Edit tour

Windows Analysis Report
https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsv8wkf5KqJBrRU0BwrMVAUIrJqz8cgREuX2fFzqVTxDu1IazrfbR0-y6jnq8sBLVml7nXLATUVDNFIud7Zj9gUld8tb1YDmBm8_4nkaH-ZIL8aGaDnbBLruzTbizt5JUJEUt6r5BHU74GBGOK_IWgcL6FJLgB33OrE&sai=AMfl-YR1r54e38VL2xpHCaqu-uWVLgpg7aKYaufdeXVCrBddleyhpnTm_3gSD-Jqm_9CJuop-Z58Cv9V

Overview

General Information

Sample URL:	https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsv8wkf5KqJBrRU0BwrMVAUIrJqz8cgREuX2fFzqVTxDu1IazrfbR0-y6jnq8sBLVml7nXLATUVDNFIud7Zj9gUld8tb1YDmBm8_4nkaH-ZIL8aGaDnbBLruzTbizt5JUJEUt6r5BHU74GBGOK_I
Analysis ID:	1374726

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Creates files inside the system directory

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 5568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsv8wkf5KqJBrRU0BwrMVAUIrJqz8cgREuX2fFzqVTxDu1IazrfbR0-y6jnq8sBLVml7nXLATUVDNFIud7Zj9gUld8tb1YDmBm8_4nkaH-ZIL8aGaDnbBLruzTbizt5JUJEUt6r5BHU74GBGOK_IWgcL6FJLgB33OrE&sai=AMfl-YR1r54e38VL2xpHCaqu-uWVLgpg7aKYaufdeXVCrBddleyhpnTm_3gSD-Jqm_9CJuop-Z58Cv9VUQJVn_8Mzuji1cb35e7ty6yugA&sig=Cg0ArKJSzAKZYqRjNwfSEAE&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&rm_eid=8338641&nx=199&ny=63&dim=728x90&adurl=https://click-west.acuityplatform.com/Adserver/landing%3Fetoken%3DMHZGKHnxVZJgOoHgAMMTAzNzI2MDQ2NTgyBw49-KU0DisrPAIOMJziAw4-xN54DjvswQEOPfikCg49-KBZDj34pg0AJDA2NjdCMkY5Mjg3Ny1BMDdCLUFCRDQtMkQzNy02MzA2NzVBNgkOPfiIBAAAAAA3G8_KBQAAAAActJIiRAABMAwABjkwMDY1MQsAAAAANi546ggAJUIzNDJDNjA1NzhCRDAtRTM2OS00NDQ0LTM0MDAtOEY0Qjg0NjZ7AAJuZRwACDE5ZjFiYmI2GwALZDE0MmFmYjJjODEaDj34pkMOPfinTwADQVNVUAACTElRAAdPR0FDSUhDUwAFOTI2MDZSAAAAADYq_oArAAEwLAAAJw49-KEoDj34pCkOPfinSQAMNjgyMjYzMzU2ODU4Kg49-KYtDj34pi4OPfimLwAGNDQyNzAzMAAGNDQyNzAzPQAlQjM0MkM2MDU3OEJEMC1FMzY5LTQ0NDQtMzQwMC04RjRCODQ2NmQOPfijZQ49-KdiDj34pmMOPeNMPwABMDcAADgAADUAC2QxNDJhZmIyYzgxDw49-KYVVrhPIhbWMDofGA49-KYZDj34phIOPfinEwABMBAOPfinTAAKMDUwLXJkYi1hbE0AJjEwNDg0MTYyNjEwNzFfNzM3MjY4NDQ1MTA3MV8wNTAtcmRiLWFsVA4-xN5LAAk2NjFkaWItYWxbDj34olUOPfinXQ49yTZeDj3ExF8OPW1uYA4_VXRhDjyHcnkOPIjnfw49-KRmABc5MDA2NTE6ZWNhMmY2ODFiMzA0MjZkNWoABjE1NDY5MmcAAAAANiqt-mgAAAAANir-6WkAAAAANir-6WwLI1_Y3y5e6XorbGKpawAAAAAbQqstdQAAAYwaQv_0bgALNTEsMjEsNjIsMzJxDj34pXIQYkm7rW2f4HcAcw49-Kd0Dj34pg%3D%3D%26jk%3D%26landingUrl%3Dhttps%3A%2F%2Fkpseatingsolutions.com?26utm_source%3Dacuityads%26utm_medium%3Ddisplay%26utm_campaign%3D23%26utm_content%3D728x90_CyberWeek%26utm_term%3DNOOFR%26dclid%3D%25edclid MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6984 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1996,i,4843620124523497752,8414167191099828768,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://kpseatingsolutions.com/?26utm_source=acuityads&utm_medium=display&utm_campaign=23&utm_content=728x90_CyberWeek&utm_term=NOOFR&dclid=?clid	HTTP Parser: Number of links: 0
Source: https://kpseatingsolutions.com/contacts.html	HTTP Parser: Number of links: 0

Source: https://kpseatingsolutions.com/?26utm_source=acuityads&utm_medium=display&utm_campaign=23&utm_content=728x90_CyberWeek&utm_term=NOOFR&dclid=?clid	HTTP Parser: Title: My General Blog does not match URL
Source: https://kpseatingsolutions.com/contacts.html	HTTP Parser: Title: My General Blog does not match URL

Source: https://kpseatingsolutions.com/index.html

HTTP Parser: No favicon

Source: https://kpseatingsolutions.com/?26utm_source=acuityads&utm_medium=display&utm_campaign=23&utm_content=728x90_CyberWeek&utm_term=NOOFR&dclid=?clid	HTTP Parser: No <meta name="author".. found
Source: https://kpseatingsolutions.com/contacts.html	HTTP Parser: No <meta name="author".. found

Source: https://kpseatingsolutions.com/?26utm_source=acuityads&utm_medium=display&utm_campaign=23&utm_content=728x90_CyberWeek&utm_term=NOOFR&dclid=?clid	HTTP Parser: No <meta name="copyright".. found
Source: https://kpseatingsolutions.com/contacts.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49775 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25

Source: unknown

DNS traffic detected: queries for: adclick.g.doubleclick.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49775 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_5568_1244667092

Source: classification engine

Classification label: clean2.win@14/66@16/75

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsv8wkf5KqJBrRU0BwrMVAUIrJqz8cgREuX2fFzqVTxDu1IazrfbR0-y6jnq8sBLVml7nXLATUVDNFIud7Zj9gUld8tb1YDmBm8_4nkaH-ZIL8aGaDnbBLruzTbizt5JUJEUt6r5BHU74GBGOK_IWgcL6FJLgB33OrE&sai=AMfl-YR1r54e38VL2xpHCaqu-uWVLgpg7aKYaufdeXVCrBddleyhpnTm_3gSD-Jqm_9CJuop-Z58Cv9VUQJVn_8Mzuji1cb35e7ty6yugA&sig=Cg0ArKJSzAKZYqRjNwfSEAE&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&rm_eid=8338641&nx=199&ny=63&dim=728x90&adurl=https://click-west.acuityplatform.com/Adserver/landing%3Fetoken%3DMHZGKHnxVZJgOoHgAMMTAzNzI2MDQ2NTgyBw49-KU0DisrPAIOMJziAw4-xN54DjvswQEOPfikCg49-KBZDj34pg0AJDA2NjdCMkY5Mjg3Ny1BMDdCLUFCRDQtMkQzNy02MzA2NzVBNgkOPfiIBAAAAAA3G8_KBQAAAAActJIiRAABMAwABjkwMDY1MQsAAAAANi546ggAJUIzNDJDNjA1NzhCRDAtRTM2OS00NDQ0LTM0MDAtOEY0Qjg0NjZ7AAJuZRwACDE5ZjFiYmI2GwALZDE0MmFmYjJjODEaDj34pkMOPfinTwADQVNVUAACTElRAAdPR0FDSUhDUwAFOTI2MDZSAAAAADYq_oArAAEwLAAAJw49-KEoDj34pCkOPfinSQAMNjgyMjYzMzU2ODU4Kg49-KYtDj34pi4OPfimLwAGNDQyNzAzMAAGNDQyNzAzPQAlQjM0MkM2MDU3OEJEMC1FMzY5LTQ0NDQtMzQwMC04RjRCODQ2NmQOPfijZQ49-KdiDj34pmMOPeNMPwABMDcAADgAADUAC2QxNDJhZmIyYzgxDw49-KYVVrhPIhbWMDofGA49-KYZDj34phIOPfinEwABMBAOPfinTAAKMDUwLXJkYi1hbE0AJjEwNDg0MTYyNjEwNzFfNzM3MjY4NDQ1MTA3MV8wNTAtcmRiLWFsVA4-xN5LAAk2NjFkaWItYWxbDj34olUOPfinXQ49yTZeDj3ExF8OPW1uYA4_VXRhDjyHcnkOPIjnfw49-KRmABc5MDA2NTE6ZWNhMmY2ODFiMzA0MjZkNWoABjE1NDY5MmcAAAAANiqt-mgAAAAANir-6WkAAAAANir-6WwLI1_Y3y5e6XorbGKpawAAAAAbQqstdQAAAYwaQv_0bgALNTEsMjEsNjIsMzJxDj34pXIQYkm7rW2f4HcAcw49-Kd0Dj34pg%3D%3D%26jk%3D%26landingUrl%3Dhttps%3A%2F%2Fkpseatingsolutions.com?26utm_source%3Dacuityads%26utm_medium%3Ddisplay%26utm_campaign%3D23%26utm_content%3D728x90_CyberWeek%26utm_term%3DNOOFR%26dclid%3D%25edclid
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1996,i,4843620124523497752,8414167191099828768,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1996,i,4843620124523497752,8414167191099828768,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsv8wkf5KqJBrRU0BwrMVAUIrJqz8cgREuX2fFzqVTxDu1IazrfbR0-y6jnq8sBLVml7nXLATUVDNFIud7Zj9gUld8tb1YDmBm8_4nkaH-ZIL8aGaDnbBLruzTbizt5JUJEUt6r5BHU74GBGOK_IWgcL6FJLgB33OrE&sai=AMfl-YR1r54e38VL2xpHCaqu-uWVLgpg7aKYaufdeXVCrBddleyhpnTm_3gSD-Jqm_9CJuop-Z58Cv9VUQJVn_8Mzuji1cb35e7ty6yugA&sig=Cg0ArKJSzAKZYqRjNwfSEAE&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&rm_eid=8338641&nx=199&ny=63&dim=728x90&adurl=https://click-west.acuityplatform.com/Adserver/landing%3Fetoken%3DMHZGKHnxVZJgOoHgAMMTAzNzI2MDQ2NTgyBw49-KU0DisrPAIOMJziAw4-xN54DjvswQEOPfikCg49-KBZDj34pg0AJDA2NjdCMkY5Mjg3Ny1BMDdCLUFCRDQtMkQzNy02MzA2NzVBNgkOPfiIBAAAAAA3G8_KBQAAAAActJIiRAABMAwABjkwMDY1MQsAAAAANi546ggAJUIzNDJDNjA1NzhCRDAtRTM2OS00NDQ0LTM0MDAtOEY0Qjg0NjZ7AAJuZRwACDE5ZjFiYmI2GwALZDE0MmFmYjJjODEaDj34pkMOPfinTwADQVNVUAACTElRAAdPR0FDSUhDUwAFOTI2MDZSAAAAADYq_oArAAEwLAAAJw49-KEoDj34pCkOPfinSQAMNjgyMjYzMzU2ODU4Kg49-KYtDj34pi4OPfimLwAGNDQyNzAzMAAGNDQyNzAzPQAlQjM0MkM2MDU3OEJEMC1FMzY5LTQ0NDQtMzQwMC04RjRCODQ2NmQOPfijZQ49-KdiDj34pmMOPeNMPwABMDcAADgAADUAC2QxNDJhZmIyYzgxDw49-KYVVrhPIhbWMDofGA49-KYZDj34phIOPfinEwABMBAOPfinTAAKMDUwLXJkYi1hbE0AJjEwNDg0MTYyNjEwNzFfNzM3MjY4NDQ1MTA3MV8wNTAtcmRiLWFsVA4-xN5LAAk2NjFkaWItYWxbDj34olUOPfinXQ49yTZeDj3ExF8OPW1uYA4_VXRhDjyHcnkOPIjnfw49-KRmABc5MDA2NTE6ZWNhMmY2ODFiMzA0MjZkNWoABjE1NDY5MmcAAAAANiqt-mgAAAAANir-6WkAAAAANir-6WwLI1_Y3y5e6XorbGKpawAAAAAbQqstdQAAAYwaQv_0bgALNTEsMjEsNjIsMzJxDj34pXIQYkm7rW2f4HcAcw49-Kd0Dj34pg%3D%3D%26jk%3D%26landingUrl%3Dhttps%3A%2F%2Fkpseatingsolutions.com?26utm_source%3Dacuityads%26utm_medium%3Ddisplay%26utm_campaign%3D23%26utm_content%3D728x90_CyberWeek%26utm_term%3DNOOFR%26dclid%3D%25edclid	0%	Avira URL Cloud	safe
https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsv8wkf5KqJBrRU0BwrMVAUIrJqz8cgREuX2fFzqVTxDu1IazrfbR0-y6jnq8sBLVml7nXLATUVDNFIud7Zj9gUld8tb1YDmBm8_4nkaH-ZIL8aGaDnbBLruzTbizt5JUJEUt6r5BHU74GBGOK_IWgcL6FJLgB33OrE&sai=AMfl-YR1r54e38VL2xpHCaqu-uWVLgpg7aKYaufdeXVCrBddleyhpnTm_3gSD-Jqm_9CJuop-Z58Cv9VUQJVn_8Mzuji1cb35e7ty6yugA&sig=Cg0ArKJSzAKZYqRjNwfSEAE&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&rm_eid=8338641&nx=199&ny=63&dim=728x90&adurl=https://click-west.acuityplatform.com/Adserver/landing%3Fetoken%3DMHZGKHnxVZJgOoHgAMMTAzNzI2MDQ2NTgyBw49-KU0DisrPAIOMJziAw4-xN54DjvswQEOPfikCg49-KBZDj34pg0AJDA2NjdCMkY5Mjg3Ny1BMDdCLUFCRDQtMkQzNy02MzA2NzVBNgkOPfiIBAAAAAA3G8_KBQAAAAActJIiRAABMAwABjkwMDY1MQsAAAAANi546ggAJUIzNDJDNjA1NzhCRDAtRTM2OS00NDQ0LTM0MDAtOEY0Qjg0NjZ7AAJuZRwACDE5ZjFiYmI2GwALZDE0MmFmYjJjODEaDj34pkMOPfinTwADQVNVUAACTElRAAdPR0FDSUhDUwAFOTI2MDZSAAAAADYq_oArAAEwLAAAJw49-KEoDj34pCkOPfinSQAMNjgyMjYzMzU2ODU4Kg49-KYtDj34pi4OPfimLwAGNDQyNzAzMAAGNDQyNzAzPQAlQjM0MkM2MDU3OEJEMC1FMzY5LTQ0NDQtMzQwMC04RjRCODQ2NmQOPfijZQ49-KdiDj34pmMOPeNMPwABMDcAADgAADUAC2QxNDJhZmIyYzgxDw49-KYVVrhPIhbWMDofGA49-KYZDj34phIOPfinEwABMBAOPfinTAAKMDUwLXJkYi1hbE0AJjEwNDg0MTYyNjEwNzFfNzM3MjY4NDQ1MTA3MV8wNTAtcmRiLWFsVA4-xN5LAAk2NjFkaWItYWxbDj34olUOPfinXQ49yTZeDj3ExF8OPW1uYA4_VXRhDjyHcnkOPIjnfw49-KRmABc5MDA2NTE6ZWNhMmY2ODFiMzA0MjZkNWoABjE1NDY5MmcAAAAANiqt-mgAAAAANir-6WkAAAAANir-6WwLI1_Y3y5e6XorbGKpawAAAAAbQqstdQAAAYwaQv_0bgALNTEsMjEsNjIsMzJxDj34pXIQYkm7rW2f4HcAcw49-Kd0Dj34pg%3D%3D%26jk%3D%26landingUrl%3Dhttps%3A%2F%2Fkpseatingsolutions.com?26utm_source%3Dacuityads%26utm_medium%3Ddisplay%26utm_campaign%3D23%26utm_content%3D728x90_CyberWeek%26utm_term%3DNOOFR%26dclid%3D%25edclid	1%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
click-west.acuityplatform.com	0%	Virustotal		Browse
kpseatingsolutions.com	0%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
adclick.g.doubleclick.net	142.251.167.154	true	false		high
accounts.google.com	142.250.31.84	true	false		high
kpseatingsolutions.com	95.183.11.171	true	false	0%, Virustotal, Browse	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false		high
www.google.com	172.253.63.103	true	false		high
click-west.acuityplatform.com	69.90.133.56	true	false	0%, Virustotal, Browse	unknown
clients.l.google.com	172.253.122.138	true	false		high
clients2.google.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Reputation
https://kpseatingsolutions.com/?26utm_source=acuityads&utm_medium=display&utm_campaign=23&utm_content=728x90_CyberWeek&utm_term=NOOFR&dclid=?clid	false	unknown
https://kpseatingsolutions.com/termsandconditions.html	false	unknown
https://kpseatingsolutions.com/1.html	false	unknown
https://kpseatingsolutions.com/4.html	false	unknown
https://kpseatingsolutions.com/index.html	false	unknown
https://kpseatingsolutions.com/contacts.html#	false	unknown
https://kpseatingsolutions.com/privacypolicy.html	false	unknown
https://kpseatingsolutions.com/termsandconditions.html#	false	unknown
https://kpseatingsolutions.com/contacts.html	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
172.253.122.138	clients.l.google.com	United States	15169	GOOGLEUS	false
95.183.11.171	kpseatingsolutions.com	Russian Federation	203226	IHCRUInternet-HostingLtdMoscowRussiaRU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.167.154	adclick.g.doubleclick.net	United States	15169	GOOGLEUS	false
69.90.133.56	click-west.acuityplatform.com	Canada	13768	COGECO-PEER1CA	false
172.253.63.94	unknown	United States	15169	GOOGLEUS	false
142.250.31.84	accounts.google.com	United States	15169	GOOGLEUS	false
172.253.63.103	www.google.com	United States	15169	GOOGLEUS	false
142.251.163.95	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1374726
Start date and time:	2024-01-15 13:28:57 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsv8wkf5KqJBrRU0BwrMVAUIrJqz8cgREuX2fFzqVTxDu1IazrfbR0-y6jnq8sBLVml7nXLATUVDNFIud7Zj9gUld8tb1YDmBm8_4nkaH-ZIL8aGaDnbBLruzTbizt5JUJEUt6r5BHU74GBGOK_IWgcL6FJLgB33OrE&sai=AMfl-YR1r54e38VL2xpHCaqu-uWVLgpg7aKYaufdeXVCrBddleyhpnTm_3gSD-Jqm_9CJuop-Z58Cv9VUQJVn_8Mzuji1cb35e7ty6yugA&sig=Cg0ArKJSzAKZYqRjNwfSEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&rm_eid=8338641&nx=199&ny=63&dim=728x90&adurl=https://click-west.acuityplatform.com/Adserver/landing%3Fetoken%3DMHZGKHnxVZJgOoHgAMMTAzNzI2MDQ2NTgyBw49-KU0DisrPAIOMJziAw4-xN54DjvswQEOPfikCg49-KBZDj34pg0AJDA2NjdCMkY5Mjg3Ny1BMDdCLUFCRDQtMkQzNy02MzA2NzVBNgkOPfiIBAAAAAA3G8_KBQAAAAActJIiRAABMAwABjkwMDY1MQsAAAAANi546ggAJUIzNDJDNjA1NzhCRDAtRTM2OS00NDQ0LTM0MDAtOEY0Qjg0NjZ7AAJuZRwACDE5ZjFiYmI2GwALZDE0MmFmYjJjODEaDj34pkMOPfinTwADQVNVUAACTElRAAdPR0FDSUhDUwAFOTI2MDZSAAAAADYq_oArAAEwLAAAJw49-KEoDj34pCkOPfinSQAMNjgyMjYzMzU2ODU4Kg49-KYtDj34pi4OPfimLwAGNDQyNzAzMAAGNDQyNzAzPQAlQjM0MkM2MDU3OEJEMC1FMzY5LTQ0NDQtMzQwMC04RjRCODQ2NmQOPfijZQ49-KdiDj34pmMOPeNMPwABMDcAADgAADUAC2QxNDJhZmIyYzgxDw49-KYVVrhPIhbWMDofGA49-KYZDj34phIOPfinEwABMBAOPfinTAAKMDUwLXJkYi1hbE0AJjEwNDg0MTYyNjEwNzFfNzM3MjY4NDQ1MTA3MV8wNTAtcmRiLWFsVA4-xN5LAAk2NjFkaWItYWxbDj34olUOPfinXQ49yTZeDj3ExF8OPW1uYA4_VXRhDjyHcnkOPIjnfw49-KRmABc5MDA2NTE6ZWNhMmY2ODFiMzA0MjZkNWoABjE1NDY5MmcAAAAANiqt-mgAAAAANir-6WkAAAAANir-6WwLI1_Y3y5e6XorbGKpawAAAAAbQqstdQAAAYwaQv_0bgALNTEsMjEsNjIsMzJxDj34pXIQYkm7rW2f4HcAcw49-Kd0Dj34pg%3D%3D%26jk%3D%26landingUrl%3Dhttps%3A%2F%2Fkpseatingsolutions.com?26utm_source%3Dacuityads%26utm_medium%3Ddisplay%26utm_campaign%3D23%26utm_content%3D728x90_CyberWeek%26utm_term%3DNOOFR%26dclid%3D%edclid
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@14/66@16/75

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 172.253.63.94, 34.104.35.123, 142.251.163.95, 172.253.115.95, 172.253.62.95, 172.253.122.95, 172.253.63.95, 142.251.167.95, 142.251.16.95
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, content-autofill.googleapis.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 15 11:29:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.981641369332239
Encrypted:	false
SSDEEP:
MD5:	4A44AECE50B85B36BE3735EA4F67360E
SHA1:	A69860E161400FBBE30D057BBCD8137CECC1ABC6
SHA-256:	E54428EB754681078BC6EAD9DA1F786FB8A8BE6786135993032969F486185609
SHA-512:	BD225006C63F274817554B1C0EA11E614818A7C9C4E843018680320F2B573BED833FA7028C17D6470C1F9E892EF02C29039BE0690712FBE29E84DB2DFDB2F4C0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......Q{.G..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/X.c....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/X.c....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/X.c....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/X.c..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/X.c...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............Hg.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 15 11:29:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.996853542069078
Encrypted:	false
SSDEEP:
MD5:	3D602A45D7E379D613CA3238FE42FECD
SHA1:	1EE10B9B11A4849F13A97D4FB31BE33F13B242B4
SHA-256:	69EE81A832405B406DC742DD8634452E6E7CE645005384ECFC915D8014374952
SHA-512:	F5158F7A607780D4F946E74CEFE1A922287E9E0303C47FBB9B757D0D91581AF852AE73CA4410D5DDF1BABB58F157B1BF28FBA1247E49FC51D947675EF054D02C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....E{.G..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/X.c....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/X.c....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/X.c....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/X.c..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/X.c...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............Hg.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.004809031641764
Encrypted:	false
SSDEEP:
MD5:	5EFD5EFA87C426DB6C65A52465F69F06
SHA1:	7AC6C8829FBF2982E326A368219656EE08AD1BA6
SHA-256:	6252AC217116DDA2D170AAD45D6BE733C13782F5362531096F9C581EAE35105E
SHA-512:	1A31C9086BD88CEBA92C73F822888184CD0A405F39A05559EBDEB1741FEEB73F4821CCFC903EBB5726FBF144F3401DCFB4EE011164FA6F19327240E8D6612CA0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/X.c....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/X.c....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/X.c....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/X.c..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............Hg.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 15 11:29:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.998224265570341
Encrypted:	false
SSDEEP:
MD5:	9BDB2B5AB95345C6D653B05953864348
SHA1:	64EACC5EFCA557C66E65AF4CCD5891B21FC35000
SHA-256:	287F4F937133D3A99D963DF72994B1F8ACE1E7F3B62D4E8507CFA75D19E9F5CF
SHA-512:	14DF4FB343FE5C832EF13E14942F80F83B6C881E36229DE2E361D5EF3A1E8A654F07229FA899EB5581AD9C69D1716F4A2AEE1E98D7AC1570BE8B543CBAA73C81
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......?{.G..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/X.c....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/X.c....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/X.c....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/X.c..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/X.c...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............Hg.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 15 11:29:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.984355348295342
Encrypted:	false
SSDEEP:
MD5:	7373C670D3C0DA1DF69E41BEF3C225F5
SHA1:	5B18FA50F67742FC652B74184DFBEBB1DA27ADEE
SHA-256:	C2B80C8805B765C8EC593A21C6CD494BF345EC98F88232648F767289C4182720
SHA-512:	11CB0B0B5D568B79E663515F1E15F233098A521EF1442CEDE3703BE10F30D6EF355BBF836F02C412454A8BD50FC59F5D7047C6B56AD460D3BFC33DE7A7D8F361
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....[.K{.G..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/X.c....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/X.c....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/X.c....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/X.c..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/X.c...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............Hg.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 15 11:29:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9931968733604295
Encrypted:	false
SSDEEP:
MD5:	9468CF757E904752D7E8DCCA50FFA208
SHA1:	E9B500A65D832A35670EEE4385EF771F27BCF3DE
SHA-256:	17D048B5419453564BF618F858383BC3BE0CA1F94F25EA5C65B2B1C16A335F90
SHA-512:	FFDA94919A039304D0159A7443FA4D66A9858FA5F0E6AEC5FC37FA111622FE46B72BDD38C693FDD7E6E61EAA10625CB920C1749C6B6088D3C6444059157544C6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....E.7{.G..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/X.c....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/X.c....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/X.c....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/X.c..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/X.c...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............Hg.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	8891
Entropy (8bit):	4.9024820549111
Encrypted:	false
SSDEEP:
MD5:	5B47BF9E1E45DA14AFBE9A6BF3C0ABEF
SHA1:	9B38DA50A61912CFE3B1A95C6D8A53645724906B
SHA-256:	8C3EF6223438AB2CD3F0599F64F39A6C3A3F72EFE8A40810E85DEEA167D70C1C
SHA-512:	4F443A4E0232E892D8BF716433EE7EBE391A35F6AB0DFD8DC15402B68B36D19999B6000E5EF7FF4CC48367DA5BD970E62129A8770FCA9EE38378F0EAF9190E63
Malicious:	false
Reputation:	low
URL:	https://kpseatingsolutions.com/1.html
Preview:	<!DOCTYPE html>..<html lang="en"> ..<head>.. <title>My General Blog</title>.. .. Meta -->.. <meta charset="utf-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta name="description" content="My General Blog">.. <link rel="shortcut icon" href="/assets/favicon.ico"> .. .. FontAwesome JS-->...<script defer src="assets/fontawesome/js/all.min.js"></script>.. .. Plugin CSS -->.. <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.14.2/styles/monokai-sublime.min.css">.. .. Theme CSS --> .. <link id="theme-style" rel="stylesheet" href="assets/css/theme-1.css">.. ....</head> ....<body>.. .. <header class="header text-center">. ... <h1 class="blog-name pt-lg-4 mb-0"><a class="no-text-decoration" href="index.html">My General Blog</a></h1>.. ... <nav class="navbar navbar-expand-lg navbar-dark"

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.208966082694623
Encrypted:	false
SSDEEP:
MD5:	DE62C38F72034B98A4DD0EE889FA945E
SHA1:	6172C865A04BC9C42244D0B5A4C0306F24AF2300
SHA-256:	6EAC02D8C92A8FABF7F90F041F0061CC1428D3B6CA5F71B221611B0B201EE1F7
SHA-512:	05D89FB31A592F03302DE1A93968C220003AE1CA46CC2BEA92D02378E38C27142E6BBEF94E143923904EECF2F1E106B427D9C9AD33E05581F6DF0E170D83C93B
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlCQVwKp07l2hIFDSeiuYgSBQ3GaLD8?alt=proto
Preview:	ChIKBw0normIGgAKBw3GaLD8GgA=

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	262
Entropy (8bit):	5.091485236788726
Encrypted:	false
SSDEEP:
MD5:	2CCBC71938AEBA4AD3AB8B91CAB8E317
SHA1:	E4F22E1E2691E7615E7373C751F71B5ECEA788B9
SHA-256:	B4C6E26CE02CECF8D32DD67008315C9C0074ED38F2C7623306D07C045321D00A
SHA-512:	5D2AE9004580A022BC0EA678B5577A9B664E5B3E5CBDF7EB677325F05E50E8A493F6954444BCF9CFB62D58AB0B7AA841CB2780682F4449D9CBAD071082FBBAEB
Malicious:	false
Reputation:	low
URL:	https://kpseatingsolutions.com/assets/js/blog.js
Preview:	"use strict";../* ======= Highlight.js Plugin ======= / ./ Ref: https://highlightjs.org/usage/ */ .document.addEventListener('DOMContentLoaded', (event) => {. document.querySelectorAll('pre code').forEach((block) => {. hljs.highlightBlock(block);. });.});

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 2048x1152, components 3
Category:	downloaded
Size (bytes):	712111
Entropy (8bit):	7.3750921392597455
Encrypted:	false
SSDEEP:
MD5:	1CE9202C330DED7D0C30D518BB26B855
SHA1:	4638B84CFF572E49E0AEC8BA787887FA0CDC23F7
SHA-256:	E5E8405A4A43B8452DB4DEDAB55E2651A9A774C1098000E16418DD4C8E8E07DD
SHA-512:	1277D1ABF976C9D858747A52B2230746876409203DB219A2A075515635FC46C42548FE8F99774C7EA200F79822C3CA4579BF8CDE943D348FE9EF1550A5E9BFCC
Malicious:	false
Reputation:	low
URL:	https://kpseatingsolutions.com/assets/images/blog/blog2.jpg
Preview:	......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...9................m.........}...?i...O......I.......>.c..\|.{.5...m....?...x............[.......Q......@......Yk.m...O.....?h.... .,.O........>.......8........N...i................Q4.l.L........mM.y.h....?.5VhL1....zb..&.......?.......2.......S................^?._......O.C.m....e.................]......?..Va...#....M..v...q.Oz..6..........(M..........m4?_

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59810)
Category:	downloaded
Size (bytes):	60089
Entropy (8bit):	5.1431619360113885
Encrypted:	false
SSDEEP:
MD5:	A08792F518B51F0F1422B5C96DF9EB8A
SHA1:	3F094F010BFB0C022A51B62778D4361D1CAD3FD6
SHA-256:	5C36E28C9A7BD864B673E223DB7E1934923227536FFBDF871F58B6F09B9AC8C9
SHA-512:	6BA72D23AC35920DC9E1D4A39271E3DDA58B11B8E2B405C08CB0D1531A36C326260C545CCF6449B90AF93372ADF0EFD3B544A9F27DAB032697632D6C8E82A6AD
Malicious:	false
Reputation:	low
URL:	https://kpseatingsolutions.com/assets/plugins/bootstrap/js/bootstrap.min.js
Preview:	/!. Bootstrap v5.0.2 (https://getbootstrap.com/). * Copyright 2011-2021 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e(require("@popperjs/core")):"function"==typeof define&&define.amd?define(["@popperjs/core"],e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).bootstrap=e(t.Popper)}(this,(function(t){"use strict";function e(t){if(t&&t.__esModule)return t;var e=Object.create(null);return t&&Object.keys(t).forEach((function(s){if("default"!==s){var i=Object.getOwnPropertyDescriptor(t,s);Object.defineProperty(e,s,i.get?i:{enumerable:!0,get:function(){return t[s]}})}})),e.default=t,Object.freeze(e)}var s=e(t);const i={find:(t,e=document.documentElement)=>[].concat(...Element.prototype.querySelectorAll.call(e,t)),findOne:(t,e=document.documentElement)=>Element.prototype.querySelector.c

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x720, components 3
Category:	downloaded
Size (bytes):	217066
Entropy (8bit):	7.285960780249254
Encrypted:	false
SSDEEP:
MD5:	647B7025F83C2EDA39BFA6D19BF3EBA1
SHA1:	171236748613788F8B3228B83A2C830E26250CEA
SHA-256:	08AC65040AECD3D77CD38028D6DBC508C244851A6DA2B66FFE329D5359CB98DB
SHA-512:	51F6657B41CBB58993D538E7A1DF7D90C40C5DF86609C45689F01FD12CEF10D58C1FB9A781DF698886B868D9C81CCD6AB6EF6C20706AFE327124754301768A2D
Malicious:	false
Reputation:	low
URL:	https://kpseatingsolutions.com/assets/images/blog/blog1.jpg
Preview:	......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...?.+..d....&...S....A.....k....RiT.......2........sG.2........s@.2._K../.J....c......%..wH........\|.E}).....7....9_.&..e............4..]....2...xo..."..e.......E.\|.E}....../..7........9.K.........\|.E}......?..7..G.T.............4.......>x......l...................to....&..._.........>x................cG.3..<7........_...x-.._...?............../..7.............

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65350)
Category:	downloaded
Size (bytes):	1195450
Entropy (8bit):	4.294036922809314
Encrypted:	false
SSDEEP:
MD5:	C05471E32E0EF2EDF9661706C79885E6
SHA1:	73BB8A639D443300B5516E43135733815A668921
SHA-256:	BB5D7F5D023603A9A95DAD23D69D25D14A4EDD9BA2313227194A9A4F62BD6564
SHA-512:	4577FE4120C2510B39BB044A683A17B79E63CA06599B657EF9651976E694FD48BFF441A9DDFFF629955A8456412861F4B3BEF8B1DDC79AB854CBE4A038540B55
Malicious:	false
Reputation:	low
URL:	https://kpseatingsolutions.com/assets/fontawesome/js/all.min.js
Preview:	/!. Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.!function(){"use strict";var c={},l={};try{"undefined"!=typeof window&&(c=window),"undefined"!=typeof document&&(l=document)}catch(c){}var h=(c.navigator\|\|{}).userAgent,z=void 0===h?"":h,a=c,v=l,m=(a.document,!!v.documentElement&&!!v.head&&"function"==typeof v.addEventListener&&v.createElement,~z.indexOf("MSIE")\|\|z.indexOf("Trident/"),"___FONT_AWESOME___"),e=function(){try{return!0}catch(c){return!1}}();var s=a\|\|{};s[m]\|\|(s[m]={}),s[m].styles\|\|(s[m].styles={}),s[m].hooks\|\|(s[m].hooks={}),s[m].shims\|\|(s[m].shims=[]);var t=s[m];function M(c,z){var l=(2<arguments.length&&void 0!==arguments[2]?arguments[2]:{}).skipHooks,h=void 0!==l&&l,a=Object.keys(z).reduce(function(c,l){var h=z[l];return!!h.icon?c[h.iconName]=h.icon:c[l]=h,c},{});"function"!=typeof t.hooks.addPack\|\|h?t.styles[c]=function(a){for(var c=1;c

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	downloaded
Size (bytes):	1150
Entropy (8bit):	2.3855052534391206
Encrypted:	false
SSDEEP:
MD5:	11718CF91D8123EE1945C878A31DF6D0
SHA1:	795FE654C19CF00D899E9F929C5F2DD8B52A9AB7
SHA-256:	4E9E94FE6AA7FE61E04B3AE5A311A9DD5E80A086F4BF0BCFA7464CF4231510D8
SHA-512:	84A228E1B9E6D0924D123EEE4AFE8D8341315D75EB87DFAB47E240168B81CE44C7FB3231A1C32071410637CED26398850038CF72260E52B4DFC61036853B3E25
Malicious:	false
Reputation:	low
URL:	https://kpseatingsolutions.com/assets/favicon.ico
Preview:	............ .h.......(....... ..... ........................................................................................................................................................................................................................................................q...n.......................................................r...........o...............................................o...................k.......................................k...........................g...............................Z...................................V.......................................................................................P...........................................M...................P...........................................L....................................""". ............................................3HHH.&&&.ddd.........bbb.&&&.HHH....2......................................................................................................................

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65326)
Category:	downloaded
Size (bytes):	182336
Entropy (8bit):	5.071107580401599
Encrypted:	false
SSDEEP:
MD5:	F5CA512D041D86867A14E6E8FB2E8860
SHA1:	19973599F19D0305D183EB4C325762A1E5505BBD
SHA-256:	0271B3D6EEBD709D55163B02BDE95AFF90A3516918DD7678F6359AC61DC131FC
SHA-512:	B525323E10FA7441E0915D07552E694A9B4FCD5F30A0ABFEC5E671264B6184924B566FA945623F44822665E983ADF2349B34235F1E8EE00F2563B3DEDAF257E5
Malicious:	false
Reputation:	low
URL:	https://kpseatingsolutions.com/assets/css/theme-1.css
Preview:	/!. Bootstrap v5.0.2 (https://getbootstrap.com/). * Copyright 2011-2021 The Bootstrap Authors. * Copyright 2011-2021 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */:root{--bs-blue: #0d6efd;--bs-indigo: #6610f2;--bs-purple: #6f42c1;--bs-pink: #d63384;--bs-red: #dc3545;--bs-orange: #fd7e14;--bs-yellow: #ffc107;--bs-green: #198754;--bs-teal: #20c997;--bs-cyan: #0dcaf0;--bs-white: #fff;--bs-gray: #767676;--bs-gray-dark: #434343;--bs-primary: #5FCB71;--bs-secondary: #4f4f4f;--bs-success: #198754;--bs-info: #0dcaf0;--bs-warning: #ffc107;--bs-danger: #dc3545;--bs-light: #c2c2c2;--bs-dark: #292929;--bs-font-sans-serif: system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", "Liberation Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";--bs-font-monospace: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;--bs-gradient: linear-gradient(180

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1460)
Category:	downloaded
Size (bytes):	4958
Entropy (8bit):	4.82162144678434
Encrypted:	false
SSDEEP:
MD5:	ACF82EE47549FDC386D02768992A49AD
SHA1:	DE7B617C2D6C095FF286235E6CF64C328DA1A4BF
SHA-256:	CD0D0B6E50FF01FF2F3A9A70D7CFB66A7C6CB9ACF7A566325568BE6D3BD31FC4
SHA-512:	2D0F7B71A99AAFF94E9624FF32A8DC42CE645A0CBA433FDC091CF34735027EFD1FA2DB024C2F591D768F426255F17BBF3D500B7C967B0437B3979956DFFA81C6
Malicious:	false
Reputation:	low
URL:	https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.1/cookieconsent.min.css
Preview:	.cc-window{opacity:1;-webkit-transition:opacity 1s ease;transition:opacity 1s ease}.cc-window.cc-invisible{opacity:0}.cc-animate.cc-revoke{-webkit-transition:transform 1s ease;-webkit-transition:-webkit-transform 1s ease;transition:-webkit-transform 1s ease;transition:transform 1s ease;transition:transform 1s ease,-webkit-transform 1s ease}.cc-animate.cc-revoke.cc-top{-webkit-transform:translateY(-2em);transform:translateY(-2em)}.cc-animate.cc-revoke.cc-bottom{-webkit-transform:translateY(2em);transform:translateY(2em)}.cc-animate.cc-revoke.cc-active.cc-top{-webkit-transform:translateY(0);transform:translateY(0)}.cc-animate.cc-revoke.cc-active.cc-bottom{-webkit-transform:translateY(0);transform:translateY(0)}.cc-revoke:hover{-webkit-transform:translateY(0);transform:translateY(0)}.cc-grower{max-height:0;overflow:hidden;-webkit-transition:max-height 1s;transition:max-height 1s}..cc-revoke,.cc-window{position:fixed;overflow:hidden;-webkit-box-sizing:border-box;box-sizing:border-box;font-

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 2400x1800, components 3
Category:	dropped
Size (bytes):	1316089
Entropy (8bit):	7.395124897441582
Encrypted:	false
SSDEEP:
MD5:	6E6FAB591E00B6EDB78E91AD357717D7
SHA1:	A71A73DA4FF2E0B79438ED9754919D559B8DFD4E
SHA-256:	C5B8F04930AB200DFD970CC847F03004DF24F2629390D1AC99A33E679238270F
SHA-512:	EC34566AAD0636C828C8ADADDBCDD6B6A59A9536C0B7B66F016E587C00FC0A9DF6AAE18D16A0E18A97503AAC49C9ED4ECC9C8F37516BD1B05E70D5C0454603F0
Malicious:	false
Reputation:	low
Preview:	......JFIF.....H.H.....C....................................................................C.........................................................................`.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...m7.g.'.....=k.m.....>....#.......?..f.....>..L~5.v#............/..y..:O...?.iG.....[...].6p...>....lCg.o...q.Q.........9}.o.Y.....}..........&[[o..W...O.^...d.....?J...._.L..&.....?Z>.....x0.wC....y...=?...O......w.&../.O...L.....".>......P.y.........=o...\.=.Gm........^c.y>_...._...[....R......<......%./?........?Z.......<......?.....7R...O..q....k....C..

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (922), with CRLF line terminators
Category:	downloaded
Size (bytes):	14037
Entropy (8bit):	4.795752928852013
Encrypted:	false
SSDEEP:
MD5:	9C79A826861705F700D9B87BE9462182
SHA1:	47D965993211916665A73E9C4CCD82CD579584F6
SHA-256:	807EFA873C144EE1E1D3C804BF565F1E44B58CC87FDD8CC31F61A85A4B5BCEB8
SHA-512:	75C1A6B5FA0ABD0DD6714263EC104246D0EAA3311A8A5444835CBFAE0CDFA05DA823ADDE2182395D8A59B94006B33DB4474C77402DD117728C147091A1E42956
Malicious:	false
Reputation:	low
URL:	https://kpseatingsolutions.com/termsandconditions.html
Preview:	<!DOCTYPE html>..<html lang="en"> ..<head>.. <title>My General Blog</title>.. .. Meta -->.. <meta charset="utf-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta name="description" content="My General Blog">.. <link rel="shortcut icon" href="/assets/favicon.ico"> .. .. FontAwesome JS-->...<script defer src="assets/fontawesome/js/all.min.js"></script>.. .. Plugin CSS -->.. <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.14.2/styles/monokai-sublime.min.css">.. .. Theme CSS --> .. <link id="theme-style" rel="stylesheet" href="assets/css/theme-1.css">.. ....</head> ....<body>.. .. <header class="header text-center">. ... <h1 class="blog-name pt-lg-4 mb-0"><a class="no-text-decoration" href="index.html">My General Blog</a></h1>.. ... <nav class="navbar navbar-expand-lg navbar-dark"

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 348x348, segment length 16, baseline, precision 8, 1920x979, components 3
Category:	dropped
Size (bytes):	623485
Entropy (8bit):	7.4597122798703595
Encrypted:	false
SSDEEP:
MD5:	912EB9ACD366F2A4BCED46BF73C70F72
SHA1:	96F45B12B9FB8CA1BC8B7C1192B0513F33EE843C
SHA-256:	D7D0F4D377056666FD64CA530BA07666CC0F58295947A26682ADA677CF5A1618
SHA-512:	5E657602966F295925047722F3D3AABF96626DA6A8E235C89945A4158F14A8666FD5915C712FB5821D0044023F7DDE5672D946B87AF53B04A12CB957DE9ADD22
Malicious:	false
Reputation:	low
Preview:	......JFIF.....\.\.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..c...7.?..b....+..o......._?........o.............EW......_......['.{...R.A....U.......b..G......P......g>.....I.M.....B...>............g.....z.........g..]..s.WA.{...j..3......O...._..Y..w..}.E...1.......9...?...,.?....:...{...j.].......]P..~........(..?{.s.QE.~......(......#.....Q.{...j.E......EX............b........Z..._.7...V.._.......#.....V.......}j0..O..1.

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (634), with CRLF line terminators
Category:	downloaded
Size (bytes):	10592
Entropy (8bit):	4.847810000225193
Encrypted:	false
SSDEEP:
MD5:	CB98FE904C7072B39DE7B118BC437B4F
SHA1:	4EBD26C2BDF2C540B79F97F95DE6E38F2FE892D9
SHA-256:	D89C89A6A6CC9E3587FA11EC19460624AB0FF46BAA61EF3AC30F7AF9DCB2300F
SHA-512:	19F2FA445DAD8C3CB49CEFD4C820340369BFFEE33C0BD1BB35D4888DDF0EE6C8EB2BA1468C88DE3F9EF43C910464E007EA18BFFE313EC0F5CA3DB3069855DB99
Malicious:	false
Reputation:	low
URL:	https://kpseatingsolutions.com/privacypolicy.html
Preview:	<!DOCTYPE html>..<html lang="en"> ..<head>.. <title>My General Blog</title>.. .. Meta -->.. <meta charset="utf-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta name="description" content="My General Blog">.. <link rel="shortcut icon" href="/assets/favicon.ico"> .. .. FontAwesome JS-->...<script defer src="assets/fontawesome/js/all.min.js"></script>.. .. Plugin CSS -->.. <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.14.2/styles/monokai-sublime.min.css">.. .. Theme CSS --> .. <link id="theme-style" rel="stylesheet" href="assets/css/theme-1.css">.. ....</head> ....<body>.. .. <header class="header text-center">. ... <h1 class="blog-name pt-lg-4 mb-0"><a class="no-text-decoration" href="index.html">My General Blog</a></h1>.. ... <nav class="navbar navbar-expand-lg navbar-dark"

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (18506)
Category:	downloaded
Size (bytes):	18554
Entropy (8bit):	5.179313159263416
Encrypted:	false
SSDEEP:
MD5:	02287E4885600FDA1FEFE8910C703E95
SHA1:	624BE825B7793D86D1BCF4C6DAC88FFE2A3DA0CA
SHA-256:	DD1617FEBA063690E3BF1621308E1AF67C6CABCDB2602E5A1DF3A14B02B94D05
SHA-512:	6DD9C282DAA8CB8726980DCE75986BD0CCABEA04C5FF3099E1ADF9E4D1D75720457A256189C6AB0720A231AC53C326ABFE62814C51282D4B400C896A2FF0B3DB
Malicious:	false
Reputation:	low
URL:	https://kpseatingsolutions.com/assets/plugins/popper.min.js
Preview:	/*. @popperjs/core v2.9.2 - MIT License. */.."use strict";!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e\|\|self).Popper={})}(this,(function(e){function t(e){return{width:(e=e.getBoundingClientRect()).width,height:e.height,top:e.top,right:e.right,bottom:e.bottom,left:e.left,x:e.left,y:e.top}}function n(e){return null==e?window:"[object Window]"!==e.toString()?(e=e.ownerDocument)&&e.defaultView\|\|window:e}function o(e){return{scrollLeft:(e=n(e)).pageXOffset,scrollTop:e.pageYOffset}}function r(e){return e instanceof n(e).Element\|\|e instanceof Element}function i(e){return e instanceof n(e).HTMLElement\|\|e instanceof HTMLElement}function a(e){return"undefined"!=typeof ShadowRoot&&(e instanceof n(e).ShadowRoot\|\|e instanceof ShadowRoot)}function s(e){return e?(e.nodeName\|\|"").toLowerCase():null}function f(e){return((r(e)?e.ownerDocument:e.document)\|\|wind

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (781), with no line terminators
Category:	downloaded
Size (bytes):	781
Entropy (8bit):	4.7736729643263125
Encrypted:	false
SSDEEP:
MD5:	2BD355B6557C287E187E95122CEDF766
SHA1:	501D75EF0F4385BEA24D9B9B4CC434BA68D4BE27
SHA-256:	9399857ACD10AEC313502220EEC4658B391922131E2F87D30012E5923426474B
SHA-512:	99D6F180799F052E6C70A801B89378A803D865C92D6BC149E330B651BDBD5AC77D252CAFF0CA51AB715B27BA636F9AF0A662D1E61A8CDD10B50CCFB3309B0A6B
Malicious:	false
Reputation:	low
URL:	https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.14.2/styles/monokai-sublime.min.css
Preview:	.hljs{display:block;overflow-x:auto;padding:0.5em;background:#23241f}.hljs,.hljs-tag,.hljs-subst{color:#f8f8f2}.hljs-strong,.hljs-emphasis{color:#a8a8a2}.hljs-bullet,.hljs-quote,.hljs-number,.hljs-regexp,.hljs-literal,.hljs-link{color:#ae81ff}.hljs-code,.hljs-title,.hljs-section,.hljs-selector-class{color:#a6e22e}.hljs-strong{font-weight:bold}.hljs-emphasis{font-style:italic}.hljs-keyword,.hljs-selector-tag,.hljs-name,.hljs-attr{color:#f92672}.hljs-symbol,.hljs-attribute{color:#66d9ef}.hljs-params,.hljs-class .hljs-title{color:#f8f8f2}.hljs-string,.hljs-type,.hljs-built_in,.hljs-builtin-name,.hljs-selector-id,.hljs-selector-attr,.hljs-selector-pseudo,.hljs-addition,.hljs-variable,.hljs-template-variable{color:#e6db74}.hljs-comment,.hljs-deletion,.hljs-meta{color:#75715e}

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	284
Entropy (8bit):	5.211696184480615
Encrypted:	false
SSDEEP:
MD5:	2C20B4D39F5112E0B68D7C46308D7084
SHA1:	5EDBE31696A5AB21255E22CD5B20143C1BBB0E32
SHA-256:	31B9452BDB63F78A0E58B45A9674257FE695E1CE8E345AA8D1E3890343C1F067
SHA-512:	9AD502B76F467C98499B51A74DE9EFEE5FD84F728D67862598F00897B2B2944EF698E1FC3870AFC13F916FC253A996472AC251F308B1C055FDC05CD2E978D81A
Malicious:	false
Reputation:	low
URL:	https://kpseatingsolutions.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.41 (Ubuntu) Server at kpseatingsolutions.com Port 80</address>.</body></html>.

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (20693), with no line terminators
Category:	downloaded
Size (bytes):	20693
Entropy (8bit):	5.221524818135381
Encrypted:	false
SSDEEP:
MD5:	4A48532BF0B17C058B8B6854F49DE23F
SHA1:	9CBADA4BD617C86C638CF2EBDDEC724AD596907B
SHA-256:	E55842A856A6D829FECA3C3AD736C136B6C7549E9247274F78AA296259E06E24
SHA-512:	C975EA3858DD8C7347D46343FB510ED236EFBDE6C0069CC6283EBA7639D47E22A560C1391C6314247A0269E1380F93D31B662C4897FA770AB2514BD0BD2D2F68
Malicious:	false
Reputation:	low
URL:	https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.1/cookieconsent.min.js
Preview:	!function(e){if(!e.hasInitialised){var t={escapeRegExp:function(e){return e.replace(/[\-\[\]\/\{\}\\+\?\.\\\^\$\\|]/g,"\\$&")},hasClass:function(e,t){var i=" ";return 1===e.nodeType&&(i+e.className+i).replace(/[\n\t]/g,i).indexOf(i+t+i)>=0},addClass:function(e,t){e.className+=" "+t},removeClass:function(e,t){var i=new RegExp("\\b"+this.escapeRegExp(t)+"\\b");e.className=e.className.replace(i,"")},interpolateString:function(e,t){return e.replace(/{{([a-z][a-z0-9\-_])}}/gi,function(e){return t(arguments[1])\|\|""})},getCookie:function(e){var t=("; "+document.cookie).split("; "+e+"=");return t.length<2?void 0:t.pop().split(";").shift()},setCookie:function(e,t,i,n,o,s){var r=new Date;r.setHours(r.getHours()+24*(i\|\|365));var a=[e+"="+t,"expires="+r.toUTCString(),"path="+(o\|\|"/")];n&&a.push("domain="+n),s&&a.push("secure"),document.cookie=a.join(";")},deepExtend:function(e,t){for(var i in t)t.hasOwnProperty(i)&&(i in e&&this.isPlainObject(e[i])&&this.isPlainObject(t[i])?this.deepExtend(e[

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	47330
Entropy (8bit):	5.440459597441461
Encrypted:	false
SSDEEP:
MD5:	5AA1C1AE1CB77A4BF4920A3133C22EDE
SHA1:	0CDC819F9A121EADAF0027F0B3E0FDA537D721A7
SHA-256:	B0D3E28A06DF4A4A94CCC739AE0ADDCED2E79DE08C029E96F707AD25466EF59C
SHA-512:	43F53DCAF3C691620AD248989FB4370677DCC6B027C260E418CC6F6CA4D241EAC47BCD55A55D88F52C1A50ACD7FD2A765D83240C77214C179696D59AF3EA988A
Malicious:	false
Reputation:	low
URL:	https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.14.2/highlight.min.js
Preview:	/! highlight.js v9.14.2 \| BSD3 License \| git.io/hljslicense /.!function(e){var t="object"==typeof window&&window\|\|"object"==typeof self&&self;"undefined"!=typeof exports?e(exports):t&&(t.hljs=e({}),"function"==typeof define&&define.amd&&define([],function(){return t.hljs}))}(function(e){function t(e){return e.replace(/&/g,"&").replace(/</g,"<").replace(/>/g,">")}function r(e){return e.nodeName.toLowerCase()}function a(e,t){var r=e&&e.exec(t);return r&&0===r.index}function n(e){return M.test(e)}function i(e){var t,r,a,i,s=e.className+" ";if(s+=e.parentNode?e.parentNode.className:"",r=B.exec(s))return w(r[1])?r[1]:"no-highlight";for(s=s.split(/\s+/),t=0,a=s.length;a>t;t++)if(i=s[t],n(i)\|\|w(i))return i}function s(e){var t,r={},a=Array.prototype.slice.call(arguments,1);for(t in e)r[t]=e[t];return a.forEach(function(e){for(t in e)r[t]=e[t]}),r}function c(e){var t=[];return function a(e,n){for(var i=e.firstChild;i;i=i.nextSibling)3===i.nodeType?n+=i.nodeValue.length:1===i.nodeTyp

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1487), with CRLF line terminators
Category:	downloaded
Size (bytes):	9045
Entropy (8bit):	4.862129028234295
Encrypted:	false
SSDEEP:
MD5:	F927F3D861D926992D018280D7F64AA8
SHA1:	150B4ECA463B8CE78AD79796AC44CE5DE414119E
SHA-256:	C04CF246078E68D5E831754DEF00E88E729C410317C41A8731BCD2B0C95580B1
SHA-512:	F80C8D8640DFA945F5976B07C3118A2AEE9F1FF973FC7F7108FCAD3A0C72C13A6A9D8DE628CF393F15059540F6B728C47DB053C9AB66ECF4E80B6835CFDA353A
Malicious:	false
Reputation:	low
URL:	https://kpseatingsolutions.com/4.html
Preview:	<!DOCTYPE html>..<html lang="en"> ..<head>.. <title>My General Blog</title>.. .. Meta -->.. <meta charset="utf-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta name="description" content="My General Blog">.. <link rel="shortcut icon" href="/assets/favicon.ico"> .. .. FontAwesome JS-->...<script defer src="assets/fontawesome/js/all.min.js"></script>.. .. Plugin CSS -->.. <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.14.2/styles/monokai-sublime.min.css">.. .. Theme CSS --> .. <link id="theme-style" rel="stylesheet" href="assets/css/theme-1.css">.. ....</head> ....<body>.. .. <header class="header text-center">. ... <h1 class="blog-name pt-lg-4 mb-0"><a class="no-text-decoration" href="index.html">My General Blog</a></h1>.. ... <nav class="navbar navbar-expand-lg navbar-dark"

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	0D3B0E2216DEE82908ECDC29243D9D0B
SHA1:	79A7D70764A2E579B60540B3FDA1C91A4172159A
SHA-256:	D5BB4B0D21CBC34ED6A52EA0D4E3423BBCD314518D13043C61815E14B268874F
SHA-512:	FA0E044D44B2089B70BBCC4CA00E6CAE8C88DACE7CCBC29E32631FC628E435233671C184C3B5F360F53DE60268EAAC14448714825093E15D7009A6B1B03A951B
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkw9nQGvKUgqxIFDSeiuYg=?alt=proto
Preview:	CgkKBw0normIGgA=

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x720, components 3
Category:	dropped
Size (bytes):	367931
Entropy (8bit):	7.440820655830077
Encrypted:	false
SSDEEP:
MD5:	128F4952D5DCC6E5F91382A922C02E05
SHA1:	9E66B80EDB2622B6AA8DDC580955E06CA439F18E
SHA-256:	02F7DDF33E3992846AA33656354361580ACE8FF01ABC71735C0DC39B98DF42A8
SHA-512:	DDE17E4298EC9E0E96F2597438BE4AE57F18086737DC449FA8E77C0032A9816AD1F3667BCC91772C5EFD9DCF537D7910D7E6741E0C8B015858CD5EF33C0C5429
Malicious:	false
Reputation:	low
Preview:	......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..........(...(....S....\|7.........s.....}..^...O........<....k.!.......Y...J.......!I./.'.........?............-..I...(.Z.........'wq..dUf..;R.(..U.Q.[...N.[..y..._..;.\|.W.v......}.......+...........{\|0Q.:..7v.v.QEw.(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 109

Chrome Cache Entry: 111

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 97

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Static File Info