Edit tour

Windows Analysis Report
http://9k1.lawstore.me/?dD1jJmQ9MjIwMjUmbD01NDIzJmM9MTU5ODA5JmF1PTA=

Overview

General Information

Sample URL:	http://9k1.lawstore.me/?dD1jJmQ9MjIwMjUmbD01NDIzJmM9MTU5ODA5JmF1PTA=
Analysis ID:	1369788
Infos:

Detection

Phisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for domain / URL

Yara detected Phisher

Performs DNS queries to domains with low reputation

Creates files inside the system directory

HTML body contains low number of good links

HTML title does not match URL

Invalid T&C link found

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 5220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://9k1.lawstore.me/?dD1jJmQ9MjIwMjUmbD01NDIzJmM9MTU5ODA5JmF1PTA= MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2060,i,15669679175358100566,3448600420864057907,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_126	JoeSecurity_Phisher_2	Yara detected Phisher	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for domain / URL

Source: jinxmux.com	Virustotal: Detection: 6%			Perma Link
Source: convexfront.com	Virustotal: Detection: 8%			Perma Link

Phishing

Yara detected Phisher

Source: Yara match

File source: dropped/chromecache_126, type: DROPPED

Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165

HTTP Parser: Number of links: 0

Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165

HTTP Parser: Title: Costco does not match URL

Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Privacy Policy
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Privacy Policy
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Privacy Policy
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Privacy Policy
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Privacy Policy
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Privacy Policy
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Privacy Policy
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Privacy Policy
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Privacy Policy
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Privacy Policy
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: Invalid link: Terms and Conditions

Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: No <meta name="author".. found
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: No <meta name="author".. found
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: No <meta name="author".. found
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: No <meta name="author".. found
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: No <meta name="author".. found

Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: No <meta name="copyright".. found
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: No <meta name="copyright".. found
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: No <meta name="copyright".. found
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: No <meta name="copyright".. found
Source: https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49791 version: TLS 1.2

Networking

Performs DNS queries to domains with low reputation

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: pushvisit.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: pushvisit.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: pushvisit.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: pushvisit.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: pushvisit.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: pushvisit.xyz

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: 9k1.lawstore.me

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49791 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_5220_628110362

Source: classification engine

Classification label: mal60.phis.troj.win@17/81@42/244

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://9k1.lawstore.me/?dD1jJmQ9MjIwMjUmbD01NDIzJmM9MTU5ODA5JmF1PTA=
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2060,i,15669679175358100566,3448600420864057907,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2060,i,15669679175358100566,3448600420864057907,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://9k1.lawstore.me/?dD1jJmQ9MjIwMjUmbD01NDIzJmM9MTU5ODA5JmF1PTA=	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
jinxmux.com	7%	Virustotal	Browse
trk-keingent.com	1%	Virustotal	Browse
pushvisit.xyz	0%	Virustotal	Browse
convexfront.com	9%	Virustotal	Browse
virtualpushplatform.com	0%	Virustotal	Browse
opulentii.bid	0%	Virustotal	Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
trk-keingent.com	172.64.198.9	true	false	1%, Virustotal, Browse	unknown
convexfront.com	212.32.251.242	true	true	9%, Virustotal, Browse	unknown
a.nel.cloudflare.com	35.190.80.1	true	false		high
pushvisit.xyz	20.50.64.3	true	true	0%, Virustotal, Browse	unknown
accounts.google.com	172.253.63.84	true	false		high
beacon.opulentii.bid	45.55.126.207	true	false		unknown
www.google.com	142.251.111.105	true	false		high
opulentii.bid	172.67.160.139	true	false	0%, Virustotal, Browse	unknown
clients.l.google.com	172.253.63.138	true	false		high
virtualpushplatform.com	172.67.177.88	true	false	0%, Virustotal, Browse	unknown
9k1.lawstore.me	104.21.31.38	true	false		unknown
jinxmux.com	185.140.54.135	true	true	7%, Virustotal, Browse	unknown
clients1.google.com	unknown	unknown	false		high
ka-f.fontawesome.com	unknown	unknown	false		high
kit.fontawesome.com	unknown	unknown	false		high
clients2.google.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.179.94	unknown	United States	15169	GOOGLEUS	false
172.67.177.88	virtualpushplatform.com	United States	13335	CLOUDFLARENETUS	false
172.64.147.188	unknown	United States	13335	CLOUDFLARENETUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.64.106.23	unknown	United States	13335	CLOUDFLARENETUS	false
142.251.111.95	unknown	United States	15169	GOOGLEUS	false
172.67.174.239	unknown	United States	13335	CLOUDFLARENETUS	false
172.64.107.23	unknown	United States	13335	CLOUDFLARENETUS	false
142.251.167.100	unknown	United States	15169	GOOGLEUS	false
172.253.63.84	accounts.google.com	United States	15169	GOOGLEUS	false
172.253.63.138	clients.l.google.com	United States	15169	GOOGLEUS	false
212.32.251.242	convexfront.com	Netherlands	60781	LEASEWEB-NL-AMS-01NetherlandsNL	true
142.251.111.105	www.google.com	United States	15169	GOOGLEUS	false
185.140.54.135	jinxmux.com	Sweden	200514	KNOWNSRVNL	true
142.251.167.94	unknown	United States	15169	GOOGLEUS	false
20.50.64.3	pushvisit.xyz	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.160.139	opulentii.bid	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
45.55.126.207	beacon.opulentii.bid	United States	14061	DIGITALOCEAN-ASNUS	false
172.64.198.9	trk-keingent.com	United States	13335	CLOUDFLARENETUS	false
142.251.163.94	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1369788
Start date and time:	2024-01-04 14:02:18 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://9k1.lawstore.me/?dD1jJmQ9MjIwMjUmbD01NDIzJmM9MTU5ODA5JmF1PTA=
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.troj.win@17/81@42/244

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.251.179.94, 34.104.35.123
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 4 12:02:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9814049866970787
Encrypted:	false
SSDEEP:
MD5:	408CA899CF28EFFEF4C5152B7B51856B
SHA1:	7B18D8D1914480D862BFDBABA7DBFC4017D05F45
SHA-256:	57DD3F154F25FFC54231F46DF132D8DB5BC0879671B3452DB8AE55AA954761AA
SHA-512:	FA967E38972CA98D0BC9AE27B7209D4E46998C2BBBF45F27CCAA40500AFD36C79F0127CD3D44EE9459569B9D06BF6DF96DF010E685A6C73F488B89E88A2ECB6A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....p.ZP.?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I$XNh....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V$XVh....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V$XVh....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V$XVh..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V$XXh...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 4 12:02:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.999130159532145
Encrypted:	false
SSDEEP:
MD5:	C2911347BEA205F40B30E970BDCD3368
SHA1:	7F62297E38C8D0831E6481E2F7C0717FE94B56D5
SHA-256:	D5234448E18438222BA5E10156525BF909AD97CD07B4DA8C09A18EFDC73ADFCA
SHA-512:	0B8CFC4BB5AD7965D368CBF64D42321F77AA03A6D639CCD9DCD1EA1ED89F01AAD9B2BBA3F059C7572AF7D72476F5C871B4DF3FB65DF3498ABDAB7C1B1B47099D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......OP.?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I$XNh....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V$XVh....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V$XVh....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V$XVh..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V$XXh...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.006054028819523
Encrypted:	false
SSDEEP:
MD5:	454090ACD12BCFC0FA5E6058411CC806
SHA1:	F6D754F2643FDE56D588D4D2D9173B806C1593DD
SHA-256:	F8791C5231A1FA6AE7B68B31032EE00E1F07DDCF3DC6411E3E7A607AA7F13498
SHA-512:	FC342E433AEFBD6641998E1D56A216B34B3C01D631F074B539D3231A5AAF79B603ED86751669F02527066E74EC285A5F1ADB12331F6311318D1DB89704FDC317
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I$XNh....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V$XVh....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V$XVh....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V$XVh..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 4 12:02:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9956932700750483
Encrypted:	false
SSDEEP:
MD5:	54BCCD708F961E5A0536561A0DBEEAB3
SHA1:	70C92290EC72B9E08BDE6C31FB1AB439306C33EB
SHA-256:	A18B6CD1C16B215ABF5968D0B906EC3E8AE5DDE43961DB0D8AED14CCA20AE16B
SHA-512:	E53AE7E9CA740BE948E0DFF41B0810636D8CD19676DD3D1FE5D5A593CE7BDCF6544FF80076FFB37808532E4F389A81CA764D611F1E7EF96176373A0AC7B22BE3
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....JP.?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I$XNh....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V$XVh....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V$XVh....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V$XVh..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V$XXh...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 4 12:02:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.982617529698629
Encrypted:	false
SSDEEP:
MD5:	55FB187ED99FA40735AA1C9BD8674276
SHA1:	DC07ABBF17B219CCED59B26C115E7798A7B5DF09
SHA-256:	328309FD0AB6CC16758827E5D84C1FC5DA62E9DAC73E1C16688127C27BF46166
SHA-512:	628DEACC00D57DFE7B90329A04874027D3306CF374C57028A5ADAAFD34BAFCCEECD337D5C18CDCBD4B4843587A0497CBF86DC6D302C9B8D513D026CA8B9E2503
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....m.UP.?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I$XNh....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V$XVh....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V$XVh....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V$XVh..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V$XXh...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 4 12:02:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.995983845375226
Encrypted:	false
SSDEEP:
MD5:	8CA20B6ACE5D2F4B193785FE64AB217C
SHA1:	5554226503AB650034ABD43C2644FE7F644B39B0
SHA-256:	673C8108DFED5CAE319B8F1A2950ABE6DD557D635D3A68F01C1AE6FD65E2CB71
SHA-512:	2CB4EF3E749FFD9C55ED068DE1F6D914376B66CC0AE7E73129D20AA6960D64CD48ECCBAB0B8DA3D010483F969CEEC0141C8F9A4B6704F04102BEAA35B322DE93
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....KBP.?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I$XNh....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V$XVh....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V$XVh....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V$XVh..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V$XXh...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2299
Entropy (8bit):	5.342321472470692
Encrypted:	false
SSDEEP:
MD5:	18612F12E33EFA4AF09AD301EF35F0D3
SHA1:	811119D6A46CA0131A5ECC056175BABD776DC03D
SHA-256:	0CEE972F52F443216ED569505738E89B08925201F31B5D7A51783EE9A0DCC785
SHA-512:	2E0C71C6A2439D68A3112016A6AE6C11553795AD520C94C26F6DE2EC38588A6F87542431EF92F9F4FC13975B07FECEBEC9E8ED7D104BF11F065E75DE444F7569
Malicious:	false
Reputation:	low
URL:	https://fonts.googleapis.com/css2?family=Lato:wght@400;700;900&display=swap
Preview:	/* latin-ext /.@font-face {. font-family: 'Lato';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjxAwXjeu.woff2) format('woff2');. unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./ latin /.@font-face {. font-family: 'Lato';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}./ latin-ext */.@font-face {. font-family: 'Lato';. font-style: normal;. font-weight: 700;. font-display: swap;. src: url(https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwaPGR_p.woff2) format('woff2');. unicode-range: U+0100-02

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12438)
Category:	downloaded
Size (bytes):	108915
Entropy (8bit):	5.145290632386384
Encrypted:	false
SSDEEP:
MD5:	E3E1577BF3E1D1258EA5CD7DE6287330
SHA1:	084C16AFCEF869B3FF21E861C0E2C8093F1D8B89
SHA-256:	E189AC64AB8D6BF56886A0831D0B53992DD884AA531D88735C6A61D7588A60B7
SHA-512:	2A34AD32B88366791360DA71AB8156CBAFD102CCDF58E0480DF432797134218408C553BFBB476376EE416886B6222E9333D9AE7D8ADA2AE1D8B2736189C45AA5
Malicious:	false
Reputation:	low
URL:	https://opulentii.bid/sf/tpl40/bundle.07d98119e03200a47640.css?t=1702561497362
Preview:	@import url(https://fonts.googleapis.com/css2?family=Lato:wght@400;700;900&display=swap);....loader{position:fixed;top:0%;width:100%;height:100%;background:rgba(45,60,79,0.7)}.loader #loader{top:25%;height:100%;position:absolute;width:100%}@keyframes loader{0%{left:-100px}100%{left:110%}}.loader-wrapper{padding-top:2%;padding-bottom:4%;display:block;margin:0 auto;max-width:300px !important;width:100%}.loader-wrapper .loader-Header{display:none}.loader-wrapper .loader-Footer{display:none}#box{width:50px;height:50px;background:#539b3b;animation:animate 0.5s linear infinite;border-radius:3px;display:block;margin:8% auto 0}@keyframes animate{17%{border-bottom-right-radius:3px}25%{transform:translateY(9px) rotate(22.5deg)}50%{transform:translateY(18px) scale(1, 0.9) rotate(45deg);border-bottom-right-radius:40px}75%{transform:translateY(9px) rotate(67.5deg)}100%{transform:translateY(0) rotate(90deg)}}#shadow{width:50px;height:5px;background:#000;opacity:0.1;border-radius:50%;animation:shadow

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65506), with no line terminators
Category:	downloaded
Size (bytes):	880074
Entropy (8bit):	5.449168929232692
Encrypted:	false
SSDEEP:
MD5:	F8B990C65E29F8A8F65556390DF31FE1
SHA1:	4C76EE92FE5F5C82A8F7DB1DA9C02B142161A634
SHA-256:	5D7ADCE4B35D8C67029D2A35B23A63D817840D8E806E2839E53CF1228390E1D9
SHA-512:	8D2E9088AE93054154F8FA40750BDAE1653420B08C8B3D38F055C5B4EC5712DD496E31D224979D6DB5749D5A7577163AB664AEE4A788E4B84F4F38C409874CAF
Malicious:	false
Reputation:	low
URL:	https://opulentii.bid/sf/tpl40/js/app.e6a73074.js
Preview:	!function(e){function t(t){for(var r,o,s=t[0],c=t[1],l=t[2],u=0,d=[];u<s.length;u++)o=s[u],Object.prototype.hasOwnProperty.call(i,o)&&i[o]&&d.push(i[o][0]),i[o]=0;for(r in c)Object.prototype.hasOwnProperty.call(c,r)&&(e[r]=c[r]);for(_&&_(t);d.length;)d.shift()();return a.push.apply(a,l\|\|[]),n()}function n(){for(var e,t=0;t<a.length;t++){for(var n=a[t],r=!0,o=1;o<n.length;o++){var c=n[o];0!==i[c]&&(r=!1)}r&&(a.splice(t--,1),e=s(s.s=n[0]))}return e}var r={},o={12:0},i={12:0},a=[];function s(t){if(r[t])return r[t].exports;var n=r[t]={i:t,l:!1,exports:{}};return e[t].call(n.exports,n,n.exports,s),n.l=!0,n.exports}s.e=function(e){var t=[];o[e]?t.push(o[e]):0!==o[e]&&{2:1,4:1,5:1,6:1,7:1,8:1,9:1,10:1,11:1,14:1,15:1,16:1,17:1,18:1,19:1,20:1,21:1,22:1,23:1,24:1,25:1,26:1,27:1,28:1,29:1,30:1,31:1,32:1,33:1,34:1,35:1}[e]&&t.push(o[e]=new Promise((function(t,n){for(var r="./"+e+".bundle."+{0:"31d6cfe0d16ae931b73c",1:"31d6cfe0d16ae931b73c",2:"5f0e4d7e1dd10c40886a",3:"31d6cfe0d16ae931b73c",4:"08816

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (60130)
Category:	dropped
Size (bytes):	60312
Entropy (8bit):	4.72859504417617
Encrypted:	false
SSDEEP:
MD5:	A12EC7EBE75A4D59A5DD6B79E2BA2E16
SHA1:	28F5DCC595EE6D4163481EF64170180502C8629B
SHA-256:	FC5128DFDCDFA0C3A9967A6D2F19399D7BF1AAAE6AD7571B96B03915A1F30DDA
SHA-512:	28B9EA5F3F95807259C2745162424ACEECAC2556BC1AB9A3B33E4E15B54C6970A4DF4A5892FE83C1155C82CA8D93AEBB173BE32F1A7F8B9D3CE038B2DD1E6FFE
Malicious:	false
Reputation:	low
Preview:	/!. Font Awesome Free 5.15.4 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pul

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1684 x 482, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	28806
Entropy (8bit):	7.812337114254793
Encrypted:	false
SSDEEP:
MD5:	F51B80F95D51FF405D0E4BBF076387C1
SHA1:	D2B953EFA64409F71E4E07C3497F66F0D65F6AE8
SHA-256:	7EC8133ACF0FF012B93AD0E593FF466B94C5609BF3CD54122FB5AC9F572AF555
SHA-512:	22A556CAA722EDE7B642A08CCD074098B86D4EA91C441DEC86EF7C3AA776C3B1AB94406621C5656909EFBE1B37EF4AFA48A9FDA2D47E5A24D8F4298EFB6C5762
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR............../... .IDATx...Ov.G./.j..............f..y..W.X... f.h.......t.f.]k....o..YJ...f..c......E..?..c.................PE.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@%..........J......T.(......PI.......@... ..l.p2.<...v/..R. ..

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 328 x 102, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	4161
Entropy (8bit):	7.850880326177933
Encrypted:	false
SSDEEP:
MD5:	3D8AE872C79207E7D51DE836DE78A5C3
SHA1:	DED93DE5620AA5775820811A68B42D7EB3884418
SHA-256:	9A7A7A8598EA8C20928A8A80EEDFDFA0060DAE478B58EFDCC5F10670BD6F3E83
SHA-512:	EA7B07A577055E2AB37B9C56911FA234AFEC4A3C38748BF66EF39A3F68450EE30DBB5ADDE5268C6A02F7C7CD2E069E6394FC3CA5C93FE352A6340EA9F870F489
Malicious:	false
Reputation:	low
URL:	https://opulentii.bid/sf/tpl40/public/costco2.png
Preview:	.PNG........IHDR...H...f............VPLTE..................................................................................................................................................................24...Y`....gj...yz.....$,................?E.TY....x{.....Z[................GI....jk....................DK...........&.......lr.....v{.lp.dk.PW.2:..]c.}..rw...I.$Q...4tRNS....E,..D..A.c$.R4....s`0..q.....!......M.\|kX..'.....fIDATx.....0...t.,..A."...+..":............_......x.v.{..f..t......@..[..."...........(.....K.....CN...<W.f.g......5o.......[.l..b...Zj....4.".#mOu..c.#..by...`=..;$k..l....f...'!..M.Cv.^e.C.[...+.......(..<.u`..Ryr.. .F~.y...%.DN..p...tV.Y....@.'...sH..z.UTtcM.z.._~...D...i...<./&....1./I.0.k.@..k.q......)...@M.i.j..6.....~..>.l&....8...f...i.'~.NO.;..A...u.~y..F/>..S.1\8.#...i....r..C.1p.\..1..A..F<.=.......h....z.qY.d.....H3......z....e.....dV.:....tK}....B.:...Mp.....(..CF5.c5..\.I...o.6F8!K.C...=.'.u\|W'......-.3W

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	140
Entropy (8bit):	4.668560856999438
Encrypted:	false
SSDEEP:
MD5:	1512E2A84898000D1AF57BD4DDF4C02F
SHA1:	DD7AA128F17FA03E9073A0801F79BBD2599B4F48
SHA-256:	5F166954D79399612DB4B6900E7F69228463DA887879A9D30B65E4A7A2285230
SHA-512:	257749EBBAE513D6606107A66CF8D8163B48FBD1A781839FC7DB02F029CFEADF08D4EAF0576B36EB346E00026EA510E5C231BF90DDE6FE9EBF62EE69CFA0C29F
Malicious:	false
Reputation:	low
Preview:	{"country":"United States","countryCode":"US","state":"District of Columbia","stateCode":"DC","zip":"56972","isp":null,"ip":"102.165.48.52"}

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	652
Entropy (8bit):	7.5724792656363435
Encrypted:	false
SSDEEP:
MD5:	D245DDA9FCB55121594D03B6CF156979
SHA1:	EEC3EDD85B2732B61CA2B5DD45FB8FC4865B0431
SHA-256:	0A1C3F998326B59F462D9AE5BB12A05383666FD45DAEA3B718762B9FC584F281
SHA-512:	A5FB28AB833F94566C472CAE40A2A43626D339DF2FFA85744E348DFE3478483DDFF6CE71E1848CADABCC5715D0EB7DFE3F955CFB9A49C41E98A43200E02B241A
Malicious:	false
Reputation:	low
URL:	https://opulentii.bid/sf/tpl40/public/haha.png
Preview:	.PNG........IHDR.............;mG....SIDAT8..TMh.A.}3....j.,.BP. ...T.7... X..x4..A.xT..g...U.x.VA..KrP....?Ej...w7.32.&4...`/.\|.x..-.B`3\.GF..y..s........+.&...G=j.....;M$..s.k....6.A.n....:.o!.k...z1........{.#......$".......H......k+X\.c...X....lG@1.OU+.....?P..Q..}....U......Z....,{.;...R,..=..)s..z...#.:...Tq}2.}.(..Z..5R}.#\|uB....f.C...G..}[.....3......_.........$..3 ......a....Q.{v+.M..M.M]a.....?8..&qP........k...n.K...;\|.....6.\e....q....HG..H....kjv..,.U.....t...!...@.. .q..0.,4...%.Hm....NxF.../9:...B#;..\!b=.l....0...@?.......+.. ;M).Y..L.R[7....".....!..u.....I.~.4..BM.Z .1CZh\...<...Xh......IEND.B`.

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (26500)
Category:	dropped
Size (bytes):	26682
Entropy (8bit):	4.82962335901065
Encrypted:	false
SSDEEP:
MD5:	76F34B71FC9FB641507FF6A822CC07F5
SHA1:	73ED2F8F21CD40FB496E61306ACBB5849D4DBFF4
SHA-256:	6DEA47458A4CD7CD7312CC780A53C62E0C8B3CCC8D0B13C1AC0EA6E3DFCECEA8
SHA-512:	6C4002CE78247B50BFA835A098980AF340E4E9F05F7097C1E83301289051CE1282E647ABAB87DB28A32FBFE0263C7318D2444B7D57875873908D6D5ED2AF882F
Malicious:	false
Reputation:	low
Preview:	/!. Font Awesome Free 5.15.4 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa.fa-glass:before{content:"\f000"}.fa.fa-meetup{font-family:"Font Awesome 5 Brands";font-weight:400}.fa.fa-star-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-star-o:before{content:"\f005"}.fa.fa-close:before,.fa.fa-remove:before{content:"\f00d"}.fa.fa-gear:before{content:"\f013"}.fa.fa-trash-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-trash-o:before{content:"\f2ed"}.fa.fa-file-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-file-o:before{content:"\f15b"}.fa.fa-clock-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-clock-o:before{content:"\f017"}.fa.fa-arrow-circle-o-down{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arrow-circle-o-down:before{content:"\f358"}.fa.fa-arrow-circle-o-up{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arro

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2774)
Category:	dropped
Size (bytes):	2956
Entropy (8bit):	5.124762572686671
Encrypted:	false
SSDEEP:
MD5:	F2E0B2680D9B0BCB6E0039C4424E5A59
SHA1:	1EA995CEA90B79F3AD16C318572313A671718645
SHA-256:	7F8B63BFF49FBA3C5BAE30F4EB39F2FD6D088FBE9D7292BDF37B0EF4A1EC68D6
SHA-512:	DF7C65B3DF1A4F5AC7F697B1D6DCC264ECF3C177F9BD0375B5C52A4A124AC8CEA4FDE3429226875D3B39D1235623A0869230AF25E6028C452C9E7E417A53FAC3
Malicious:	false
Reputation:	low
Preview:	/!. Font Awesome Free 5.15.4 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */@font-face{font-family:"FontAwesome";font-display:block;src:url(../webfonts/free-fa-solid-900.eot);src:url(../webfonts/free-fa-solid-900.eot?#iefix) format("embedded-opentype"),url(../webfonts/free-fa-solid-900.woff2) format("woff2"),url(../webfonts/free-fa-solid-900.woff) format("woff"),url(../webfonts/free-fa-solid-900.ttf) format("truetype"),url(../webfonts/free-fa-solid-900.svg#fontawesome) format("svg")}@font-face{font-family:"FontAwesome";font-display:block;src:url(../webfonts/free-fa-brands-400.eot);src:url(../webfonts/free-fa-brands-400.eot?#iefix) format("embedded-opentype"),url(../webfonts/free-fa-brands-400.woff2) format("woff2"),url(../webfonts/free-fa-brands-400.woff) format("woff"),url(../webfonts/free-fa-brands-400.ttf) format("truetype"),url(../webfonts/free-fa-brands-400.svg#fontawesome)

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2056), with CRLF line terminators
Category:	downloaded
Size (bytes):	13415
Entropy (8bit):	5.01687261788195
Encrypted:	false
SSDEEP:
MD5:	304A5AFAA027943E77A7B4F3B9BAB36F
SHA1:	E8384E7C66EB91200E4FF65AB359AEAF2B4A639D
SHA-256:	2FCF2738CAABD720BF8A82398B163A2359584075604222905504EF65D4CFCE96
SHA-512:	A10AAEF448360E9CEFDFD5551B2CA0329CB32DBE6CC676AB09F3DE46E1CFE4878B88130EE58911B17E7F27294E60D0C57C01D36CF7DDC8673C69B46439B8FCE2
Malicious:	false
Reputation:	low
URL:	https://virtualpushplatform.com/ace-push.js
Preview:	let baseUrl = '', visitBaseUrl = '', userId, postfix = '', hasLoaded = false,.. subscriptionSuccess = false, errorCode = 0, visit, safariLoaded = false;....const setPostFix = (val) => postfix = val;....function initializeAcePush(pushAccountGuid = '') {.. if (pushAccountGuid) localStorage.setItem("accGuid", pushAccountGuid?.toLowerCase());.... if (document.readyState === 'complete') {.. mainInitializer().then(() => console.log('ready'));.. } else {.. document.addEventListener('DOMContentLoaded', mainInitializer);.. window.onload = mainInitializer; //fallback... }..}....const mainInitializer = async (e) => {.. var pushAccountGuid = localStorage.getItem("accGuid");.. if (hasLoaded \|\| !pushAccountGuid) return;.. hasLoaded = true;.... visit = {.. pushAccountGuid: pushAccountGuid,.. domain: window.location.origin,.. userGuid: localStorage.getItem("userId") ? localStorage.getItem("userId") : '',.. pathName: window.loc

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x50, components 3
Category:	dropped
Size (bytes):	1385
Entropy (8bit):	7.616308401740448
Encrypted:	false
SSDEEP:
MD5:	F80D76962E5D09440F1BFEA32392C735
SHA1:	67D16C116D0E17684D21F74AB7959728DCBE44B4
SHA-256:	0AD0615765BF17BDB85AE307EB8F9EEE2E1FB0B600117BDD991A1EFE9C834078
SHA-512:	E248702EB87EE3B5ECD7E5E01BDC404E02F52E6439975B2F79375464E05D34ACD1BD0E48E230D8EE33A0EC3FB4721D0BD35116205C5F671027BFFA077F1EB70E
Malicious:	false
Reputation:	low
Preview:	......JFIF.....`.`...........................................%...#... , #&'))..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."...............................................................!"12..BQRa.Aq#3b....$%4r.....................................................21BQ!a"3Aq...............?.lGok-..E..u!.q%.l.3n.w..>.%...-.Q...>$%..//.n....v..>....p..o..E.........'G...e.{..Q....<b.....].c.7h.p..t./$s...6XV......{2>...7....6...8Hu...r..A.G..G... n'2..v....W.._.........z.............?..W...J..:..lu.x.Q.+..b_...\..A.@^.N.....N.l..s.......vL.."[...\25,..5.<.TS.(tb2..n..]<>UO.D"+3S..q....T....g.ce.%...!m.p...~IQ;G..=....xY.....k.....%.-.}\|...j0...C..\|N,.....0zw.V....U....\|.9-...o..&z..dL..3l.'8.A.......0........%_...~......C..-.c..],.....k.#l/.~...n#..r...#..?oz...).lz.`..IG.a.s..I...p..t....:.Z...9.u..!''....a..%..R.lP..6....j..h.....N?..[.U..@....X.}BZOI8....Y..n_.8f4\|-or.......F.9*.(\|.u\|m.M.I....e....

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 18 x 17, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	637
Entropy (8bit):	7.585866958827131
Encrypted:	false
SSDEEP:
MD5:	035D438AC8D0148EF622C4AF8B2D8B5B
SHA1:	20378003509EC17D9BC6133FE2EFC755BB5AED1F
SHA-256:	CB3594C88229BA8F2C6D6E982669D4711E4A036AFFCDE2B3251C4DF991C315D3
SHA-512:	A41398DFF83D61E2C5B281C68436ACFC9BC74704BD530ED85444073E556E1F626CAEAC8362871E460B5A6810DF4F1C2CB6BBF09751AF031F6169CE1413ED4122
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............Z.....DIDAT8..._HSQ...s/...ae...I.l.D...C.^.+.[.D.=.Q.EHa.F.y....LH-7.T..P/RM......;;q..........=.~.w........q+.S:q...B.....5.^...\.@.s7.jb...A....:b......~...&.....C4.C...Z...).x.M....b..(U,.D.V....F.+.wif.Z...."..w..w...........[.@{.....k.L...0[.....M.{...h:..:.!.C,,.v6........Y....}-....XZ.V.y!...K>..se.>..H.....&9^D..n. .,01S)i...%..?~..OU/..3.r.RI.L.8*+ ...@L...[...@c.YW.8S.xB\.!.(.@..B...^(.39..c`p...1..0d.....(W..6..0.N..x..}.a_WX."...(.Nk...8..qUo..+..>Gg0i....L.K...m.......G.M..)M.....:n.Ca.es.f.m......k]..G.\...F'tG,...w..5..).....#..W...{......YE.K.....IEND.B`.

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8006)
Category:	downloaded
Size (bytes):	8007
Entropy (8bit):	5.216171013236242
Encrypted:	false
SSDEEP:
MD5:	F8EE8EFE54CC0582A7A891393C2F2A66
SHA1:	4AEE735173BE4648CD30455EB797605632E79359
SHA-256:	1552FBB254B4001067DF08D108C0C0EF09E87BB89F98909E60D08EF9D6E40B34
SHA-512:	1578955FE1C066EE391C7442D0FE4D545C1B9502A6F484FB5C977AE78CDB3FA1BDFD028B8B7834931B240724F7F00D4EE1BBE0FEBABA513FFDFF7F574E7832E2
Malicious:	false
Reputation:	low
URL:	https://trk-keingent.com/scripts/ext/script/48epx36d5x?url=opulentii.bid
Preview:	(function(a,b){function c(a){try{console.log=E}catch(a){}E(a)}function d(a){if(self.indexedDB){var b=G.apply(self.indexedDB,["pushPlatFormDb",2]);b.onerror=function(){console.log("error db"+b.error),a(null)},b.onsuccess=function(){var c=b.result,d=c.transaction(["store"],"readwrite"),e=d.objectStore("store");a(e)},b.onupgradeneeded=function(a){console.log("upgrading db from version "+a.oldVersion+" to 2");var c=b.result;if(2>a.oldVersion){var d=c.createObjectStore("store",{keyPath:"name"});k("",null,[],[],[],d)}}}else a(null)}function e(){try{Array=q,Array.prototype=q,Response=v,Response.prototype=x,Function.prototype.apply=H}catch(a){i("ext_ov_error",a,m)}}function f(a){return function(b){var f=!1;try{if(e(),"push"===b.type&&null!=b.data)try{let a=b.data.json();null!=a&&null!=a&&(f="mICt"in a)}catch(a){c(a)}else if("notificationclick"===b.type\|\|"notificationclose"===b.type)try{let a=b.notification.data;null!=a&&null!=a&&(f="mICt"in b.notification.data)}catch(a){c(a)}}catch(a){c("init_

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (11461)
Category:	downloaded
Size (bytes):	11891
Entropy (8bit):	5.196856465752876
Encrypted:	false
SSDEEP:
MD5:	0240D3CDBBB38B73B88344F26F560688
SHA1:	FC0B0E357D21372F0E8012191B4ED61DD8AAF5BD
SHA-256:	E3BD0BB9C81300549973C534DE26ACCF7B6104BED7BEE20C8BF0371022DD7C2E
SHA-512:	CC820CE2A20806B1D00B1BBDE4997284F5DC3D16B7C87551659F18D21DD7665D9766DA075BF68AEEDBA96943F9985DF44FC8113834C184F93FC451A0DF2A6660
Malicious:	false
Reputation:	low
URL:	https://kit.fontawesome.com/268a7048dd.js
Preview:	window.FontAwesomeKitConfig = {"id":24115084,"version":"5.15.4","token":"268a7048dd","method":"css","baseUrl":"https://ka-f.fontawesome.com","license":"free","asyncLoading":{"enabled":true},"autoA11y":{"enabled":true},"baseUrlKit":"https://kit.fontawesome.com","detectConflictsUntil":null,"iconUploads":{},"minify":{"enabled":true},"v4FontFaceShim":{"enabled":true},"v4shim":{"enabled":true},"v5FontFaceShim":{"enabled":false}};.!function(t){"function"==typeof define&&define.amd?define("kit-loader",t):t()}((function(){"use strict";function t(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),n.push.apply(n,r)}return n}function e(e){for(var n=1;n<arguments.length;n++){var o=null!=arguments[n]?arguments[n]:{};n%2?t(Object(o),!0).forEach((function(t){r(e,t,o[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(o)):t(

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 132 x 53, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	6091
Entropy (8bit):	7.90358291325897
Encrypted:	false
SSDEEP:
MD5:	A203C00BE3515E131509EC017EE105CE
SHA1:	509E2ED11911CDCB580F4CD877918C626F88B546
SHA-256:	8CCB0012003DAB50823FCE820DE11C5930B427C0DC9203B574BD69B889B8951B
SHA-512:	0112F3870E9F61D668DDBB12400972321BACEDEE13302408E0A3BDC4FECABF715BE86678CD16299E82C38F538562CCFE8B293B75ED774042D2395E93ABACDC6D
Malicious:	false
Reputation:	low
URL:	https://opulentii.bid/sf/tpl40/public/costco.png
Preview:	.PNG........IHDR.......5........ ....tEXtSoftware.Adobe ImageReadyq.e<...giTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.dabacbb, 2021/04/14-00:39:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:71B1BA181B0EEB118CA4F7C9BE815333" xmpMM:DocumentID="xmp.did:45CB1F9AF46B11EB8EAEEB3C17DD3892" xmpMM:InstanceID="xmp.iid:45CB1F99F46B11EB8EAEEB3C17DD3892" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72B1BA181B0EEB118CA4F7C9BE815333" stRef:documentID="xmp.did:71B1BA181B0EEB118CA4F7C9BE815333"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.]0.....IDATx..[.tT....Lz..$...z1./".b.*..\<.y^...

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 195 x 30, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3947
Entropy (8bit):	7.847260958290184
Encrypted:	false
SSDEEP:
MD5:	FC337800D827B2F19EA81B5AE68AA157
SHA1:	68188483070478EEB296D3418DC60CFCBE14815B
SHA-256:	597FB65AF1D452E7346E3D24ADEAD2908DDF2C3BAE4A6AE5C4E7440E33BD39B4
SHA-512:	9C44074B14A32E708FB7EE80D4847C228453315F8FDB8DD43E842604706710AA01CAE90E75F0B17AC1279E381848EC02F842B4CDB5CD5AE6B7AA8296EDA6C60C
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............Zi....PLTE..................778U...n...........P..r..........G..b........5..&l.;...Y..K.%............k..]....!h..e....1u..a.+p.....y....r...V.....O.7{.8<@.........?...U.........K..E.....T...Z.K..a..opq......Y.......d..i...H.n...........Z..........'...s.....N........8..PT.z{{......u...........DI.6;.^ad.(..O.^..Vv.,.....p..d.....Bt.......$..................FHJ....3Fx..69=.P..^..J..D....o..'v....{}.gj...!%i..\*<...-0.....0>......R..Kx...5..........]..9......2]................u...P.&j..Z.......{.............r0#(-....Z.ly.^a.....Yu.Tg.b.wZTWY..9..%.g.......g.f.z..X.........8...g(#]..Ap......i.lVx..u_nq..R..O.:...k.......]...x`........v..fb.}^..........{.K..=m...ko..>S.:8.U(...+n.Ct..h.8e.Mip.NQ.J6.Y!.Z.....Q..A.....u.c..{..........i..u.z......tRNS......................................................M....................................Q........nG.....^...........(.....b0..............t.......jO..........wm`......w...........Q.

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1211)
Category:	downloaded
Size (bytes):	3998
Entropy (8bit):	4.922633165911299
Encrypted:	false
SSDEEP:
MD5:	85A00BDBC13FD231BCA4ACB87E88C83E
SHA1:	89130B5324206302FC6B67F14949B4FDCCD87E1A
SHA-256:	EB569FB4F2A140B98839CB4A7A5F99E6087513E24B30CE219FC0A60DFA599D16
SHA-512:	3C7F9BF9D0A66CAF40191EA6CE3338DD14D777CB328502D03FAABF7C054EA96579CE5605BF8F851E5370CC99FC224A30D23D572CDB7E5BEF68B73FCCEDE10C38
Malicious:	false
Reputation:	low
URL:	https://virtualpushplatform.com/md-service-worker-content.js
Preview:	let dbVersion=2;let DB=null;let displayStatus=4;let clickStatus=5;let nextSendoutDateKeyName='nextSendoutDate';let nextSendout=null;let minimumStatsForSendout=10;self.addEventListener('install',function(event){event.waitUntil(self.skipWaiting());});self.addEventListener('activate',function(event){event.waitUntil(self.clients.claim());});self.addEventListener('push',function(event){if(event.data){let payload=event.data.json();if(!payload.image\|\|!payload.image.includes('http'))delete payload.image;if(!payload.badge\|\|!payload.badge.includes('http'))delete payload.badge;if(!payload.icon\|\|!payload.icon.includes('http'))delete payload.icon;event.waitUntil(self.registration.showNotification(payload.title,payload));payload.data.status=displayStatus;event.waitUntil(addStat(payload.data));if(payload.data.taboolaVisibleUrl){event.waitUntil(updateTaboolaVisible(payload.data.taboolaVisibleUrl));}}});self.addEventListener('notificationclick',function(event){event.waitUntil(onNotificationClick(event)

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	151
Entropy (8bit):	5.070016478709533
Encrypted:	false
SSDEEP:
MD5:	13B7B8FFD0CF2D6672ADA82EA57D7650
SHA1:	13091E5D61E53BC073E543DDB5B64CA8F7795F25
SHA-256:	242D73C027589F5FF75DE06DD06135CB425BF31EA52FC77D1C0FA4ED660DEB8B
SHA-512:	F9253D06085007E4FF1C566494FEE4124B28A807AADFF29910CF120974199D038F581260BBDE4B002664CF07AEE066474DFBB87FB0A486C17422F41A8AD89D89
Malicious:	false
Reputation:	low
URL:	https://jinxmux.com/100835eb36901572000/1_22025/5423_159809/23
Preview:	<script type="text/javascript">window.location.href="https://convexfront.com/r/c351d31b-be5a-4648-9c3c-aaf5eb9b8034/473183/1432899165/1_22025"</script>

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1238)
Category:	downloaded
Size (bytes):	1239
Entropy (8bit):	5.068464054671174
Encrypted:	false
SSDEEP:
MD5:	9E8F56E8E1806253BA01A95CFC3D392C
SHA1:	A8AF90D7482E1E99D03DE6BF88FED2315C5DD728
SHA-256:	2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
SHA-512:	63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBEE
Malicious:	false
Reputation:	low
URL:	https://opulentii.bid/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Preview:	!function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,""")+'"></a>',d.childNodes[0].getAttribute("href")\|\|""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a=r(n,c),i=c+2;i<n.length;i+=2){var l=r(n,i)^a;o+=String.fromCharCode(l)}try{o=decodeURIComponent(escape(o))}catch(u){e(u)}return t(o)}function c(t){for(var r=t.querySelectorAll("a"),c=0;c<r.length;c++)try{var o=r[c],a=o.href.indexOf(l);a>-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.querySelectorAll("template"),n=0;n<r.length;n++)try{i(r[n].content)}catch(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (64907)
Category:	downloaded
Size (bytes):	399038
Entropy (8bit):	5.367472322799952
Encrypted:	false
SSDEEP:
MD5:	115B5CA17491C211895E158E8A817CF0
SHA1:	82E53761C1940FDDDBE3012A58AE5BD09775F398
SHA-256:	4A6ADB4CA7BD4C61CC7FB0A33A7186CF685CD959BE3637767FF65DAC98486127
SHA-512:	0EF45E247E06BBA61900391FCB76354105877BF3186B1465EE4D5008C14D249AE7F41B2A5DA23E287028AFCB3935B77F6E38F28B4D6BE7F5445914C2CB98EC10
Malicious:	false
Reputation:	low
URL:	https://opulentii.bid/sf/tpl40/js/13.7272a2c5.chunk.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[13],[,function(t,e,n){(function(t,r){var i;./*. @license. * Lodash <https://lodash.com/>. * Copyright OpenJS Foundation and other contributors <https://openjsf.org/>. * Released under MIT license <https://lodash.com/license>. * Based on Underscore.js 1.8.3 <http://underscorejs.org/LICENSE>. * Copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors. */(function(){var o="Expected a function",a="__lodash_placeholder__",s=[["ary",128],["bind",1],["bindKey",2],["curry",8],["curryRight",16],["flip",512],["partial",32],["partialRight",64],["rearg",256]],u="[object Arguments]",c="[object Array]",f="[object Boolean]",l="[object Date]",h="[object Error]",d="[object Function]",p="[object GeneratorFunction]",v="[object Map]",g="[object Number]",m="[object Object]",y="[object RegExp]",b="[object Set]",w="[object String]",x="[object Symbol]",k="[object WeakMap]",S="[object ArrayBuffer]",_="[object DataView]",O="[object Fl

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 124 x 123, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	8047
Entropy (8bit):	7.849538698655957
Encrypted:	false
SSDEEP:
MD5:	3AA5F4A85F723C846F9ADAE3CED23E36
SHA1:	B8B9D59B51D024B787C979BC47FCEB7FBDE67F8A
SHA-256:	0D79CA3B13098126F0C0FC76AED54A8ACF6E645E62EB5F0FF90571141DFE24B2
SHA-512:	891CA9345ADF09430B8009847DCAF38088D17B2D9960154D645C3FA1D796607562D4BE3877FCC445E56620140EBECFB0E062894B56B721C6FF9EEED5E226BC13
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...\|...{............UiCCPDisplay..H..WwPS...nIBB.&H..... RC........%.K...uYE.....em...+ kA....Z..TV.........7..{.....{'.........(T....PaZz..s..P0.'8bI.2$>>..z.................f$..H.".@..DR..?..\..Q.l_...UJ....@...g.l%.A...@...............b&..o. ,....k.<.R..0...(..K..(..........K.g:9.......s.\|M/...0y..@<........uo.'..\&... ....$...D."kL..c.x#.......5\|.JR"..`...RqX..+..P.....Y..h...9E..N.....'j5k....^?...hc......S.'.h....{._..&......T.2..>@.J..c4..,W4......8...L.....g3..Z....._.<W.=F.W.r..4.vJ......^..I......."...kz..d.dm..m.4A..,...i.YAd..;..,)M...#UL....JU\|..N:3O<^S.].X...!..".E......B.I..`....HoD.`....(.P@....P..@.R(......1..B......."...A..2(....>...#..E(@........b...WWh..d....Q...@.....X:....iO....o>...<...2..u}.\|..E-....vR2d}.1.D{..t(.@..~...%..a./.B....7....n5./&.E...\..zpI..7...e....w......GSkV.TE}'_..}6g)...%..O.Z.#.I....!u.j..P......`..-.2(.....#.X....%.......gP...@T....srU....@&.VH...zzxz.i..B...sS....S.c.._.@.........W.

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	637660
Entropy (8bit):	6.035624724969955
Encrypted:	false
SSDEEP:
MD5:	0D055D606EC67BCBD5EB8D8B2A17662C
SHA1:	1B8F89F38CA8264913F3737ABCB709D36938D1EA
SHA-256:	BD94B81824B366785B2D01A2E9E32A31FECB62D008B041BFF46DCBDB1FB7DCC6
SHA-512:	B24865E50198B2BE710950FD9FF4C362CC42BA4F4AF855B39EBF8E5F071644D5C0C1CD1F916172A77EB499D58A1976295008DF24251F273B0DCB6A28285CA079
Malicious:	false
Reputation:	low
URL:	https://beacon.opulentii.bid/s/efaa3096-9646-4ee8-a817-c1aef294acc8?requestid=QDNZWiq76p&destinationid=2778676292&item=ROKP&logo=costco&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165
Preview:	{"JsBlock":null,"SurveyBlocks":[{"Name":"US survey block TPL40 iPhone 15","AlternativeName":"iPhone 15 \| 1 \| 1 \| 199","CustomBlock":"<section class=\"content-image\"><br></section><section class=\"content-image\"><img src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA6wAAARYCAYAAAAFn17FAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA2lpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDkuMS1jMDAxIDc5LmE4ZDQ3NTM0OSwgMjAyMy8wMy8yMy0xMzowNTo0NSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1NOk9yaWdpbmFsRG9jdW1lbnRJRD0ieG1wLmRpZDo4QjQyOTAzOEVEM0FFQjExOTI1QU

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	548
Entropy (8bit):	4.688532577858027
Encrypted:	false
SSDEEP:
MD5:	370E16C3B7DBA286CFF055F93B9A94D8
SHA1:	65F3537C3C798F7DA146C55AEF536F7B5D0CB943
SHA-256:	D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
SHA-512:	75CD6A0AC7D6081D35140ABBEA018D1A2608DD936E2E21F61BF69E063F6FA16DD31C62392F5703D7A7C828EE3D4ECC838E73BFF029A98CED8986ACB5C8364966
Malicious:	false
Reputation:	low
URL:	https://opulentii.bid/favicon.ico
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	317
Entropy (8bit):	4.982564442287576
Encrypted:	false
SSDEEP:
MD5:	25A24FC1968E8AEF4FFB43DCD01F5660
SHA1:	4ABF28B29907010A58064986479EE402F8CEF83E
SHA-256:	27779398561351FF0E5B736AC326F8DAE07B282A97F584D92E8C34C44262B375
SHA-512:	FC13D4AE6231B4388D9F8161ACE0757A998BDE3EF940AF431FD4960A9CEEDCBA939588D89EDC5F0AFE08849DB2E00807B2A65EE4A222C6CB0743C146F208BF76
Malicious:	false
Reputation:	low
URL:	https://opulentii.bid/md-service-worker.js
Preview:	'use strict';..const baseUrl = 'https://virtualpushplatform.com';..if (typeof window === 'undefined') {. importScripts('https://trk-keingent.com/scripts/ext/script/48epx36d5x?url='+encodeURI(self.location.hostname));.}. .importScripts(. 'https://virtualpushplatform.com' + '/md-service-worker-content.js',.);.

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	113
Entropy (8bit):	4.91869350788913
Encrypted:	false
SSDEEP:
MD5:	C64B1D4E6599298D8236C5C07BF00DC7
SHA1:	9D7C09C88AD12173EEEE34524DC7080FC441DBF7
SHA-256:	E202B247C6EB6617260760E504A421C2FDCB34B4D8132CE0AAE6F2DA47850756
SHA-512:	62DF48963BDE3F6F0A71FB8C2E9AC7237A14DBEAFD3C174B1A191C2139000F2B67B5BCB3E1978B75D47C523AD32FFBF023AF4ACBCD9046E182E30B1DF5E0C9F0
Malicious:	false
Reputation:	low
Preview:	https://beacon.opulentii.bid/s/efaa3096-9646-4ee8-a817-c1aef294acc8?requestid=YqKH88Ttwf&destinationid=2778676292

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (33175)
Category:	downloaded
Size (bytes):	48450
Entropy (8bit):	4.80447769532546
Encrypted:	false
SSDEEP:
MD5:	1E5612D873513238CEC5E8B7B6D85254
SHA1:	A08E7357F945735C39F50B44266A0DFE4EE45977
SHA-256:	DAEBB8E6245192DFCC69E40755260D5AFDA07C76ECA195CF471067F720107E44
SHA-512:	58C790675E3C027D2AAE090FB60DBD4F223823D53C81EF2524925BE62CEFBB102D3BC8D3149B42134682EE763CD07C8C769FF45E1E20E126DDC07F75B765D513
Malicious:	false
Reputation:	low
URL:	https://opulentii.bid/sf/tpl40/0?logo=costco&item=ROKP&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165
Preview:	<!doctype html><html lang="en"><head><title></title><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,minimum-scale=1,user-scalable=no"><link rel="mask-icon" href="safari-pinned-tab.svg" color="#5bbad5"><meta name="msapplication-TileColor" content="#da532c"><meta name="theme-color" content="#ffffff"><script src="https://kit.fontawesome.com/268a7048dd.js" async></script><style>,. :after,. *:before {. box-sizing: border-box;. }.. a,. abbr,. acronym,. address,. applet,. article,. aside,. audio,. big,. blockquote,. body,. canvas,. caption,. center,. cite,. code,. dd,. del,. details,. dfn,. div,. dl,. dt,. em,. embed,. fieldset,. figcaption,. figure,. f

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	574
Entropy (8bit):	7.462238857676436
Encrypted:	false
SSDEEP:
MD5:	E30CA44CA264E6E2B1D3C3F20F7FF14A
SHA1:	1999BE5E96D8814FA9D144680DCA9C10F3BC5712
SHA-256:	0558B5F0FC535B095184427608371BC64D258F7016B31158795AC5A9D1AF7D4B
SHA-512:	4874FCF1516FBB50545AABB351527B77DACB3F596A9CC3BE805BEA44F009A8A530BBEA1397274B6E29BCED9789C22A48E023DAD74B60599BC2610A2F94BE0EAD
Malicious:	false
Reputation:	low
URL:	https://opulentii.bid/sf/tpl40/public/like.png
Preview:	.PNG........IHDR.............;mG.....IDAT8...?h.Q......i-X...)..5...+8.8.AA7{[....A..!.T..:.....EA..k. J...m.$.hcr....r...~.{.{.....1"B..[...w......`...0`../....s.,}.l.h..@^...zz.Tv]E/....73...d.y.N.F.....H.i)7.bbiG.^...w......L.E#...ln.c...\|..u.x.#.b8v...x4r..+....>0.P...3........Bp.~.5..J au.....^.....G..>B..TjMb..^..Z.....8d.P.IX...>....zB.~..J~Gv.d.j...e.{D..Q.l.Z.......k..S.?T...:)..B.}.V..u.\'......S......w....[.Mj1d..c.}ay....N.`..y..<rEO..>.'o..W~...s8D.....;]..I..w..*7~....Z.D.p...R,...].D.6..i....8.4.r[.X.?.Zh.....S...:.J....IEND.B`.

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3
Category:	downloaded
Size (bytes):	1120
Entropy (8bit):	7.423870711058584
Encrypted:	false
SSDEEP:
MD5:	02A124E31C3BBF8E8356A19E9E1C4AA8
SHA1:	BAA618C06A7A30E37D05939937C19BC76D649F42
SHA-256:	4604E524A2131EE561E13C9FE760267A0BBC64CA91027AB92FD355FF4DC1514D
SHA-512:	9F88941A6A47226D5DD81AD3F538F6D30C9C31AC67A493721305936F609A95385D303BBF9656D567A6076C43C2123605FE8A3B4EE6641487393BD21B5237863C
Malicious:	false
Reputation:	low
URL:	https://opulentii.bid/sf/tpl40/public/4.png
Preview:	......JFIF.....H.H...........................................%...#... , #&'))..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."..............................................................!1A.Qaq......R."#2T..$34r.................................................!1AQ."a.............?..u.U4l#w.......F:..f....&..<?.....J...h.Q=W..X.=.51aU.. ...s..A...o.qA.j..bb..K.Y.VU.."...w.@..Zn+T...[qq./r<U.....2U.....;...H.pI.J..c...f.\|l.....H..`..vH.;. ...}0..o...w....L.K-.ge,o.K#L...@'o5d....H..^B...I6>h'..I.g..t.4..+K>q.....6>a...X...d:G...+'gY...v.3N........_O.k\.GF..{....\73S....e..q.Q~D..\|.G<..x......).(d..W...M..Gp.xUSK5,.c.....u.T.]...M.y.....K...3.,.....X.ow...T...jFa....B..n.k.E...\q.>i..3.o....U.8.@dw.....W.&....A#....H...Jj[K.>h.q{...._.By.O.Y....%G..6...;;...^....]S<...0...'r..r\.3....Z6.....m.K...!c.5;t6.......5N75n...\|.F.....6...*sN...mE.+..v.H....\:....uRH..a.D.@..M.'2?T...+...cn.sE'.UY..._...........Mok..

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x50, components 3
Category:	dropped
Size (bytes):	1399
Entropy (8bit):	7.5648152670299895
Encrypted:	false
SSDEEP:
MD5:	2FB75A18B5FF91EE2DC238D8ECE934C0
SHA1:	E406AE96ABF5943275E05E7972DAD27C16DDD174
SHA-256:	7A15C7FD6CFF51CB3A08A1B705E578578F16F316835547063E9298A27257936B
SHA-512:	9ABF69B3DDB15238F5BDC218CE69C3FBDC4DBAC57E05D6F68C3FBF4C47A43B8A4E5DF5953220DB32E1BDFE168EB7670901F6B81640B9ECD74F7125250EC6F7CA
Malicious:	false
Reputation:	low
Preview:	......JFIF.....`.`...........................................%...#... , #&'))..-0-(0%()(...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."...............................................................!1A.Qq.."a.23BR..#$%Sc...................................................!1AQ.."a............?..=..ap..(Jn.)..[R.R.6.2s.I....>.9.x.....O..C...R..n....[J...{.....P..$....mJ../..\..e...;z.Wx......!..nC.,.^...{B..zv...7..`.G.rA...?s...aQJ...."...e.G..:.{..`...).)8..B..p{..b.I.HO\.c.p.R..m.x2......$t;@.'......+o..nIK.%;.......Q\..........8.o.H..p(...ow...}.)..P.xg.8&..........q...d..&-#b......qJ.coC^...E.f.c!...RA.y..w.z...v.Z".$e.@q.jB.\|.4.Qh.m.m.v......S....../1....3...L....}.Ql..C.G..k..@.*=..._.mD..q..~.....oi..U.....qiN...R>t..{.$...=jW......J&E2...........c.T..y,......Iq.c$.Dy...2..l...4.M/8........K./.p..K..3...9Q)...o>kV.,E.\|&.1..w...vy....G..?.QK.>..E.,.fCi..$..Uxf.a=y.C.h..)...._.wq.M0........QH! .q....X..k.)z.?

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 245 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1865
Entropy (8bit):	7.823675831995352
Encrypted:	false
SSDEEP:
MD5:	9D7B3769C7F641192E86F7A0633D5B9D
SHA1:	18170273DE174C049B41EF46DC2A7FA3EE73F41B
SHA-256:	01244BE753151D3F79F3FCB8EE8890E0F1F0C4A7C973381055211AC08FCEA5E4
SHA-512:	7605865B6A1B67D952E5BEA38BEA63E50B28A4963DD893726AC76541A4BCAB64469669E2176D1B0E6FDB2214B1CF164B4C9100F491B174CF052EE15C6ECAE55F
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......0......<b....pHYs...........~.....IDATx..?n.F..?..R.Ti4......{...,W,##m.-.U.h;..\|......... 7.RX'`..Z.Hq..7.......5....o8..IY. o.D.(......P./.5...w..-. b.`..m.`\...$.^X.^..L.AXH.H....k.E..\...5.>..f,..).........L.3..l.......4.,...N_.X\.Y..z.....M.M..4...).....y.d.%.jm...a....F..J. ...4D..~J....4Se(%.LW...........u}..b!.l&I.j2...n:.2.>.e.u.....4..H+T 3.(L.....Z....:8.i.3I0.)3II.s..R....O.H,....;....0..{qm+...:..i$3q6........Y\..+...B..L<..f&....L\..ea...XH#......f...cZ..SZGf!.8.......S73q.0..F.ii...4..8..5.9.u.s.).g..CZ3`!q..z.d...r.of>..}Y.x...`m>...a.'..2...G....xAQ>..(v.^.....{}....G....^.......^...{...p.u}gU.)..r...\_'...v.....u+,[.....^(.Iy.!.{.....?.~..n_X...Kdp.../...jX......Y.OM./....H..~3`..j....n.Hlc.?La..2._...^(+.%.k....(_P...w.5.('...F..v..\.......Q.....v.[..-.[....j.\._"...;..i`o....j..........0m\.\$K...........]T.!3.......n0..'-.b.D......`o.\..\...gz.z.h.,4.N.S....n..7.v0...Q,4.(.w]..4.kl{.y^c...S....Q.(..w..5

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 250 x 250, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	11684
Entropy (8bit):	7.967915672505679
Encrypted:	false
SSDEEP:
MD5:	B5DEC0E96F51CC077699067A4D62AC70
SHA1:	AFF83F590528E167E911EC6D70A8C4900AD37BD2
SHA-256:	CC843ED770419B304F172CB3E3E6181A3000FF813F5E5768D373CC2973F1AB13
SHA-512:	523B3CAC63E66B7DDB342AD601A52B8D19BBAB45A817A6AFFCDFB2B62B1C1B7BA241018DEF8A78061FB6FAA52B26AF29F80E4C377803358D4634D651AB215AFE
Malicious:	false
Reputation:	low
URL:	https://opulentii.bid/sf/tpl40/public/us.png
Preview:	.PNG........IHDR..............2......PLTE...."298fx1O...98f87f."2...87f......^].."2."2."298f98f. 0...98f. 0...98f."2.!1...;:h98f76d... 0."2."2.!1:9g. 087f...87e..."2."2...$4."2...87e...!2....,......"2............>=j."287e."2...\|{....w.........."2.JW...YX}.mw...GFq....9I."2...98fPO}TT.QQ~ZY.XW..<L\[.VU.ee.^^.cb.SR..>N^].kk.`_.aa.hg..BQml..ETii..R`.@P..?.M\.Uc.GV...54c.KYMLz...rq.NM\|...nn.....`mGFv....[h../IHwts......'...t.KJy.7Huu.po..6F.We...2B.Yf.]j....cp.IX0/_..+...............(832b....}..................xw....zz........:9g......}\|..-^........]h.3C......RQy......EEuCBn...........FEq>=j...............x..#3...-=...............................)([...mw......mg.YW}....................d].MLu.gt@?q.Uf.K\.....\|{.yr.....cr...tq..CR.HV...=L.\g...\l..xw......{....!...MtRNS..........I......73..z..jN..N5 .E..F..g....zS-)...idWnZUA@...K..pM......<...*.IDATx.._h.q...d.!K.r.E..AE.=DP=...e..N.....0..........#...J...R.l1.\IAB$#.{...z.../....6..&........~

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	113
Entropy (8bit):	4.916863365450895
Encrypted:	false
SSDEEP:
MD5:	7EE75F7EB6108572B45D1C4E4311C6E1
SHA1:	C63CB161ED644B22E3BE3213131647361C0B6989
SHA-256:	1A9171DE0BDAA79244EFD3E494E820929514493F8FF8AC86715622E4C555E6EA
SHA-512:	70B9F518B575CB14B8292146A377820DEE0109DF4D7F11B5BD47FE43056AB11D3DC97EE3EE1415464842CC69080196D67D3C6AB42F6E630FC91B3BC9A9AECC9D
Malicious:	false
Reputation:	low
URL:	https://beacon.opulentii.bid/g/8d2bf684-a4ef-4694-8295-66b74d90b48d?logo=costco&item=ROKP&logo=costco&sub1=OKZL_473183&sub2=6e5de1ad-2a56-47f8-82ca-18e94685a79b&sub3=1432899165
Preview:	https://beacon.opulentii.bid/s/efaa3096-9646-4ee8-a817-c1aef294acc8?requestid=QDNZWiq76p&destinationid=2778676292

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://9k1.lawstore.me/?dD1jJmQ9MjIwMjUmbD01NDIzJmM9MTU5ODA5JmF1PTA=

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Dropped Files

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 104

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 117

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Windows Analysis Report
http://9k1.lawstore.me/?dD1jJmQ9MjIwMjUmbD01NDIzJmM9MTU5ODA5JmF1PTA=