Edit tour

Windows Analysis Report
https://john-lewis-gift-card-23-uk.brizy.site

Overview

General Information

Sample URL:	https://john-lewis-gift-card-23-uk.brizy.site
Analysis ID:	1338307

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Stores files to the Windows start menu directory

Creates files inside the system directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 5872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://john-lewis-gift-card-23-uk.brizy.site/ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 5144 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2120,i,1935307156340749044,1386512883208363452,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://john-lewis-gift-card-23-uk.brizy.site

Avira URL Cloud: detection malicious, Label: phishing

Source: https://aff2jobs.com/go?c=5449&p=6899&sid=nirob

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 104.117.234.93:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.58:443 -> 192.168.2.17:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.67.144.177:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49747 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: john-lewis-gift-card-23-uk.brizy.site

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49684
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 13.67.144.177
Source: unknown	TCP traffic detected without corresponding DNS query: 13.67.144.177
Source: unknown	TCP traffic detected without corresponding DNS query: 13.67.144.177
Source: unknown	TCP traffic detected without corresponding DNS query: 13.67.144.177
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Source: unknown	HTTPS traffic detected: 104.117.234.93:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.58:443 -> 192.168.2.17:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.67.144.177:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49747 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_5872_656910989

Source: classification engine

Classification label: mal48.win@14/48@24/86

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://john-lewis-gift-card-23-uk.brizy.site/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2120,i,1935307156340749044,1386512883208363452,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2120,i,1935307156340749044,1386512883208363452,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://john-lewis-gift-card-23-uk.brizy.site	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a-cloud.b-cdn.net	212.102.46.118	true	false	high
accounts.google.com	142.251.33.109	true	false	high
b-cloud.b-cdn.net	212.102.46.118	true	false	high
a6e4ed2afe0ebe24b.awsglobalaccelerator.com	76.223.88.217	true	false	unknown
cloud-1de12d.b-cdn.net	212.102.46.118	true	false	high
www.google.com	142.250.69.196	true	false	high
bunnyfonts.b-cdn.net	212.102.46.118	true	false	high
clients.l.google.com	142.251.33.110	true	false	high
aff2jobs.com	162.0.227.132	true	false	unknown
john-lewis-gift-card-23-uk.brizy.site	unknown	unknown	false	unknown
clients1.google.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
fonts.bunny.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://aff2jobs.com/go?c=5449&p=6899&sid=nirob	false		unknown
https://john-lewis-gift-card-23-uk.brizy.site/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.0.227.132	aff2jobs.com	Canada	22612	NAMECHEAP-NETUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.251.33.110	clients.l.google.com	United States	15169	GOOGLEUS	false
142.251.215.238	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.217.67	unknown	United States	15169	GOOGLEUS	false
76.223.88.217	a6e4ed2afe0ebe24b.awsglobalaccelerator.com	United States	16509	AMAZON-02US	false
212.102.46.118	a-cloud.b-cdn.net	Italy	60068	CDN77GB	false
142.250.69.196	www.google.com	United States	15169	GOOGLEUS	false
142.251.33.109	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1338307
Start date and time:	2023-11-07 16:09:42 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://john-lewis-gift-card-23-uk.brizy.site
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@14/48@24/86

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.250.217.67, 34.104.35.123
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://john-lewis-gift-card-23-uk.brizy.site

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 7 14:10:14 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.979134873342884
Encrypted:	false
SSDEEP:
MD5:	02C99A9EAF1256C185A524104B91ABFB
SHA1:	D493A6DFFB754731EF0E3239067F38F4E18DCF49
SHA-256:	0DD261C69A74BE86940A343C436C79B06653B780D4129413A8CC8A7A4B5E1624
SHA-512:	5AE6D33D817F46981AE1361C9A7306871601BC25F3E4BD6B2C3463B1D0350720EBE86A69F6D0EE59C20DC3EA6C505B5B4973BC4AFBFE382960562A2B85CFD89C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,................y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IgW<y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgWFy....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VgWFy....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VgWFy...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VgWHy...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........B..\.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 7 14:10:14 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.994466012903212
Encrypted:	false
SSDEEP:
MD5:	B3BFCFD16D8A4A2A087DCB8CAEAD8B59
SHA1:	2AE14D48B6EB10F9CDFA30806DDB6703C77A469E
SHA-256:	11890A78A9C42741EC34D986760CF1A03E9CAC2B24CC25C07C86093CA57CDDC7
SHA-512:	577599CEB53E464509CB7E11C52525C4AFAC0B2C43064C69008BED1C2D9307F7669DD5B744C345FE83E45F9343EA4CD81C227B55ED6A39A2712D38B5BBB7EF5E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,................y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IgW<y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgWFy....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VgWFy....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VgWFy...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VgWHy...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........B..\.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.004095531685071
Encrypted:	false
SSDEEP:
MD5:	33B520EE53EA78B1BD31AAF1B772A29D
SHA1:	C0E37E5F2786C46303EEFE0A739FCE1550E7015E
SHA-256:	2DB10B04E4B8708AC88E251AAF37EEB36CDDAE6AE790197166A07DF473780956
SHA-512:	CA5623D94391A942681395E8A16D42AA0FEE3D9398E259B57CA285433974779A954C10137B0B8EA1B384D0B918FA61EEEF77418DBA3173AC33E42CF0A532316F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IgW<y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgWFy....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VgWFy....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VgWFy...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........B..\.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 7 14:10:14 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9936236141887416
Encrypted:	false
SSDEEP:
MD5:	0F93624E2CC041F495ECEA129250C094
SHA1:	4476EDF9C73B1046EB61C554B5CBA9C2DAF1F743
SHA-256:	5395FD830C88A77EF41C939B0D39739A4E078ECC89258F94326C10786EA9DC1A
SHA-512:	F6275F58E5E107FD48260734058164446B0311A6DC38A6A89D2A700D1C45CB7272421FC9086C7EDE7742CEDA324E8DF9ACAA40CB356D97D64B53AF7BB4F6B31F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IgW<y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgWFy....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VgWFy....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VgWFy...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VgWHy...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........B..\.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 7 14:10:14 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.980382470343591
Encrypted:	false
SSDEEP:
MD5:	A23A530BBC3A23C22A9C4B7044B37D30
SHA1:	775E1BA9D7CC0A404A4752DE34E050DF0ED34DEE
SHA-256:	E4A4E814FD1D6CD1C9D62FDD054A6F59798D0D8B4D94C9D09C6FE4F021B83124
SHA-512:	AC0C695C14FDC29337F842E75088479F4F15B51A559A1B76D5C002A1D6B065D1471EC820BD1531AA74D2A3E7929ECD46E0AF5A0858BDD2350B88E0E5275B5EF9
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....x...........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IgW<y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgWFy....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VgWFy....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VgWFy...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VgWHy...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........B..\.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 7 14:10:14 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.991140499499336
Encrypted:	false
SSDEEP:
MD5:	7988396BAE4259AAB66CA671E79D8DD1
SHA1:	A290392BC585B269C91B152AA6634341053C8F1E
SHA-256:	05E87472DBA3D3195347CA876A599D468FBD5AB0D9901093C72B7718FFF04A1B
SHA-512:	4B8132E3BDA5D5764EAC1537A47C3FFC5D78271AB83BF3E933E4F5FE54B4BA7B40748D11A023A29322253E6F96BDB316445B9794D2C1083A8FAF506DB74B8A15
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....s.u.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IgW<y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgWFy....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VgWFy....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VgWFy...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VgWHy...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........B..\.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	OpenType font data
Category:	downloaded
Size (bytes):	70044
Entropy (8bit):	6.5040926026262165
Encrypted:	false
SSDEEP:
MD5:	25F126BC5D17A77FD9EA3DBF22974DAA
SHA1:	05E12B987CBFDEAE0CE798CC8B30A8B79723B66C
SHA-256:	6E64AEC446BFC5FB3F7EA819A9C6643881E30175C87A39DAFCB395ADAFCC5B83
SHA-512:	B439F56516E0621E3C6713780730765C337AFDE926B4C9D487DED0B581F92D7BBEF97337C220F1BD7993D3D2B986141C8A84CDD2732A797EE7AE41CB51E3A95D
Malicious:	false
Reputation:	low
URL:	https://b-cloud.b-cdn.net/fonts/europa-bold.otf
Preview:	OTTO.......PCFF I.:.......k.DSIG............GPOSZ.8....p...~GSUB............OS/2.j.4...8...`cmap:I.2........head.n.-.......6hhea.T.u.......$hmtx.9@.........kern.g.....\..c6maxp..P.........nameY.5........#post...&....... .........cq._.<..........re,.....re,.L...&.................!...............................................Y...............................................S.#...........v.....................=...................................=...........1.K...........\|.....................@...............................................................................................".}.........$...........z...........2.=.........>.o.........z...........b.'............Copyright . 2011 Fabian Leuenberger and EuropaType. All rights reserved. This Font Software may not be reproduced, modified, disclosed or transferred without the express written approval of EuropaType. EUROPA is a trademark of EuropaType and may be registered in certain jurisdictions. This Font Software is original artwo

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Category:	downloaded
Size (bytes):	103469
Entropy (8bit):	5.324434043874711
Encrypted:	false
SSDEEP:
MD5:	382784AC4F4421222995F4D3D6B37E8B
SHA1:	833DC03F9DD6724EC5AD551B211586BB717755E2
SHA-256:	AB453409A32214D7E65505F6EAB9564C70E757FC9AF096B4DFD62BAD306EDA02
SHA-512:	E29D4CEC64BEF3CD12ECECBA55E0046461B018818C7F05EC7BDEDFF1C39024C479627C00A7289F91933EF53C7BADB64B0AECAC122DE479B7C8A9F2FF8E3AFDD7
Malicious:	false
Reputation:	low
URL:	https://b-cloud.b-cdn.net/builds/free/268-cloud/editor/js/group-jq.min.js
Preview:	(()=>{var e={5089:(e,t,n)=>{var r=n(930),o=n(9268),i=TypeError;e.exports=function(e){if(r(e))return e;throw i(o(e)+" is not a function")}},6112:(e,t,n)=>{var r=n(8759),o=String,i=TypeError;e.exports=function(e){if(r(e))return e;throw i(o(e)+" is not an object")}},1984:(e,t,n)=>{"use strict";var r=n(8062).forEach,o=n(2802)("forEach");e.exports=o?[].forEach:function(e){return r(this,e,arguments.length>1?arguments[1]:void 0)}},8062:(e,t,n)=>{var r=n(8516),o=n(8240),i=n(5974),a=n(3060),s=n(2871),u=n(5574),c=o([].push),l=function(e){var t=1==e,n=2==e,o=3==e,l=4==e,f=6==e,p=7==e,d=5==e\|\|f;return function(h,g,v,y){for(var m,x,b=a(h),w=i(b),T=r(g,v),S=s(w),C=0,E=y\|\|u,j=t?E(h,S):n\|\|p?E(h,0):void 0;S>C;C++)if((d\|\|C in w)&&(x=T(m=w[C],C,b),e))if(t)j[C]=x;else if(x)switch(e){case 3:return!0;case 5:return m;case 6:return C;case 2:c(j,m)}else switch(e){case 4:return!1;case 7:c(j,m)}return f?-1:o\|\|l?l:j}};e.exports={forEach:l(0),map:l(1),filter:l(2),some:l(3),every:l(4),find:l(5),findIndex:l(6),filte

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (5391)
Category:	downloaded
Size (bytes):	6603
Entropy (8bit):	5.25631764194766
Encrypted:	false
SSDEEP:
MD5:	543AC81966D87AC815E08EB0E436D719
SHA1:	E35BB4E32CCF08C11A3935084B50660FEB835350
SHA-256:	8CBC10EE9755EF972000F666711A5C4D0E025D3CEDF53079BA3BFD8F2B19A968
SHA-512:	0C6A8F7948F93D4D00B5FBB98F487D7E2EE15D104ACD83DFBC884EF9B77826DC7DAA27B906640572977750A00CB7EF590ED5CD93E2F40EF4DEF88B9FF92F1DC3
Malicious:	false
Reputation:	low
URL:	https://aff2jobs.com/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. <title>Not Found</title>.. <style>. /! normalize.css v8.0.1 \| MIT License \| github.com/necolas/normalize.css /html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}a{background-color:transparent}code{font-family:monospace,monospace;font-size:1em}[hidden]{display:none}html{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;line-height:1.5}*,:after,:before{box-sizing:border-box;border:0 solid #e2e8f0}a{color:inherit;text-decoration:inherit}code{font-family:Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace}svg,video{display:block;vertical-align:middle}video{max-width:100%;height:auto}.bg-white{--bg-opacity:1;background-color:#fff;background-color:rgba(255,255,255,

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	47870
Entropy (8bit):	5.275080781730997
Encrypted:	false
SSDEEP:
MD5:	C33693EDEA623C285508557AE596222A
SHA1:	77647C6B4251739EE8A3312328A0CBC57E13181C
SHA-256:	1A74212D88A33B796D0A8068E7BD6E1D2ACB9A4EF5305C2AC68BEEC657076D18
SHA-512:	971F93FF66E22F4B269ACE34D22990019381F5D0A38CE798BD7540F68A0272BE3C67CBB0565FDF2F0839C3222155A7B2FA15EB697CB5AB28A3EC08712DB9FC5C
Malicious:	false
Reputation:	low
URL:	"https://fonts.bunny.net/css?family=Overpass:100,100italic,200,200italic,300,300italic,regular,italic,600,600italic,700,700italic,800,800italic,900,900italic\|Lato:100,100italic,300,300italic,regular,italic,700,700italic,900,900italic&subset=arabic,bengali,cyrillic,cyrillic-ext,devanagari,greek,greek-ext,gujarati,hebrew,khmer,korean,latin-ext,tamil,telugu,thai,vietnamese&display=swap"
Preview:	/* latin /.@font-face {. font-family: 'Overpass';. font-style: italic;. font-weight: 100;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.bunny.net/overpass/files/overpass-latin-100-italic.woff2) format('woff2'), url(https://fonts.bunny.net/overpass/files/overpass-latin-100-italic.woff) format('woff'); . unicode-range: U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;.}../ cyrillic /.@font-face {. font-family: 'Overpass';. font-style: italic;. font-weight: 100;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.bunny.net/overpass/files/overpass-cyrillic-100-italic.woff2) format('woff2'), url(https://fonts.bunny.net/overpass/files/overpass-cyrillic-100-italic.woff) format('woff'); . unicode-range: U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116;.}../ latin-ext */.@font-face {. font-family: 'Overp

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.317941593175939
Encrypted:	false
SSDEEP:
MD5:	FD0C8C0C6C5F392E2DF20FABCE15D713
SHA1:	C60B49CF9CB7385E5C2C13AAD9BDAB01017FC32F
SHA-256:	15ADB68BA638BCAA480D45F663811CBA1654732C1AE81C432DACEE4765955007
SHA-512:	B3B7D603E637DFF256DFEF0D95CF36E63343DD6A948ABE9E8934B79CC2EE95A325E4CDD670A2EF6F60227DC5C3CF728F7FF7FB52A1A6A0F950DEA8C076C06BEE
Malicious:	false
Reputation:	low
URL:	https://aff2jobs.com/go?c=5449&p=6899&sid=nirob
Preview:	<h1>You are using a VPN, please disable it and try again</h1>

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (806)
Category:	downloaded
Size (bytes):	811
Entropy (8bit):	5.136311333381538
Encrypted:	false
SSDEEP:
MD5:	E25B0D1CB4A7A8B8CA523DF91A269699
SHA1:	6FA44EFA24AF6E2850420D90891F75928EE1D904
SHA-256:	EDEA038017DDD9ED9770F24A506541F4445B9B18E58AED377C9DEAE10292E0B5
SHA-512:	5596FC1E57E90FBC2A8B701DB3623A793EE952CCFA936B5CC9687441C2E540A97AC04C4C2689C69285AA9D1C17B8549D983D34119AC48F25B746D0D38F6B6F9B
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["veterans day military discounts","general hospital spoilers charlotte","halo infinite mountain dew game fuel","nyt mini crossword clues","nyc green slime","30 year mortgage rates","attack on titan ending explained anime","new york city marathon 2024"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	5170
Entropy (8bit):	7.959728042715899
Encrypted:	false
SSDEEP:
MD5:	CAC6FE5AB92E2ADA26B281674D30C338
SHA1:	F5A68A0748475B8F512C3F5789EF34B094D0C7EA
SHA-256:	4D32CBB20D56F6AA36EFD9F43644319379E7FA065F94ABB3A98788C087B24B02
SHA-512:	A06FFBF042F28EF054A230D5F7BD5A02E92513BF4E10A2F7CF832F03AC7768FD348D34C7661BBA3D29774F4C607BAC4EC4F503685519815786A70FD0A9C5FB8A
Malicious:	false
Reputation:	low
URL:	https://a-cloud.b-cdn.net/images/cropped-favicon-192x192.png
Preview:	RIFF...WEBPVP8X..............ALPH.....!1i......I.$.H.{..H.......o.....Ew......CpO..,A.....w.......j..o.....J;.m.m....m...m[..J..X.z........L`.[..........ff..X......... .BC...9.....d..4...d.11q.....L@F..F!...........5......!@.Y..L....I<{.xw.lxD.!..o..'..n./...(O..NF..c..Q......M.?/.X....0......5.\|.....@..z.....w4.N.\....k.]Z...Ohj..5..,.=8..r.5o3i...xl...%....^.I.e....m2.{Rt..\|V..u..:.a0.T?..S.... .Y.`5h.....X.r]..6#....N.....O.>.#.v..r.O..t..z-...&.}.......?...h7.p..(..U..n........E. .t..K.=.............r.To..S.Qc.2..\H......P.fl...N%Z.t...t..._...K.ps...>.u..r....:b.#'@..V..D..Y./.U..j.g.7..=.......3..}.l.M*+..&..!..6;..v[........^.. ..........\...#.k.b..O..\|.&x9..)'.<.....A....pWf....> .....w..y.!L.....q..x.....E.a/R.....)...+.).._IO..G,=&....Jz`.)..O.#..C.,=..I..?K.Iz..c..O&.1.O,<b...O.b...3.....7P..OA.L.cb....Xx.4.)..o.J........c......&<X..ga........A..]rz^..:.%.Q\.a..u...4.).0Dt....$:.....m.L'....M...!w...Z.."5.y....: ...l..........

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	5170
Entropy (8bit):	7.955039928171991
Encrypted:	false
SSDEEP:
MD5:	EAB0A1E085D75F8A2C7E533DA2FB6DEA
SHA1:	B02CD286E0FADE446F14C1C122D40FAADED4EA47
SHA-256:	A7A05115479692B0A78FB2CAFCECDBCEE9774742117F1EE8BF19F604F96A4744
SHA-512:	96374F412AFDD23E27496037DCE078634C9EF6978C133244A522AC4FE983E433F3E40C129F8B056FB38DEBC4070C38E5C0EEAE4192A75126F7227E182DC57F30
Malicious:	false
Reputation:	low
URL:	https://cloud-1de12d.b-cdn.net/images/cropped-favicon-192x192.png
Preview:	RIFF...WEBPVP8X..............ALPH.....!1i......I.$.H.{..H.......o.....Ew......CpO..,A.....w.......j..o.....J;.m.m....m...m[..J..X.z........L`.[..........ff..X......... .BC...9.....d..4...d.11q.....L@F..F!...........5......!@.Y..L....I<{.xw.lxD.!..o..'..n./...(O..NF..c..Q......M.?/.X....0......5.\|.....@..z.....w4.N.\....k.]Z...Ohj..5..,.=8..r.5o3i...xl...%....^.I.e....m2.{Rt..\|V..u..:.a0.T?..S.... .Y.`5h.....X.r]..6#....N.....O.>.#.v..r.O..t..z-...&.}.......?...h7.p..(..U..n........E. .t..K.=.............r.To..S.Qc.2..\H......P.fl...N%Z.t...t..._...K.ps...>.u..r....:b.#'@..V..D..Y./.U..j.g.7..=.......3..}.l.M*+..&..!..6;..v[........^.. ..........\...#.k.b..O..\|.&x9..)'.<.....A....pWf....> .....w..y.!L.....q..x.....E.a/R.....)...+.).._IO..G,=&....Jz`.)..O.#..C.,=..I..?K.Iz..c..O&.1.O,<b...O.b...3.....7P..OA.L.cb....Xx.4.)..o.J........c......&<X..ga........A..]rz^..:.%.Q\.a..u...4.).0Dt....$:.....m.L'....M...!w...Z.."5.y....: ...l..........

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	36913
Entropy (8bit):	7.978247984740234
Encrypted:	false
SSDEEP:
MD5:	DC80D625B03D98CE3D79E3BEDB54F627
SHA1:	F660608F0A72CEBCE5CFBEA8D97C0FB72FDA1ECD
SHA-256:	47F625C56C4CF1D94FAEE19B1EAD85BB5A42DCFF28504238075F086BD65851D4
SHA-512:	23B4ABFE75018BA4A2189C76C72691514F64D5CA33085CFBDD8E0CB8B3C16B28D8448C084908D6A6D5CC4150D269922CC1515C2558FC85A9322FB2988857955B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............R.l.....sRGB........DeXIfMM........i........................................................M;9...@.IDATx....^.u&..UE4...H.j.{1.ll..c;..;.I.'3..<.O.a2..?...'.=........l..TQD...$........}.Z{....J..0...={.U.....9._.M..o.w.F/.8~..........NgjJ.S.nw..@....S...4iJ7u.t9N.7i#.o.d..n3...)u'@7.....M......p..M..^~H...:...w..qJ.@....@.6...y.........Vt.i....,o:i.._I...;0.x\g..4..8....j.....9.FvX.......1}ppx..Pw'.........ek..#...Y6..Y....'.2.b.j..'.z...q.....t3.yz.qO_s............8.[w.......I{....3q.{.6..^K..f..e9....sQ.G.......o.....}s.............g..;.9....a....~..}Y.X..Epr<.........k..&>../.2..2y...'.I'.r.Uk.............!~.....+.@..'.........'......E.\.Mq.\xaw...n?..._.O..../.]....hy.2.......[l.W...t/....'...<.........+;.x[..c...t;g..~:._H...bss...=..q@'...'.$.y..@.`.I?......{.O.U.K....B.w.m{.t.....(~q.32yGscgBe.K.'G.....^R.........:.g..I...z.G>.:.^.k.o...U8...[.8'u......t...]L\.I..0......`.I........

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 16296, version 1.0
Category:	downloaded
Size (bytes):	16296
Entropy (8bit):	7.988181521005234
Encrypted:	false
SSDEEP:
MD5:	7377F379FE5354AF4A27BBB954CE816E
SHA1:	E62506BD4A05A9A68B81090C14E27BD30C7CCEEE
SHA-256:	5C91507BA9508C8BBE28C7F1C80B5133C51C5A12016A0CB22BE98520DE7FB1AE
SHA-512:	B1A8349F40242ECCA7D66A13EE370EFDEBBF70C08B32E79B9EB30C8D207B11FDD41F68F6D088F6CCA29FC03DAF44C652C70523F626B476A4CDC497A110C3FBBE
Malicious:	false
Reputation:	low
URL:	https://fonts.bunny.net/overpass/files/overpass-latin-700-normal.woff2
Preview:	wOF2......?...........?G.............................j..V.`?STATD........0.1..P..6.$.... ..4. ........2..D...#.vs.J/..N.....qr.F-..LDQ......Z0.{u..Mt...l......._N...y........Dr.QL{...1]W._...T<.h.3...s..>.%>..}u.Hr.;.%/~@..3....y.:...tb.@.?...4....B].^,.%.}.5.[-5.n......[Z...u... .Q2.DmcY...b..=zd.m.b........E..`.....}....T...a..q.....&'...V4{.b.q..!..?....FV..P.y....mM./..oky.S...q..QmF....n.......b1.o.`.....8.h........dUa./V......?.t....Ox c..;B......\tx..V..G......L..hu>.a^e+..hE.5Y..Z..Y.vN.vZ......p..........n....RM.zQ:-p.n~.....7-ml..P{..4s8x.......=...{.g.E.....oZO....l..D8.<y.u).q.E.Z.AH........}.m.....m..{$..8.!...F.J..P..?....=..)....1.l6""......8m_.b....N..W......u..!rJDM.hh..^.?.d....#..HQH.#b...2..HE.#.2.\.H.*.F...i....LcC:u#..F....+.5zq.<.+.lq..z>\|..1d...iH.b;"..G88....!T.............x.Z...g.M@...)...q..)...n.../...35... 1.....9>.$.(t..@.z...................u...t.s.w..v...+.]@.. .j.....In_.b...Z.5.f.k...b.>P..7...P.4.2....g..

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 1170x878, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	125824
Entropy (8bit):	7.998379527085489
Encrypted:	true
SSDEEP:
MD5:	AD6F26C37760291EE54AFDF74F4F6604
SHA1:	3BCB0064FAE819190D1C436C61032544F7AB99AB
SHA-256:	55FC848EB21A0517FF8C6D812DF09CA3B02AC295188BFB86003941A02E57D8C8
SHA-512:	CC82984D2E551EC1BA8135A11260A5474A5D20EAEB125DB65BB0F146F374D25607CC0A51F7DFBB38A7DFD694EBBA0ECE2D1CDAA9A98363815F031E0E1F91E141
Malicious:	false
Reputation:	low
URL:	https://cloud-1de12d.b-cdn.net/media/iW=1463&iH=878&oX=146&oY=0&cW=1170&cH=878/b039b752f16c4852d9418e6b919a0be9/5395.jpg
Preview:	RIFFx...WEBPVP8 l...0......n.>Q".D..+....ap..eno.\|...G.(.7..$....M...C.{WY....\|7...Z.T..A....3G......U.Mc.....G._.......S.W..oY..../(.x1..Q.../......}._..`...G.....l.N.............S...X.......~".s..._.?..X~Z......._.O..~.......I./....b.w........cO...............E...+...{.~..w.{...o^.b~.\|.~...8O.o.q......m....../.......pF./.....S....D2@=.T..=...8G.W..b........z.CJ.b.......OW.A.r,..?.....;...PH...:....e.._rt&..T..G.JO.Gdj^x....u.Q.:....E"Cu.x...'9.Si..[.x.y.7=.M....}}.b\.......v.."%..V....@f.tz+..... ...C.,D{..?...>...Y.h.......'.....@.w.1...O..H.s../t...V.4...F.N...T.s&.....L{-.U.'4Q..^.../\A.K.&.u,..z.H9-.#......&'M.O..e[k.&...r...O.lGz.a.i?\|d.l....(..Q.4..sP..\..........!.%...L..W.@.1.0.64...\|.LSt....{W#..<'...QKD...c.V..^9.Y....b..Y.jz..%F.......e.bF....c.NeZ.....V.kgmus%.R...aU.7...S.........\|%s.Fc...z...}..^..D..o.i)M:......G.i...#+.....M~' {..U>....&2...R.+..7fV.3...Y...Q. ........>..D..M....<.v+..sX...d.......K...k..{O..2....3.F.

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1170x878, components 3
Category:	dropped
Size (bytes):	190810
Entropy (8bit):	7.97385944336577
Encrypted:	false
SSDEEP:
MD5:	E0AA3127E71F183808117742543F94FC
SHA1:	863145D343A1AB16EEDD6BBC20EFB55C00681AA5
SHA-256:	8EBB9C4D1C46D40C07F63F581BE0BB007B16F7B81A52C8FEA17FB868FAC3E098
SHA-512:	D463C0268DBAFDD2BCD234128D868D434108BD401E0ED3F5545BDB6FAD5C389CF837D806CBAAA5A1EADCA20D84D20913F10AA8BBC23E874BFF3C73D215AE3DBB
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C..............................................!........."$".$.......C.......................................................................n....".........................................`.........................!..1.AQa."q...#2......$3BRbr.4....%CDScdst...5T..&'67Uu....F.EV..e..................................8........................!.1AQ.."2a#3BR.q$b..5Sc.%4................?..M..AB:T..]]]@.@...P........q.Lf..T......x...+y.......Z.S;.U.....L....{l7../h.j.U8erE.\.].y.{i...c..\G..{i.{._......<._.5...4.!M.^5".r.\|..H)5...........1nO..._Z....X..].i.EX..>...:..B.H.Z{G`...I...R....V6...bq..%..\}......@G.R....2.Fy..E.Q..[t)C".>....R.......Y.......s.9..k......0.F..iY... ......E...!..Zy.....p.3....x.U....B.=..RR....v.oZL...[v.....^..b..8M.Z..7y'.X..'"K.Oc'.Y......30i..u.....n.=.RQ...rr...7%k..I.....d.w..h.Q..Sn.a%N...[..).JK..f:y.7..g_d..9im...9#>5..B.?V..\C.ae`\|.:...{].fSw............2..up.y..roZF.o.G...XJy...;..x..Q...

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 257x159, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	2340
Entropy (8bit):	7.9128292309231005
Encrypted:	false
SSDEEP:
MD5:	7D4D1832137FA264E0D3C169968B1E95
SHA1:	23D3CD716078FAA30F750E073F420242845A5370
SHA-256:	B7FD986D6C3550388E495AC43029267E49B5895F2AA363DC5DE2CC4F90DB88BA
SHA-512:	F9E95D86F47396B69E343AA8AF81BC4DB438F12E16A55CD5DAA91E8EA0A04AA598C8FAF42FB6AA308BC2671A7AFB4B09900529AB8A2A30A143B1D90E774F51E4
Malicious:	false
Reputation:	low
URL:	https://cloud-1de12d.b-cdn.net/media/iW=257&iH=162&oX=0&oY=1&cW=257&cH=159/c225dac50e1f83e2027b3bd1afee7431/John_Lewis_&_Partners_logo.svg.jpg
Preview:	RIFF....WEBPVP8 .....7.......>Q$.F#..!"...p..in.o...W.......$...D~.y.....}.9..'.....k...O.w.....>.?....7..._.?..l@......4?.y.~........f.`.....h.............Q.Y...{...w.........a._.../...^...d02.Jq.Y...........RsD......E.f..s:}.^;...;?B...`.a..:.4oCt.k.2U-.:}.^;.....P`..K....k.qf.N...7.\|]..,.1....fs..p{wM.Z.p....T...h.q\|......i.P"..fL...0..b....f..%.....~6.k.>........./...[._.62v.X.&.....W.!rP.`.d,.x...E....'.p...I.jT.].....!...N ...a...jp.._..PF.L.<{...8....2......b...i4............>....:..b........N..."._M.D.>........>7...6..U..^Ol.......}.K.>.........m....M....1.l.e..i.1..O.>$.....e.mv]...5..ne...7.IG&l .Z.Z.-..e...5.}....z..>...<(....r....xg9..^.:.I......].KH=....3A..z...~".>..Y...C....~k.`p..c....D...d.....j....=.#i...Ep_...hU,..g$.O..d.9m..]9~.p. ..g..PhKt\.......m......l>..~..l.........nf....fI."M...UJ2.X..2D.M.Wv.y..C..p.....)..#D.t..o'+...4e$,m.X....m.l..Ur.-..{.I....M..0.UB..d...O. ..6-..}...?.y.......D....{[Y!...F/

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 257x159, components 3
Category:	dropped
Size (bytes):	5261
Entropy (8bit):	7.755600646352516
Encrypted:	false
SSDEEP:
MD5:	6312A539CBFE430035C8C0D84EDAD6D0
SHA1:	3106F1AADA7E04FFF50BFC0F7B69C856438AE75D
SHA-256:	705F5F50AC8CF8411F6191C7C13337311FEDBB2C8BBB7C9FB75A1D67595F0D0A
SHA-512:	811EF727B320C09679D32E20421B1AC0663F2BB247B4E3F2D723BEA396BB5E7D5209292C282719F752EE5AF3BD6CA0B65E1C14A4437945DB8E38A84B6CBB5D14
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C..............................................!........."$".$.......C............................................................................".........................................E............................!u..127Aq..."468Qast..#..BRc.$%'rv.3..........................................................?.....]....R5.d....e.T.b.....y{_Y............R//k.?~...B..4z7.\|?....J.w..v+.H..g.?.....$.Y...z......!....5.$pLeU?...T...\n.....8&.(..............................^.......C'p.../}..k............P..M........y{_Y.............,FzS..^.._.D.#=)..].. 2...s..~?.O..U....#.c........wP.n...0.F......F.l-....J....-Pi.n8.K$.%...e.....qI.<........3xb...Em.t........kfyg.e."...I......\.z.....s$.T.....0....../.p...]..(K.j.-.k.!%.\|~$y..5lR.\.).T<L\|.........s.,.u.=.6...c.s,..6.NEm..B.6.Z.%e.f\|...>,'.....h39...:..!m...!J."2....w.n..+6...-t..ES.F.8h<.........b.qU(UH.K...p.l...T...$..OG-.\|."P.MN..eFE:....8m<..[k#....=...\|.KU.*.S..)k.+].s.$..

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (38719), with LF, NEL line terminators
Category:	downloaded
Size (bytes):	438699
Entropy (8bit):	5.307749698578768
Encrypted:	false
SSDEEP:
MD5:	E604C5C53AD9733BADFE23F7B90CA059
SHA1:	7BA13776E126FADA687656BED2D98ABF610A2427
SHA-256:	05407B52F22E70DF97548F82851A3FBA58998E286C7E86AD5627B501D80C6ECE
SHA-512:	C1A36EC5D144E570A00AA70261CCA86EB02867EBE73C83058CB47F5761B41F63414B07B89C014671FC387EE78546A556A666B318917A0F3127E00BAA2327C94E
Malicious:	false
Reputation:	low
URL:	https://b-cloud.b-cdn.net/builds/free/268-cloud/editor/js/preview.min.js
Preview:	/! For license information please see preview.min.js.LICENSE.txt /.(()=>{var t={5089:(t,e,r)=>{var n=r(930),i=r(9268),o=TypeError;t.exports=function(t){if(n(t))return t;throw o(i(t)+" is not a function")}},1449:(t,e,r)=>{var n=r(1956),i=r(9268),o=TypeError;t.exports=function(t){if(n(t))return t;throw o(i(t)+" is not a constructor")}},1378:(t,e,r)=>{var n=r(930),i=String,o=TypeError;t.exports=function(t){if("object"==typeof t\|\|n(t))return t;throw o("Can't set "+i(t)+" as a prototype")}},8669:(t,e,r)=>{var n=r(211),i=r(4710),o=r(7826).f,a=n("unscopables"),s=Array.prototype;null==s[a]&&o(s,a,{configurable:!0,value:i(null)}),t.exports=function(t){s[a][t]=!0}},9966:(t,e,r)=>{"use strict";var n=r(3448).charAt;t.exports=function(t,e,r){return e+(r?n(t,e).length:1)}},1855:(t,e,r)=>{var n=r(5516),i=TypeError;t.exports=function(t,e){if(n(e,t))return t;throw i("Incorrect invocation")}},6112:(t,e,r)=>{var n=r(8759),i=String,o=TypeError;t.exports=function(t){if(n(t))return t;throw o(i(t)+" is not

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	285252
Entropy (8bit):	4.930588331661424
Encrypted:	false
SSDEEP:
MD5:	3A077874D7DDB4F99B9E7A0DCF12C2E5
SHA1:	ABE4E616E49E883863C2F9E7529B24E61DAADAD2
SHA-256:	9254FD02BC5108E7157967A0EE799552F6488E2F0E260E607B8FC2EED1061778
SHA-512:	5CFF6894EB5A982971EC4970BBC83A79F87B86ADF10FF5A6D78D2754B584FD235E5262A790F880559A56524B125B08D0F94D699F39F995A942A5C01C4E5E756C
Malicious:	false
Reputation:	low
URL:	https://b-cloud.b-cdn.net/builds/free/268-cloud/editor/css/preview.min.css
Preview:	@charset "UTF-8";.brz .brz-audio{pointer-events:auto;min-width:fit-content}.brz .brz-audio .brz-custom-audio{position:relative;width:100%;height:100%;justify-content:center;align-items:center;padding-left:20px;padding-right:20px;z-index:3}.brz .brz-audio .brz-custom-audio .brz-audio-play-pause-btn{display:flex;cursor:pointer;z-index:3}.brz .brz-audio .brz-custom-audio .brz-audio-current-time{margin-left:25px}.brz .brz-audio .brz-custom-audio .brz-audio-total-time{margin-left:15px}.brz .brz-audio .brz-custom-audio .brz-audio-slider{position:relative;flex-grow:1;cursor:pointer}.brz .brz-audio .brz-custom-audio .brz-audio-slider .brz-audio-progress{border-radius:inherit;position:absolute;pointer-events:none}.brz .brz-audio .brz-custom-audio .brz-audio-slider:before{--tw-content:"";content:var(--tw-content);display:block;position:absolute;inset:0;margin-top:0;margin-bottom:0;margin-left:auto;margin-right:auto;background-repeat:no-repeat;opacity:.35}.brz .brz-audio .brz-custom-audio .brz-au

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://john-lewis-gift-card-23-uk.brizy.site

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 92

Static File Info

Windows Analysis Report
https://john-lewis-gift-card-23-uk.brizy.site