev.tk:80//productPages/css/settings.css
url: louvre-dev.tk:80//productPages/css/mainstyle.css
url: louvre-dev.tk:80//productPages/css/js_composer.min.css
url: louvre-dev.tk:80//productPages/css/child-style.css
url: louvre-dev.tk:80//productPages/js/jquery.js
url: louvre-dev.tk:80//productPages/js/jquery-migrate.min.js
url: louvre-dev.tk:80//productPages/js/jquery.themepunch.tools.min.js
url: louvre-dev.tk:80//productPages/js/jquery.themepunch.revolution.min.js
url: louvre-dev.tk:80//productPages/js/jquery.blockUI.min.js
url: louvre-dev.tk:80//productPages/js/add-to-cart.min.js
url: louvre-dev.tk:80//productPages/js/woocommerce-add-to-cart.js
url: louvre-dev.tk:80//productPages/css/style.min.css
url: louvre-dev.tk:80//productPages/css/theme.min.css
url: louvre-dev.tk:80//productPages/css/style.css
url: louvre-dev.tk:80//productPages/css/settings.css
url: louvre-dev.tk:80//productPages/css/mainstyle.css
url: louvre-dev.tk:80//productPages/css/js_composer.min.css
url: louvre-dev.tk:80//productPages/css/child-style.css
url: louvre-dev.tk:80//productPages/js/jquery.js
url: louvre-dev.tk:80//productPages/fonts/revicons/revicons.eot?5510888
url: louvre-dev.tk:80//productPages/css/assets/fonts/fontawesome-webfont.eot)%20format(%22embedded-opentype%22),%20url(assets/fonts/fontawesome-webfont.woff2)%20format(%22woff2%22),%20url(assets/fonts/fontawesome-webfont.woff)%20format(%22woff%22),%20url(assets/fonts/fontawesome-webfont.ttf)%20format(%22truetype%22),%20url(assets/fonts/fontawesome-webfont.svg
url: louvre-dev.tk:80//productPages/css/assets/fonts/line-awesome.eot??v=1.1.
url: louvre-dev.tk:80//productPages/css/assets/fonts/kable.eot?27958105
url: louvre-dev.tk:80//productPages/fonts/vc_icons_v2/fonts/vcpb-plugin-icons.eot?f6ud62
url: louvre-dev.tk:80//productPages/fonts/FrutigerLTStd-Roman.otf
url: louvre-dev.tk:80//productPages/js/jquery-migrate.min.js
url: louvre-dev.tk:80//productPages/js/jquery.themepunch.tools.min.js
url: louvre-dev.tk:80//productPages/js/jquery.themepunch.revolution.min.js
url: louvre-dev.tk:80//productPages/js/jquery.blockUI.min.js
url: louvre-dev.tk:80//productPages/js/add-to-cart.min.js
url: louvre-dev.tk:80//productPages/js/woocommerce-add-to-cart.js
url: louvre-dev.tk:80//productPages/images/louvre-logo.png
url: louvre-dev.tk:80//productPages/images/proudct14-600x772.jpg
url: louvre-dev.tk:80//productPages/images/green_chair1.jpg
url: louvre-dev.tk:80//productPages/images/proudct17.jpg
url: louvre-dev.tk:80//productPages/images/proudct7.jpg
url: louvre-dev.tk:80//productPages/images/proudct4.jpg
url: louvre-dev.tk:80//productPages/images/product20.jpg
url: louvre-dev.tk:80//productPages/images/Kable-Menu-Image.jpg

Screenshots


Hosts

Direct IP Country Name
N 93.184.221.240 [VT] Europe
Y 8.8.8.8 [VT] United States
N 209.197.3.15 [VT] United States
N 204.79.197.200 [VT] United States
N 157.245.205.47 [VT] United States
N 151.139.128.14 [VT] United States
N 125.252.224.8 [VT] Singapore

DNS

Name Response Post-Analysis Lookup
www.bing.com [VT] CNAME dual-a-0001.a-msedge.net [VT]
CNAME a-0001.a-afdentry.net.trafficmanager.net [VT]
A 204.79.197.200 [VT]
A 13.107.21.200 [VT]
louvre-dev.tk [VT] A 157.245.205.47 [VT]
lourve.dev.cc [VT] A 127.0.0.1 [VT]
stackpath.bootstrapcdn.com [VT] A 209.197.3.15 [VT]
CNAME cds.j3z9t3p6.hwcdn.net [VT]
www.download.windowsupdate.com [VT] CNAME cs11.wpc.v0cdn.net [VT]
CNAME 2-01-3cf7-0009.cdx.cedexis.net [VT]
CNAME wu.ec.azureedge.net [VT]
CNAME hlb.apr-52dd2-0.edgecastdns.net [VT]
CNAME wu.wpc.apr-52dd2.edgecastdns.net [VT]
CNAME wu.azureedge.net [VT]
A 93.184.221.240 [VT]
ocsp.usertrust.com [VT] CNAME t3j2g9x7.stackpathcdn.com [VT]
A 151.139.128.14 [VT]
crl.microsoft.com [VT] A 125.252.224.8 [VT]
A 23.57.66.35 [VT]
CNAME crl.www.ms.akadns.net [VT]
CNAME a1363.dscg.akamai.net [VT]

Summary

Process Tree


iexplore.exe, PID: 1728, Parent PID: 2480
Full Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Command Line: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "http://louvre-dev.tk/productPages/product1.html"
iexplore.exe, PID: 812, Parent PID: 1728
Full Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Command Line: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1728 CREDAT:79873
explorer.exe, PID: 1632, Parent PID: 1496
Full Path: C:\Windows\explorer.exe
Command Line: C:\Windows\Explorer.EXE
explorer.exe, PID: 880, Parent PID: 400
Full Path: C:\Windows\explorer.exe
Command Line: explorer.exe
svchost.exe, PID: 816, Parent PID: 460
Full Path: C:\Windows\sysnative\svchost.exe
Command Line: C:\Windows\system32\svchost.exe -k netsvcs
svchost.exe, PID: 564, Parent PID: 460
Full Path: C:\Windows\sysnative\svchost.exe
Command Line: C:\Windows\system32\svchost.exe -k DcomLaunch
WmiPrvSE.exe, PID: 1092, Parent PID: 564
Full Path: C:\Windows\sysnative\wbem\WmiPrvSE.exe
Command Line: C:\Windows\system32\wbem\wmiprvse.exe -Embedding

Hosts

Direct IP Country Name
N 93.184.221.240 [VT] Europe
Y 8.8.8.8 [VT] United States
N 209.197.3.15 [VT] United States
N 204.79.197.200 [VT] United States
N 157.245.205.47 [VT] United States
N 151.139.128.14 [VT] United States
N 125.252.224.8 [VT] Singapore

TCP

Source Source Port Destination Destination Port
192.168.35.21 49235 125.252.224.8 crl.microsoft.com 80
192.168.35.21 49201 151.139.128.14 ocsp.usertrust.com 80
192.168.35.21 49174 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49176 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49177 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49178 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49181 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49182 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49183 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49184 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49185 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49186 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49208 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49214 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49216 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49220 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49222 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49224 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49225 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49226 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49227 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49228 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49229 157.245.205.47 louvre-dev.tk 80
192.168.35.21 49168 204.79.197.200 www.bing.com 80
192.168.35.21 49188 209.197.3.15 stackpath.bootstrapcdn.com 443
192.168.35.21 49196 93.184.221.240 www.download.windowsupdate.com 80

UDP

Source Source Port Destination Destination Port
192.168.35.21 53447 8.8.8.8 53
192.168.35.21 57255 8.8.8.8 53
192.168.35.21 57334 8.8.8.8 53
192.168.35.21 58094 8.8.8.8 53
192.168.35.21 59473 8.8.8.8 53
192.168.35.21 65365 8.8.8.8 53
192.168.35.21 65426 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
www.bing.com [VT] CNAME dual-a-0001.a-msedge.net [VT]
CNAME a-0001.a-afdentry.net.trafficmanager.net [VT]
A 204.79.197.200 [VT]
A 13.107.21.200 [VT]
louvre-dev.tk [VT] A 157.245.205.47 [VT]
lourve.dev.cc [VT] A 127.0.0.1 [VT]
stackpath.bootstrapcdn.com [VT] A 209.197.3.15 [VT]
CNAME cds.j3z9t3p6.hwcdn.net [VT]
www.download.windowsupdate.com [VT] CNAME cs11.wpc.v0cdn.net [VT]
CNAME 2-01-3cf7-0009.cdx.cedexis.net [VT]
CNAME wu.ec.azureedge.net [VT]
CNAME hlb.apr-52dd2-0.edgecastdns.net [VT]
CNAME wu.wpc.apr-52dd2.edgecastdns.net [VT]
CNAME wu.azureedge.net [VT]
A 93.184.221.240 [VT]
ocsp.usertrust.com [VT] CNAME t3j2g9x7.stackpathcdn.com [VT]
A 151.139.128.14 [VT]
crl.microsoft.com [VT] A 125.252.224.8 [VT]
A 23.57.66.35 [VT]
CNAME crl.www.ms.akadns.net [VT]
CNAME a1363.dscg.akamai.net [VT]

HTTP Requests

URI Data
http://www.bing.com/favicon.ico
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.bing.com
Connection: Keep-Alive

http://louvre-dev.tk/productPages/product1.html
GET /productPages/product1.html HTTP/1.1
Accept: */*
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/css/style.min.css
GET /productPages/css/style.min.css HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/css/theme.min.css
GET /productPages/css/theme.min.css HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/css/settings.css
GET /productPages/css/settings.css HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/css/style.css
GET /productPages/css/style.css HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/css/mainstyle.css
GET /productPages/css/mainstyle.css HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/js/jquery.js
GET /productPages/js/jquery.js HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/css/child-style.css
GET /productPages/css/child-style.css HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/css/js_composer.min.css
GET /productPages/css/js_composer.min.css HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/fonts/revicons/revicons.eot?5510888
GET /productPages/fonts/revicons/revicons.eot?5510888 HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86401
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 19 Apr 2017 22:43:31 GMT
If-None-Match: "80ab755e5eb9d21:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

http://louvre-dev.tk/productPages/css/assets/fonts/fontawesome-webfont.eot)%20format(%22embedded-opentype%22),%20url(assets/fonts/fontawesome-webfont.woff2)%20format(%22woff2%22),%20url(assets/fonts/fontawesome-webfont.woff)%20format(%22woff%22),%20url(assets/fonts/fontawesome-webfont.ttf)%20format(%22truetype%22),%20url(assets/fonts/fontawesome-webfont.svg
GET /productPages/css/assets/fonts/fontawesome-webfont.eot)%20format(%22embedded-opentype%22),%20url(assets/fonts/fontawesome-webfont.woff2)%20format(%22woff2%22),%20url(assets/fonts/fontawesome-webfont.woff)%20format(%22woff%22),%20url(assets/fonts/fontawesome-webfont.ttf)%20format(%22truetype%22),%20url(assets/fonts/fontawesome-webfont.svg HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/css/assets/fonts/line-awesome.eot??v=1.1.
GET /productPages/css/assets/fonts/line-awesome.eot??v=1.1. HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/css/assets/fonts/kable.eot?27958105
GET /productPages/css/assets/fonts/kable.eot?27958105 HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEBPqKHBb9OztDDZjCYBhQzY%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEBPqKHBb9OztDDZjCYBhQzY%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com

http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com

http://louvre-dev.tk/productPages/fonts/vc_icons_v2/fonts/vcpb-plugin-icons.eot?f6ud62
GET /productPages/fonts/vc_icons_v2/fonts/vcpb-plugin-icons.eot?f6ud62 HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/fonts/FrutigerLTStd-Roman.otf
GET /productPages/fonts/FrutigerLTStd-Roman.otf HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/js/jquery-migrate.min.js
GET /productPages/js/jquery-migrate.min.js HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/js/jquery.themepunch.tools.min.js
GET /productPages/js/jquery.themepunch.tools.min.js HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/js/jquery.themepunch.revolution.min.js
GET /productPages/js/jquery.themepunch.revolution.min.js HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/js/jquery.blockUI.min.js
GET /productPages/js/jquery.blockUI.min.js HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/js/add-to-cart.min.js
GET /productPages/js/add-to-cart.min.js HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/js/woocommerce-add-to-cart.js
GET /productPages/js/woocommerce-add-to-cart.js HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/images/proudct17.jpg
GET /productPages/images/proudct17.jpg HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/images/proudct7.jpg
GET /productPages/images/proudct7.jpg HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/images/louvre-logo.png
GET /productPages/images/louvre-logo.png HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/images/proudct14-600x772.jpg
GET /productPages/images/proudct14-600x772.jpg HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/images/green_chair1.jpg
GET /productPages/images/green_chair1.jpg HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://louvre-dev.tk/productPages/images/proudct4.jpg
GET /productPages/images/proudct4.jpg HTTP/1.1
Accept: */*
Referer: http://louvre-dev.tk/productPages/product1.html
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: louvre-dev.tk
Connection: Keep-Alive

http://crl.microsoft.com/pki/crl/products/WinPCA.crl
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 02 Dec 2015 18:30:06 GMT
If-None-Match: "0cb60772f2dd11:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

Source Source Port Destination Destination Port JA3 Hash JA3 Description
192.168.35.21 49188 209.197.3.15 stackpath.bootstrapcdn.com 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
File name search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
File Size 237 bytes
File Type PNG image data, 16 x 16, 4-bit colormap, non-interlaced
MD5 9fb559a691078558e77d6848202f6541
SHA1 ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
SHA256 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
CRC32 FC87942A
Ssdeep 6:6v/lhPIF6R/C+u1fXNg1XQ3yslRtNO+cKvAElRApGCp:6v/7b/C1fm1ZslRTvAElR47
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
File Size 262144 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 ddbecc908f2912f29cbc33167cbc761c
SHA1 bd6802a9c64297c31c41ccb0e60eb51077fe30fd
SHA256 e69ea3946826728a51fc5ee78a9272d77514179310342224c6cc111267b6b49d
CRC32 1DF8D0A8
Ssdeep 768:pFFwZHofW9CFWNw3fcOIkim+GYZxWSDG:rFwZIfW9AWmvcOITm+GYZxWsG
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 077eb5d924c84ec41447ad7795b38734
SHA1 e3b4793862bb370db5ddd3cb5e607034172336e1
SHA256 06813b4ee292b191c05cb15febfba874e7f4caac47a8c3081041a20880708209
CRC32 E2F624C0
Ssdeep 48:q3xbTpYVfruSYufruXYsfAjYmeKZ6MYCI:qZTuVfrutufruIsfAc26Lv
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name product1[1].htm
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\product1[1].htm
File Size 57309 bytes
File Type HTML document, UTF-8 Unicode text, with very long lines
MD5 f215dbd54c2f43da158701509981b7df
SHA1 8adafe7584b811d16744c33cbdca3e320d20f4ed
SHA256 22e1d9a67b41340a9c903d27b3efb3f58779aeed3d19bb6b84b7fddfa348ed48
CRC32 801D3B86
Ssdeep 1536:iv5kY6xE/6PCGBXd+u90sK/ubfEnalk/8n1M5488Anz7+uO8E/RDV/h2uFRcuItw:ykY6xm6bcfyMA88Ann+t8E/RDV/h2uFT
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<!DOCTYPE html>
<html lang="en-US">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="profile" href="http://gmpg.org/xfn/11">
    <title>NOTEBOOK A YOUNG EMIR STUDYING &#8211; MUSEUM BOUTIQUE</title>
<link rel='dns-prefetch' href='//s.w.org' />

		<script type="text/javascript">
			window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/lourve.dev.cc\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.2.3"}};
			!function(a,b,c){function d(a,b){var c=String.fromCharCode;l.clearRect(0,0,k.width,k.height),l.fillText(c.apply(this,a),0,0);var d=k.toDataURL();l.clearRect(0,0,k.width,k.height),l.fillText(c.apply(this,b),0,0);var e=k.toDataURL();return d===e}function e(a){var b;if(!l||!l.fillText)return!1;switch(l.textBaseline="top",l.font="600 32px Arial",a){case"flag":return!(b=d([55356,56826,55356,56819],[55356,56826,8203,55356,56819]))&&(b=d([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]),!b);case"emoji":return b=d([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340]),!b}return!1}function f(a){var c=b.createElement("script");c.src=a,c.defer=c.type="text/javascript",b.getElementsByTagName("head")[0].appendChild(c)}var g,h,i,j,k=b.createElement("canvas"),l=k.getContext&&k.getContext("2d");for(j=Array("flag","emoji"),c.supports={everything:!0,everythingExceptFlag:!0},i=0;i<j.length;i++)c.supports[j[i]]=e(j[i]),c.supports.everything=c.supports.everything&&c.supports[j[i]],"flag"!==j[i]&&(c.supports.everythingExceptFlag=c.supports.everythingExceptFlag&&c.supports[j[i]]);c.supports.everythingExceptFlag=c.supports.everythingExceptFlag&&!c.supports.flag,c.DOMReady=!1,c.readyCallback=function(){c.DOMReady=!0},c.supports.everything||(h=function(){c.readyCallback()},b.addEventListener?(b.addEventListener("DOMContentLoaded",h,!1),a.addEventListener("load",h,!1)):(a.attachEvent("onload",h),b.attachEvent("onreadystatechange",function(){"complete"===b.readyState&&c.readyCallback()})),g=c.source||{},g.concatemoji?f(g.concatemoji):g.wpemoji&&g.twemoji&&(f(g.twemoji),f(g.wpemoji)))}(window,document,window._wpemojiSettings);
		</script>
		<style type="text/css">
img.wp-smiley,
img.emoji {
	display: inline !important;
	border: none !important;
	box-shadow: none !important;
	height: 1em !important;
	width: 1em !important;
	margin: 0 .07em !important;
	vertical-align: -0.1em !important;
	background: none !important;
	padding: 0 !important;
}
</style>




	<link rel='stylesheet' id='wp-block-library-css'  href='css/style.min.css' type='text/css' media='all' />
<link rel='stylesheet' id='wp-block-library-theme-css'  href='css/theme.min.css' type='text/css' media='all' />
<link rel='stylesheet' id='wc-block-style-css'  href='css/style.css' type='text/css' media='all' />
<link rel='stylesheet' id='rs-plugin-settings-css'  href='css/settings.css' type='text/css' media='all' />
<style id='rs-plugin-settings-inline-css' type='text/css'>
#rs-demo-id {}
</style>
<style id='woocommerce-inline-inline-css' type='text/css'>
.woocommerce form .form-row .required { visibility: visible; }
</style>
<link rel='stylesheet' id='parent-style-css'  href='css/mainstyle.css' type='text/css' media='all' />
<link rel='stylesheet' id='parent-style-css'  href='https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css' type='text/css' media='all' />


<link rel='stylesheet' id='js_composer_front-css'  href='css/js_composer.min.css' type='text/css' media='all' />
<link rel='stylesheet' id='kable-style-css'  href='css/child-style.css' type='text/css' media='all' />
<style id='kable-style-inline-css' type='text/css'>

/*@font-face{font-family:Frutiger;src:url(fonts/frutiger-lt-65-bold.ttf) format("ttf"),url(fonts/frutiger-lt-65-bold.ttf) format("ttf");font-weight:400;font-style:normal}#yith-wcwl-popup-message,.piko-notify .woocommerce-message,.piko-notify .woocommerce-error,.piko-notify .woocommerce-info{top:10%}.type-tab-3.s-item-0 .discount:before{content:"SAVE"}@media (min-width:1200px){.container{max-width:1140px} }
*/
@font-face {
font-family: "Frutiger";
src: url("fonts/FrutigerLTStd-Roman.otf");

}

</style>
<script type='text/javascript' src='js/jquery.js'></script>
<script type='text/javascript' src='js/jquery-migrate.min.js'></script>
<script type='text/javascript' src='js/jquery.themepunch.tools.min.js'></script>
<script type='text/javascript' src='js/jquery.themepunch.revolution.min.js'></script>
<script type='text/javascript' src='js/jquery.blockUI.min.js'></script>
<script type='text/javascript'>
/* <![CDATA[ */
var wc_add_to_cart_params = {"ajax_url":"\/wp-admin\/admin-ajax.php","wc_ajax_url":"\/?wc-ajax=%%endpoint%%","i18n_view_cart":"View cart","cart_url":"http:\/\/lourve.dev.cc\/cart\/","is_cart":"","cart_redirect_after_add":"no"};
/* ]]> */
</script>
<script type='text/javascript' src='js/add-to-cart.min.js'></script>
<script type='text/javascript' src='js/woocommerce-add-to-cart.js'></script>

<link rel="icon" href="images/cropped-louvre-logo-32x32.png" sizes="32x32" />
<link rel="icon" href="images/cropped-louvre-logo-192x192.png" sizes="192x192" />
<link rel="apple-touch-icon-precomposed" href="images/cropped-louvre-logo-180x180.png" />
<meta name="msapplication-TileImage" content="images/cropped-louvre-logo-270x270.png" />
<script type="text/javascript">function setREVStartSize(e){
						try{ e.c=jQuery(e.c);var i=jQuery(window).width(),t=9999,r=0,n=0,l=0,f=0,s=0,h=0;
							if(e.responsiveLevels&&(jQuery.each(e.responsiveLevels,function(e,f){f>i&&(t=r=f,l=e),i>f&&f>r&&(r=f,n=e)}),t>r&&(l=n)),f=e.gridheight[l]||e.gridheight[0]||e.gridheight,s=e.gridwidth[l]||e.gridwidth[0]||e.gridwidth,h=i/s,h=h>1?1:h,f=Math.round(h*f),"fullscreen"==e.sliderLayout){var u=(e.c.width(),jQuery(window).height());if(void 0!=e.fullScreenOffsetContainer){var c=e.fullScreenOffsetContainer.split(",");if (c) jQuery.each(c,function(e,i){u=jQuery(i).length>0?u-jQuery(i).outerHeight(!0):u}),e.fullScreenOffset.split("%").length>1&&void 0!=e.fullScreenOffset&&e.fullScreenOffset.length>0?u-=jQuery(window).height()*parseInt(e.fullScreenOffset,0)/100:void 0!=e.fullScreenOffset&&e.fullScreenOffset.length>0&&(u-=parseInt(e.fullScreenOffset,0))}f=u}else void 0!=e.minHeight&&f<e.minHeight&&(f=e.minHeight);e.c.closest(".rev_slider_wrapper").css({height:f})
						}catch(d){console.log("Failure at Presize of Slider:"+d)}
					};</script>
<style type="text/css" title="dynamic-css" class="options-output">footer.site-footer.layout2:before{background-color:#fff;}.pop-content h2,.pop-content h3{opacity: 1;visibility: visible;-webkit-transition: opacity 0.24s ease-in-out;-moz-transition: opacity 0.24s ease-in-out;transition: opacity 0.24s ease-in-out;}.wf-loading .pop-content h2,.wf-loading .pop-content h3{opacity: 0;}.ie.wf-loading .pop-content h2,.ie.wf-loading .pop-content h3{visibility: hidden;}.popup-news{background-repeat:no-repeat;background-position:left center;background-image:url('images/mona-lisa-popup.png');}body{font-style:normal;color:#888888;opacity: 1;visibility: visible;-webkit-transition: opacity 0.24s ease-in-out;-moz-transition: opacity 0.24s ease-in-out;transition: opacity 0.24s ease-in-out;}.wf-loading body{opacity: 0;}.ie.wf-loading body{visibility: hidden;}h1, .h1, h2, .h2, h3, .h3, h4, .h4, h5, .h5, h6, .h6{opacity: 1;visibility: visible;-webkit-transition: opacity 0.24s ease-in-out;-moz-transition: opacity 0.24s ease-in-out;transition: opacity 0.24s ease-in-out;}.wf-loading h1,.wf-loading  .h1,.wf-loading  h2,.wf-loading  .h2,.wf-loading  h3,.wf-loading  .h3,.wf-loading  h4,.wf-loading  .h4,.wf-loading  h5,.wf-loading  .h5,.wf-loading  h6,.wf-loading  .h6{opacity: 0;}.ie.wf-loading h1,.ie.wf-loading  .h1,.ie.wf-loading  h2,.ie.wf-loading  .h2,.ie.wf-loading  h3,.ie.wf-loading  .h3,.ie.wf-loadin <truncated>
File name style[1].css
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\style[1].css
File Size 6362 bytes
File Type ASCII text, with very long lines
MD5 a1ff06e5154f12492f76eed70f673334
SHA1 f4e2ad77a82509e3b40b8e1c1641e8930407635c
SHA256 58f7686283a5669e850fd72c4658a286df18578109d1d88e6786aec17d7cd260
CRC32 E02A089C
Ssdeep 96:OeRzCQryMSZ4VK0+Uc2JyYXxWbYUuVPK/joCMwH/oQwioyV5kgU3wOnQeKE:OzhS0C
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
.wc-block-featured-product{position:relative;background-color:#24292d;background-size:cover;background-position:50%;width:100%;margin:0 0 1.5em}.wc-block-featured-product,.wc-block-featured-product .wc-block-featured-product__wrapper{display:flex;justify-content:center;align-items:center;flex-wrap:wrap;align-content:center}.wc-block-featured-product .wc-block-featured-product__wrapper{overflow:hidden;height:100%}.wc-block-featured-product.has-left-content{justify-content:flex-start}.wc-block-featured-product.has-left-content .wc-block-featured-product__description,.wc-block-featured-product.has-left-content .wc-block-featured-product__price,.wc-block-featured-product.has-left-content .wc-block-featured-product__title{margin-left:0;text-align:left}.wc-block-featured-product.has-right-content{justify-content:flex-end}.wc-block-featured-product.has-right-content .wc-block-featured-product__description,.wc-block-featured-product.has-right-content .wc-block-featured-product__price,.wc-block-featured-product.has-right-content .wc-block-featured-product__title{margin-right:0;text-align:right}.wc-block-featured-product .wc-block-featured-product__description,.wc-block-featured-product .wc-block-featured-product__price,.wc-block-featured-product .wc-block-featured-product__title{color:#fff;line-height:1.25;margin-bottom:0;text-align:center}.wc-block-featured-product .wc-block-featured-product__description a,.wc-block-featured-product .wc-block-featured-product__description a:active,.wc-block-featured-product .wc-block-featured-product__description a:focus,.wc-block-featured-product .wc-block-featured-product__description a:hover,.wc-block-featured-product .wc-block-featured-product__price a,.wc-block-featured-product .wc-block-featured-product__price a:active,.wc-block-featured-product .wc-block-featured-product__price a:focus,.wc-block-featured-product .wc-block-featured-product__price a:hover,.wc-block-featured-product .wc-block-featured-product__title a,.wc-block-featured-product .wc-block-featured-product__title a:active,.wc-block-featured-product .wc-block-featured-product__title a:focus,.wc-block-featured-product .wc-block-featured-product__title a:hover{color:#fff}.wc-block-featured-product .wc-block-featured-product__description,.wc-block-featured-product .wc-block-featured-product__link,.wc-block-featured-product .wc-block-featured-product__price,.wc-block-featured-product .wc-block-featured-product__title{width:100%;padding:0 48px 16px;z-index:1}.wc-block-featured-product .wc-block-featured-product__title{margin-top:0}.wc-block-featured-product .wc-block-featured-product__title:before{display:none}.wc-block-featured-product .wc-block-featured-product__description p{margin:0}.wc-block-featured-product.has-background-dim:before{content:"";position:absolute;top:0;left:0;bottom:0;right:0;background-color:inherit;opacity:.5;z-index:1}.wc-block-featured-product.has-background-dim.has-background-dim-10:before{opacity:.1}.wc-block-featured-product.has-background-dim.has-background-dim-20:before{opacity:.2}.wc-block-featured-product.has-background-dim.has-background-dim-30:before{opacity:.3}.wc-block-featured-product.has-background-dim.has-background-dim-40:before{opacity:.4}.wc-block-featured-product.has-background-dim.has-background-dim-50:before{opacity:.5}.wc-block-featured-product.has-background-dim.has-background-dim-60:before{opacity:.6}.wc-block-featured-product.has-background-dim.has-background-dim-70:before{opacity:.7}.wc-block-featured-product.has-background-dim.has-background-dim-80:before{opacity:.8}.wc-block-featured-product.has-background-dim.has-background-dim-90:before{opacity:.9}.wc-block-featured-product.has-background-dim.has-background-dim-100:before{opacity:1}.wc-block-featured-product.alignleft,.wc-block-featured-product.alignright{max-width:305px;width:100%}.wc-block-featured-product:after{display:block;content:"";font-size:0;min-height:inherit}@supports ((position:-webkit-sticky) or (position:sticky)){.wc-block-featured-product:after{content:none}}.wc-block-featured-product.aligncenter,.wc-block-featured-product.alignleft,.wc-block-featured-product.alignright{display:flex}
.wp-block-woocommerce-handpicked-products.is-hidden-price .price,.wp-block-woocommerce-handpicked-products.is-hidden-title .woocommerce-loop-product__title,.wp-block-woocommerce-product-best-sellers.is-hidden-price .price,.wp-block-woocommerce-product-best-sellers.is-hidden-title .woocommerce-loop-product__title,.wp-block-woocommerce-product-category.is-hidden-price .price,.wp-block-woocommerce-product-category.is-hidden-title .woocommerce-loop-product__title,.wp-block-woocommerce-product-new.is-hidden-price .price,.wp-block-woocommerce-product-new.is-hidden-title .woocommerce-loop-product__title,.wp-block-woocommerce-product-on-sale.is-hidden-price .price,.wp-block-woocommerce-product-on-sale.is-hidden-title .woocommerce-loop-product__title,.wp-block-woocommerce-product-top-rated.is-hidden-price .price,.wp-block-woocommerce-product-top-rated.is-hidden-title .woocommerce-loop-product__title,.wp-block-woocommerce-products-by-attribute.is-hidden-price .price,.wp-block-woocommerce-products-by-attribute.is-hidden-title .woocommerce-loop-product__title{display:none!important}.wp-block-woocommerce-handpicked-products.is-hidden-rating .star-rating,.wp-block-woocommerce-product-best-sellers.is-hidden-rating .star-rating,.wp-block-woocommerce-product-category.is-hidden-rating .star-rating,.wp-block-woocommerce-product-new.is-hidden-rating .star-rating,.wp-block-woocommerce-product-on-sale.is-hidden-rating .star-rating,.wp-block-woocommerce-product-top-rated.is-hidden-rating .star-rating,.wp-block-woocommerce-products-by-attribute.is-hidden-rating .star-rating{display:none}.wp-block-woocommerce-handpicked-products.is-hidden-button .button[data-product_sku],.wp-block-woocommerce-product-best-sellers.is-hidden-button .button[data-product_sku],.wp-block-woocommerce-product-category.is-hidden-button .button[data-product_sku],.wp-block-woocommerce-product-new.is-hidden-button .button[data-product_sku],.wp-block-woocommerce-product-on-sale.is-hidden-button .button[data-product_sku],.wp-block-woocommerce-product-top-rated.is-hidden-button .button[data-product_sku],.wp-block-woocommerce-products-by-attribute.is-hidden-button .button[data-product_sku]{display:none!important}
File name theme.min[1].css
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\theme.min[1].css
File Size 1496 bytes
File Type ASCII text, with very long lines
MD5 93ffe8ae2a757c1de9eef63b37641d14
SHA1 5bd952a9fe9969d5a0278943ffe7a4dfc28d5cd1
SHA256 ab876dd315693f556c3c77e8e718813b30733947f9b5ec049340ce69282e9259
CRC32 D96CBED2
Ssdeep 24:sWqIPueTvuY2TNDNp/hmiMTKGvefSfdr9ecWZpK17So:sqGuvwhvJ6TxG66cIpK17So
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
.wp-block-code{font-size:14px;padding:.8em 1em;border:1px solid #e2e4e7;border-radius:4px}.wp-block-code,.wp-block-preformatted pre{font-family:Menlo,Consolas,monaco,monospace;color:#23282d}.wp-block-preformatted pre{font-size:16px}@media (min-width:600px){.wp-block-preformatted pre{font-size:14px}}.wp-block-pullquote{border-top:4px solid #555d66;border-bottom:4px solid #555d66;color:#40464d}.wp-block-pullquote__citation,.wp-block-pullquote cite,.wp-block-pullquote footer{color:#40464d;text-transform:uppercase;font-size:13px;font-style:normal}.wp-block-quote{border-left:4px solid #000;margin:20px 0;padding-left:1em}.wp-block-quote__citation,.wp-block-quote cite,.wp-block-quote footer{color:#6c7781;font-size:13px;margin-top:1em;position:relative;font-style:normal}.wp-block-quote[style*="text-align:right"],.wp-block-quote[style*="text-align: right"]{border-left:none;border-right:4px solid #000;padding-left:0;padding-right:1em}.wp-block-quote[style*="text-align:center"],.wp-block-quote[style*="text-align: center"]{border:none;padding-left:0}.wp-block-quote.is-large,.wp-block-quote.is-style-large{border:none}.wp-block-search .wp-block-search__label{font-weight:700}.wp-block-separator{border:none;border-bottom:2px solid #8f98a1;margin:1.65em auto}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){max-width:100px}.wp-block-table{width:100%;min-width:240px;border-collapse:collapse}.wp-block-table td,.wp-block-table th{padding:.5em;border:1px solid;word-break:break-all}
File name settings[1].css
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\settings[1].css
File Size 38397 bytes
File Type assembler source, UTF-8 Unicode text, with very long lines
MD5 46c4868a43eda447c16528ad56a633a8
SHA1 23cd5834032f7a3754b6067ad1e5f46c9887db88
SHA256 b6f00bd0212994aba48514ed33866fdfe08ffe00b140ed2fc754f175b277b3d2
CRC32 F2DC4328
Ssdeep 384:xU6bCKDsqCs21Ta12761s/01z16u1ezh101j1po51r7a1/m/wKxN10G1LyGI131C:hmzz/Bz7nre12wKxNrHmU1h8D28U
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
/*-----------------------------------------------------------------------------

-	Revolution Slider 5.0 Default Style Settings -

Screen Stylesheet

version:   	5.4.5
date:      	15/05/17
author:		themepunch
email:     	info@themepunch.com
website:   	http://www.themepunch.com
-----------------------------------------------------------------------------*/

#debungcontrolls {
	z-index:100000;
	position:fixed;
	bottom:0px; width:100%;
	height:auto;
	background:rgba(0,0,0,0.6);
	padding:10px;
	box-sizing: border-box;
}

.debugtimeline {
	width:100%;
	height:10px;
	position:relative;
	display:block;
	margin-bottom:3px;
	display:none;
	white-space: nowrap;
	box-sizing: border-box;
}

.debugtimeline:hover {
	height:15px;

}

.the_timeline_tester {
	background:#e74c3c;
	position:absolute;
	top:0px;
	left:0px;
	height:100%;
	width:0;
}

.rs-go-fullscreen {
	position:fixed !important;
	width:100% !important;
	height:100% !important;
	top:0px !important;
	left:0px !important;
	z-index:9999999 !important;
	background:#ffffff !important;
}


.debugtimeline.tl_slide .the_timeline_tester {
	background:#f39c12;
}

.debugtimeline.tl_frame .the_timeline_tester {
	background:#3498db;
}

.debugtimline_txt {
	color:#fff;
	font-weight: 400;
	font-size:7px;
	position:absolute;
	left:10px;
	top:0px;
	white-space: nowrap;
	line-height: 10px;
}


.rtl {	direction: rtl;}
@font-face {
  font-family: 'revicons';
  src: url('../fonts/revicons/revicons.eot?5510888');
  src: url('../fonts/revicons/revicons.eot?5510888#iefix') format('embedded-opentype'),
       url('../fonts/revicons/revicons.woff?5510888') format('woff'),
       url('../fonts/revicons/revicons.ttf?5510888') format('truetype'),
       url('../fonts/revicons/revicons.svg?5510888#revicons') format('svg');
  font-weight: normal;
  font-style: normal;
}

 [class^="revicon-"]:before, [class*=" revicon-"]:before {
  font-family: "revicons";
  font-style: normal;
  font-weight: normal;
  speak: none;
  display: inline-block;
  text-decoration: inherit;
  width: 1em;
  margin-right: .2em;
  text-align: center;

  /* For safety - reset parent styles, that can break glyph codes*/
  font-variant: normal;
  text-transform: none;

  /* fix buttons height, for twitter bootstrap */
  line-height: 1em;

  /* Animation center compensation - margins should be symmetric */
  /* remove if not needed */
  margin-left: .2em;

  /* you can be more comfortable with increased icons size */
  /* font-size: 120%; */

  /* Uncomment for 3D effect */
  /* text-shadow: 1px 1px 1px rgba(127, 127, 127, 0.3); */
}

.revicon-search-1:before { content: '\e802'; } /* '\xc3\xae \xe2\x80\x9a' */
.revicon-pencil-1:before { content: '\e831'; } /* '\xc3\xae \xc2\xb1' */
.revicon-picture-1:before { content: '\e803'; } /* '\xc3\xae \xc6\x92' */
.revicon-cancel:before { content: '\e80a'; } /* '\xc3\xae \xc5\xa0' */
.revicon-info-circled:before { content: '\e80f'; } /* '\xc3\xae \xc2\x8f' */
.revicon-trash:before { content: '\e801'; } /* '\xc3\xae \xc2\x81' */
.revicon-left-dir:before { content: '\e817'; } /* '\xc3\xae \xe2\x80\x94' */
.revicon-right-dir:before { content: '\e818'; } /* '\xc3\xae \xcb\x9c' */
.revicon-down-open:before { content: '\e83b'; } /* '\xc3\xae \xc2\xbb' */
.revicon-left-open:before { content: '\e819'; } /* '\xc3\xae \xe2\x84\xa2' */
.revicon-right-open:before { content: '\e81a'; } /* '\xc3\xae \xc5\xa1' */
.revicon-angle-left:before { content: '\e820'; } /* '\xc3\xae  ' */
.revicon-angle-right:before { content: '\e81d'; } /* '\xc3\xae \xc2\x9d' */
.revicon-left-big:before { content: '\e81f'; } /* '\xc3\xae \xc5\xb8' */
.revicon-right-big:before { content: '\e81e'; } /* '\xc3\xae \xc5\xbe' */
.revicon-magic:before { content: '\e807'; } /* '\xc3\xae \xe2\x80\xa1' */
.revicon-picture:before { content: '\e800'; } /* '\xc3\xae \xe2\x82\xac' */
.revicon-export:before { content: '\e80b'; } /* '\xc3\xae \xe2\x80\xb9' */
.revicon-cog:before { content: '\e832'; } /* '\xc3\xae \xc2\xb2' */
.revicon-login:before { content: '\e833'; } /* '\xc3\xae \xc2\xb3' */
.revicon-logout:before { content: '\e834'; } /* '\xc3\xae \xc2\xb4' */
.revicon-video:before { content: '\e805'; } /* '\xc3\xae \xe2\x80\xa6' */
.revicon-arrow-combo:before { content: '\e827'; } /* '\xc3\xae \xc2\xa7' */
.revicon-left-open-1:before { content: '\e82a'; } /* '\xc3\xae \xc2\xaa' */
.revicon-right-open-1:before { content: '\e82b'; } /* '\xc3\xae \xc2\xab' */
.revicon-left-open-mini:before { content: '\e822'; } /* '\xc3\xae \xc2\xa2' */
.revicon-right-open-mini:before { content: '\e823'; } /* '\xc3\xae \xc2\xa3' */
.revicon-left-open-big:before { content: '\e824'; } /* '\xc3\xae \xc2\xa4' */
.revicon-right-open-big:before { content: '\e825'; } /* '\xc3\xae \xc2\xa5' */
.revicon-left:before { content: '\e836'; } /* '\xc3\xae \xc2\xb6' */
.revicon-right:before { content: '\e826'; } /* '\xc3\xae \xc2\xa6' */
.revicon-ccw:before { content: '\e808'; } /* '\xc3\xae \xcb\x86' */
.revicon-arrows-ccw:before { content: '\e806'; } /* '\xc3\xae \xe2\x80\xa0' */
.revicon-palette:before { content: '\e829'; } /* '\xc3\xae \xc2\xa9' */
.revicon-list-add:before { content: '\e80c'; } /* '\xc3\xae \xc5\x92' */
.revicon-doc:before { content: '\e809'; } /* '\xc3\xae \xe2\x80\xb0' */
.revicon-left-open-outline:before { content: '\e82e'; } /* '\xc3\xae \xc2\xae' */
.revicon-left-open-2:before { content: '\e82c'; } /* '\xc3\xae \xc2\xac' */
.revicon-right-open-outline:before { content: '\e82f'; } /* '\xc3\xae \xc2\xaf' */
.revicon-right-open-2:before { content: '\e82d'; } /* '\xc3\xae \xc2\xad' */
.revicon-equalizer:before { content: '\e83a'; } /* '\xc3\xae \xc2\xba' */
.revicon-layers-alt:before { content: '\e804'; } /* '\xc3\xae \xe2\x80\x9e' */
.revicon-popup:before { content: '\e828'; } /* '\xc3\xae \xc2\xa8' */



/******************************
	-	BASIC STYLES		-
******************************/

.rev_slider_wrapper{
	position:relative;
	z-index: 0;
	width:100%;
}

.rev_slider{
	position:relative;
	overflow:visible;
}

.entry-content .rev_slider a,
.rev_slider a { box-shadow: none; }

.tp-overflow-hidden { 	overflow:hidden !important;}
.group_ov_hidden 	{	overflow:hidden}

.tp-simpleresponsive img,
.rev_slider img{
	max-width:none !important;
	transition: none;
	margin:0px;
	padding:0px;
	border:none;
}

.rev_slider .no-slides-text{
	font-weight:bold;
	text-align:center;
	padding-top:80px;
}

.rev_slider >ul,
.rev_slider_wrapper >ul,
.tp-revslider-mainul >li,
.rev_slider >ul >li,
.rev_slider >ul >li:before,
.tp-revslider-mainul >li:before,
.tp-simpleresponsive >ul,
.tp-simpleresponsive >ul >li,
.tp-simpleresponsive >ul >li:before,
.tp-revslider-mainul >li,
.tp-simpleresponsive >ul >li{
	list-style:none !important;
	position:absolute;
	margin:0px !important;
	padding:0px !important;
	overflow-x: visible;
	overflow-y: visible;
	list-style-type: none !important;
	background-image:none;
	background-position:0px 0px;
	text-indent: 0em;
	top:0px;left:0px;
}


.tp-revslider-mainul >li,
.rev_slider >ul >li,
.rev_slider >ul >li:before,
.tp-revslider-mainul >li:before,
.tp-simpleresponsive >ul >li,
.tp-simpleresponsive >ul >li:before,
.tp-revslider-mainul >li,
.tp-simpleresponsive >ul >li {
	visibility:hidden;
}

.tp-revslider-slidesli,
.tp-revslider-mainul	{
	padding:0 !important;
	margin:0 !important;
	list-style:none !important;
}

.rev_slider li.tp-revslider-slidesli {
    position: absolute !important;
}


.tp-caption .rs-untoggled-content { display:block;}
.tp-caption .rs-toggled-content { display:none;}

.rs-toggle-content-active.tp-caption .rs-toggled-content { display:block;}
.rs-toggle-content-active.tp-caption .rs-untoggled-content { display:none;}

.rev_slider .tp-caption,
.rev_slider .caption 	{
	position:relative;
	visibility:hidden;
	white-space: nowrap;
	display: block;
	-webkit-font-smoothing: antialiased !important;
	z-index:1;
}

.rev_slider .tp-caption,
.rev_slider .caption,
.tp-simpleresponsive img {
	-moz-user-select: none;
    -khtml-user-select: none;
    -webkit-user-select: none;
    -o-user-select: none;
}

.rev_slider .tp-mask-wrap .tp-caption,
.rev_slider .tp-mask-wrap *:last-child,
.wpb_text_column .rev_slider .tp-mask-wrap .tp-caption,
.wpb_text_column .rev_slider .tp-mask-wrap *:last-child{
	margin-bottom:0;

}

.tp-svg-layer svg {	width:100%; height:100%;position: relative;vertical-align: top}


/* CAROUSEL FUNCTIONS */
.tp-carousel-wrapper {
	cursor:url(openhand.cur), move;
}
.tp-carousel-wrapper.dragged {
	cursor:url(closedhand.cur), move;
}

/* ADDED FOR SLIDELINK MANAGEMENT */
.tp_inner_padding {
	box-sizing:border-box;
	max-height:none !important;
}


.tp-caption.tp-layer-selectable {
	-moz-user-select: all;
	-khtml-user-select: all;
	-webkit-user-select: all;
	-o-user-select: all;
}
 <truncated>
File name style.min[1].css
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\style.min[1].css
File Size 29296 bytes
File Type ASCII text, with very long lines
MD5 32a6d22aeb06fa626bbe3c551d271b1a
SHA1 a3297c9cb4ec8563a090363b27bc8b27959cf2dd
SHA256 d225b8b61a24bb9b0c5d045dae81ff5f2f180c254ebb10a6ff8f8b78969d366e
CRC32 535BCBA9
Ssdeep 384:Z9pkPdCB9xe/R8ME6e/C/q/c/yKikR0utc5g9dPo/HxdNhu:Z9pkPDc5g9dPo/HxHhu
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
.wp-block-audio figcaption{margin-top:.5em;margin-bottom:1em;color:#555d66;text-align:center;font-size:13px}.wp-block-audio audio{width:100%;min-width:300px}.block-editor-block-list__layout .reusable-block-edit-panel{align-items:center;background:#f8f9f9;color:#555d66;display:flex;flex-wrap:wrap;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen-Sans,Ubuntu,Cantarell,Helvetica Neue,sans-serif;font-size:13px;top:-14px;margin:0 -14px;padding:8px 14px;position:relative;border:1px dashed rgba(145,151,162,.25);border-bottom:none}.block-editor-block-list__layout .block-editor-block-list__layout .reusable-block-edit-panel{margin:0 -14px;padding:8px 14px}.block-editor-block-list__layout .reusable-block-edit-panel .reusable-block-edit-panel__spinner{margin:0 5px}.block-editor-block-list__layout .reusable-block-edit-panel .reusable-block-edit-panel__info{margin-right:auto}.block-editor-block-list__layout .reusable-block-edit-panel .reusable-block-edit-panel__label{margin-right:8px;white-space:nowrap;font-weight:600}.block-editor-block-list__layout .reusable-block-edit-panel .reusable-block-edit-panel__title{flex:1 1 100%;font-size:14px;height:30px;margin:4px 0 8px}.block-editor-block-list__layout .reusable-block-edit-panel .components-button.reusable-block-edit-panel__button{flex-shrink:0}@media (min-width:960px){.block-editor-block-list__layout .reusable-block-edit-panel{flex-wrap:nowrap}.block-editor-block-list__layout .reusable-block-edit-panel .reusable-block-edit-panel__title{margin:0}.block-editor-block-list__layout .reusable-block-edit-panel .components-button.reusable-block-edit-panel__button{margin:0 0 0 5px}}.editor-block-list__layout .is-selected .reusable-block-edit-panel{border-color:rgba(66,88,99,.4) rgba(66,88,99,.4) rgba(66,88,99,.4) transparent}.is-dark-theme .editor-block-list__layout .is-selected .reusable-block-edit-panel{border-color:hsla(0,0%,100%,.45) hsla(0,0%,100%,.45) hsla(0,0%,100%,.45) transparent}.block-editor-block-list__layout .reusable-block-indicator{background:#fff;border:1px dashed #e2e4e7;color:#555d66;top:-14px;height:30px;padding:4px;position:absolute;z-index:1;width:30px;right:-14px}.wp-block-button{color:#fff;margin-bottom:1.5em}.wp-block-button.aligncenter{text-align:center}.wp-block-button.alignright{text-align:right}.wp-block-button__link{background-color:#32373c;border:none;border-radius:28px;box-shadow:none;color:inherit;cursor:pointer;display:inline-block;font-size:18px;margin:0;padding:12px 24px;text-align:center;text-decoration:none;overflow-wrap:break-word}.wp-block-button__link:active,.wp-block-button__link:focus,.wp-block-button__link:hover,.wp-block-button__link:visited{color:inherit}.is-style-squared .wp-block-button__link{border-radius:0}.is-style-outline{color:#32373c}.is-style-outline .wp-block-button__link{background-color:transparent;border:2px solid}.wp-block-calendar{text-align:center}.wp-block-calendar tbody td,.wp-block-calendar th{padding:4px;border:1px solid #e2e4e7}.wp-block-calendar tfoot td{border:none}.wp-block-calendar table{width:100%;border-collapse:collapse;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen-Sans,Ubuntu,Cantarell,Helvetica Neue,sans-serif}.wp-block-calendar table th{font-weight:440;background:#edeff0}.wp-block-calendar a{text-decoration:underline}.wp-block-calendar tfoot a{color:#00739c}.wp-block-calendar table caption,.wp-block-calendar table tbody{color:#40464d}.wp-block-categories.alignleft{margin-right:2em}.wp-block-categories.alignright{margin-left:2em}.wp-block-columns{display:flex;flex-wrap:wrap}@media (min-width:782px){.wp-block-columns{flex-wrap:nowrap}}.wp-block-column{flex-grow:1;margin-bottom:1em;flex-basis:100%;min-width:0;word-break:break-word;overflow-wrap:break-word}@media (min-width:600px){.wp-block-column{flex-basis:calc(50% - 16px);flex-grow:0}.wp-block-column:nth-child(2n){margin-left:32px}}@media (min-width:782px){.wp-block-column:not(:first-child){margin-left:32px}}.wp-block-cover,.wp-block-cover-image{position:relative;background-color:#000;background-size:cover;background-position:50%;min-height:430px;width:100%;margin:0 0 1.5em;display:flex;justify-content:center;align-items:center;overflow:hidden}.wp-block-cover-image.has-left-content,.wp-block-cover.has-left-content{justify-content:flex-start}.wp-block-cover-image.has-left-content .wp-block-cover-image-text,.wp-block-cover-image.has-left-content .wp-block-cover-text,.wp-block-cover-image.has-left-content h2,.wp-block-cover.has-left-content .wp-block-cover-image-text,.wp-block-cover.has-left-content .wp-block-cover-text,.wp-block-cover.has-left-content h2{margin-left:0;text-align:left}.wp-block-cover-image.has-right-content,.wp-block-cover.has-right-content{justify-content:flex-end}.wp-block-cover-image.has-right-content .wp-block-cover-image-text,.wp-block-cover-image.has-right-content .wp-block-cover-text,.wp-block-cover-image.has-right-content h2,.wp-block-cover.has-right-content .wp-block-cover-image-text,.wp-block-cover.has-right-content .wp-block-cover-text,.wp-block-cover.has-right-content h2{margin-right:0;text-align:right}.wp-block-cover-image .wp-block-cover-image-text,.wp-block-cover-image .wp-block-cover-text,.wp-block-cover-image h2,.wp-block-cover .wp-block-cover-image-text,.wp-block-cover .wp-block-cover-text,.wp-block-cover h2{color:#fff;font-size:2em;line-height:1.25;z-index:1;margin-bottom:0;max-width:610px;padding:14px;text-align:center}.wp-block-cover-image .wp-block-cover-image-text a,.wp-block-cover-image .wp-block-cover-image-text a:active,.wp-block-cover-image .wp-block-cover-image-text a:focus,.wp-block-cover-image .wp-block-cover-image-text a:hover,.wp-block-cover-image .wp-block-cover-text a,.wp-block-cover-image .wp-block-cover-text a:active,.wp-block-cover-image .wp-block-cover-text a:focus,.wp-block-cover-image .wp-block-cover-text a:hover,.wp-block-cover-image h2 a,.wp-block-cover-image h2 a:active,.wp-block-cover-image h2 a:focus,.wp-block-cover-image h2 a:hover,.wp-block-cover .wp-block-cover-image-text a,.wp-block-cover .wp-block-cover-image-text a:active,.wp-block-cover .wp-block-cover-image-text a:focus,.wp-block-cover .wp-block-cover-image-text a:hover,.wp-block-cover .wp-block-cover-text a,.wp-block-cover .wp-block-cover-text a:active,.wp-block-cover .wp-block-cover-text a:focus,.wp-block-cover .wp-block-cover-text a:hover,.wp-block-cover h2 a,.wp-block-cover h2 a:active,.wp-block-cover h2 a:focus,.wp-block-cover h2 a:hover{color:#fff}.wp-block-cover-image.has-parallax,.wp-block-cover.has-parallax{background-attachment:fixed}@supports (-webkit-overflow-scrolling:touch){.wp-block-cover-image.has-parallax,.wp-block-cover.has-parallax{background-attachment:scroll}}.wp-block-cover-image.has-background-dim:before,.wp-block-cover.has-background-dim:before{content:"";position:absolute;top:0;left:0;bottom:0;right:0;background-color:inherit;opacity:.5;z-index:1}.wp-block-cover-image.has-background-dim.has-background-dim-10:before,.wp-block-cover.has-background-dim.has-background-dim-10:before{opacity:.1}.wp-block-cover-image.has-background-dim.has-background-dim-20:before,.wp-block-cover.has-background-dim.has-background-dim-20:before{opacity:.2}.wp-block-cover-image.has-background-dim.has-background-dim-30:before,.wp-block-cover.has-background-dim.has-background-dim-30:before{opacity:.3}.wp-block-cover-image.has-background-dim.has-background-dim-40:before,.wp-block-cover.has-background-dim.has-background-dim-40:before{opacity:.4}.wp-block-cover-image.has-background-dim.has-background-dim-50:before,.wp-block-cover.has-background-dim.has-background-dim-50:before{opacity:.5}.wp-block-cover-image.has-background-dim.has-background-dim-60:before,.wp-block-cover.has-background-dim.has-background-dim-60:before{opacity:.6}.wp-block-cover-image.has-background-dim.has-background-dim-70:before,.wp-block-cover.has-background-dim.has-background-dim-70:before{opacity:.7}.wp-block-cover-image.has-background-dim.has-background-dim-80:before,.wp-block-cover.has-background-dim.has-background-dim-80:before{opacity:.8}.wp-block-cover-image.has-background-dim.has-background-dim-90:before,.wp-block-cover.has-background-dim.has-background-dim-90 <truncated>
File name child-style[1].css
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\child-style[1].css
File Size 280 bytes
File Type ASCII text
MD5 f219ed878f903852ade3dfe1885b186f
SHA1 9e4177aa36af4e9d8d211374b0ca788dcf492021
SHA256 57632df575a3a4aa63eb4fa26ed1f1615b24e08edfe6ff8791725beeeb3db298
CRC32 592CE8FC
Ssdeep 6:UpfnXpNtAUs3IfivuJ4Rf8WGC1oyLKwWJDBks8fGLMURwcTRFP0:UhnX13fivlf8E1oyLKZvkvfRURLFP0
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
/*
Theme Name: Kable Child
Theme URI: http://themepiko.com/demo/kable/
Author: themepiko
Author URI: http://www.themepiko.com/
Description: Kable Child Theme
Template: kable
Version: 1.0.0
Text Domain: kable-child
*/

/* https://www.louvreabudhabi.ae/Assets/css/style.css?v=33 */
File name jquery[1].js
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\jquery[1].js
File Size 96874 bytes
File Type ASCII text, with very long lines
MD5 dc5ba5044fccc0297be7b262ce669a7c
SHA1 f137ff98ae379e35b0702967d3b6866a0a40e3be
SHA256 cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3
CRC32 D3E97335
Ssdeep 1536:HYE1fGBiByJsbfXXeRJ/shgWCeLLccJdZVHk04ssx+/mvaSIFSet43tpXJIGVypf:fsAg0psxTva/FSeKy2bDD5a98HrU
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
/*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license | WordPress 2019-05-16 */
!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="1.12.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?a<0?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(e.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(a<0?b:0);return this.pushStack(c>=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject||this.constructor()},push:g,sort:c.sort,splice:c.splice},n.extend=n.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||n.isFunction(g)||(g={}),h===i&&(g=this,h--);h<i;h++)if(null!=(e=arguments[h]))for(d in e)a=g[d],c=e[d],"__proto__"!==d&&g!==c&&(j&&c&&(n.isPlainObject(c)||(b=n.isArray(c)))?(b?(b=!1,f=a&&n.isArray(a)?a:[]):f=a&&n.isPlainObject(a)?a:{},g[d]=n.extend(j,f,c)):void 0!==c&&(g[d]=c));return g},n.extend({expando:"jQuery"+(m+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===n.type(a)},isArray:Array.isArray||function(a){return"array"===n.type(a)},isWindow:function(a){return null!=a&&a==a.window},isNumeric:function(a){var b=a&&a.toString();return!n.isArray(a)&&b-parseFloat(b)+1>=0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},isPlainObject:function(a){var b;if(!a||"object"!==n.type(a)||a.nodeType||n.isWindow(a))return!1;try{if(a.constructor&&!k.call(a,"constructor")&&!k.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}if(!l.ownFirst)for(b in a)return k.call(a,b);for(b in a);return void 0===b||k.call(a,b)},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?i[j.call(a)]||"object":typeof a},globalEval:function(b){b&&n.trim(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(p,"ms-").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(s(a)){for(c=a.length;d<c;d++)if(!1===b.call(a[d],d,a[d]))break}else for(d in a)if(!1===b.call(a[d],d,a[d]))break;return a},trim:function(a){return null==a?"":(a+"").replace(o,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(s(Object(a))?n.merge(c,"string"==typeof a?[a]:a):g.call(c,a)),c},inArray:function(a,b,c){var d;if(b){if(h)return h.call(b,a,c);for(d=b.length,c=c?c<0?Math.max(0,d+c):c:0;c<d;c++)if(c in b&&b[c]===a)return c}return-1},merge:function(a,b){var c=+b.length,d=0,e=a.length;while(d<c)a[e++]=b[d++];if(c!==c)while(void 0!==b[d])a[e++]=b[d++];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;f<g;f++)(d=!b(a[f],f))!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,e,g=0,h=[];if(s(a))for(d=a.length;g<d;g++)null!=(e=b(a[g],g,c))&&h.push(e);else for(g in a)null!=(e=b(a[g],g,c))&&h.push(e);return f.apply([],h)},guid:1,proxy:function(a,b){var c,d,f;if("string"==typeof b&&(f=a[b],b=a,a=f),n.isFunction(a))return c=e.call(arguments,2),d=function(){return a.apply(b||this,c.concat(e.call(arguments)))},d.guid=a.guid=a.guid||n.guid++,d},now:function(){return+new Date},support:l}),"function"==typeof Symbol&&(n.fn[Symbol.iterator]=c[Symbol.iterator]),n.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(a,b){i["[object "+b+"]"]=b.toLowerCase()});function s(a){var b=!!a&&"length"in a&&a.length,c=n.type(a);return"function"!==c&&!n.isWindow(a)&&("array"===c||0===b||"number"==typeof b&&b>0&&b-1 in a)}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=fa(),z=fa(),A=fa(),B=function(a,b){return a===b&&(l=!0),0},C=1<<31,D={}.hasOwnProperty,E=[],F=E.pop,G=E.push,H=E.push,I=E.slice,J=function(a,b){for(var c=0,d=a.length;c<d;c++)if(a[c]===b)return c;return-1},K="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",L="[\\x20\\t\\r\\n\\f]",M="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",N="\\["+L+"*("+M+")(?:"+L+"*([*^$|!~]?=)"+L+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+M+"))|)"+L+"*\\]",O=":("+M+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+N+")*)|.*)\\)|)",P=new RegExp(L+"+","g"),Q=new RegExp("^"+L+"+|((?:^|[^\\\\])(?:\\\\.)*)"+L+"+$","g"),R=new RegExp("^"+L+"*,"+L+"*"),S=new RegExp("^"+L+"*([>+~]|"+L+")"+L+"*"),T=new RegExp("="+L+"*([^\\]'\"]*?)"+L+"*\\]","g"),U=new RegExp(O),V=new RegExp("^"+M+"$"),W={ID:new RegExp("^#("+M+")"),CLASS:new RegExp("^\\.("+M+")"),TAG:new RegExp("^("+M+"|[*])"),ATTR:new RegExp("^"+N),PSEUDO:new RegExp("^"+O),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+L+"*(even|odd|(([+-]|)(\\d*)n|)"+L+"*(?:([+-]|)"+L+"*(\\d+)|))"+L+"*\\)|)","i"),bool:new RegExp("^(?:"+K+")$","i"),needsContext:new RegExp("^"+L+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+L+"*((?:-\\d)?\\d*)"+L+"*\\)|)(?=[^-]|$)","i")},X=/^(?:input|select|textarea|button)$/i,Y=/^h\d$/i,Z=/^[^{]+\{\s*\[native \w/,$=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,_=/[+~]/,aa=/'|\\/g,ba=new RegExp("\\\\([\\da-f]{1,6}"+L+"?|("+L+")|.)","ig"),ca=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:d<0?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)},da=function(){m()};try{H.apply(E=I.call(v.childNodes),v.childNodes),E[v.childNodes.length].nodeType}catch(xa){H={apply:E.length?function(a,b){G.apply(a,I.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function ea(a,b,d,e){var f,h,j,k,l,o,r,s,w=b&&b.ownerDocument,x=b?b.nodeType:9;if(d=d||[],"string"!=typeof a||!a||1!==x&&9!==x&&11!==x)return d;if(!e&&((b?b.ownerDocument||b:v)!==n&&m(b),b=b||n,p)){if(11!==x&&(o=$.exec(a)))if(f=o[1]){if(9===x){if(!(j=b.getElementById(f)))return d;if(j.id===f)return d.push(j),d}else if(w&&(j=w.getElementById(f))&&t(b,j)&&j.id===f)return d.push(j),d}else{if(o[2])return H.apply(d,b.getElementsByTagName(a)),d;if((f=o[3])&&c.getElementsByClassName&&b.getElementsByClassName)return H.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q||!q.test(a))){if(1!==x)w=b,s=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(aa,"\\$&"):b.setAttribute("id",k=u),r=g(a),h=r.length,l=V.test(k)?"#"+k:"[id='"+k+"']";while(h--)r[h]=l+" "+pa(r[h]);s=r.join(","),w=_.test(a)&&na(b.parentNode)||b}if(s)try{return H.apply(d,w.querySelectorAll(s)),d}catch(y){}finally{k===u&&b.removeAttribute("id")}}}return i(a.replace(Q,"$1"),b,d,e)}function fa(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function ga(a){return a[u]=!0,a}function ha(a){var b=n.createElement("div");try{return!!a(b)}catch(xa){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function ia(a,b){var c=a.split("|"),e=c.length;while(e--)d.attrHandle[c[e]]=b}function ja(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&(~b.sourceIndex||C)-(~a.sourceIndex||C);if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function ka(a){return function(b){return"input"===b.nodeName.toLowerCase()&&b.type===a}}function la(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}fu <truncated>
File name mainstyle[1].css
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\mainstyle[1].css
File Size 499585 bytes
File Type UTF-8 Unicode text, with very long lines
MD5 1c2fd4b9d710e11963963fa282640860
SHA1 b70afeb12f9be54ccfb27c9cc3ef7e724383cb34
SHA256 b998b7ea4b858cd3e6d485d1056f972367257892202a04d9376e495e08cb5e39
CRC32 F4C17A0B
Ssdeep 6144:7lfWHZMDThZg6cLDpAT++7XldW2LHRXWikZkbxZy:YHZMDNiWT++7XldW2LHRXWikZkbxZy
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
/*!
Theme Name: Kable
Theme URI: http://themepiko.com/demo/kable/
Author: themepiko
Author URI: http://www.themepiko.com/
Description: Kable - Woocommerce WordPress Theme.
Version: 1.0.0
License: Commercial
License URI: http://themeforest.net/licenses/regular_extended
Tags: two-columns, three-columns, four-columns, left-sidebar, right-sidebar,  custom-menu, editor-style, featured-images, flexible-header, full-width-template, microformats, post-formats, rtl-language-support, sticky-post, theme-options, translation-ready
Text Domain: kable

==========
Note: Do not edit this file. If you wish to add your own CSS we strongly recommend creating your own child theme, or installing a custom CSS plugin.
==========
*/
/*--------------------------------------------------------------
>>> TABLE OF CONTENTS:
----------------------------------------------------------------
# Normalize
# Preloader
# Bootstrap Grid
# Typography
# Slick Slider
# Forms
# Navigation
	## Links
	## Menus
# Breadcrumb
# Helper Class
# Elements
# Accessibility
# Content
	## Posts and pages
	## Comments
# Alignments
# Media
	## Captions
	## Galleries
# Clearings
# Home Box
# Blog
# Widget
# Comment
# Footer
# Font icon
    ## font Awesome
    ## font piko
# Magnific Popup
# Woocommerce
# Shortcode
# Utility
--------------------------------------------------------------*/
/*fixed variable*/
/*helper color*/
/** Font Face **/
/*animate function*/
/*--------------------------------------------------------------
## normalize
--------------------------------------------------------------*/
html, body, div, span, applet, object, iframe,
h1, h2, h3, h4, h5, h6, p, blockquote, pre,
a, abbr, acronym, address, big, cite, code,
del, dfn, em, img, ins, kbd, q, s, samp,
small, strike, strong, sub, sup, tt, var,
b, u, i, center, dl, dt, dd,
fieldset, form, label, legend,
table, caption, tbody, tfoot, thead, tr, th, td,
article, aside, canvas, details, embed,
figure, figcaption, footer, header, hgroup,
menu, nav, output, ruby, section, summary,
time, mark, audio, video {
  padding: 0;
  margin: 0;
  border: 0;
  font-size: 100%;
  font: inherit;
  vertical-align: baseline;
}

.widget form select {
  width: 100%;
}

*,
*::before,
*::after {
  -webkit-box-sizing: border-box;
          box-sizing: border-box;
}

html {
  font-family: sans-serif;
  line-height: 1.2;
  -webkit-text-size-adjust: 100%;
  -ms-text-size-adjust: 100%;
  -ms-overflow-style: scrollbar;
  -webkit-tap-highlight-color: transparent;
}

@-ms-viewport {
  width: device-width;
}
article, aside, dialog, figcaption, figure, footer, header, hgroup, main, nav, section {
  display: block;
}

body {
  margin: 0;
  font-family: "Frutiger", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
  color: #7f7f82;
  overflow-x: hidden;
  font-size: .875em;
  margin: 0 0 11px 0;
  line-height: 1.4375em;
  letter-spacing: .06375em;
}

a {
  color: #22222b;
  -webkit-transition: all .3s;
  transition: all .3s;
}

a:hover, a:active {
  color: #fdbf70;
}

h1, h2, h3, h4, h5, h6 {
  font-family: "Frutiger", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
  line-height: 1.625;
  color: #22222b;
  font-weight: 400;
}

h1 {
  margin: 0;
  font-size: 2.8125rem;
}

h2 {
  font-size: 1.875rem;
}

h3 {
  font-size: 1.5625rem;
}

h4 {
  font-size: 1.375rem;
}

h5 {
  font-size: 1.125rem;
}

h6 {
  font-size: 1rem;
}

p {
  margin-bottom: 1.2em;
}

button[type="submit"],
input[type="submit"] {
  font-family: "Frutiger", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
}

[tabindex="-1"]:focus {
  outline: none !important;
}

strong {
  color: #22222b;
  font-weight: 600;
}

a, a:hover, a:focus, a:active {
  text-decoration: none;
  outline: 0;
}

p {
  margin-top: 0;
  margin-bottom: 1rem;
}

abbr[title],
abbr[data-original-title] {
  text-decoration: underline;
  -webkit-text-decoration: underline dotted;
  text-decoration: underline dotted;
  cursor: help;
  border-bottom: 0;
}

address {
  margin-bottom: 1rem;
  font-style: normal;
  line-height: inherit;
}

ul {
  list-style: inside;
}

ol {
  list-style: inside decimal;
}

dfn,
cite,
em,
i {
  font-style: italic;
}

blockquote, q {
  quotes: none;
  font-size: 1rem;
  padding: 1.3125rem 1.875rem !important;
  margin-bottom: 1.25rem;
  position: relative;
  display: block;
  color: #22222b;
  border-left: 2px solid #fdbf70 !important;
}

blockquote cite,
blockquote small {
  color: #22222b;
  display: block;
  font-size: 1rem;
  line-height: 1.75;
}

blockquote cite:before,
blockquote small:before {
  content: "\2014 \00A0";
}

blockquote strong,
blockquote b {
  font-weight: 600;
}

blockquote > :last-child {
  margin-bottom: 0;
}

blockquote p, q p {
  margin: 0;
}

dl {
  margin: 0 0 1.75em;
}

dt {
  font-weight: 600;
}

dd {
  margin: 0 0 1.75em;
}

table,
th,
td {
  border: 1px solid #ebebeb;
  vertical-align: middle;
}

table {
  border-collapse: separate;
  border-spacing: 0;
  border-width: 1px 0 0 1px;
  margin: 1.5em 0 1.75em;
  width: 100%;
}

caption,
th,
td {
  font-weight: normal;
  text-align: left;
}

th {
  overflow: visible;
  -webkit-box-sizing: content-box;
          box-sizing: content-box;
  height: 0;
  border-width: 0 1px 1px 0;
  font-weight: 500;
}

td {
  border-width: 0 1px 1px 0;
}

th,
td {
  padding: 0.9375rem;
}

th p,
td p {
  margin: 0;
}

small {
  font-size: 75%;
}

address {
  font-style: italic;
  margin: 0 0 1.75em;
}

b {
  font-weight: bold;
}

code, kbd, tt, var, samp, pre {
  font-family: Menlo, Monaco, Consolas, "Courier New", monospace;
}

pre {
  margin-top: 0;
  margin-bottom: 1rem;
  overflow: auto;
  white-space: pre;
  white-space: pre-wrap;
  word-wrap: break-word;
  padding: 1.5em;
  -ms-overflow-style: scrollbar;
  border: 1px solid #d2d2d2;
}

code {
  padding: 0.125rem 0.25rem;
  font-size: 90%;
  color: #c62850;
  background-color: #f9f2f4;
  border-radius: 0.25rem;
}

sub,
sup {
  font-size: 75%;
  line-height: 0;
  position: relative;
  vertical-align: baseline;
}

sup {
  top: -0.5em;
}

sub {
  bottom: -0.25em;
}

abbr,
acronym {
  border-bottom: 1px dotted #d2d2d2;
  cursor: help;
}

mark {
  background: #fdbf70;
  padding: 0.125em 0.25em;
  text-decoration: none;
  color: #fff;
}

big {
  font-size: 125%;
}

figure {
  margin: 0 0 1rem;
}

img {
  height: auto;
  max-width: 100%;
  vertical-align: middle;
  border-style: none;
}

svg:not(:root) {
  overflow: hidden;
}

[type="search"] {
  -webkit-appearance: textfield;
  outline-offset: -2px;
  width: 100%;
}

[type="search"]::-webkit-search-cancel-button,
[type="search"]::-webkit-search-decoration {
  -webkit-appearance: none;
}

.clear:after,
.clearfix:after {
  display: block;
  clear: both;
  content: "";
}

.screen-reader-text {
  clip: rect(1px, 1px, 1px, 1px);
  height: 1px;
  overflow: hidden;
  position: absolute !important;
  width: 1px;
}

/*--------------------------------------------------------------
## pre loader
--------------------------------------------------------------*/
#site-loading-slide {
  position: absolute;
  top: 0;
  left: 0;
  width: 100%;
  z-index: 999;
  height: 0.125rem;
  overflow: hidden;
}

.site-mask {
  position: absolute;
  z-index: 998;
  top: 0;
  left: 0;
  right: 0;
  bottom: 0;
  margin: auto;
  -webkit-transition: opacity .7s;
  transition: opacity .7s;
  background-color: rgba(255, 255, 255, 0.1);
}
.site-mask.fade_in {
  visibility: hidden;
  opacity: 0;
  z-index: inherit;
}

@media (max-width: 1024px) {
  #site-loading-slide,
  .site-mask {
    display: none;
  }
}
#site-loading-slide .proggress {
  position: absolute;
  top: 0;
  left: 0;
  width: 100%;
  height: 100%;
  z-index: 5;
  background-color: #ddd;
  -webkit-transition: opacity .7s ease;
  transition: opacity .7s ease;
}

#site-loading-slide .proggress.hidden {
  opacity: 0;
}

#site-loading-slide .bar {
  position: absolute;
  width: 100%;
  height: 0.3125rem;
  z-index: 10;
  background-color: #fdbf70;
}

#site-loading {
  position: fixed;
  z-index: 1001;
  top: 0;
  left: 0;
  right: 0;
  bottom: 0;
  margin: auto;
  background-color: rgba(255, 255, 255, 0.8);
}

/*------------------------------------------------- <truncated>
File name 94308059B57B3142E455B38A6EB92015
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
File Size 58373 bytes
File Type Microsoft Cabinet archive data, 58373 bytes, 1 file
MD5 93871e1433144c58cab0deddd1d46925
SHA1 8e587a3571eb8955887074d3eaf92b841fa76e71
SHA256 3193f3035a4f457d66bab3048880aac2eb8557027f6373e606d4621609af1068
CRC32 1ACBF958
Ssdeep 1536:R+E5BB8ZedGpm9ez1KZIpxvAa8iQ030GYTFDIC:Rx7B8uEhzZxvAajQ03DAF
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name js_composer.min[1].css
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\js_composer.min[1].css
File Size 484858 bytes
File Type ASCII text, with very long lines
MD5 45a91d69a0492a81ad8b2af2096d6da7
SHA1 b48652b3f4529ba392d44e279f242866aa528e73
SHA256 9c813c3fdb32efc966bdf2381e9673ac1d2843e4fb0874e5d8681d2505293bd8
CRC32 A3C8D6DD
Ssdeep 3072:yR/svmKEBVJh/eJMcAkaCeLYtz+RJwKZ1kkUSbxhJwdO8BEo2HwSMxnp5ANdl0gD:yR/7/JcY
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
/*!
 * WPBakery Page Builder v6.0.0 (https://wpbakery.com)
 * Copyright 2011-2019 Michael M, WPBakery
 * License: Commercial. More details: http://go.wpbakery.com/licensing
 */

.vc_row:after,.vc_row:before{content:" ";display:table}.vc_row:after{clear:both}@media (max-width:767px){.vc_hidden-xs{display:none!important}}@media (min-width:768px) and (max-width:991px){.vc_hidden-sm{display:none!important}}@media (min-width:992px) and (max-width:1199px){.vc_hidden-md{display:none!important}}@media (min-width:1200px){.vc_hidden-lg{display:none!important}}.vc_non_responsive .vc_row .vc_col-sm-1{position:relative;float:left;width:8.33333333%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-2{position:relative;float:left;width:16.66666667%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-3{position:relative;float:left;width:25%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-4{position:relative;float:left;width:33.33333333%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-5{position:relative;float:left;width:41.66666667%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-6{position:relative;float:left;width:50%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-7{position:relative;float:left;width:58.33333333%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-8{position:relative;float:left;width:66.66666667%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-9{position:relative;float:left;width:75%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-10{position:relative;float:left;width:83.33333333%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-11{position:relative;float:left;width:91.66666667%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-12{position:relative;float:left;width:100%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-offset-12{margin-left:100%}.vc_non_responsive .vc_row .vc_col-sm-offset-11{margin-left:91.66666667%}.vc_non_responsive .vc_row .vc_col-sm-offset-10{margin-left:83.33333333%}.vc_non_responsive .vc_row .vc_col-sm-offset-9{margin-left:75%}.vc_non_responsive .vc_row .vc_col-sm-offset-8{margin-left:66.66666667%}.vc_non_responsive .vc_row .vc_col-sm-offset-7{margin-left:58.33333333%}.vc_non_responsive .vc_row .vc_col-sm-offset-6{margin-left:50%}.vc_non_responsive .vc_row .vc_col-sm-offset-5{margin-left:41.66666667%}.vc_non_responsive .vc_row .vc_col-sm-offset-4{margin-left:33.33333333%}.vc_non_responsive .vc_row .vc_col-sm-offset-3{margin-left:25%}.vc_non_responsive .vc_row .vc_col-sm-offset-2{margin-left:16.66666667%}.vc_non_responsive .vc_row .vc_col-sm-offset-1{margin-left:8.33333333%}.vc_non_responsive .vc_row .vc_col-sm-offset-0{margin-left:0}.vc_non_responsive .vc_row .vc_hidden-sm{display:none!important}.vc_non_responsive .vc_row .vc_col-sm-1\/5{position:relative;float:left;width:20%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-2\/5{position:relative;float:left;width:40%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-3\/5{position:relative;float:left;width:60%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-4\/5{position:relative;float:left;width:80%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-5\/5{position:relative;float:left;width:100%;min-height:1px;padding-left:15px;padding-right:15px}.vc_non_responsive .vc_row .vc_col-sm-offset-5\/5{margin-left:100%}.vc_non_responsive .vc_row .vc_col-sm-offset-4\/5{margin-left:80%}.vc_non_responsive .vc_row .vc_col-sm-offset-3\/5{margin-left:60%}.vc_non_responsive .vc_row .vc_col-sm-offset-2\/5{margin-left:40%}.vc_non_responsive .vc_row .vc_col-sm-offset-1\/5{margin-left:20%}.vc_non_responsive .vc_row .vc_col-sm-offset-0\/5{margin-left:0}.vc_column_container{width:100%}.vc_row{margin-left:-15px;margin-right:-15px}.vc_col-lg-1,.vc_col-lg-10,.vc_col-lg-11,.vc_col-lg-12,.vc_col-lg-2,.vc_col-lg-3,.vc_col-lg-4,.vc_col-lg-5,.vc_col-lg-6,.vc_col-lg-7,.vc_col-lg-8,.vc_col-lg-9,.vc_col-md-1,.vc_col-md-10,.vc_col-md-11,.vc_col-md-12,.vc_col-md-2,.vc_col-md-3,.vc_col-md-4,.vc_col-md-5,.vc_col-md-6,.vc_col-md-7,.vc_col-md-8,.vc_col-md-9,.vc_col-sm-1,.vc_col-sm-10,.vc_col-sm-11,.vc_col-sm-12,.vc_col-sm-2,.vc_col-sm-3,.vc_col-sm-4,.vc_col-sm-5,.vc_col-sm-6,.vc_col-sm-7,.vc_col-sm-8,.vc_col-sm-9,.vc_col-xs-1,.vc_col-xs-10,.vc_col-xs-11,.vc_col-xs-12,.vc_col-xs-2,.vc_col-xs-3,.vc_col-xs-4,.vc_col-xs-5,.vc_col-xs-6,.vc_col-xs-7,.vc_col-xs-8,.vc_col-xs-9{position:relative;min-height:1px;padding-left:15px;padding-right:15px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.vc_col-xs-1,.vc_col-xs-10,.vc_col-xs-11,.vc_col-xs-12,.vc_col-xs-2,.vc_col-xs-3,.vc_col-xs-4,.vc_col-xs-5,.vc_col-xs-6,.vc_col-xs-7,.vc_col-xs-8,.vc_col-xs-9{float:left}.rtl .vc_rtl-columns-reverse .vc_col-xs-1,.rtl .vc_rtl-columns-reverse .vc_col-xs-10,.rtl .vc_rtl-columns-reverse .vc_col-xs-11,.rtl .vc_rtl-columns-reverse .vc_col-xs-12,.rtl .vc_rtl-columns-reverse .vc_col-xs-2,.rtl .vc_rtl-columns-reverse .vc_col-xs-3,.rtl .vc_rtl-columns-reverse .vc_col-xs-4,.rtl .vc_rtl-columns-reverse .vc_col-xs-5,.rtl .vc_rtl-columns-reverse .vc_col-xs-6,.rtl .vc_rtl-columns-reverse .vc_col-xs-7,.rtl .vc_rtl-columns-reverse .vc_col-xs-8,.rtl .vc_rtl-columns-reverse .vc_col-xs-9{float:right}.vc_col-xs-12{width:100%}.vc_col-xs-11{width:91.66666667%}.vc_col-xs-10{width:83.33333333%}.vc_col-xs-9{width:75%}.vc_col-xs-8{width:66.66666667%}.vc_col-xs-7{width:58.33333333%}.vc_col-xs-6{width:50%}.vc_col-xs-5{width:41.66666667%}.vc_col-xs-4{width:33.33333333%}.vc_col-xs-3{width:25%}.vc_col-xs-2{width:16.66666667%}.vc_col-xs-1{width:8.33333333%}.vc_col-xs-pull-12{right:100%}.vc_col-xs-pull-11{right:91.66666667%}.vc_col-xs-pull-10{right:83.33333333%}.vc_col-xs-pull-9{right:75%}.vc_col-xs-pull-8{right:66.66666667%}.vc_col-xs-pull-7{right:58.33333333%}.vc_col-xs-pull-6{right:50%}.vc_col-xs-pull-5{right:41.66666667%}.vc_col-xs-pull-4{right:33.33333333%}.vc_col-xs-pull-3{right:25%}.vc_col-xs-pull-2{right:16.66666667%}.vc_col-xs-pull-1{right:8.33333333%}.vc_col-xs-pull-0{right:auto}.vc_col-xs-push-12{left:100%}.vc_col-xs-push-11{left:91.66666667%}.vc_col-xs-push-10{left:83.33333333%}.vc_col-xs-push-9{left:75%}.vc_col-xs-push-8{left:66.66666667%}.vc_col-xs-push-7{left:58.33333333%}.vc_col-xs-push-6{left:50%}.vc_col-xs-push-5{left:41.66666667%}.vc_col-xs-push-4{left:33.33333333%}.vc_col-xs-push-3{left:25%}.vc_col-xs-push-2{left:16.66666667%}.vc_col-xs-push-1{left:8.33333333%}.vc_col-xs-push-0{left:auto}.vc_col-xs-offset-12{margin-left:100%}.vc_col-xs-offset-11{margin-left:91.66666667%}.vc_col-xs-offset-10{margin-left:83.33333333%}.vc_col-xs-offset-9{margin-left:75%}.vc_col-xs-offset-8{margin-left:66.66666667%}.vc_col-xs-offset-7{margin-left:58.33333333%}.vc_col-xs-offset-6{margin-left:50%}.vc_col-xs-offset-5{margin-left:41.66666667%}.vc_col-xs-offset-4{margin-left:33.33333333%}.vc_col-xs-offset-3{margin-left:25%}.vc_col-xs-offset-2{margin-left:16.66666667%}.vc_col-xs-offset-1{margin-left:8.33333333%}.vc_col-xs-offset-0{margin-left:0}.vc_col-lg-1\/5,.vc_col-lg-2\/5,.vc_col-lg-3\/5,.vc_col-lg-4\/5,.vc_col-lg-5\/5,.vc_col-md-1\/5,.vc_col-md-2\/5,.vc_col-md-3\/5,.vc_col-md-4\/5,.vc_col-md-5\/5,.vc_col-sm-1\/5,.vc_col-sm-2\/5,.vc_col-sm-3\/5,.vc_col-sm-4\/5,.vc_col-sm-5\/5,.vc_col-xs-1\/5,.vc_col-xs-2\/5,.vc_col-xs-3\/5,.vc_col-xs-4\/5,.vc_col-xs-5\/5{position:relative;min-height:1px;padding-left:15px;padding-right:15px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.vc_col-xs-1\/5,.vc_col-xs-2\/5,.vc_col-xs-3\/5,.vc_col-xs-4\/5,.vc_col-xs-5\/5{float:left}.vc_col-xs-5\/5{width:100%}.vc_col-xs-4\/5{width:80%}.vc_col-xs-3\/5{width:60%}.vc_col-xs-2\/5{wi <truncated>
File name 94308059B57B3142E455B38A6EB92015
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
File Size 344 bytes
File Type data
MD5 85606b55eb924e109bf147d24fc4aa8a
SHA1 59cafc9d213887175476c9752392adb2d7f3e6e9
SHA256 605f638c47cc8b83ed608ef60d0bd6f19ebfedbbc22e045a5ede1a07ed8be6c0
CRC32 FC7CD7E9
Ssdeep 6:kK2iFn8W4Y+SkQlPlEGYRMY9z+4KlDA3RUej6aUt:rFn8WokPlE99SNxAhUe7Ut
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9B
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9B
File Size 471 bytes
File Type data
MD5 a9286176f454a46d076a2b23b9713f45
SHA1 2979be384e613f09a3585447234f00de6fa8c941
SHA256 e5784e8ac11d98b62b41925aa42810b6589720047c1b7abf0dd94c21bbcfcdf5
CRC32 BBD70F51
Ssdeep 12:JAEwG5JyWRoiaImyr4x3zKq/6/BBPUFgE:JAEwGZWia1Bz//IPU5
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9B
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9B
File Size 398 bytes
File Type data
MD5 128bdca5161dba373eb651c2d9cfc384
SHA1 34b61821dfedc7e9d8e8c89de9dac0b53def1653
SHA256 63b65ab18aef58c08dcda8f4e1fbe33841a8399268bd6986ed9d87c9fb8431b6
CRC32 BEFA385D
Ssdeep 6:kKBCwu/ddXlRNXJMMivhClroFdB5Pwcblle284/rmpu2lXmsAlrn:rwd7XJMMiv8sFd/Hle9KyXmH
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
File Size 727 bytes
File Type data
MD5 cb37fbdfaeb517665f209ced573f2fb0
SHA1 d950a0022a81e0a51eb665dc28a6fa217934d65d
SHA256 9da5092aa773f9db67f00c64507705fe6759bbb58cd408f68ddef77b8b0730d2
CRC32 01D3DBA1
Ssdeep 12:5ow1NAG59rqyb1LJpMxiimUxAjHeU8iHYzuz1dJ40a4tYl:5V1NAGbrq+1vMxiitTcY6z1dJ5a1l
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
File Size 402 bytes
File Type data
MD5 9e88d006d50105468b85ffa5040c50b2
SHA1 600ec9fcf4feb7bffa8df7c469b1ad6482c8d117
SHA256 4be3ead0fcdbccbf96bae9f6f75fa8d154fe7bbc499e91a7a4c8c7afd65e5727
CRC32 384E4A46
Ssdeep 12:pwwdpXAXJMMiv8sF2BllA0KSHDwvy53j+Al3UaU:pw0XAXJMxvIBHXJwA3UaU
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name font-awesome.min[1].css
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\font-awesome.min[1].css
File Size 31000 bytes
File Type ASCII text, with very long lines
MD5 269550530cc127b6aa5a35925a7de6ce
SHA1 512c7d79033e3028a9be61b540cf1a6870c896f8
SHA256 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
CRC32 02F538DC
Ssdeep 384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
/*!
 *  Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome
 *  License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
 */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.7.0');src:url('../fonts/fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'),url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'),url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571429em;text-align:center}.fa-ul{padding-left:0;margin-left:2.14285714em;list-style-type:none}.fa-ul>li{position:relative}.fa-li{position:absolute;left:-2.14285714em;width:2.14285714em;top:.14285714em;text-align:center}.fa-li.fa-lg{left:-1.85714286em}.fa-border{padding:.2em .25em .15em;border:solid .08em #eee;border-radius:.1em}.fa-pull-left{float:left}.fa-pull-right{float:right}.fa.fa-pull-left{margin-right:.3em}.fa.fa-pull-right{margin-left:.3em}.pull-right{float:right}.pull-left{float:left}.fa.pull-left{margin-right:.3em}.fa.pull-right{margin-left:.3em}.fa-spin{-webkit-animation:fa-spin 2s infinite linear;animation:fa-spin 2s infinite linear}.fa-pulse{-webkit-animation:fa-spin 1s infinite steps(8);animation:fa-spin 1s infinite steps(8)}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}.fa-rotate-90{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";-webkit-transform:rotate(90deg);-ms-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";-webkit-transform:rotate(180deg);-ms-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";-webkit-transform:rotate(270deg);-ms-transform:rotate(270deg);transform:rotate(270deg)}.fa-flip-horizontal{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";-webkit-transform:scale(-1, 1);-ms-transform:scale(-1, 1);transform:scale(-1, 1)}.fa-flip-vertical{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";-webkit-transform:scale(1, -1);-ms-transform:scale(1, -1);transform:scale(1, -1)}:root .fa-rotate-90,:root .fa-rotate-180,:root .fa-rotate-270,:root .fa-flip-horizontal,:root .fa-flip-vertical{filter:none}.fa-stack{position:relative;display:inline-block;width:2em;height:2em;line-height:2em;vertical-align:middle}.fa-stack-1x,.fa-stack-2x{position:absolute;left:0;width:100%;text-align:center}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-glass:before{content:"\f000"}.fa-music:before{content:"\f001"}.fa-search:before{content:"\f002"}.fa-envelope-o:before{content:"\f003"}.fa-heart:before{content:"\f004"}.fa-star:before{content:"\f005"}.fa-star-o:before{content:"\f006"}.fa-user:before{content:"\f007"}.fa-film:before{content:"\f008"}.fa-th-large:before{content:"\f009"}.fa-th:before{content:"\f00a"}.fa-th-list:before{content:"\f00b"}.fa-check:before{content:"\f00c"}.fa-remove:before,.fa-close:before,.fa-times:before{content:"\f00d"}.fa-search-plus:before{content:"\f00e"}.fa-search-minus:before{content:"\f010"}.fa-power-off:before{content:"\f011"}.fa-signal:before{content:"\f012"}.fa-gear:before,.fa-cog:before{content:"\f013"}.fa-trash-o:before{content:"\f014"}.fa-home:before{content:"\f015"}.fa-file-o:before{content:"\f016"}.fa-clock-o:before{content:"\f017"}.fa-road:before{content:"\f018"}.fa-download:before{content:"\f019"}.fa-arrow-circle-o-down:before{content:"\f01a"}.fa-arrow-circle-o-up:before{content:"\f01b"}.fa-inbox:before{content:"\f01c"}.fa-play-circle-o:before{content:"\f01d"}.fa-rotate-right:before,.fa-repeat:before{content:"\f01e"}.fa-refresh:before{content:"\f021"}.fa-list-alt:before{content:"\f022"}.fa-lock:before{content:"\f023"}.fa-flag:before{content:"\f024"}.fa-headphones:before{content:"\f025"}.fa-volume-off:before{content:"\f026"}.fa-volume-down:before{content:"\f027"}.fa-volume-up:before{content:"\f028"}.fa-qrcode:before{content:"\f029"}.fa-barcode:before{content:"\f02a"}.fa-tag:before{content:"\f02b"}.fa-tags:before{content:"\f02c"}.fa-book:before{content:"\f02d"}.fa-bookmark:before{content:"\f02e"}.fa-print:before{content:"\f02f"}.fa-camera:before{content:"\f030"}.fa-font:before{content:"\f031"}.fa-bold:before{content:"\f032"}.fa-italic:before{content:"\f033"}.fa-text-height:before{content:"\f034"}.fa-text-width:before{content:"\f035"}.fa-align-left:before{content:"\f036"}.fa-align-center:before{content:"\f037"}.fa-align-right:before{content:"\f038"}.fa-align-justify:before{content:"\f039"}.fa-list:before{content:"\f03a"}.fa-dedent:before,.fa-outdent:before{content:"\f03b"}.fa-indent:before{content:"\f03c"}.fa-video-camera:before{content:"\f03d"}.fa-photo:before,.fa-image:before,.fa-picture-o:before{content:"\f03e"}.fa-pencil:before{content:"\f040"}.fa-map-marker:before{content:"\f041"}.fa-adjust:before{content:"\f042"}.fa-tint:before{content:"\f043"}.fa-edit:before,.fa-pencil-square-o:before{content:"\f044"}.fa-share-square-o:before{content:"\f045"}.fa-check-square-o:before{content:"\f046"}.fa-arrows:before{content:"\f047"}.fa-step-backward:before{content:"\f048"}.fa-fast-backward:before{content:"\f049"}.fa-backward:before{content:"\f04a"}.fa-play:before{content:"\f04b"}.fa-pause:before{content:"\f04c"}.fa-stop:before{content:"\f04d"}.fa-forward:before{content:"\f04e"}.fa-fast-forward:before{content:"\f050"}.fa-step-forward:before{content:"\f051"}.fa-eject:before{content:"\f052"}.fa-chevron-left:before{content:"\f053"}.fa-chevron-right:before{content:"\f054"}.fa-plus-circle:before{content:"\f055"}.fa-minus-circle:before{content:"\f056"}.fa-times-circle:before{content:"\f057"}.fa-check-circle:before{content:"\f058"}.fa-question-circle:before{content:"\f059"}.fa-info-circle:before{content:"\f05a"}.fa-crosshairs:before{content:"\f05b"}.fa-times-circle-o:before{content:"\f05c"}.fa-check-circle-o:before{content:"\f05d"}.fa-ban:before{content:"\f05e"}.fa-arrow-left:before{content:"\f060"}.fa-arrow-right:before{content:"\f061"}.fa-arrow-up:before{content:"\f062"}.fa-arrow-down:before{content:"\f063"}.fa-mail-forward:before,.fa-share:before{content:"\f064"}.fa-expand:before{content:"\f065"}.fa-compress:before{content:"\f066"}.fa-plus:before{content:"\f067"}.fa-minus:before{content:"\f068"}.fa-asterisk:before{content:"\f069"}.fa-exclamation-circle:before{content:"\f06a"}.fa-gift:before{content:"\f06b"}.fa-leaf:before{content:"\f06c"}.fa-fire:before{content:"\f06d"}.fa-eye:before{content:"\f06e"}.fa-eye-slash:before{content:"\f070"}.fa-warning:before,.fa-exclamation-triangle:before{content:"\f071"}.fa-plane:before{content:"\f072"}.fa-calendar:before{content:"\f073"}.fa-random:before{content:"\f074"}.fa-comment:before{content:"\f075"}.fa-magnet:before{content:"\f076"}.fa-chevron-up:before{content:"\f077"}.fa-chevron-down:before{content:"\f078"}.fa-retweet:before{content:"\f079"}.fa-shopping-cart:before{content:"\f07a"}.fa-folder:before{content:"\f07b"}.fa-folder-open:before{content:"\f07c"}.fa-arrows-v:before{content:"\f07d"}.fa-arrows-h:before{content:"\f07e"}.fa-bar-chart-o:before,.fa-bar-chart:before{content:"\f080"}.fa-twitter-square:before{content:"\f081"}.fa-facebook-square:before{content:"\f082"}.fa-camera-retro:before{content:"\f083"}.fa-key:before{content:"\f084"}.fa-gears:before,.fa-cogs:before{content:"\f085"}.fa-comments:before{content:"\f086"}.fa-thumbs-o-up:before{content:"\f087"}.fa-thumbs-o-down:be <truncated>
File name fontawesome-webfont[1].eot
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6NWIC74\fontawesome-webfont[1].eot
File Size 165742 bytes
File Type Embedded OpenType (EOT)
MD5 674f50d287a8c48dc19ba404d20fe713
SHA1 d980c2ce873dc43af460d4d572d441304499f400
SHA256 7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979
CRC32 BA1D704F
Ssdeep 3072:qbhEnD+IzsU9z9QJ6/P3Xe2iEiEPGFCMW1JVJG6wVTDsk6BmG6S1yKshojskO+b2:qenD+IzsU9z9QJ6/PO2FiEP2C/DVJG6I
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
File Size 49152 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 6a9ff187cc86843f0c2e00ecdca0a0aa
SHA1 5f53b9373b73f5766e7ccdba09e403d55166ab3c
SHA256 192ab5cac61416e94330b7f6ada60c4de07dcc596ef852b320cc4848192c3225
CRC32 4F54EF27
Ssdeep 24:qjZ4mzHaWe1cEi+XuHjLL6OR6ak+Pgl+Y7s:qNHaRmEi++Hj/F3PgUYg
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name FrutigerLTStd-Roman[1].otf
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\FrutigerLTStd-Roman[1].otf
File Size 27328 bytes
File Type OpenType font data
MD5 1edd1a4dd9b2a441b39012ae04d93149
SHA1 043106aa1bee11d5046a15336d98e373859e48fe
SHA256 0c6449a1ab705eb93617f7400991cb90be26b681e5480f71ead2477918d53da1
CRC32 BBD556A2
Ssdeep 384:rKHMv/PbXxidiPnEud1hZvuiSQEBrbdp+k+LR/mlBkuoeO8x/nNb9:OMv3b6iPEU1L2rBPdAROlOU9
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name jquery-migrate.min[1].js
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\jquery-migrate.min[1].js
File Size 10057 bytes
File Type ASCII text, with very long lines
MD5 f9c3a4ef52a35b92c70fc0e71afd4c91
SHA1 bd45d39fca17dc20b1856cbf0720fce5fea682c6
SHA256 ab96b90b9f492c6d024412b5bf721720bef5d6e16a3758f59c2fe3f0b3e44337
CRC32 395EFAEB
Ssdeep 192:kZrk/GNyd31svs7wkX8KzJcqSDdAcHX4YE5NLJ:srhNyNO0kkMKzFSDdAcIYwLJ
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
/*! jQuery Migrate v1.4.1 | (c) jQuery Foundation and other contributors | jquery.org/license */
"undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function(a,b,c){function d(c){var d=b.console;f[c]||(f[c]=!0,a.migrateWarnings.push(c),d&&d.warn&&!a.migrateMute&&(d.warn("JQMIGRATE: "+c),a.migrateTrace&&d.trace&&d.trace()))}function e(b,c,e,f){if(Object.defineProperty)try{return void Object.defineProperty(b,c,{configurable:!0,enumerable:!0,get:function(){return d(f),e},set:function(a){d(f),e=a}})}catch(g){}a._definePropertyBroken=!0,b[c]=e}a.migrateVersion="1.4.1";var f={};a.migrateWarnings=[],b.console&&b.console.log&&b.console.log("JQMIGRATE: Migrate is installed"+(a.migrateMute?"":" with logging active")+", version "+a.migrateVersion),a.migrateTrace===c&&(a.migrateTrace=!0),a.migrateReset=function(){f={},a.migrateWarnings.length=0},"BackCompat"===document.compatMode&&d("jQuery is not compatible with Quirks Mode");var g=a("<input/>",{size:1}).attr("size")&&a.attrFn,h=a.attr,i=a.attrHooks.value&&a.attrHooks.value.get||function(){return null},j=a.attrHooks.value&&a.attrHooks.value.set||function(){return c},k=/^(?:input|button)$/i,l=/^[238]$/,m=/^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,n=/^(?:checked|selected)$/i;e(a,"attrFn",g||{},"jQuery.attrFn is deprecated"),a.attr=function(b,e,f,i){var j=e.toLowerCase(),o=b&&b.nodeType;return i&&(h.length<4&&d("jQuery.fn.attr( props, pass ) is deprecated"),b&&!l.test(o)&&(g?e in g:a.isFunction(a.fn[e])))?a(b)[e](f):("type"===e&&f!==c&&k.test(b.nodeName)&&b.parentNode&&d("Can't change the 'type' of an input or button in IE 6/7/8"),!a.attrHooks[j]&&m.test(j)&&(a.attrHooks[j]={get:function(b,d){var e,f=a.prop(b,d);return f===!0||"boolean"!=typeof f&&(e=b.getAttributeNode(d))&&e.nodeValue!==!1?d.toLowerCase():c},set:function(b,c,d){var e;return c===!1?a.removeAttr(b,d):(e=a.propFix[d]||d,e in b&&(b[e]=!0),b.setAttribute(d,d.toLowerCase())),d}},n.test(j)&&d("jQuery.fn.attr('"+j+"') might use property instead of attribute")),h.call(a,b,e,f))},a.attrHooks.value={get:function(a,b){var c=(a.nodeName||"").toLowerCase();return"button"===c?i.apply(this,arguments):("input"!==c&&"option"!==c&&d("jQuery.fn.attr('value') no longer gets properties"),b in a?a.value:null)},set:function(a,b){var c=(a.nodeName||"").toLowerCase();return"button"===c?j.apply(this,arguments):("input"!==c&&"option"!==c&&d("jQuery.fn.attr('value', val) no longer sets properties"),void(a.value=b))}};var o,p,q=a.fn.init,r=a.find,s=a.parseJSON,t=/^\s*</,u=/\[(\s*[-\w]+\s*)([~|^$*]?=)\s*([-\w#]*?#[-\w#]*)\s*\]/,v=/\[(\s*[-\w]+\s*)([~|^$*]?=)\s*([-\w#]*?#[-\w#]*)\s*\]/g,w=/^([^<]*)(<[\w\W]+>)([^>]*)$/;a.fn.init=function(b,e,f){var g,h;return b&&"string"==typeof b&&!a.isPlainObject(e)&&(g=w.exec(a.trim(b)))&&g[0]&&(t.test(b)||d("$(html) HTML strings must start with '<' character"),g[3]&&d("$(html) HTML text after last tag is ignored"),"#"===g[0].charAt(0)&&(d("HTML string cannot start with a '#' character"),a.error("JQMIGRATE: Invalid selector string (XSS)")),e&&e.context&&e.context.nodeType&&(e=e.context),a.parseHTML)?q.call(this,a.parseHTML(g[2],e&&e.ownerDocument||e||document,!0),e,f):(h=q.apply(this,arguments),b&&b.selector!==c?(h.selector=b.selector,h.context=b.context):(h.selector="string"==typeof b?b:"",b&&(h.context=b.nodeType?b:e||document)),h)},a.fn.init.prototype=a.fn,a.find=function(a){var b=Array.prototype.slice.call(arguments);if("string"==typeof a&&u.test(a))try{document.querySelector(a)}catch(c){a=a.replace(v,function(a,b,c,d){return"["+b+c+'"'+d+'"]'});try{document.querySelector(a),d("Attribute selector with '#' must be quoted: "+b[0]),b[0]=a}catch(e){d("Attribute selector with '#' was not fixed: "+b[0])}}return r.apply(this,b)};var x;for(x in r)Object.prototype.hasOwnProperty.call(r,x)&&(a.find[x]=r[x]);a.parseJSON=function(a){return a?s.apply(this,arguments):(d("jQuery.parseJSON requires a valid JSON string"),null)},a.uaMatch=function(a){a=a.toLowerCase();var b=/(chrome)[ \/]([\w.]+)/.exec(a)||/(webkit)[ \/]([\w.]+)/.exec(a)||/(opera)(?:.*version|)[ \/]([\w.]+)/.exec(a)||/(msie) ([\w.]+)/.exec(a)||a.indexOf("compatible")<0&&/(mozilla)(?:.*? rv:([\w.]+)|)/.exec(a)||[];return{browser:b[1]||"",version:b[2]||"0"}},a.browser||(o=a.uaMatch(navigator.userAgent),p={},o.browser&&(p[o.browser]=!0,p.version=o.version),p.chrome?p.webkit=!0:p.webkit&&(p.safari=!0),a.browser=p),e(a,"browser",a.browser,"jQuery.browser is deprecated"),a.boxModel=a.support.boxModel="CSS1Compat"===document.compatMode,e(a,"boxModel",a.boxModel,"jQuery.boxModel is deprecated"),e(a.support,"boxModel",a.support.boxModel,"jQuery.support.boxModel is deprecated"),a.sub=function(){function b(a,c){return new b.fn.init(a,c)}a.extend(!0,b,this),b.superclass=this,b.fn=b.prototype=this(),b.fn.constructor=b,b.sub=this.sub,b.fn.init=function(d,e){var f=a.fn.init.call(this,d,e,c);return f instanceof b?f:b(f)},b.fn.init.prototype=b.fn;var c=b(document);return d("jQuery.sub() is deprecated"),b},a.fn.size=function(){return d("jQuery.fn.size() is deprecated; use the .length property"),this.length};var y=!1;a.swap&&a.each(["height","width","reliableMarginRight"],function(b,c){var d=a.cssHooks[c]&&a.cssHooks[c].get;d&&(a.cssHooks[c].get=function(){var a;return y=!0,a=d.apply(this,arguments),y=!1,a})}),a.swap=function(a,b,c,e){var f,g,h={};y||d("jQuery.swap() is undocumented and deprecated");for(g in b)h[g]=a.style[g],a.style[g]=b[g];f=c.apply(a,e||[]);for(g in b)a.style[g]=h[g];return f},a.ajaxSetup({converters:{"text json":a.parseJSON}});var z=a.fn.data;a.fn.data=function(b){var e,f,g=this[0];return!g||"events"!==b||1!==arguments.length||(e=a.data(g,b),f=a._data(g,b),e!==c&&e!==f||f===c)?z.apply(this,arguments):(d("Use of jQuery.fn.data('events') is deprecated"),f)};var A=/\/(java|ecma)script/i;a.clean||(a.clean=function(b,c,e,f){c=c||document,c=!c.nodeType&&c[0]||c,c=c.ownerDocument||c,d("jQuery.clean() is deprecated");var g,h,i,j,k=[];if(a.merge(k,a.buildFragment(b,c).childNodes),e)for(i=function(a){return!a.type||A.test(a.type)?f?f.push(a.parentNode?a.parentNode.removeChild(a):a):e.appendChild(a):void 0},g=0;null!=(h=k[g]);g++)a.nodeName(h,"script")&&i(h)||(e.appendChild(h),"undefined"!=typeof h.getElementsByTagName&&(j=a.grep(a.merge([],h.getElementsByTagName("script")),i),k.splice.apply(k,[g+1,0].concat(j)),g+=j.length));return k});var B=a.event.add,C=a.event.remove,D=a.event.trigger,E=a.fn.toggle,F=a.fn.live,G=a.fn.die,H=a.fn.load,I="ajaxStart|ajaxStop|ajaxSend|ajaxComplete|ajaxError|ajaxSuccess",J=new RegExp("\\b(?:"+I+")\\b"),K=/(?:^|\s)hover(\.\S+|)\b/,L=function(b){return"string"!=typeof b||a.event.special.hover?b:(K.test(b)&&d("'hover' pseudo-event is deprecated, use 'mouseenter mouseleave'"),b&&b.replace(K,"mouseenter$1 mouseleave$1"))};a.event.props&&"attrChange"!==a.event.props[0]&&a.event.props.unshift("attrChange","attrName","relatedNode","srcElement"),a.event.dispatch&&e(a.event,"handle",a.event.dispatch,"jQuery.event.handle is undocumented and deprecated"),a.event.add=function(a,b,c,e,f){a!==document&&J.test(b)&&d("AJAX events should be attached to document: "+b),B.call(this,a,L(b||""),c,e,f)},a.event.remove=function(a,b,c,d,e){C.call(this,a,L(b)||"",c,d,e)},a.each(["load","unload","error"],function(b,c){a.fn[c]=function(){var a=Array.prototype.slice.call(arguments,0);return"load"===c&&"string"==typeof a[0]?H.apply(this,a):(d("jQuery.fn."+c+"() is deprecated"),a.splice(0,0,c),arguments.length?this.bind.apply(this,a):(this.triggerHandler.apply(this,a),this))}}),a.fn.toggle=function(b,c){if(!a.isFunction(b)||!a.isFunction(c))return E.apply(this,arguments);d("jQuery.fn.toggle(handler, handler...) is deprecated");var e=arguments,f=b.guid||a.guid++,g=0,h=function(c){var d=(a._data(this,"lastToggle"+b.guid)||0)%g;return a._data(this,"lastToggle"+b.guid,d+1),c.preventDefault(),e[d].apply(this,arguments)||!1};for(h.guid=f;g<e.length;)e[g++].guid=f;return this.click(h)},a.fn.live=function(b,c,e){return d("jQuery.fn.live() is deprecated"),F?F.apply(this,arguments):(a(this.context).on(b,this.selector,c,e),this)},a.fn.die=function(b,c){return d("jQuery.fn.die() is deprecated"),G?G.appl <truncated>
File name jquery.themepunch.tools.min[1].js
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6NWIC74\jquery.themepunch.tools.min[1].js
File Size 110410 bytes
File Type ASCII text, with very long lines
MD5 6659738bb38df847bf2290d54a56bbf5
SHA1 1c586527435ad7194106263e5b2ad4bc413ab0ba
SHA256 e8491fb6b9253f39a4760c21193050d7838e9662e3f41c03629912ac114ff895
CRC32 48D79C36
Ssdeep 1536:XQpnayKB37R5aknBDU0KsIu5XODFITONqvnKqH3P99cN7H98rYx5f14/gCs07XwL:Xx7RYoDU0GTqvnKqXs7dCYSIn0rD0aq
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
/********************************************
	-	THEMEPUNCH TOOLS Ver. 1.0     -
	 Last Update of Tools 08.03.2018
*********************************************/


/*
* @fileOverview TouchSwipe - jQuery Plugin
* @version 1.6.9
*
* @author Matt Bryson http://www.github.com/mattbryson
* @see https://github.com/mattbryson/TouchSwipe-Jquery-Plugin
* @see http://labs.skinkers.com/touchSwipe/
* @see http://plugins.jquery.com/project/touchSwipe
*
* Copyright (c) 2010 Matt Bryson
* Dual licensed under the MIT or GPL Version 2 licenses.
*
*/



(function(a){if(typeof define==="function"&&define.amd&&define.amd.jQuery){define(["jquery"],a)}else{a(jQuery)}}(function(f){var y="1.6.9",p="left",o="right",e="up",x="down",c="in",A="out",m="none",s="auto",l="swipe",t="pinch",B="tap",j="doubletap",b="longtap",z="hold",E="horizontal",u="vertical",i="all",r=10,g="start",k="move",h="end",q="cancel",a="ontouchstart" in window,v=window.navigator.msPointerEnabled&&!window.navigator.pointerEnabled,d=window.navigator.pointerEnabled||window.navigator.msPointerEnabled,C="TouchSwipe";var n={fingers:1,threshold:75,cancelThreshold:null,pinchThreshold:20,maxTimeThreshold:null,fingerReleaseThreshold:250,longTapThreshold:500,doubleTapThreshold:200,swipe:null,swipeLeft:null,swipeRight:null,swipeUp:null,swipeDown:null,swipeStatus:null,pinchIn:null,pinchOut:null,pinchStatus:null,click:null,tap:null,doubleTap:null,longTap:null,hold:null,triggerOnTouchEnd:true,triggerOnTouchLeave:false,allowPageScroll:"auto",fallbackToMouseEvents:true,excludedElements:"label, button, input, select, textarea, a, .noSwipe",preventDefaultEvents:true};f.fn.swipetp=function(H){var G=f(this),F=G.data(C);if(F&&typeof H==="string"){if(F[H]){return F[H].apply(this,Array.prototype.slice.call(arguments,1))}else{f.error("Method "+H+" does not exist on jQuery.swipetp")}}else{if(!F&&(typeof H==="object"||!H)){return w.apply(this,arguments)}}return G};f.fn.swipetp.version=y;f.fn.swipetp.defaults=n;f.fn.swipetp.phases={PHASE_START:g,PHASE_MOVE:k,PHASE_END:h,PHASE_CANCEL:q};f.fn.swipetp.directions={LEFT:p,RIGHT:o,UP:e,DOWN:x,IN:c,OUT:A};f.fn.swipetp.pageScroll={NONE:m,HORIZONTAL:E,VERTICAL:u,AUTO:s};f.fn.swipetp.fingers={ONE:1,TWO:2,THREE:3,ALL:i};function w(F){if(F&&(F.allowPageScroll===undefined&&(F.swipe!==undefined||F.swipeStatus!==undefined))){F.allowPageScroll=m}if(F.click!==undefined&&F.tap===undefined){F.tap=F.click}if(!F){F={}}F=f.extend({},f.fn.swipetp.defaults,F);return this.each(function(){var H=f(this);var G=H.data(C);if(!G){G=new D(this,F);H.data(C,G)}})}function D(a5,aw){var aA=(a||d||!aw.fallbackToMouseEvents),K=aA?(d?(v?"MSPointerDown":"pointerdown"):"touchstart"):"mousedown",az=aA?(d?(v?"MSPointerMove":"pointermove"):"touchmove"):"mousemove",V=aA?(d?(v?"MSPointerUp":"pointerup"):"touchend"):"mouseup",T=aA?null:"mouseleave",aE=(d?(v?"MSPointerCancel":"pointercancel"):"touchcancel");var ah=0,aQ=null,ac=0,a2=0,a0=0,H=1,ar=0,aK=0,N=null;var aS=f(a5);var aa="start";var X=0;var aR=null;var U=0,a3=0,a6=0,ae=0,O=0;var aX=null,ag=null;try{aS.bind(K,aO);aS.bind(aE,ba)}catch(al){f.error("events not supported "+K+","+aE+" on jQuery.swipetp")}this.enable=function(){aS.bind(K,aO);aS.bind(aE,ba);return aS};this.disable=function(){aL();return aS};this.destroy=function(){aL();aS.data(C,null);aS=null};this.option=function(bd,bc){if(aw[bd]!==undefined){if(bc===undefined){return aw[bd]}else{aw[bd]=bc}}else{f.error("Option "+bd+" does not exist on jQuery.swipetp.options")}return null};function aO(be){if(aC()){return}if(f(be.target).closest(aw.excludedElements,aS).length>0){return}var bf=be.originalEvent?be.originalEvent:be;var bd,bg=bf.touches,bc=bg?bg[0]:bf;aa=g;if(bg){X=bg.length}else{be.preventDefault()}ah=0;aQ=null;aK=null;ac=0;a2=0;a0=0;H=1;ar=0;aR=ak();N=ab();S();if(!bg||(X===aw.fingers||aw.fingers===i)||aY()){aj(0,bc);U=au();if(X==2){aj(1,bg[1]);a2=a0=av(aR[0].start,aR[1].start)}if(aw.swipeStatus||aw.pinchStatus){bd=P(bf,aa)}}else{bd=false}if(bd===false){aa=q;P(bf,aa);return bd}else{if(aw.hold){ag=setTimeout(f.proxy(function(){aS.trigger("hold",[bf.target]);if(aw.hold){bd=aw.hold.call(aS,bf,bf.target)}},this),aw.longTapThreshold)}ap(true)}return null}function a4(bf){var bi=bf.originalEvent?bf.originalEvent:bf;if(aa===h||aa===q||an()){return}var be,bj=bi.touches,bd=bj?bj[0]:bi;var bg=aI(bd);a3=au();if(bj){X=bj.length}if(aw.hold){clearTimeout(ag)}aa=k;if(X==2){if(a2==0){aj(1,bj[1]);a2=a0=av(aR[0].start,aR[1].start)}else{aI(bj[1]);a0=av(aR[0].end,aR[1].end);aK=at(aR[0].end,aR[1].end)}H=a8(a2,a0);ar=Math.abs(a2-a0)}if((X===aw.fingers||aw.fingers===i)||!bj||aY()){aQ=aM(bg.start,bg.end);am(bf,aQ);ah=aT(bg.start,bg.end);ac=aN();aJ(aQ,ah);if(aw.swipeStatus||aw.pinchStatus){be=P(bi,aa)}if(!aw.triggerOnTouchEnd||aw.triggerOnTouchLeave){var bc=true;if(aw.triggerOnTouchLeave){var bh=aZ(this);bc=F(bg.end,bh)}if(!aw.triggerOnTouchEnd&&bc){aa=aD(k)}else{if(aw.triggerOnTouchLeave&&!bc){aa=aD(h)}}if(aa==q||aa==h){P(bi,aa)}}}else{aa=q;P(bi,aa)}if(be===false){aa=q;P(bi,aa)}}function M(bc){var bd=bc.originalEvent?bc.originalEvent:bc,be=bd.touches;if(be){if(be.length){G();return true}}if(an()){X=ae}a3=au();ac=aN();if(bb()||!ao()){aa=q;P(bd,aa)}else{if(aw.triggerOnTouchEnd||(aw.triggerOnTouchEnd==false&&aa===k)){bc.preventDefault();aa=h;P(bd,aa)}else{if(!aw.triggerOnTouchEnd&&a7()){aa=h;aG(bd,aa,B)}else{if(aa===k){aa=q;P(bd,aa)}}}}ap(false);return null}function ba(){X=0;a3=0;U=0;a2=0;a0=0;H=1;S();ap(false)}function L(bc){var bd=bc.originalEvent?bc.originalEvent:bc;if(aw.triggerOnTouchLeave){aa=aD(h);P(bd,aa)}}function aL(){aS.unbind(K,aO);aS.unbind(aE,ba);aS.unbind(az,a4);aS.unbind(V,M);if(T){aS.unbind(T,L)}ap(false)}function aD(bg){var bf=bg;var be=aB();var bd=ao();var bc=bb();if(!be||bc){bf=q}else{if(bd&&bg==k&&(!aw.triggerOnTouchEnd||aw.triggerOnTouchLeave)){bf=h}else{if(!bd&&bg==h&&aw.triggerOnTouchLeave){bf=q}}}return bf}function P(be,bc){var bd,bf=be.touches;if((J()||W())||(Q()||aY())){if(J()||W()){bd=aG(be,bc,l)}if((Q()||aY())&&bd!==false){bd=aG(be,bc,t)}}else{if(aH()&&bd!==false){bd=aG(be,bc,j)}else{if(aq()&&bd!==false){bd=aG(be,bc,b)}else{if(ai()&&bd!==false){bd=aG(be,bc,B)}}}}if(bc===q){ba(be)}if(bc===h){if(bf){if(!bf.length){ba(be)}}else{ba(be)}}return bd}function aG(bf,bc,be){var bd;if(be==l){aS.trigger("swipeStatus",[bc,aQ||null,ah||0,ac||0,X,aR]);if(aw.swipeStatus){bd=aw.swipeStatus.call(aS,bf,bc,aQ||null,ah||0,ac||0,X,aR);if(bd===false){return false}}if(bc==h&&aW()){aS.trigger("swipe",[aQ,ah,ac,X,aR]);if(aw.swipe){bd=aw.swipe.call(aS,bf,aQ,ah,ac,X,aR);if(bd===false){return false}}switch(aQ){case p:aS.trigger("swipeLeft",[aQ,ah,ac,X,aR]);if(aw.swipeLeft){bd=aw.swipeLeft.call(aS,bf,aQ,ah,ac,X,aR)}break;case o:aS.trigger("swipeRight",[aQ,ah,ac,X,aR]);if(aw.swipeRight){bd=aw.swipeRight.call(aS,bf,aQ,ah,ac,X,aR)}break;case e:aS.trigger("swipeUp",[aQ,ah,ac,X,aR]);if(aw.swipeUp){bd=aw.swipeUp.call(aS,bf,aQ,ah,ac,X,aR)}break;case x:aS.trigger("swipeDown",[aQ,ah,ac,X,aR]);if(aw.swipeDown){bd=aw.swipeDown.call(aS,bf,aQ,ah,ac,X,aR)}break}}}if(be==t){aS.trigger("pinchStatus",[bc,aK||null,ar||0,ac||0,X,H,aR]);if(aw.pinchStatus){bd=aw.pinchStatus.call(aS,bf,bc,aK||null,ar||0,ac||0,X,H,aR);if(bd===false){return false}}if(bc==h&&a9()){switch(aK){case c:aS.trigger("pinchIn",[aK||null,ar||0,ac||0,X,H,aR]);if(aw.pinchIn){bd=aw.pinchIn.call(aS,bf,aK||null,ar||0,ac||0,X,H,aR)}break;case A:aS.trigger("pinchOut",[aK||null,ar||0,ac||0,X,H,aR]);if(aw.pinchOut){bd=aw.pinchOut.call(aS,bf,aK||null,ar||0,ac||0,X,H,aR)}break}}}if(be==B){if(bc===q||bc===h){clearTimeout(aX);clearTimeout(ag);if(Z()&&!I()){O=au();aX=setTimeout(f.proxy(function(){O=null;aS.trigger("tap",[bf.target]);if(aw.tap){bd=aw.tap.call(aS,bf,bf.target)}},this),aw.doubleTapThreshold)}else{O=null;aS.trigger("tap",[bf.target]);if(aw.tap){bd=aw.tap.call(aS,bf,bf.target)}}}}else{if(be==j){if(bc===q||bc===h){clearTimeout(aX);O=null;aS.trigger("doubletap",[bf.target]);if(aw.doubleTap){bd=aw.doubleTap.call(aS,bf,bf.target)}}}else{if(be==b){if(bc===q||bc===h){clearTimeout(aX);O=null;aS.trigger("longtap",[bf.target]);if(aw.longTap){bd=aw.longTap.call(aS,bf,bf.target)}}}}}return bd}function ao(){var bc=true;if(aw.threshold!==null){bc=ah>=aw.threshold}return bc}function bb(){var bc=fa <truncated>
File name jquery.themepunch.revolution.min[1].js
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\jquery.themepunch.revolution.min[1].js
File Size 64944 bytes
File Type ASCII text, with very long lines
MD5 3d613781aca03434f144b06fad156be9
SHA1 6af2d74e5300c3b8d702a2a1417ed87e4ee1fdfc
SHA256 56aef483867ae8c669200588feaef1dedc98519566a0d86b092c1011bc3f3698
CRC32 0BE3AB3F
Ssdeep 1536:SCnzw4thxKWjQemOR3duEZG08YY7df85Jiw8Zwjz3Ui8wD8uVO1WilMO58wA1XXp:SCnzXn8ySEZV3UoilM0A8pMZ
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
/**************************************************************************
 * jquery.themepunch.revolution.js - jQuery Plugin for Revolution Slider
 * @version: 5.4.8 (10.06.2018)
 * @requires jQuery v1.7 or later (tested on 1.9)
 * @author ThemePunch
**************************************************************************/
!function(jQuery,undefined){"use strict";var version={core:"5.4.8","revolution.extensions.actions.min.js":"2.1.0","revolution.extensions.carousel.min.js":"1.2.1","revolution.extensions.kenburn.min.js":"1.3.1","revolution.extensions.layeranimation.min.js":"3.6.5","revolution.extensions.navigation.min.js":"1.3.5","revolution.extensions.parallax.min.js":"2.2.3","revolution.extensions.slideanims.min.js":"1.8","revolution.extensions.video.min.js":"2.2.2"};jQuery.fn.extend({revolution:function(i){var e={delay:9e3,responsiveLevels:4064,visibilityLevels:[2048,1024,778,480],gridwidth:960,gridheight:500,minHeight:0,autoHeight:"off",sliderType:"standard",sliderLayout:"auto",fullScreenAutoWidth:"off",fullScreenAlignForce:"off",fullScreenOffsetContainer:"",fullScreenOffset:"0",hideCaptionAtLimit:0,hideAllCaptionAtLimit:0,hideSliderAtLimit:0,disableProgressBar:"off",stopAtSlide:-1,stopAfterLoops:-1,shadow:0,dottedOverlay:"none",startDelay:0,lazyType:"smart",spinner:"spinner0",shuffle:"off",viewPort:{enable:!1,outof:"wait",visible_area:"60%",presize:!1},fallbacks:{isJoomla:!1,panZoomDisableOnMobile:"off",simplifyAll:"on",nextSlideOnWindowFocus:"off",disableFocusListener:!0,ignoreHeightChanges:"off",ignoreHeightChangesSize:0,allowHTML5AutoPlayOnAndroid:!0},parallax:{type:"off",levels:[10,15,20,25,30,35,40,45,50,55,60,65,70,75,80,85],origo:"enterpoint",speed:400,bgparallax:"off",opacity:"on",disable_onmobile:"off",ddd_shadow:"on",ddd_bgfreeze:"off",ddd_overflow:"visible",ddd_layer_overflow:"visible",ddd_z_correction:65,ddd_path:"mouse"},scrolleffect:{fade:"off",blur:"off",scale:"off",grayscale:"off",maxblur:10,on_layers:"off",on_slidebg:"off",on_static_layers:"off",on_parallax_layers:"off",on_parallax_static_layers:"off",direction:"both",multiplicator:1.35,multiplicator_layers:.5,tilt:30,disable_on_mobile:"on"},carousel:{easing:punchgs.Power3.easeInOut,speed:800,showLayersAllTime:"off",horizontal_align:"center",vertical_align:"center",infinity:"on",space:0,maxVisibleItems:3,stretch:"off",fadeout:"on",maxRotation:0,minScale:0,vary_fade:"off",vary_rotation:"on",vary_scale:"off",border_radius:"0px",padding_top:0,padding_bottom:0},navigation:{keyboardNavigation:"off",keyboard_direction:"horizontal",mouseScrollNavigation:"off",onHoverStop:"on",touch:{touchenabled:"off",touchOnDesktop:"off",swipe_treshold:75,swipe_min_touches:1,drag_block_vertical:!1,swipe_direction:"horizontal"},arrows:{style:"",enable:!1,hide_onmobile:!1,hide_onleave:!0,hide_delay:200,hide_delay_mobile:1200,hide_under:0,hide_over:9999,tmp:"",rtl:!1,left:{h_align:"left",v_align:"center",h_offset:20,v_offset:0,container:"slider"},right:{h_align:"right",v_align:"center",h_offset:20,v_offset:0,container:"slider"}},bullets:{container:"slider",rtl:!1,style:"",enable:!1,hide_onmobile:!1,hide_onleave:!0,hide_delay:200,hide_delay_mobile:1200,hide_under:0,hide_over:9999,direction:"horizontal",h_align:"left",v_align:"center",space:0,h_offset:20,v_offset:0,tmp:'<span class="tp-bullet-image"></span><span class="tp-bullet-title"></span>'},thumbnails:{container:"slider",rtl:!1,style:"",enable:!1,width:100,height:50,min_width:100,wrapper_padding:2,wrapper_color:"#f5f5f5",wrapper_opacity:1,tmp:'<span class="tp-thumb-image"></span><span class="tp-thumb-title"></span>',visibleAmount:5,hide_onmobile:!1,hide_onleave:!0,hide_delay:200,hide_delay_mobile:1200,hide_under:0,hide_over:9999,direction:"horizontal",span:!1,position:"inner",space:2,h_align:"left",v_align:"center",h_offset:20,v_offset:0},tabs:{container:"slider",rtl:!1,style:"",enable:!1,width:100,min_width:100,height:50,wrapper_padding:10,wrapper_color:"#f5f5f5",wrapper_opacity:1,tmp:'<span class="tp-tab-image"></span>',visibleAmount:5,hide_onmobile:!1,hide_onleave:!0,hide_delay:200,hide_delay_mobile:1200,hide_under:0,hide_over:9999,direction:"horizontal",span:!1,space:0,position:"inner",h_align:"left",v_align:"center",h_offset:20,v_offset:0}},extensions:"extensions/",extensions_suffix:".min.js",debugMode:!1};return i=jQuery.extend(!0,{},e,i),this.each(function(){var e=jQuery(this);i.minHeight=i.minHeight!=undefined?parseInt(i.minHeight,0):i.minHeight,i.scrolleffect.on="on"===i.scrolleffect.fade||"on"===i.scrolleffect.scale||"on"===i.scrolleffect.blur||"on"===i.scrolleffect.grayscale,"hero"==i.sliderType&&e.find(">ul>li").each(function(e){0<e&&jQuery(this).remove()}),i.jsFileLocation=i.jsFileLocation||getScriptLocation("themepunch.revolution.min.js"),i.jsFileLocation=i.jsFileLocation+i.extensions,i.scriptsneeded=getNeededScripts(i,e),i.curWinRange=0,i.rtl=!0,i.navigation!=undefined&&i.navigation.touch!=undefined&&(i.navigation.touch.swipe_min_touches=5<i.navigation.touch.swipe_min_touches?1:i.navigation.touch.swipe_min_touches),jQuery(this).on("scriptsloaded",function(){if(i.modulesfailing)return e.html('<div style="margin:auto;line-height:40px;font-size:14px;color:#fff;padding:15px;background:#e74c3c;margin:20px 0px;">!! Error at loading Slider Revolution 5.0 Extrensions.'+i.errorm+"</div>").show(),!1;_R.migration!=undefined&&(i=_R.migration(e,i)),punchgs.force3D=!0,"on"!==i.simplifyAll&&punchgs.TweenLite.lagSmoothing(1e3,16),prepareOptions(e,i),initSlider(e,i)}),e[0].opt=i,waitForScripts(e,i)})},getRSVersion:function(e){if(!0===e)return jQuery("body").data("tp_rs_version");var i=jQuery("body").data("tp_rs_version"),t="";for(var a in t+="---------------------------------------------------------\n",t+="    Currently Loaded Slider Revolution & SR Modules :\n",t+="---------------------------------------------------------\n",i)t+=i[a].alias+": "+i[a].ver+"\n";return t+="---------------------------------------------------------\n"},revremoveslide:function(r){return this.each(function(){var e=jQuery(this),i=e[0].opt;if(!(r<0||r>i.slideamount)&&e!=undefined&&0<e.length&&0<jQuery("body").find("#"+e.attr("id")).length&&i&&0<i.li.length&&(0<r||r<=i.li.length)){var t=jQuery(i.li[r]),a=t.data("index"),n=!1;i.slideamount=i.slideamount-1,i.realslideamount=i.realslideamount-1,removeNavWithLiref(".tp-bullet",a,i),removeNavWithLiref(".tp-tab",a,i),removeNavWithLiref(".tp-thumb",a,i),t.hasClass("active-revslide")&&(n=!0),t.remove(),i.li=removeArray(i.li,r),i.carousel&&i.carousel.slides&&(i.carousel.slides=removeArray(i.carousel.slides,r)),i.thumbs=removeArray(i.thumbs,r),_R.updateNavIndexes&&_R.updateNavIndexes(i),n&&e.revnext(),punchgs.TweenLite.set(i.li,{minWidth:"99%"}),punchgs.TweenLite.set(i.li,{minWidth:"100%"})}})},revaddcallback:function(e){return this.each(function(){this.opt&&(this.opt.callBackArray===undefined&&(this.opt.callBackArray=new Array),this.opt.callBackArray.push(e))})},revgetparallaxproc:function(){return jQuery(this)[0].opt.scrollproc},revdebugmode:function(){return this.each(function(){var e=jQuery(this);e[0].opt.debugMode=!0,containerResized(e,e[0].opt)})},revscroll:function(i){return this.each(function(){var e=jQuery(this);jQuery("body,html").animate({scrollTop:e.offset().top+e.height()-i+"px"},{duration:400})})},revredraw:function(e){return this.each(function(){var e=jQuery(this);containerResized(e,e[0].opt)})},revkill:function(e){var i=this,t=jQuery(this);if(punchgs.TweenLite.killDelayedCallsTo(_R.showHideNavElements),t!=undefined&&0<t.length&&0<jQuery("body").find("#"+t.attr("id")).length){t.data("conthover",1),t.data("conthover-changed",1),t.trigger("revolution.slide.onpause");var a=t.parent().find(".tp-bannertimer"),n=t[0].opt;n.tonpause=!0,t.trigger("stoptimer");var r="resize.revslider-"+t.attr("id");jQuery(window).unbind(r),punchgs.TweenLite.killTweensOf(t.find("*"),!1),punchgs.TweenLite.killTweensOf(t,!1),t.unbind("hover, mouseover, mouseenter,mouseleave, resize");r="resize.revslider-"+t.attr("id");jQuery(window).off(r),t.find("*").each(function(){var e=jQuery(this);e.unbind("on, hover, mouseenter,mouseleave,mouseover, resize,restarttimer, stoptimer"),e.off("on, hover, mouseenter,mouseleave,mouseover, resize"),e.da <truncated>
File name jquery.blockUI.min[1].js
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\jquery.blockUI.min[1].js
File Size 9567 bytes
File Type ASCII text, with very long lines
MD5 74c59c6951757567c958adf1ff05e9aa
SHA1 bd61c31ad8a0f8813accd1577d13f8707ffa043c
SHA256 e1cd39d7d42fdc0fc97a8ce0aea2297897d0cb5c427e62208b6a5133942fc532
CRC32 7FAFF899
Ssdeep 192:x92sLIzSavikwgpTZlpSjjF1mk3eJ4Nr6SWCxjlRYifT7TMcPvG:x9bEzSa3Z7lMjF1mk3v6wjlRYiff4cP+
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
/*!
 * jQuery blockUI plugin
 * Version 2.70.0-2014.11.23
 * Requires jQuery v1.7 or later
 *
 * Examples at: http://malsup.com/jquery/block/
 * Copyright (c) 2007-2013 M. Alsup
 * Dual licensed under the MIT and GPL licenses:
 * http://www.opensource.org/licenses/mit-license.php
 * http://www.gnu.org/licenses/gpl.html
 *
 * Thanks to Amir-Hossein Sobhi for some excellent contributions!
 */
!function(){"use strict";function e(e){function t(t,n){var s,h,k=t==window,y=n&&n.message!==undefined?n.message:undefined;if(!(n=e.extend({},e.blockUI.defaults,n||{})).ignoreIfBlocked||!e(t).data("blockUI.isBlocked")){if(n.overlayCSS=e.extend({},e.blockUI.defaults.overlayCSS,n.overlayCSS||{}),s=e.extend({},e.blockUI.defaults.css,n.css||{}),n.onOverlayClick&&(n.overlayCSS.cursor="pointer"),h=e.extend({},e.blockUI.defaults.themedCSS,n.themedCSS||{}),y=y===undefined?n.message:y,k&&p&&o(window,{fadeOut:0}),y&&"string"!=typeof y&&(y.parentNode||y.jquery)){var m=y.jquery?y[0]:y,g={};e(t).data("blockUI.history",g),g.el=m,g.parent=m.parentNode,g.display=m.style.display,g.position=m.style.position,g.parent&&g.parent.removeChild(m)}e(t).data("blockUI.onUnblock",n.onUnblock);var v,I,w,U,x=n.baseZ;v=e(r||n.forceIframe?'<iframe class="blockUI" style="z-index:'+x+++';display:none;border:none;margin:0;padding:0;position:absolute;width:100%;height:100%;top:0;left:0" src="'+n.iframeSrc+'"></iframe>':'<div class="blockUI" style="display:none"></div>'),I=e(n.theme?'<div class="blockUI blockOverlay ui-widget-overlay" style="z-index:'+x+++';display:none"></div>':'<div class="blockUI blockOverlay" style="z-index:'+x+++';display:none;border:none;margin:0;padding:0;width:100%;height:100%;top:0;left:0"></div>'),n.theme&&k?(U='<div class="blockUI '+n.blockMsgClass+' blockPage ui-dialog ui-widget ui-corner-all" style="z-index:'+(x+10)+';display:none;position:fixed">',n.title&&(U+='<div class="ui-widget-header ui-dialog-titlebar ui-corner-all blockTitle">'+(n.title||"&nbsp;")+"</div>"),U+='<div class="ui-widget-content ui-dialog-content"></div>',U+="</div>"):n.theme?(U='<div class="blockUI '+n.blockMsgClass+' blockElement ui-dialog ui-widget ui-corner-all" style="z-index:'+(x+10)+';display:none;position:absolute">',n.title&&(U+='<div class="ui-widget-header ui-dialog-titlebar ui-corner-all blockTitle">'+(n.title||"&nbsp;")+"</div>"),U+='<div class="ui-widget-content ui-dialog-content"></div>',U+="</div>"):U=k?'<div class="blockUI '+n.blockMsgClass+' blockPage" style="z-index:'+(x+10)+';display:none;position:fixed"></div>':'<div class="blockUI '+n.blockMsgClass+' blockElement" style="z-index:'+(x+10)+';display:none;position:absolute"></div>',w=e(U),y&&(n.theme?(w.css(h),w.addClass("ui-widget-content")):w.css(s)),n.theme||I.css(n.overlayCSS),I.css("position",k?"fixed":"absolute"),(r||n.forceIframe)&&v.css("opacity",0);var C=[v,I,w],S=e(k?"body":t);e.each(C,function(){this.appendTo(S)}),n.theme&&n.draggable&&e.fn.draggable&&w.draggable({handle:".ui-dialog-titlebar",cancel:"li"});var O=f&&(!e.support.boxModel||e("object,embed",k?null:t).length>0);if(u||O){if(k&&n.allowBodyStretch&&e.support.boxModel&&e("html,body").css("height","100%"),(u||!e.support.boxModel)&&!k)var E=a(t,"borderTopWidth"),T=a(t,"borderLeftWidth"),M=E?"(0 - "+E+")":0,B=T?"(0 - "+T+")":0;e.each(C,function(e,t){var o=t[0].style;if(o.position="absolute",e<2)k?o.setExpression("height","Math.max(document.body.scrollHeight, document.body.offsetHeight) - (jQuery.support.boxModel?0:"+n.quirksmodeOffsetHack+') + "px"'):o.setExpression("height",'this.parentNode.offsetHeight + "px"'),k?o.setExpression("width",'jQuery.support.boxModel && document.documentElement.clientWidth || document.body.clientWidth + "px"'):o.setExpression("width",'this.parentNode.offsetWidth + "px"'),B&&o.setExpression("left",B),M&&o.setExpression("top",M);else if(n.centerY)k&&o.setExpression("top",'(document.documentElement.clientHeight || document.body.clientHeight) / 2 - (this.offsetHeight / 2) + (blah = document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop) + "px"'),o.marginTop=0;else if(!n.centerY&&k){var i="((document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop) + "+(n.css&&n.css.top?parseInt(n.css.top,10):0)+') + "px"';o.setExpression("top",i)}})}if(y&&(n.theme?w.find(".ui-widget-content").append(y):w.append(y),(y.jquery||y.nodeType)&&e(y).show()),(r||n.forceIframe)&&n.showOverlay&&v.show(),n.fadeIn){var j=n.onBlock?n.onBlock:c,H=n.showOverlay&&!y?j:c,z=y?j:c;n.showOverlay&&I._fadeIn(n.fadeIn,H),y&&w._fadeIn(n.fadeIn,z)}else n.showOverlay&&I.show(),y&&w.show(),n.onBlock&&n.onBlock.bind(w)();if(i(1,t,n),k?(p=w[0],b=e(n.focusableElements,p),n.focusInput&&setTimeout(l,20)):d(w[0],n.centerX,n.centerY),n.timeout){var W=setTimeout(function(){k?e.unblockUI(n):e(t).unblock(n)},n.timeout);e(t).data("blockUI.timeout",W)}}}function o(t,o){var s,l=t==window,d=e(t),a=d.data("blockUI.history"),c=d.data("blockUI.timeout");c&&(clearTimeout(c),d.removeData("blockUI.timeout")),o=e.extend({},e.blockUI.defaults,o||{}),i(0,t,o),null===o.onUnblock&&(o.onUnblock=d.data("blockUI.onUnblock"),d.removeData("blockUI.onUnblock"));var r;r=l?e(document.body).children().filter(".blockUI").add("body > .blockUI"):d.find(">.blockUI"),o.cursorReset&&(r.length>1&&(r[1].style.cursor=o.cursorReset),r.length>2&&(r[2].style.cursor=o.cursorReset)),l&&(p=b=null),o.fadeOut?(s=r.length,r.stop().fadeOut(o.fadeOut,function(){0==--s&&n(r,a,o,t)})):n(r,a,o,t)}function n(t,o,n,i){var s=e(i);if(!s.data("blockUI.isBlocked")){t.each(function(e,t){this.parentNode&&this.parentNode.removeChild(this)}),o&&o.el&&(o.el.style.display=o.display,o.el.style.position=o.position,o.el.style.cursor="default",o.parent&&o.parent.appendChild(o.el),s.removeData("blockUI.history")),s.data("blockUI.static")&&s.css("position","static"),"function"==typeof n.onUnblock&&n.onUnblock(i,n);var l=e(document.body),d=l.width(),a=l[0].style.width;l.width(d-1).width(d),l[0].style.width=a}}function i(t,o,n){var i=o==window,l=e(o);if((t||(!i||p)&&(i||l.data("blockUI.isBlocked")))&&(l.data("blockUI.isBlocked",t),i&&n.bindEvents&&(!t||n.showOverlay))){var d="mousedown mouseup keydown keypress keyup touchstart touchend touchmove";t?e(document).bind(d,n,s):e(document).unbind(d,s)}}function s(t){if("keydown"===t.type&&t.keyCode&&9==t.keyCode&&p&&t.data.constrainTabKey){var o=b,n=!t.shiftKey&&t.target===o[o.length-1],i=t.shiftKey&&t.target===o[0];if(n||i)return setTimeout(function(){l(i)},10),!1}var s=t.data,d=e(t.target);return d.hasClass("blockOverlay")&&s.onOverlayClick&&s.onOverlayClick(t),d.parents("div."+s.blockMsgClass).length>0||0===d.parents().children().filter("div.blockUI").length}function l(e){if(b){var t=b[!0===e?b.length-1:0];t&&t.focus()}}function d(e,t,o){var n=e.parentNode,i=e.style,s=(n.offsetWidth-e.offsetWidth)/2-a(n,"borderLeftWidth"),l=(n.offsetHeight-e.offsetHeight)/2-a(n,"borderTopWidth");t&&(i.left=s>0?s+"px":"0"),o&&(i.top=l>0?l+"px":"0")}function a(t,o){return parseInt(e.css(t,o),10)||0}e.fn._fadeIn=e.fn.fadeIn;var c=e.noop||function(){},r=/MSIE/.test(navigator.userAgent),u=/MSIE 6.0/.test(navigator.userAgent)&&!/MSIE 8.0/.test(navigator.userAgent),f=(document.documentMode,e.isFunction(document.createElement("div").style.setExpression));e.blockUI=function(e){t(window,e)},e.unblockUI=function(e){o(window,e)},e.growlUI=function(t,o,n,i){var s=e('<div class="growlUI"></div>');t&&s.append("<h1>"+t+"</h1>"),o&&s.append("<h2>"+o+"</h2>"),n===undefined&&(n=3e3);var l=function(t){t=t||{},e.blockUI({message:s,fadeIn:"undefined"!=typeof t.fadeIn?t.fadeIn:700,fadeOut:"undefined"!=typeof t.fadeOut?t.fadeOut:1e3,timeout:"undefined"!=typeof t.timeout?t.timeout:n,centerY:!1,showOverlay:!1,onUnblock:i,css:e.blockUI.defaults.growlCSS})};l();s.css("opacity");s.mouseover(function(){l({fadeIn:0,timeout:3e4});var t=e(".blockMsg");t.stop(),t.fadeTo(300,1)}).mouseout(function(){e(".blockMsg").fadeOut(1e3)})},e.fn.block=function(o){if(this[0]===window)return e.blockUI(o),this;var n=e.extend({},e.blockUI.defaults,o||{});return this.each(function(){var t=e(this);n.ignoreIfBlocked&&t.data("blockUI.isBlocked")||t.unblock({fadeOut:0})}),this.each(funct <truncated>
File name add-to-cart.min[1].js
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\add-to-cart.min[1].js
File Size 2643 bytes
File Type HTML document, ASCII text, with very long lines
MD5 48115004d0a49f9800b07098bd13b713
SHA1 605c84169ea8575144c466c2db4dde56a15301d4
SHA256 74c965244f61f4b08302cb04ba7f1190e651e35ce620d8e5be04d60dda3a4a5b
CRC32 A0D1447C
Ssdeep 48:1L0xTM4QQEpn2SLXXf/Ytp/2SQVRfls9A7oY+QyivWldlBI30Emp4EUH:JuTWQE2SLXv/Qd2SQjPsY+hjlTfib
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
jQuery(function(e){if("undefined"==typeof wc_add_to_cart_params)return!1;var t=function(){e(document.body).on("click",".add_to_cart_button",this.onAddToCart).on("click",".remove_from_cart_button",this.onRemoveFromCart).on("added_to_cart",this.updateButton).on("added_to_cart",this.updateCartPage).on("added_to_cart removed_from_cart",this.updateFragments)};t.prototype.onAddToCart=function(t){var a=e(this);if(a.is(".ajax_add_to_cart")){if(!a.attr("data-product_id"))return!0;t.preventDefault(),a.removeClass("added"),a.addClass("loading");var r={};e.each(a.data(),function(t,a){r[t]=a}),e(document.body).trigger("adding_to_cart",[a,r]),e.post(wc_add_to_cart_params.wc_ajax_url.toString().replace("%%endpoint%%","add_to_cart"),r,function(t){t&&(t.error&&t.product_url?window.location=t.product_url:"yes"!==wc_add_to_cart_params.cart_redirect_after_add?e(document.body).trigger("added_to_cart",[t.fragments,t.cart_hash,a]):window.location=wc_add_to_cart_params.cart_url)})}},t.prototype.onRemoveFromCart=function(t){var a=e(this),r=a.closest(".woocommerce-mini-cart-item");t.preventDefault(),r.block({message:null,overlayCSS:{opacity:.6}}),e.post(wc_add_to_cart_params.wc_ajax_url.toString().replace("%%endpoint%%","remove_from_cart"),{cart_item_key:a.data("cart_item_key")},function(t){t&&t.fragments?e(document.body).trigger("removed_from_cart",[t.fragments,t.cart_hash,a]):window.location=a.attr("href")}).fail(function(){window.location=a.attr("href")})},t.prototype.updateButton=function(t,a,r,o){(o=void 0!==o&&o)&&(o.removeClass("loading"),o.addClass("added"),wc_add_to_cart_params.is_cart||0!==o.parent().find(".added_to_cart").length||o.after(' <a href="'+wc_add_to_cart_params.cart_url+'" class="added_to_cart wc-forward" title="'+wc_add_to_cart_params.i18n_view_cart+'">'+wc_add_to_cart_params.i18n_view_cart+"</a>"),e(document.body).trigger("wc_cart_button_updated",[o]))},t.prototype.updateCartPage=function(){var t=window.location.toString().replace("add-to-cart","added-to-cart");e.get(t,function(t){e(".shop_table.cart:eq(0)").replaceWith(e(t).find(".shop_table.cart:eq(0)")),e(".cart_totals:eq(0)").replaceWith(e(t).find(".cart_totals:eq(0)")),e(".cart_totals, .shop_table.cart").stop(!0).css("opacity","1").unblock(),e(document.body).trigger("cart_page_refreshed"),e(document.body).trigger("cart_totals_refreshed")})},t.prototype.updateFragments=function(t,a){a&&(e.each(a,function(t){e(t).addClass("updating").fadeTo("400","0.6").block({message:null,overlayCSS:{opacity:.6}})}),e.each(a,function(t,a){e(t).replaceWith(a),e(t).stop(!0).css("opacity","1").unblock()}),e(document.body).trigger("wc_fragments_loaded"))},new t});
File name woocommerce-add-to-cart[1].js
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6NWIC74\woocommerce-add-to-cart[1].js
File Size 992 bytes
File Type ASCII text
MD5 787fe4f547a6cb7f4ce4934641085910
SHA1 c2dee88d5bdfef214ce9c56f71a1df51cda0f328
SHA256 654aaebdea944313257827be97eb196a8218a2cdfc9ba399db23e2cd4c02bd79
CRC32 CC0016A1
Ssdeep 24:2WMwiliPsDeEK9ZIgeEUxnK4s244d3e/mCZiPsxREK9ZIiREUxR4s+YII9H:pMwilas5KrI4J4f44d3e/mCZasIKrIvO
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
(function ( $ ) {
	'use strict';

	$( document ).ready( function () {
		$( 'body' ).on( 'adding_to_cart', function ( event, $button, data ) {
			if ( $button && $button.hasClass( 'vc_gitem-link' ) ) {
				$button
					.addClass( 'vc-gitem-add-to-cart-loading-btn' )
					.parents( '.vc_grid-item-mini' )
					.addClass( 'vc-woocommerce-add-to-cart-loading' )
					.append( $( '<div class="vc_wc-load-add-to-loader-wrapper"><div class="vc_wc-load-add-to-loader"></div></div>' ) );
			}
		} ).on( 'added_to_cart', function ( event, fragments, cart_hash, $button ) {
			if ( 'undefined' === typeof ($button) ) {
				$button = $( '.vc-gitem-add-to-cart-loading-btn' );
			}
			if ( $button && $button.hasClass( 'vc_gitem-link' ) ) {
				$button
					.removeClass( 'vc-gitem-add-to-cart-loading-btn' )
					.parents( '.vc_grid-item-mini' )
					.removeClass( 'vc-woocommerce-add-to-cart-loading' )
					.find( '.vc_wc-load-add-to-loader-wrapper' ).remove();
			}
		} );
	} );
})( window.jQuery );
File name MSIMGSIZ.DAT
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
File Size 16384 bytes
File Type data
MD5 0cf9ea053bdfba12814049c64f7ab45a
SHA1 2c3dae6af5ed25316078f3d44519d387a5f0bb00
SHA256 bd6776afccf940809189767c68089f4dfbd18327c443de60443d42969338b8bb
CRC32 CB138BF2
Ssdeep 12:Oa6I/10s1KXPeNU/N6/aXAk6ylXPtDYNls6ss+wsLaSP/0otIltet+4bRsWdf8qY:xJHu9QqlC3LwAOMSoye7z2lzdG
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name louvre-logo[1].png
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\louvre-logo[1].png
File Size 33280 bytes
File Type PNG image data, 1280 x 295, 8-bit gray+alpha, non-interlaced
MD5 25b912fa9f14dd6aa854bf4540363894
SHA1 3e020885abd2e957d4df93769acb1242e1c8dc3e
SHA256 06de6b8af9d4fef733874535b80d2bd477b4e756a7ab516ca9d364938273dda7
CRC32 68C06C10
Ssdeep 768:8OK6/WNowiFfq9e+bnjKcACuf/OjyGflB:8gAQyU4jKLujfNB
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name proudct7[1].jpg
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\proudct7[1].jpg
File Size 13259 bytes
File Type JPEG image data, JFIF standard 1.01
MD5 29c560864ea4797e52cd3171c8524e51
SHA1 eef1d32b2071ee6b9fa58345d36bcee758bbf2ea
SHA256 516ec2a389895814af24af21eb365645e927ef0d2615c2d9e0dfa06d2ca505dc
CRC32 CFFA9DA8
Ssdeep 192:0ULpYFm7djGnx/BbZIqI4wgLxfvzftIaMOKVP7VwvQTAsS66VOefPOGx3+u6:0iYM7FG/waLJ2GvQ0p66Vd3+u6
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name fwtsqmfile00.sqm
Associated Filenames
C:\Windows\Temp\fwtsqmfile00.sqm
File Size 0 bytes
File Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
Ssdeep 3::
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name fwtsqmfile00.sqm
Associated Filenames
C:\Windows\Temp\fwtsqmfile00.sqm
File Size 140 bytes
File Type data
MD5 514e6c199bfa11cec6f58a7c3d1dbab8
SHA1 5e77374fac887704da2711388e7fb074cff8f4a1
SHA256 224ba8e8496e366c3ea65787c4fbb675f1ddf606f81cddab3e57bccf8d4e4143
CRC32 4C2BEF45
Ssdeep 3:Hl1li9Qll+lllt/7VmedpsIXeeXtzlRPWgESl5llll:F2Qm/ECppzXtpR+y//
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name Web Slice Gallery~.feed-ms
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
File Size 28672 bytes
File Type Composite Document File V2 Document, No summary info
MD5 d4cc7ce677b6ab7b521a1659aed301c8
SHA1 e1f036a56474983c11b5369dc6d46f158b0d4e0e
SHA256 3e23031a2b91f47683115473ce73964a196b68405153b815af14f7bde5032586
CRC32 E843F4D5
Ssdeep 12:Jw77mFQCb777777777777777777777777777777/FJl8vbf+8Gc7777777777777:Jsbf+8/2As4WYiit
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name {551862DD-EA55-11E9-8662-000C2940B9FB}.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{551862DD-EA55-11E9-8662-000C2940B9FB}.dat
File Size 4608 bytes
File Type Composite Document File V2 Document, No summary info
MD5 3c3c6d7631d416dc8a7543cdb1f515a7
SHA1 177e76031f86b4e7797acfdb6a43f54707d10052
SHA256 edb370040e8d332333e879f069accb2d4cd265ae7898ba9ae1578b0dc60f1a58
CRC32 505E8C45
Ssdeep 12:rlfF+crEgmfR16FMnrEgmfZ1qjNlYfO1t3+/NlQ891trDSW+fM9+fE4:rdG1G8Nlj1twNl51trDSvMi
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name RecoveryStore.{551862DC-EA55-11E9-8662-000C2940B9FB}.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{551862DC-EA55-11E9-8662-000C2940B9FB}.dat
File Size 3584 bytes
File Type Composite Document File V2 Document, No summary info
MD5 082967f3fe9f8aa41ed76f2e4ec58694
SHA1 2737dd2731f5c0a119020d5224f28e045cc01913
SHA256 09b9c0ca2d22e5834628fd34a01ed9b6e09562a6a95f401466bafbbe54488544
CRC32 07015958
Ssdeep 12:rl0YmGF2drEg5+IaCrI017+FdDDrEgmf+IaCy8qgQNlTq1t4qOHqltQqlt:rId5/inGv/TQNlW1tOqf
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 98f823f95f1ac633119141d3c5c81384
SHA1 9866a30d7d8e3d14e0d2ba56e8cc49866112e2fa
SHA256 1f379c04119058b39ff69c7a6280ac4f804ee8c3a994a8c8cd34b555df77ab2a
CRC32 CA4EB83F
Ssdeep 12:qjjkY3OA1Sp2rKyrRQl03OA1N2rKyrRQl:qjjki1SpyrRQQ1NyrRQ
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 e02b5c7b25280da487209bd48b4163f9
SHA1 7d440a9292567af8570c34e52d03aed14405ae00
SHA256 42bc5d24dab11bbeb8fd93b797b3c5b7e70fee667293a32691767580f1a01a73
CRC32 9703369D
Ssdeep 48:qsLf/ZJLH3ZxqT/mf7RCpwV+4igHDt/UwbmXhBgkBVGWYCIh:qsb/Zp/q0lV9Nbojbm
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
File Size 65536 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 71ac6f20b9879d7a74fbf3abb58f5f08
SHA1 6551cf371df3f8ac2969dc9021fca8d312444e8c
SHA256 df65c73baca1e381ae1616478abe84fa8c08afdf806995876c429cbee6c828e9
CRC32 63AFA743
Ssdeep 384:OsZ9wkJ0outxBNPgaa7T+026bV0qdg3skdVQnQeW+4fTfEgCkEQiXrAsjWSnCti0:OuEa/zMdHEgCkENr/zN
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
Sorry! No CAPE files.
Process Name iexplore.exe
PID 1728
Dump Size 663040 bytes
Module Path C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type PE imageexecutable
MD5 a0912a710f4ef78c28475c575cdc7e11
SHA1 fe0969f24dc64d61072bb0293fdc1eb95d9f0a79
SHA256 5ab9fd3da195fdb3b6ab604d16925b3f760597ddb28d0efe1ae2fcb78ae65fa0
CRC32 B4D914F7
Ssdeep 12288:EPX+pd167QhE0s7+jM+M6ugRfMMkIM7ovX+pd167QhE0u7+:AE6Ehg7mM+M6RkMkIM7gE6Eh67
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 5ab9fd3da195fdb3b6ab604d16925b3f760597ddb28d0efe1ae2fcb78ae65fa0
Download
Process Name explorer.exe
PID 880
Dump Size 2861568 bytes
Module Path C:\Windows\explorer.exe
Type PE image: 64-bit executable
MD5 42e4dcdd3cd425f140ff02aa9914fc96
SHA1 e7d35b5503ce4bc279730062ef00da57d420a65a
SHA256 2eec4d47ec3c4ceaab965a677c61a994af9093bc689d04b97ced4451b1c8fca9
CRC32 9206469C
Ssdeep 49152:7xrceI/lIRYraisQhFCUAkvYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojoso2W:trcPlIW7vYYYYYYYYYYYRYYYYYYYYYY4
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 2eec4d47ec3c4ceaab965a677c61a994af9093bc689d04b97ced4451b1c8fca9
Download
Process Name WmiPrvSE.exe
PID 1092
Dump Size 369664 bytes
Module Path C:\Windows\sysnative\wbem\WmiPrvSE.exe
Type PE image: 64-bit executable
MD5 ebd40dac9185d0d4be98d738740aaf9e
SHA1 52ca44c1c002c389e7bb00bde73a70ed501b1a8f
SHA256 e8dc36851cdc903ee53850f6de50a297725b017ce41011da51acad3ff5a070d2
CRC32 86DF21F2
Ssdeep 6144:QlwgZlm6i2aMRL86NeED45ZiZylWceBzFin18uUCWJHbC7nW2OD:Qldi2RRL8GMZUylbwzFizibuq
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename e8dc36851cdc903ee53850f6de50a297725b017ce41011da51acad3ff5a070d2
Download

Comments



No comments posted

Processing ( 17.642 seconds )

  • 10.063 Static
  • 3.392 BehaviorAnalysis
  • 2.239 ProcDump
  • 1.361 Dropped
  • 0.37 NetworkAnalysis
  • 0.21 Deduplicate
  • 0.006 AnalysisInfo
  • 0.001 Debug

Signatures ( 2.0 seconds )

  • 0.692 antidbg_windows
  • 0.163 stealth_timeout
  • 0.148 antiav_detectreg
  • 0.114 api_spamming
  • 0.054 infostealer_ftp
  • 0.039 mimics_filetime
  • 0.037 antivm_generic_scsi
  • 0.036 antivm_vbox_window
  • 0.032 antivm_generic_disk
  • 0.031 antianalysis_detectreg
  • 0.03 infostealer_im
  • 0.029 Doppelganging
  • 0.028 antisandbox_script_timer
  • 0.027 bootkit
  • 0.026 virus
  • 0.021 virtualcheck_js
  • 0.02 infostealer_mail
  • 0.019 antivm_generic_services
  • 0.017 recon_programs
  • 0.016 hancitor_behavior
  • 0.015 heapspray_js
  • 0.015 antivm_vbox_keys
  • 0.014 ransomware_files
  • 0.013 InjectionCreateRemoteThread
  • 0.012 injection_createremotethread
  • 0.012 ransomware_message
  • 0.011 antiav_detectfile
  • 0.01 dridex_behavior
  • 0.01 InjectionProcessHollowing
  • 0.01 injection_runpe
  • 0.01 antivm_vmware_keys
  • 0.008 uac_bypass_eventvwr
  • 0.008 infostealer_browser
  • 0.008 ipc_namedpipe
  • 0.008 kibex_behavior
  • 0.008 infostealer_browser_password
  • 0.008 antivm_xen_keys
  • 0.008 infostealer_bitcoin
  • 0.007 InjectionInterProcess
  • 0.007 stealth_network
  • 0.007 betabot_behavior
  • 0.007 dynamic_function_loading
  • 0.007 antivm_parallels_keys
  • 0.007 geodo_banking_trojan
  • 0.007 darkcomet_regkeys
  • 0.007 ransomware_extensions
  • 0.007 recon_fingerprint
  • 0.006 malicious_dynamic_function_loading
  • 0.006 exploit_heapspray
  • 0.006 stack_pivot
  • 0.006 antiemu_wine_func
  • 0.005 sets_autoconfig_url
  • 0.005 antidebug_guardpages
  • 0.005 persistence_autorun
  • 0.005 kovter_behavior
  • 0.005 securityxploded_modules
  • 0.005 antivm_generic_diskreg
  • 0.005 antivm_vpc_keys
  • 0.004 antivm_vbox_libs
  • 0.004 exploit_getbasekerneladdress
  • 0.004 InjectionSetWindowLong
  • 0.004 antivm_vbox_files
  • 0.003 antiav_avast_libs
  • 0.003 js_phish
  • 0.003 office_flash_load
  • 0.003 exploit_gethaldispatchtable
  • 0.003 shifu_behavior
  • 0.003 uac_bypass_cmstp
  • 0.003 PlugX
  • 0.003 vawtrak_behavior
  • 0.002 hawkeye_behavior
  • 0.002 disables_spdy
  • 0.002 rat_nanocore
  • 0.002 angler_js
  • 0.002 clickfraud_cookies
  • 0.002 antisandbox_sunbelt_libs
  • 0.002 antisandbox_sboxie_libs
  • 0.002 EvilGrab
  • 0.002 exec_crash
  • 0.002 java_js
  • 0.002 neshta_files
  • 0.002 disables_wfp
  • 0.002 silverlight_js
  • 0.002 antiav_bitdefender_libs
  • 0.002 antianalysis_detectfile
  • 0.002 antivm_xen_keys
  • 0.002 antivm_hyperv_keys
  • 0.002 browser_security
  • 0.002 bypass_firewall
  • 0.002 disables_browser_warn
  • 0.002 packer_armadillo_regkey
  • 0.002 remcos_regkeys
  • 0.001 stack_pivot_file_created
  • 0.001 tinba_behavior
  • 0.001 andromeda_behavior
  • 0.001 network_tor
  • 0.001 upatre_behavior
  • 0.001 rat_luminosity
  • 0.001 network_anomaly
  • 0.001 antivm_vmware_libs
  • 0.001 antisandbox_sleep
  • 0.001 injection_explorer
  • 0.001 TransactedHollowing
  • 0.001 modifies_desktop_wallpaper
  • 0.001 Locky_behavior
  • 0.001 kazybot_behavior
  • 0.001 h1n1_behavior
  • 0.001 office_postscript
  • 0.001 cerber_behavior
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_vbox_devices
  • 0.001 antivm_vmware_files
  • 0.001 ie_martian_children
  • 0.001 network_torgateway
  • 0.001 rat_pcclient
  • 0.001 recon_checkip

Reporting ( 0.029 seconds )

  • 0.029 CompressResults
Task ID 94245
Mongo ID 5d9d708d70370ecf04d64c15
Cuckoo release 1.3-CAPE
Delete