Edit tour
Windows
Analysis Report
http://photographcrushingsouvenirs.com
Overview
General Information
| Sample URL: | http://photographcrushingsouvenirs.com |
| Analysis ID: | 1447079 |
 | |
Detection
| Score: | 64 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Stores files to the Windows start menu directory
Classification
- System is w10x64_ra
chrome.exe (PID: 5296 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http://p hotographc rushingsou venirs.com / MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA) - chrome.exe (PID: 5708 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2072 --fi eld-trial- handle=202 8,i,963162 6353310837 619,117713 2387121063 906,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- cleanup
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira URL Cloud | malware | ||
| 2% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 2% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 1% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 2% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 6% | Virustotal | Browse |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| google.com | 142.250.186.174 | true | false |
| unknown |
| www3.l.google.com | 142.250.185.78 | true | false |
| unknown |
| plus.l.google.com | 216.58.212.142 | true | false |
| unknown |
| play.google.com | 142.250.186.142 | true | false |
| unknown |
| www.google.com | 172.217.18.4 | true | false |
| unknown |
| photographcrushingsouvenirs.com | 172.240.253.132 | true | false |
| unknown |
| adservice.google.com | 142.250.185.162 | true | false | unknown | |
| surgicalconceivedrighteous.com | 192.243.59.13 | true | false | unknown | |
| ogs.google.com | unknown | unknown | false |
| unknown |
| apis.google.com | unknown | unknown | false |
| unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown | |
| false | unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 172.240.108.76 | unknown | United States | 7979 | SERVERS-COMUS | false | |
| 142.250.185.99 | unknown | United States | 15169 | GOOGLEUS | false | |
| 142.250.185.78 | www3.l.google.com | United States | 15169 | GOOGLEUS | false | |
| 142.250.185.228 | unknown | United States | 15169 | GOOGLEUS | false | |
| 216.58.212.142 | plus.l.google.com | United States | 15169 | GOOGLEUS | false | |
| 172.240.253.132 | photographcrushingsouvenirs.com | United States | 7979 | SERVERS-COMUS | false | |
| 142.250.186.174 | google.com | United States | 15169 | GOOGLEUS | false | |
| 172.217.18.14 | unknown | United States | 15169 | GOOGLEUS | false | |
| 142.250.185.227 | unknown | United States | 15169 | GOOGLEUS | false | |
| 142.250.185.162 | adservice.google.com | United States | 15169 | GOOGLEUS | false | |
| 192.243.59.20 | unknown | Dominica | 39572 | ADVANCEDHOSTERS-ASNL | false | |
| 142.250.184.228 | unknown | United States | 15169 | GOOGLEUS | false | |
| 172.217.16.142 | unknown | United States | 15169 | GOOGLEUS | false | |
| 142.250.184.195 | unknown | United States | 15169 | GOOGLEUS | false | |
| 142.250.186.78 | unknown | United States | 15169 | GOOGLEUS | false | |
| 1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
| 216.58.212.138 | unknown | United States | 15169 | GOOGLEUS | false | |
| 74.125.133.84 | unknown | United States | 15169 | GOOGLEUS | false | |
| 142.250.186.162 | unknown | United States | 15169 | GOOGLEUS | false | |
| 172.217.18.4 | www.google.com | United States | 15169 | GOOGLEUS | false | |
| 172.217.18.3 | unknown | United States | 15169 | GOOGLEUS | false | |
| 239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
| 192.243.59.13 | surgicalconceivedrighteous.com | Dominica | 39572 | ADVANCEDHOSTERS-ASNL | false | |
| 142.250.186.142 | play.google.com | United States | 15169 | GOOGLEUS | false |
| IP |
|---|
| 192.168.2.17 |
| 192.168.2.16 |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1447079 |
| Start date and time: | 2024-05-24 10:48:22 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
| Sample URL: | http://photographcrushingsouvenirs.com |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 18 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | stream |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal64.win@19/60@30/222 |
- Exclude process from analysis (whitelisted): TextInputHost.exe
- Excluded IPs from analysis (whitelisted): 142.250.184.195, 74.125.133.84, 172.217.16.142, 34.104.35.123, 142.250.185.227, 216.58.212.138, 142.250.185.74, 142.250.185.234, 142.250.186.42, 216.58.206.42, 142.250.184.234, 172.217.18.10, 142.250.181.234, 142.250.186.106, 216.58.206.74, 142.250.185.170, 142.250.186.74, 216.58.212.170, 142.250.185.202, 142.250.185.138, 142.250.185.106, 172.217.18.3
- Excluded domains from analysis (whitelisted): ssl.gstatic.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com, www.gstatic.com
- Not all processes where analyzed, report is missing behavior information
| Input | Output |
|---|---|
| URL: https://www.google.com/ Model: Perplexity: mixtral-8x7b-instruct | ```json
{
"loginform": true,
"reasons": [
"The text 'Sign in' is commonly used as a label for a login form's submit button.",
"The text 'Google' is associated with a well-known online service that utilizes login forms for user authentication.",
"The presence of 'I'm Feeling Lucky' suggests that this is a search page, which typically requires a login for personalized results or saved preferences."
]
} |
Gmail Images Store Sign in Google Gtngle Search I'm Feeling Lucky Celebrate Asian American and Pacific Islander Heritage Month with Google Adveising Business How Search works Our third decade ot climate action: join us privacy Terms Settings | |
| URL: https://www.google.com/ Model: Perplexity: mixtral-8x7b-instruct | ```json
{
"loginform": true,
"reasons": [
"The text contains the phrase 'Sign in' which is commonly used in login forms.",
"The text mentions 'Save your passwords securely with your Google Account', implying a password input field which is often found in login forms.",
"The text mentions 'Stay signed out' which is an option often found in login forms."
]
} |
Gmail Images Store Sign in Sign in to Google Save your passwords securely with your Google Account Sign in Stay signed out Google Gtngle Search I'm Feeling Lucky Celebrate Asian American and Pacific Islander Heritage Month with Google Adveising Business How Search works privacy Our third decade ot climate action: join us Terms Settings | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"riskscore": 1,
"reasons": "The provided JavaScript code appears to be part of a legitimate web application, likely from Google, given the namespace and structure. It includes event handling, object manipulation, and utility functions, which are common in web applications. There is no evidence of phishing or malicious activity such as credential stealing, unauthorized data access, or code obfuscation. The presence of a SPDX license identifier and structured error handling further suggests it is legitimate."
} |
this.gbar_=this.gbar_||{};(function(_){var window=this;
try{
_.fd=function(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.fd(a,b,d);else{d=(0,_.y)(a.C,a,b);const e=a.v+c;a.v++;b.dataset.eqid=e;a.B[e]=d;b&&b.addEventListener?b.addEventListener(c,d,!1):b&&b.attachEvent?b.attachEvent("on"+c,d):a.o.log(Error("z`"+b))}};
}catch(e){_._DumpException(e)}
try{
_.gd=function(){if(!_.r.addEventListener||!Object.defineProperty)return!1;var a=!1,b=Object.defineProperty({},"passive",{get:function(){a=!0}});try{const c=()=>{};_.r.addEventListener("test",c,b);_.r.removeEventListener("test",c,b)}catch(c){}return a}();
}catch(e){_._DumpException(e)}
try{
var hd=document.querySelector(".gb_k .gb_d"),id=document.querySelector("#gb.gb_Xc");hd&&!id&&_.fd(_.Qc,hd,"click");
}catch(e){_._DumpException(e)}
try{
_.jh=function(a){const b=[];let c=0;for(const d in a)b[c++]=a[d];return b};_.kh=function(a){if(a.v)return a.v;for(const b in a.i)if(a.i[b].qa()&&a.i[b].B())return a.i[b];return null};_.lh=function(a,b){a.i[b.K()]=b};var mh=new class extends _.P{constructor(){var a=_.Ac;super();this.B=a;this.v=null;this.o={};this.C={};this.i={};this.j=null}A(a){this.i[a]&&(_.kh(this)&&_.kh(this).K()==a||this.i[a].P(!0))}Xa(a){this.j=a;for(const b in this.i)this.i[b].qa()&&this.i[b].Xa(a)}qc(a){return a in this.i?this.i[a]:null}};_.Tc("dd",mh);
}catch(e){_._DumpException(e)}
try{
_.Ei=function(a,b){return _.K(a,36,b)};
}catch(e){_._DumpException(e)}
try{
var Fi=document.querySelector(".gb_b .gb_d"),Gi=document.querySelector("#gb.gb_Xc");Fi&&!Gi&&_.fd(_.Qc,Fi,"click");
}catch(e){_._DumpException(e)}
})(this.gbar_);
// Google Inc.
this.gbar_=this.gbar_||{};(function(_){var window=this;
try{
var md;_.jd=function(a){var b=typeof a;return"object"==b&&null!=a||"function"==b};_.kd=function(a,b){if(void 0!==a.i||void 0!==a.j)throw Error("B");a.j=b;_.Hc(a)};_.ld=class extends _.O{constructor(a){super(a)}};md=class extends _.Uc{};_.nd=function(a,b){if(b in a.i)return a.i[b];throw new md;};_.od=function(a){return _.nd(_.Rc.i(),a)};
}catch(e){_._DumpException(e)}
try{
/*
SPDX-License-Identifier: Apache-2.0
*/
var ud,Dd,Fd;_.pd=function(a){if(null==a)return a;if("string"===typeof a){if(!a)return;a=+a}if("number"===typeof a)return Number.isFinite(a)?a|0:void 0};_.qd=function(a){const b=a.length;if(0<b){const c=Array(b);for(let d=0;d<b;d++)c[d]=a[d];return c}return[]};_.sd=function(a){if(a instanceof _.rd)return a.i;throw Error("D");};ud=function(a){return new td(b=>b.substr(0,a.length+1).toLowerCase()===a+":")};
_.wd=function(a,b=_.vd){if(a instanceof _.rd)return a;for(let c=0;c<b.length;++c){const d=b[c];if(d instanceof td&&d.eh(a))return new _.rd(a)}};_.yd=function(a){if(xd.test(a))return a};_.zd=function(a){return a instanceof _.rd?_.sd(a):_.yd(a)};_.Ad=function(a,b){var c=Array.prototype.slice.call(arguments,1);return function(){var d=c.slice();d.push.apply(d,arguments);return a.apply(this,d)}};_.Bd=function(a,b,c){return void 0!==_.jb(a,b,c,!1)};_.Cd=function(a,b){return _.pd(_.oc(a, | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"riskscore": 1,
"reasons": "The provided JavaScript code appears to be from a legitimate site, likely Google, based on the variable names and functionality. It includes functions for logging, event handling, and other typical web functionalities. There are no obvious signs of malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The code does not perform any actions that would be considered harmful or suspicious beyond normal web operations."
} |
(function(){var _g={kEI:'jlRQZoGtAur-7_UPhu6okAk',kEXPI:'31',kBL:'myoP',kOPI:89978449};(function(){var a;(null==(a=window.google)?0:a.stvsc)?google.kEI=_g.kEI:window.google=_g;}).call(this);})();(function(){google.sn='webhp';google.kHL='en';})();(function(){
var h=this||self;function l(){return void 0!==window.google&&void 0!==window.google.kOPI&&0!==window.google.kOPI?window.google.kOPI:null};var m,n=[];function p(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||m}function q(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function r(a){/^http:/i.test(a)&&"https:"===window.location.protocol&&(google.ml&&google.ml(Error("a"),!1,{src:a,glmm:1}),a="");return a}
function t(a,b,c,d,k){var e="";-1===b.search("&ei=")&&(e="&ei="+p(d),-1===b.search("&lei=")&&(d=q(d))&&(e+="&lei="+d));d="";var g=-1===b.search("&cshid=")&&"slh"!==a,f=[];f.push(["zx",Date.now().toString()]);h._cshid&&g&&f.push(["cshid",h._cshid]);c=c();null!=c&&f.push(["opi",c.toString()]);for(c=0;c<f.length;c++){if(0===c||0<c)d+="&";d+=f[c][0]+"="+f[c][1]}return"/"+(k||"gen_204")+"?atyp=i&ct="+String(a)+"&cad="+(b+e+d)};m=google.kEI;google.getEI=p;google.getLEI=q;google.ml=function(){return null};google.log=function(a,b,c,d,k,e){e=void 0===e?l:e;c||(c=t(a,b,e,d,k));if(c=r(c)){a=new Image;var g=n.length;n[g]=a;a.onerror=a.onload=a.onabort=function(){delete n[g]};a.src=c}};google.logUrl=function(a,b){b=void 0===b?l:b;return t("",a,b)};}).call(this);(function(){google.y={};google.sy=[];google.x=function(a,b){if(a)var c=a.id;else{do c=Math.random();while(google.y[c])}google.y[c]=[a,b];return!1};google.sx=function(a){google.sy.push(a)};google.lm=[];google.plm=function(a){google.lm.push.apply(google.lm,a)};google.lq=[];google.load=function(a,b,c){google.lq.push([[a],b,c])};google.loadAll=function(a,b){google.lq.push([a,b])};google.bx=!1;google.lx=function(){};var d=[];google.fce=function(a,b,c,e){d.push([a,b,c,e])};google.qce=d;}).call(this);google.f={};(function(){
document.documentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("click",function(b){var a;a:{for(a=b.target;a&&a!==document.documentElement;a=a.parentElement)if("A"===a.tagName){a="1"===a.getAttribute("data-nohref");break a}a=!1}a&&b.preventDefault()},!0);}).call(this);(function(){google.hs={h:true,nhs:false,sie:false};})();(function(){google.c={btfi:false,c4t:true,caf:false,cap:2000,cfr:false,cgpbc:false,cvb:true,di:false,fla:false,fli:false,frvt:true,gl:true,idt:16,inpp:98,inpsr:0.01,irsf:false,lfdt:50,lfsr:0.0,lhc:false,linp:true,llt:false,lsb:true,lsbsr:0.01,mais:false,marb:true,mcc:false,raf:false,si:true,sidt:200,sisr:0.01,sxs:false,taf:true,timl:false,tprc:false,vis:true,wh0:false,whu:false};})();(function(){
var p=this||self;window.google=w | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"riskscore": 2,
"reasons": "The JavaScript code appears to be part of Google's error reporting and logging mechanism. It collects error information and sends it to a server for analysis. While it does collect some data about errors, it does not appear to be malicious. The code is consistent with legitimate error tracking and reporting practices."
} |
(function(){window.google.erd={jsr:1,bv:2013,sd:true,de:true};})();(function(){var sdo=false;var mei=10;
var h=this||self;var k,l=null!=(k=h.mei)?k:1,n,p=null!=(n=h.sdo)?n:!0,q=0,r,t=google.erd,v=t.jsr;google.ml=function(a,b,d,m,e){e=void 0===e?2:e;b&&(r=a&&a.message);void 0===d&&(d={});d.cad="ple_"+google.ple+".aple_"+google.aple;if(google.dl)return google.dl(a,e,d,!0),null;b=d;if(0>v){window.console&&console.error(a,b);if(-2===v)throw a;b=!1}else b=!a||!a.message||"Error loading script"===a.message||q>=l&&!m?!1:!0;if(!b)return null;q++;d=d||{};b=encodeURIComponent;var c="/gen_204?atyp=i&ei="+b(google.kEI);google.kEXPI&&(c+="&jexpid="+b(google.kEXPI));c+="&srcpg="+b(google.sn)+"&jsr="+b(t.jsr)+
"&bver="+b(t.bv);var f=a.lineNumber;void 0!==f&&(c+="&line="+f);var g=a.fileName;g&&(0<g.indexOf("-extension:/")&&(e=3),c+="&script="+b(g),f&&g===window.location.href&&(f=document.documentElement.outerHTML.split("\n")[f],c+="&cad="+b(f?f.substring(0,300):"No script found.")));google.ple&&1===google.ple&&(e=2);c+="&jsel="+e;for(var u in d)c+="&",c+=b(u),c+="=",c+=b(d[u]);c=c+"&emsg="+b(a.name+": "+a.message);c=c+"&jsst="+b(a.stack||"N/A");12288<=c.length&&(c=c.substr(0,12288));a=c;m||google.log(0,"",a);return a};window.onerror=function(a,b,d,m,e){r!==a&&(a=e instanceof Error?e:Error(a),void 0===d||"lineNumber"in a||(a.lineNumber=d),void 0===b||"fileName"in a||(a.fileName=b),google.ml(a,!1,void 0,!1,"SyntaxError"===a.name||"SyntaxError"===a.message.substring(0,11)||-1!==a.message.indexOf("Script error")?3:0));r=null;p&&q>=l&&(window.onerror=null)};})();;this.gbar_={CONFIG:[[[0,"www.gstatic.com","og.qtm.en_US.s-_8OiN4zAs.2019.O","com","en","538",0,[4,2,"","","","635413608","0"],null,"jlRQZpWSBLiH9u8Pw-am0A0",null,0,"og.qtm._yk4Kx1DLwg.L.W.O","AA2YrTstZieUcIRJsHgW4g1D6WRCneCt9Q","AA2YrTs74be_nloI4pEoaS7eJYnNYpJ4fQ","",2,1,200,"USA",null,null,"1","538",1,null,null,89978449,0],null,[1,0.1000000014901161,2,1],null,[0,0,0,null,"","","","",0,0,0],[0,0,"",1,0,0,0,0,0,0,null,0,0,null,0,0,null,null,0,0,0,"","","","","","",null,0,0,0,0,0,null,null,null,"rgba(32,33,36,1)","rgba(255,255,255,1)",0,0,1,null,null,1,0,0],null,null,["1","gci_91f30755d6a6b787dcc2a4062e6e9824.js","googleapis.client:gapi.iframes","","en"],null,null,null,null,["m;/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/am=AAAC/d=1/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/m=__features__","https://apis.google.com","","","","",null,1,"es_plusone_gc_20240331.0_p2","en",null,0],[0.009999999776482582,"com","538",[["19037050","19037049","7",1,5,2592000,"","AN2NJM4C9yxyGFx5GViH8LFtXCS_L0iSJA:1716540558070",0,1,2,"https://www.google.com/_/og/promos/",0],"n","",["","",""],1,2592000,null,null,"https://www.google.com/url?q=https://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_si_001_p%26continue%3Dhttps%253A%252F%252Fwww.google.com%252F%253Fptid%253D19027681%2526ptt%253D8%2526fpts%253D0\u0026source=hpp\u0026id=19037050\u0026ct=7\u0026usg=AOvVaw17nhtj2bG975y5iQrI1sgf",null,null,null,null,null,1,null, | |
| URL: https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en Model: Perplexity: mixtral-8x7b-instruct | ```json
{
"loginform": true,
"reasons": [
"The text 'Sign in' appears twice, which is a common label for login forms.",
"The phrase 'Save your passwords securely with your Google Account' suggests that this is a login form for a Google Account.",
"The text 'Stay signed out' may be an option for users who do not want to remain logged in, which is a common feature in login forms."
]
} |
Gmail Images Store Sign in Sign in to Google Save your passwords securely with your Google Account Sign in Stay signed out Google Gtngle Search I'm Feeling Lucky Celebrate Asian American and Pacific Islander Heritage Month with Google Adveising Business How Search works privacy Our third decade ot climate action: join us Terms Settings | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"riskscore": 1,
"reasons": "The provided JavaScript code appears to be associated with Google services, handling tasks such as image loading, scroll detection, and user interactions. There are no obvious signs of malicious behavior such as data exfiltration, credential harvesting, or unauthorized access. The code includes some tracking functionality, which is considered low risk as per the given instructions."
} |
(function(){google.caft=function(a){if(null===google.aftq)try{a()}catch(b){google.ml(b,!1)}else google.aftq=google.aftq||[],google.aftq.push(a)};window.google=window.google||{};google.c.iim=google.c.iim||{};(function(){var a=Date.now();google.tick("load","prt",a);google.c.e("load","imn",String(document.getElementsByTagName("img").length));google.c.ub();google.c.cae||google.c.maft(a,null);google.c.miml(a);google.rll(window,!1,function(){google.tick("load","old")})})();}).call(this);(function(){window.google=window.google||{};window.google.ishk=[];function a(){return window.scrollY+window.document.documentElement.clientHeight>=Math.max(document.body.scrollHeight,document.body.offsetHeight)}function b(){a()&&0===window.google.ishk.length&&(window.google.bs=!0,window.removeEventListener("scroll",b))}a()?window.google.bs=!0:(window.google.bs=!1,window.addEventListener("scroll",b));}).call(this);(function(){google.jl={bfl:0,dw:false,ine:false,ubm:false,uwp:true,vs:false};})();(function(){var pmc='{\x22aa\x22:{},\x22abd\x22:{\x22abd\x22:false,\x22deb\x22:false,\x22det\x22:false},\x22async\x22:{},\x22cdos\x22:{\x22cdobsel\x22:false},\x22csi\x22:{},\x22d\x22:{},\x22gf\x22:{\x22pid\x22:196},\x22hsm\x22:{},\x22ifl\x22:{\x22lsf_is_launched\x22:true,\x22opts\x22:[{\x22href\x22:\x22/search?q\x3dkerning\\u0026csf\x3db\x22,\x22id\x22:\x22curious\x22,\x22msg\x22:\x22I\x27m Feeling Curious\x22},{\x22href\x22:\x22/search?q\x3drestaurants+nearby\x22,\x22id\x22:\x22hungry\x22,\x22msg\x22:\x22I\x27m Feeling Hungry\x22},{\x22href\x22:\x22/search?q\x3dbat+signal\\u0026csf\x3db\x22,\x22id\x22:\x22adventurous\x22,\x22msg\x22:\x22I\x27m Feeling Adventurous\x22},{\x22href\x22:\x22/url?url\x3dhttps://google.com/doodles/doodle-champion-island-games-begin\\u0026sa\x3dt\\u0026usg\x3dAOvVaw3OsU79BR2L23QUiSvZgfjX\x22,\x22id\x22:\x22playful\x22,\x22msg\x22:\x22I\x27m Feeling Playful\x22},{\x22href\x22:\x22/search?q\x3dingenuity\\u0026csf\x3db\x22,\x22id\x22:\x22stellar\x22,\x22msg\x22:\x22I\x27m Feeling Stellar\x22},{\x22href\x22:\x22/search?q\x3dgoogle+doodles\\u0026csf\x3db\x22,\x22id\x22:\x22doodley\x22,\x22msg\x22:\x22I\x27m Feeling Doodley\x22},{\x22href\x22:\x22/url?url\x3dhttps://trends.google.com/hottrends\\u0026sa\x3dt\\u0026usg\x3dAOvVaw0hXgzDMTx66unZaN8ANJHA\x22,\x22id\x22:\x22trendy\x22,\x22msg\x22:\x22I\x27m Feeling Trendy\x22},{\x22href\x22:\x22/url?url\x3dhttps://artsandculture.google.com/partner/museum-of-fine-arts-boston\\u0026sa\x3dt\\u0026usg\x3dAOvVaw0jxhaeueOq8YljDa2oyLUN\x22,\x22id\x22:\x22artistic\x22,\x22msg\x22:\x22I\x27m Feeling Artistic\x22},{\x22href\x22:\x22/search?q\x3dfriends+glossary\\u0026csf\x3db\x22,\x22id\x22:\x22funny\x22,\x22msg\x22:\x22I\x27m Feeling Funny\x22}]},\x22jsa\x22:{\x22csi\x22:true,\x22csir\x22:100},\x22mb4ZUb\x22:{},\x22mu\x22:{\x22murl\x22:\x22https://adservice.google.com/adsid/google/ui\x22},\x22pHXghd\x22:{},\x22sb_wiz\x22:{\x22rfs\x22:[],\x22scq\x22:\x22\x22,\x22stok\x22:\x22FKCGcdjW8otu2mNdeaNeQnD7Lkg\x22},\x22sf\x22:{},\x22s | |
| URL: https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en Model: gpt-4o | ```json
{
"riskscore": 1,
"reasons": "The provided JavaScript code appears to be related to image loading and visibility tracking, which is common for performance optimization. There is no indication of malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The code does not interact with sensitive user data or perform any suspicious actions. Therefore, it is considered low risk."
} |
(function(){'use strict';var c=window,d=[];c.aft_counter=d;var e=[],f=0;function _recordIsAboveFold(a){if(!c._isLazyImage(a)&&!a.hasAttribute("data-noaft")&&a.src){var b=(c._isVisible||function(){})(c.document,a);a.setAttribute("data-atf",b);b&&(-1!==e.indexOf(a)||-1!==d.indexOf(a)||a.complete||d.push(a),a.hasAttribute("data-iml")&&(a=Number(a.getAttribute("data-iml")),a>f&&(f=a)))}}
c.initAft=function(){f=0;e=Array.prototype.slice.call(document.getElementsByTagName("img")).filter(function(a){return!!a.getAttribute("data-iml")});[].forEach.call(document.getElementsByTagName("img"),function(a){try{_recordIsAboveFold(a)}catch(b){throw b.message=a.hasAttribute("data-iid")?b.message+"\nrecordIsAboveFold error for defer inlined image":b.message+("\nrecordIsAboveFold error for img element with <src: "+a.src+">"),b;}});if(0===d.length)c.onaft(f)};}).call(this);
initAft() | |
| URL: https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en Model: gpt-4o | ```json
{
"riskscore": 0,
"reasons": "The provided JavaScript code appears to be part of a legitimate library, likely related to Google's Closure Library, based on the copyright notices and the functionality it implements. There are no indications of malicious behavior such as data exfiltration, credential harvesting, or unauthorized access attempts. The code primarily deals with event handling and user interaction, which are typical for web applications."
} |
(function(){'use strict';function l(){var b=m,a=0;return function(){return a<b.length?{done:!1,value:b[a++]}:{done:!0}}};/*
Copyright The Closure Library Authors.
SPDX-License-Identifier: Apache-2.0
*/
var n=this||self;/*
Copyright 2024 Google, Inc
SPDX-License-Identifier: MIT
*/
function q(b,a){if(null===a)return!1;if("contains"in b&&1===a.nodeType)return b.contains(a);if("compareDocumentPosition"in b)return b===a||!!(b.compareDocumentPosition(a)&16);for(;a&&b!==a;)a=a.parentNode;return a===b};function r(b){return"mouseenter"===b?"mouseover":"mouseleave"===b?"mouseout":"pointerenter"===b?"pointerover":"pointerleave"===b?"pointerout":b}function t(b){b=b.target;!b.getAttribute&&b.parentNode&&(b=b.parentNode);return b}
var v="undefined"!==typeof navigator&&/Macintosh/.test(navigator.userAgent),z="undefined"!==typeof navigator&&!/Opera/.test(navigator.userAgent)&&/WebKit/.test(navigator.userAgent),A={A:1,INPUT:1,TEXTAREA:1,SELECT:1,BUTTON:1},B={Enter:13," ":32},C={A:13,BUTTON:0,CHECKBOX:32,COMBOBOX:13,FILE:0,GRIDCELL:13,LINK:13,LISTBOX:13,MENU:0,MENUBAR:0,MENUITEM:0,MENUITEMCHECKBOX:0,MENUITEMRADIO:0,OPTION:0,RADIO:32,RADIOGROUP:32,RESET:0,SUBMIT:0,SWITCH:32,TAB:0,TREE:13,TREEITEM:13},D={CHECKBOX:!0,FILE:!0,OPTION:!0,
RADIO:!0},E={COLOR:!0,DATE:!0,DATETIME:!0,"DATETIME-LOCAL":!0,EMAIL:!0,MONTH:!0,NUMBER:!0,PASSWORD:!0,RANGE:!0,SEARCH:!0,TEL:!0,TEXT:!0,TEXTAREA:!0,TIME:!0,URL:!0,WEEK:!0},F={A:!0,AREA:!0,BUTTON:!0,DIALOG:!0,IMG:!0,INPUT:!0,LINK:!0,MENU:!0,OPTGROUP:!0,OPTION:!0,PROGRESS:!0,SELECT:!0,TEXTAREA:!0};function I(b){var a=b.event;var c=a.which||a.keyCode;!c&&a.key&&(c=B[a.key]);z&&3===c&&(c=13);if(13!==c&&32!==c)c=!1;else{var d=t(a);(a="keydown"!==a.type||!!(!("getAttribute"in d)||(d.getAttribute("type")||d.tagName).toUpperCase()in E||"BUTTON"===d.tagName.toUpperCase()||d.type&&"FILE"===d.type.toUpperCase()||d.isContentEditable)||a.ctrlKey||a.shiftKey||a.altKey||a.metaKey||(d.getAttribute("type")||d.tagName).toUpperCase()in D&&32===c)||((a=d.tagName in A)||(a=d.getAttributeNode("tabindex"),a=null!=
a&&a.specified),a=!(a&&!d.disabled));if(a)c=!1;else{a=(d.getAttribute("role")||d.type||d.tagName).toUpperCase();var f=!(a in C)&&13===c;d="INPUT"!==d.tagName.toUpperCase()||!!d.type;c=(0===C[a]%c||f)&&d}}c&&(b.eiack=!0,b.eventType="click")}
function J(b){var a;if(a=b.eiack){a=b.event;var c=t(a);c=(c.type||c.tagName).toUpperCase();if(!(a=32===(a.which||a.keyCode)&&"CHECKBOX"!==c)){a=t(b.event);c=a.tagName.toUpperCase();var d=(a.getAttribute("role")||"").toUpperCase();a="BUTTON"===c||"BUTTON"===d?!0:!(a.tagName.toUpperCase()in F)||"A"===c||"SELECT"===c||(a.getAttribute("type")||a.tagName).toUpperCase()in D||(a.getAttribute("type")||a.tagName).toUpperCase()in E?!1:!0}}a&&(b=b.event,b.preventDefault?b.preventDefault():b.returnValue=!1)}
function K(b,a,c){a.eia||"click"!==a.eventType||a.eiack||void 0===c.clickonly||(a.eventType="clickonly",a.eia=[c.clickonly,b])};var L={};var M={},N=/\s*;\s*/;function O(){var b={m:!0};b=void 0===b?{}:b;b=void 0=== | |
| URL: https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en Model: gpt-4o | ```json
{
"riskscore": 0,
"reasons": "The provided JavaScript code appears to be part of a legitimate Google service. It contains URLs pointing to Google domains (e.g., google.com, accounts.google.com) and does not exhibit any behavior typically associated with malicious scripts such as obfuscation, data exfiltration, or unauthorized access attempts. The code seems to be related to user authentication and service configuration, which are common functionalities for web applications. Therefore, it poses no risk."
} |
window.IJ_values = [[null,null,"",true,null,null,true,false],'0','https:\/\/ogs.google.com\/', null ,'boq_onegooglehttpserver_20240519.03_p0','ogs.google.com', 0.0 ,'','Z4P4U0EeCCAk8mX-Xgg5wg','LnVHIAfR6_K7SzgkxoCfEg','DEFAULT','', 2024.0 ,'https:\/\/ogs.google.com\/widget\/callout', null ,'ltr', false ,'https:\/\/accounts.google.com\/AccountChooser?continue\x3dhttps:\/\/ogs.google.com\/widget\/callout?prid%3D19037050%26pgid%3D19037049%26puid%3D9ceb59a7585b55bd%26cce%3D1%26dc%3D1%26origin%3Dhttps:\/\/www.google.com%26cn%3Dcallout%26pid%3D1%26spid%3D538%26hl%3Den\x26hl\x3den','https:\/\/accounts.google.com\/ServiceLogin?hl\x3den\x26continue\x3dhttps:\/\/ogs.google.com\/widget\/callout?prid%3D19037050%26pgid%3D19037049%26puid%3D9ceb59a7585b55bd%26cce%3D1%26dc%3D1%26origin%3Dhttps:\/\/www.google.com%26cn%3Dcallout%26pid%3D1%26spid%3D538%26hl%3Den','https:\/\/accounts.google.com\/SignOutOptions?continue\x3dhttps:\/\/ogs.google.com\/widget\/callout?prid%3D19037050%26pgid%3D19037049%26puid%3D9ceb59a7585b55bd%26cce%3D1%26dc%3D1%26origin%3Dhttps:\/\/www.google.com%26cn%3Dcallout%26pid%3D1%26spid%3D538%26hl%3Den','https:\/\/www.google.com', false , false , false , false , false ,'en','en','en','https:\/\/goto2.corp.google.com\/mdtredirect?data_id_filter\x3dogs.google.com\x26system_name\x3done-google-http-server', null , null ,'https:\/\/myaccount.google.com\/privacypolicy?hl\x3den', false , null , false , true ,'https:\/\/myaccount.google.com\/termsofservice?hl\x3den', 0.0 ,'en', null , false , null ,]; window.IJ_valuesCb && window.IJ_valuesCb(); | |
| URL: https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en Model: gpt-4o | ```json
{
"riskscore": 1,
"reasons": "The provided JavaScript code appears to be initializing some data and setting up callbacks. The URL 'https://www.google.com' is a legitimate site. There are no evident signs of malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The code does not perform any suspicious actions beyond standard data initialization and callback setup."
} |
var AF_initDataKeys = ["ds:0"]; var AF_dataServiceRequests = {'ds:0' : {id:'a9HB7c',request:[null,19037050,19037049,"9ceb59a7585b55bd","https://www.google.com"]}}; var AF_initDataChunkQueue = []; var AF_initDataCallback; var AF_initDataInitializeCallback; if (AF_initDataInitializeCallback) {AF_initDataInitializeCallback(AF_initDataKeys, AF_initDataChunkQueue, AF_dataServiceRequests);}if (!AF_initDataCallback) {AF_initDataCallback = function(chunk) {AF_initDataChunkQueue.push(chunk);};} | |
| URL: https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en Model: gpt-4o | ```json
{
"riskscore": 1,
"reasons": "The provided JavaScript code appears to be configuration data for a legitimate service, likely related to Google services (e.g., OneGoogleWidgetUi). There are no obvious signs of malicious behavior such as obfuscated code, suspicious network requests, or attempts to steal user data. The hexadecimal strings and tracking/advertisement functionality are considered no risk."
} |
window.WIZ_global_data = {"DpimGf":false,"EP1ykd":["/_/*"],"FdrFJe":"4570999946739915547","Im6cmf":"/_/OneGoogleWidgetUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"NrSucd":false,"OwAJ6e":false,"QrtxK":"","S06Grb":"","S6lZl":128566913,"TSDtV":"%.@.[[null,[[45459555,null,false,null,null,null,\"Imeoqb\"]],\"CAMSFB0V99WlENysuBIKgPnaBgqR7QQK\"]]]","Vvafkd":false,"Yllh3e":"%.@.1716540562809810,146727109,3590537494]","ZwjLXe":538,"cfb2h":"boq_onegooglehttpserver_20240519.03_p0","eptZe":"/_/OneGoogleWidgetUi/","fPDxwd":[48802160,93880154,97517168,97579925],"gGcLoe":false,"iCzhFc":false,"nQyAE":{},"qwAQke":"OneGoogleWidgetUi","rtQCxc":240,"uoqGRe":"WnksUc","w2btAe":"%.@.null,null,\"\",true,null,null,true,false]","y2FhP":"prod","zChJod":"%.@.]"}; | |
| URL: https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en Model: gpt-4o | ```json
{
"riskscore": 1,
"reasons": "The provided JavaScript code appears to be related to performance tracking and lazy loading of images. It does not exhibit any behavior typically associated with malicious activities such as data exfiltration, credential stealing, or unauthorized access. The code primarily focuses on measuring performance metrics and handling image loading efficiently. Therefore, it is considered low risk."
} |
(function(){'use strict';var a=window,d=a.performance,l=k();a.cc_latency_start_time=d&&d.now?0:d&&d.timing&&d.timing.navigationStart?d.timing.navigationStart:l;function k(){return d&&d.now?d.now():(new Date).getTime()}function n(e){if(d&&d.now&&d.mark){var g=d.mark(e);if(g)return g.startTime;if(d.getEntriesByName&&(e=d.getEntriesByName(e).pop()))return e.startTime}return k()}a.onaft=function(){n("aft")};a._isLazyImage=function(e){return e.hasAttribute("data-src")||e.hasAttribute("data-ils")||"lazy"===e.getAttribute("loading")};
a.l=function(e){function g(b){var c={};c[b]=k();a.cc_latency.push(c)}function m(b){var c=n("iml");b.setAttribute("data-iml",c);return c}a.cc_aid=e;a.iml_start=a.cc_latency_start_time;a.css_size=0;a.cc_latency=[];a.ccTick=g;a.onJsLoad=function(){g("jsl")};a.onCssLoad=function(){g("cssl")};a._isVisible=function(b,c){if(!c||"none"==c.style.display)return!1;var f=b.defaultView;if(f&&f.getComputedStyle&&(f=f.getComputedStyle(c),"0px"==f.height||"0px"==f.width||"hidden"==f.visibility))return!1;if(!c.getBoundingClientRect)return!0;
var h=c.getBoundingClientRect();c=h.left+a.pageXOffset;f=h.top+a.pageYOffset;if(0>f+h.height||0>c+h.width||0>=h.height||0>=h.width)return!1;b=b.documentElement;return f<=(a.innerHeight||b.clientHeight)&&c<=(a.innerWidth||b.clientWidth)};a._recordImlEl=m;document.documentElement.addEventListener("load",function(b){b=b.target;var c;"IMG"!=b.tagName||b.hasAttribute("data-iid")||a._isLazyImage(b)||b.hasAttribute("data-noaft")||(c=m(b));if(a.aft_counter&&(b=a.aft_counter.indexOf(b),-1!==b&&(b=1===a.aft_counter.splice(b,
1).length,0===a.aft_counter.length&&b&&c)))a.onaft(c)},!0);a.prt=-1;a.wiz_tick=function(){var b=n("prt");a.prt=b}};}).call(this);
l('HgvS1c') | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"riskscore": 0,
"reasons": "The provided JavaScript code appears to be part of a legitimate web page's resource loading mechanism, likely related to Google's services. It contains no evident malicious behavior, such as data exfiltration, credential theft, or unauthorized access attempts. The code primarily includes URLs for JavaScript and CSS resources, which are typical for web applications. No suspicious or harmful actions are detected."
} |
(function(){google.xjs={basecomb:'/xjs/_/js/k\x3dxjs.hd.en.0rxFBJhsdCU.O/ck\x3dxjs.hd.NZMlOe2MUXU.L.B1.O/am\x3dAEYBAAAAAAAABgAAAAAAAAAAAAAAAAAQAAABAAAAAKQA-gkHQAGwIQgAAEAAAACAEAAAAQAIwHsAIARQAAIBADAATBCAhzIBAAQyAQEQQASQBAI5CABABCMMQCoAMAAAAAABEgAAAA4gYACBAREAAQ8hAIABnSAACwAACWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0/d\x3d1/ed\x3d1/dg\x3d0/br\x3d1/ujg\x3d1/rs\x3dACT90oGmDdPioDKXRZKsNEhyUfK8BWUhtw',basecss:'/xjs/_/ss/k\x3dxjs.hd.NZMlOe2MUXU.L.B1.O/am\x3dAEYBAAAAAAAABgAAAAAAAAAAAAAAAAAQAAABAAAAAKAA8AkHQACwIQAAAEAAAAAAAAAAAQAAgHEAAABAAAIBADAACBAAAAAAAAQCAAEQQASQBAIZCABABCMMQCoAMAAAAAABEgAAAAAgIACBAREAAQ8hAIABnSAACQAACGAAQQAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAACAACAAgAAAAAAAAAAAAAAAAAAQA/br\x3d1/rs\x3dACT90oFOfE0vJfii7J3wB2SRV5OC7jYw4w',basejs:'/xjs/_/js/k\x3dxjs.hd.en.0rxFBJhsdCU.O/am\x3dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAIQACgAAQAEAAAgAAAAAAACAEAAAAQAIwHsAIAQQAAIBADAARBCAhzIBAAQwAQAAAAQABAIgCAAABAAAACgAAAAAAAAAAAAAAA4gQAAAAAAAAAAAAAAAnQAAAgAAAWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0/dg\x3d0/br\x3d1/rs\x3dACT90oGzkRT4PxqiIQeqNluSxrmI588KJQ',excm:[]};})(); | |
| URL: https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en Model: gpt-4o | ```json
{
"riskscore": 2,
"reasons": "The code appears to be part of a legitimate library, likely related to Google's Closure Library, given the copyright notice. It handles DOM elements and messaging, which are common in web applications. No obvious malicious behavior such as data exfiltration, credential harvesting, or unauthorized access is detected. The use of MessageChannel and postMessage is standard for inter-window communication. However, any code that manipulates the DOM and handles events should be reviewed carefully in the context of the entire application to ensure it is not being used maliciously."
} |
'use strict';/*
Copyright The Closure Library Authors.
SPDX-License-Identifier: Apache-2.0
*/
function h(a){var b=typeof a;return"object"==b&&null!=a||"function"==b};function k(a,b){a&&(a=a.parentNode);for(var d=0;a;){if(b(a))return a;a=a.parentNode;d++}return null};function n(a){var b=document.querySelector('[data-ogmv] > [role="dialog"]');return b?b.hasAttribute("data-"+a):!1}function p(a){return h(a)&&1==a.nodeType&&a.hasAttribute("data-dismiss")?a:(a=k(a,function(b){return h(b)&&1==b.nodeType&&b.hasAttribute("data-dismiss")}))?a:null};function q(a){this.data=a};function r(a){this.h=a}function t(a,b){u(a,b);return new r(a)}function w(a){var b=new MessageChannel;u(b.port1,a);return b}function u(a,b){b&&(a.onmessage=function(d){var c=d.data;t(d.ports[0]);b(new q(c))})};var x=/#|$/;function y(a){var b=z,d=b.search(x);a:{var c=0;for(var e=a.length;0<=(c=b.indexOf(a,c))&&c<d;){var f=b.charCodeAt(c-1);if(38==f||63==f)if(f=b.charCodeAt(c+e),!f||61==f||38==f||35==f)break a;c+=e+1}c=-1}if(0>c)return null;e=b.indexOf("&",c);if(0>e||e>d)e=d;c+=a.length+1;return decodeURIComponent(b.slice(c,-1!==e?e:0).replace(/\+/g," "))};var z=window.location.href,A="ogi_"+(y("cn")||""),B;
function C(a,b){b=void 0===b?{}:b;if(!B){var d=y("origin")||"",c={destination:window.parent,origin:d,g:A,onMessage:void 0};d=c.destination;var e=c.origin,f=void 0===c.i?void 0:c.i,g=void 0===c.g?"ZNWN1d":c.g;c=void 0===c.onMessage?void 0:c.onMessage;if("*"===e)throw Error("Sending to wildcard origin not allowed.");var v=w(c),l={};f=f?(l.n=g,l.t=f,l):g;d.postMessage(f,e,[v.port2]);B=t(v.port1,c)}a={event:a,data:b};b=B;var m=void 0===m?[]:m;d=w();b.h.postMessage(a,[d.port2].concat(m))};C("_startuploaded",{wt:"c"});
(function(a,b){a.addEventListener("click",function(d){if(d.target){var c;if(c=p(d.target)){var e=c.getAttribute("data-dismiss");var f=c.getAttribute("data-cmd");var g=c.hasAttribute("data-nd");c=parseInt(c.getAttribute("data-aei"),10);e&&e.match(/^[A-Za-z]{1,3}$/)&&(g&&!f?b(e,c,g):f?b(e,c,g,f,{middleButton:1===d.button,altKey:d.altKey,ctrlKey:d.ctrlKey,metaKey:d.metaKey,shiftKey:d.shiftKey}):b(e,c))}}})})(document,function(a,b,d,c,e){d?C("dismiss",{type:a,nd:d,cmd:c,clickInfo:e,aei:b}):C("dismiss",
{type:a,cmd:c,clickInfo:e,aei:b})});
(function(a){"loading"===document.readyState?document.addEventListener("DOMContentLoaded",function(){a()}):a()})(function(){window.setTimeout(function(){var a,b=document.querySelector('[data-ogmv] > [role="dialog"]');if(a=b?{width:Math.min(Math.max(b.scrollWidth+10,370),500),height:Math.min(Math.max(b.scrollHeight+10,180),500)}:null){b=a.height+"px";a=a.width+"px";var d=n("icss"),c=n("dc");b=void 0===b?"":b;a=void 0===a?"":a;d=void 0===d?!1:d;c=void 0===c?!1:c;var e={wt:"c"};if(null!=document.querySelector("[data-ogmv]")){var f=
window.performance&&window.performance.timing;e.ttf=f&&f.responseEnd&&f.fetchStart?f.responseEnd-f.fetchStart:null;b&&(e.height=b);a&&(e.width=a);e.icss=d;e.dc=c;C("_renderstart",e)}else C("_renderfailed",e)}},100)}); | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"riskscore": 0,
"reasons": "The provided JavaScript code does not exhibit any malicious behavior. It primarily consists of variable assignments, function definitions, and hexadecimal strings, which are considered low risk. There are no signs of phishing attempts, data exfiltration, or other harmful activities."
} |
(function(){google.kEXPI='0,2504375,1195943,631,361,623945,117156,26200,118622,101386,20917,132953,96745,1292,13494,37561,5214430,4123,5989997,2841828,53202176,55052,19079,35012,95475,9170,12438,3005,15354,655,3879,205,5001,10165,2470,4366,6527,409,3420,1403,3417,2203,2734,5755,12820,1443,1065,6,12,9,6,12,6,9,12,6,11,9,12,9,9,9,9,6,12,6,9,9,12,6,12,9,9,6,9,12,9,6,9,12,6,9,9,9,9,9,9,9,9,12,6,12,6,12,9,9,9,9,9,9,9,6,9,9,12,9,6,12,9,9,6,9,12,6,12,6,9,9,9,12,6,9,9,9,12,6,9,12,9,6,12,9,6,12,6,9,12,9,6,12,6,9,12,6,9,12,6,9,9,12,6,9,12,6,12,6,12,6,12,9,6,9,9,12,9,9,6,12,6,12,9,6,9,12,6,12,9,9,9,6,12,9,9,6,9,9,12,9,6,12,6,12,9,6,9,12,1629,2323,969,887,962,390,7949,437,711,2281,1452,1195,1633,1854,2064,571,687,33,543,217,82,19,2169,2190,882,2707,1371,98,95,1141,1312,3,1066,446,127,989,226,3302,204,237,991,319,23,369,404,13,961,374,177,553,549,542,1423,428,843,21609991,761,1144';})();window._ = window._ || {};window._DumpException = _._DumpException = function(e){throw e;};window._s = window._s || {};_s._DumpException = _._DumpException;window._qs = window._qs || {};_qs._DumpException = _._DumpException;(function(){var t=[83456,0,24576,0,0,0,268435712,0,977314816,83893287,8526592,1048608,276824064,67371012,129761418,352422176,66055,20455664,321419265,209780736,537952513,135938065,54160,50905360,805349952,16,604053520,134447104,25231456,1006895172,402653712,135800640,150995979,17039808,32768,126877696,537100928,133697,0,0,2097152,48629796,143140873,2,0,0,488972288,221554];window._F_toggles = window._xjs_toggles = t;})();function _F_installCss(c){}
(function(){window.google.xjsu='/xjs/_/js/k\x3dxjs.hd.en.0rxFBJhsdCU.O/am\x3dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAIQACgAAQAEAAAgAAAAAAACAEAAAAQAIwHsAIAQQAAIBADAARBCAhzIBAAQwAQAAAAQABAIgCAAABAAAACgAAAAAAAAAAAAAAA4gQAAAAAAAAAAAAAAAnQAAAgAAAWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0/d\x3d1/ed\x3d1/dg\x3d2/br\x3d1/rs\x3dACT90oGzkRT4PxqiIQeqNluSxrmI588KJQ/ee\x3dALeJib:B8gLwd;AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d; | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"phishing_score": 0,
"brands": "Google",
"phishing": false,
"suspicious_domain": false,
"has_loginform": false,
"has_captcha": false,
"setechniques": false,
"reasons": "The URL 'https://www.google.com/' is the legitimate domain for Google. The webpage design matches the known appearance of Google's homepage. No suspicious elements or social engineering techniques are present."
} |
 | |
| URL: https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin= Model: gpt-4o | ```json
{
"phishing_score": 0,
"brands": "Google",
"phishing": false,
"suspicious_domain": false,
"has_loginform": true,
"has_captcha": false,
"setechniques": false,
"reasons": "The URL 'https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=' belongs to the legitimate Google domain. The webpage resembles the legitimate Google sign-in page. There are no suspicious elements or social engineering techniques detected."
} |
 | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"phishing_score": 0,
"brands": "Google",
"phishing": false,
"suspicious_domain": false,
"has_loginform": true,
"has_captcha": false,
"setechniques": false,
"reasons": "The URL 'https://www.google.com/' is the legitimate domain for Google. The webpage design matches the known design of Google's homepage, and there are no suspicious elements or social engineering techniques present."
} |
 | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"riskscore": 0,
"reasons": "The provided JavaScript code appears to be from a legitimate source, likely Google. It includes functionality for handling asynchronous tasks, tracking image load times, and managing scroll events. There are no indications of malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The presence of tracking or advertisement functionality is noted but considered no risk as per the given instructions."
} |
(function(){google.caft=function(a){if(null===google.aftq)try{a()}catch(b){google.ml(b,!1)}else google.aftq=google.aftq||[],google.aftq.push(a)};window.google=window.google||{};google.c.iim=google.c.iim||{};(function(){var a=Date.now();google.tick("load","prt",a);google.c.e("load","imn",String(document.getElementsByTagName("img").length));google.c.ub();google.c.cae||google.c.maft(a,null);google.c.miml(a);google.rll(window,!1,function(){google.tick("load","old")})})();}).call(this);(function(){window.google=window.google||{};window.google.ishk=[];function a(){return window.scrollY+window.document.documentElement.clientHeight>=Math.max(document.body.scrollHeight,document.body.offsetHeight)}function b(){a()&&0===window.google.ishk.length&&(window.google.bs=!0,window.removeEventListener("scroll",b))}a()?window.google.bs=!0:(window.google.bs=!1,window.addEventListener("scroll",b));}).call(this);(function(){google.jl={bfl:0,dw:false,ine:false,ubm:false,uwp:true,vs:false};})();(function(){var pmc='{\x22aa\x22:{},\x22abd\x22:{\x22abd\x22:false,\x22deb\x22:false,\x22det\x22:false},\x22async\x22:{},\x22cdos\x22:{\x22bih\x22:907,\x22biw\x22:1280,\x22cdobsel\x22:false,\x22dpr\x22:\x221\x22},\x22csi\x22:{},\x22d\x22:{},\x22gf\x22:{\x22pid\x22:196},\x22hsm\x22:{},\x22ifl\x22:{\x22lsf_is_launched\x22:true,\x22opts\x22:[{\x22href\x22:\x22/search?q\x3dI\x27m+Feeling+Curious\\u0026csf\x3db\x22,\x22id\x22:\x22curious\x22,\x22msg\x22:\x22I\x27m Feeling Curious\x22},{\x22href\x22:\x22/search?q\x3dpizza+near+me\x22,\x22id\x22:\x22hungry\x22,\x22msg\x22:\x22I\x27m Feeling Hungry\x22},{\x22href\x22:\x22/search?q\x3dflip+a+coin\\u0026csf\x3db\x22,\x22id\x22:\x22adventurous\x22,\x22msg\x22:\x22I\x27m Feeling Adventurous\x22},{\x22href\x22:\x22/url?url\x3dhttps://google.com/doodles/celebrating-garden-gnomes\\u0026sa\x3dt\\u0026usg\x3dAOvVaw3GXJsHJ_Xcj8cARDAyvjWo\x22,\x22id\x22:\x22playful\x22,\x22msg\x22:\x22I\x27m Feeling Playful\x22},{\x22href\x22:\x22/search?q\x3dingenuity\\u0026csf\x3db\x22,\x22id\x22:\x22stellar\x22,\x22msg\x22:\x22I\x27m Feeling Stellar\x22},{\x22href\x22:\x22/search?q\x3dgoogle+doodles\\u0026csf\x3db\x22,\x22id\x22:\x22doodley\x22,\x22msg\x22:\x22I\x27m Feeling Doodley\x22},{\x22href\x22:\x22/url?url\x3dhttps://trends.google.com/hottrends\\u0026sa\x3dt\\u0026usg\x3dAOvVaw0hXgzDMTx66unZaN8ANJHA\x22,\x22id\x22:\x22trendy\x22,\x22msg\x22:\x22I\x27m Feeling Trendy\x22},{\x22href\x22:\x22/url?url\x3dhttps://artsandculture.google.com/partner/musee-de-lorangerie\\u0026sa\x3dt\\u0026usg\x3dAOvVaw3qy6PDEO8_tC9QBLYaFGFZ\x22,\x22id\x22:\x22artistic\x22,\x22msg\x22:\x22I\x27m Feeling Artistic\x22},{\x22href\x22:\x22/search?q\x3dfriends+phoebe\\u0026csf\x3db\x22,\x22id\x22:\x22funny\x22,\x22msg\x22:\x22I\x27m Feeling Funny\x22}]},\x22jsa\x22:{\x22csi\x22:true,\x22csir\x22:100},\x22mb4ZUb\x22:{},\x22mu\x22:{\x22murl\x22:\x22https://adservice.google.com/adsid/google/ui\x22},\x22pHXghd\x22:{},\x22sb_wiz\x22:{\x22rfs\x22:[],\x22scq\x22:\x22\x22,\x22stok\x22:\x22FKCG | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"riskscore": 2,
"reasons": "The JavaScript code primarily appears to be related to error reporting and logging for Google services. It includes mechanisms for capturing and reporting script errors, which is a common practice for improving service reliability. There are no obvious signs of malicious behavior such as data exfiltration, credential harvesting, or unauthorized access attempts. However, it does collect and send error information, which could potentially include sensitive data if not properly sanitized. This is a minor risk, but overall, the code does not exhibit characteristics of malicious activity."
} |
(function(){window.google.erd={jsr:1,bv:2013,sd:true,de:true};})();(function(){var sdo=false;var mei=10;
var h=this||self;var k,l=null!=(k=h.mei)?k:1,n,p=null!=(n=h.sdo)?n:!0,q=0,r,t=google.erd,v=t.jsr;google.ml=function(a,b,d,m,e){e=void 0===e?2:e;b&&(r=a&&a.message);void 0===d&&(d={});d.cad="ple_"+google.ple+".aple_"+google.aple;if(google.dl)return google.dl(a,e,d,!0),null;b=d;if(0>v){window.console&&console.error(a,b);if(-2===v)throw a;b=!1}else b=!a||!a.message||"Error loading script"===a.message||q>=l&&!m?!1:!0;if(!b)return null;q++;d=d||{};b=encodeURIComponent;var c="/gen_204?atyp=i&ei="+b(google.kEI);google.kEXPI&&(c+="&jexpid="+b(google.kEXPI));c+="&srcpg="+b(google.sn)+"&jsr="+b(t.jsr)+
"&bver="+b(t.bv);var f=a.lineNumber;void 0!==f&&(c+="&line="+f);var g=a.fileName;g&&(0<g.indexOf("-extension:/")&&(e=3),c+="&script="+b(g),f&&g===window.location.href&&(f=document.documentElement.outerHTML.split("\n")[f],c+="&cad="+b(f?f.substring(0,300):"No script found.")));google.ple&&1===google.ple&&(e=2);c+="&jsel="+e;for(var u in d)c+="&",c+=b(u),c+="=",c+=b(d[u]);c=c+"&emsg="+b(a.name+": "+a.message);c=c+"&jsst="+b(a.stack||"N/A");12288<=c.length&&(c=c.substr(0,12288));a=c;m||google.log(0,"",a);return a};window.onerror=function(a,b,d,m,e){r!==a&&(a=e instanceof Error?e:Error(a),void 0===d||"lineNumber"in a||(a.lineNumber=d),void 0===b||"fileName"in a||(a.fileName=b),google.ml(a,!1,void 0,!1,"SyntaxError"===a.name||"SyntaxError"===a.message.substring(0,11)||-1!==a.message.indexOf("Script error")?3:0));r=null;p&&q>=l&&(window.onerror=null)};})();;this.gbar_={CONFIG:[[[0,"www.gstatic.com","og.qtm.en_US.s-_8OiN4zAs.2019.O","com","en","538",0,[4,2,"","","","635413608","0"],null,"qlRQZsLIIqud0_gPsfSMyAc",null,0,"og.qtm._yk4Kx1DLwg.L.W.O","AA2YrTstZieUcIRJsHgW4g1D6WRCneCt9Q","AA2YrTs74be_nloI4pEoaS7eJYnNYpJ4fQ","",2,1,200,"USA",null,null,"1","538",1,null,null,89978449,0],null,[1,0.1000000014901161,2,1],null,[0,0,0,null,"","","","",0,0,0],[0,0,"",1,0,0,0,0,0,0,null,0,0,null,0,0,null,null,0,0,0,"","","","","","",null,0,0,0,0,0,null,null,null,"rgba(32,33,36,1)","rgba(255,255,255,1)",0,0,1,null,null,1,0,0],null,null,["1","gci_91f30755d6a6b787dcc2a4062e6e9824.js","googleapis.client:gapi.iframes","","en"],null,null,null,null,["m;/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/am=AAAC/d=1/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/m=__features__","https://apis.google.com","","","","",null,1,"es_plusone_gc_20240331.0_p2","en",null,0],[0.009999999776482582,"com","538",[null,"","0",null,1,5184000,null,null,"",null,null,null,null,null,0,null,0,null,1,0,0,0,null,null,0,0,null,0,0,0,0,0],null,null,null,0,null,null,["5061451","google\\.(com|ru|ca|by|kz|com\\.mx|com\\.tr)$",1]],[1,1,null,40400,538,"USA","en","635413608.0",8,1,0,0,null,null,null,null,"3700949,3701310",null,null,null,"qlRQZsLIIqud0_gPsfSMyAc",0,0,0,null,2,5,"bi",92,0,0,0,0,1,89978449,0],[[null,null,null,"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.s-_8OiN4zAs.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,q_ | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"riskscore": 1,
"reasons": "The provided JavaScript code appears to be from a legitimate source, likely related to Google services. It includes functionality for logging, event handling, and other typical web page operations. There are no obvious signs of malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The presence of tracking and advertisement-related code is noted but considered no risk as per the instructions."
} |
(function(){var _g={kEI:'qlRQZongHsLp7_UP3tSo4A0',kEXPI:'31',kBL:'myoP',kOPI:89978449};(function(){var a;(null==(a=window.google)?0:a.stvsc)?google.kEI=_g.kEI:window.google=_g;}).call(this);})();(function(){google.sn='webhp';google.kHL='en';})();(function(){
var h=this||self;function l(){return void 0!==window.google&&void 0!==window.google.kOPI&&0!==window.google.kOPI?window.google.kOPI:null};var m,n=[];function p(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||m}function q(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function r(a){/^http:/i.test(a)&&"https:"===window.location.protocol&&(google.ml&&google.ml(Error("a"),!1,{src:a,glmm:1}),a="");return a}
function t(a,b,c,d,k){var e="";-1===b.search("&ei=")&&(e="&ei="+p(d),-1===b.search("&lei=")&&(d=q(d))&&(e+="&lei="+d));d="";var g=-1===b.search("&cshid=")&&"slh"!==a,f=[];f.push(["zx",Date.now().toString()]);h._cshid&&g&&f.push(["cshid",h._cshid]);c=c();null!=c&&f.push(["opi",c.toString()]);for(c=0;c<f.length;c++){if(0===c||0<c)d+="&";d+=f[c][0]+"="+f[c][1]}return"/"+(k||"gen_204")+"?atyp=i&ct="+String(a)+"&cad="+(b+e+d)};m=google.kEI;google.getEI=p;google.getLEI=q;google.ml=function(){return null};google.log=function(a,b,c,d,k,e){e=void 0===e?l:e;c||(c=t(a,b,e,d,k));if(c=r(c)){a=new Image;var g=n.length;n[g]=a;a.onerror=a.onload=a.onabort=function(){delete n[g]};a.src=c}};google.logUrl=function(a,b){b=void 0===b?l:b;return t("",a,b)};}).call(this);(function(){google.y={};google.sy=[];google.x=function(a,b){if(a)var c=a.id;else{do c=Math.random();while(google.y[c])}google.y[c]=[a,b];return!1};google.sx=function(a){google.sy.push(a)};google.lm=[];google.plm=function(a){google.lm.push.apply(google.lm,a)};google.lq=[];google.load=function(a,b,c){google.lq.push([[a],b,c])};google.loadAll=function(a,b){google.lq.push([a,b])};google.bx=!1;google.lx=function(){};var d=[];google.fce=function(a,b,c,e){d.push([a,b,c,e])};google.qce=d;}).call(this);google.f={};(function(){
document.documentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("click",function(b){var a;a:{for(a=b.target;a&&a!==document.documentElement;a=a.parentElement)if("A"===a.tagName){a="1"===a.getAttribute("data-nohref");break a}a=!1}a&&b.preventDefault()},!0);}).call(this);(function(){google.hs={h:true,nhs:false,sie:false};})();(function(){google.c={btfi:false,c4t:true,caf:false,cap:2000,cfr:false,cgpbc:false,cvb:true,di:false,fla:false,fli:false,frvt:true,gl:true,idt:16,inpp:98,inpsr:0.01,irsf:false,lfdt:50,lfsr:0.0,lhc:false,linp:true,llt:false,lsb:true,lsbsr:0.01,mais:false,marb:true,mcc:false,raf:false,si:true,sidt:200,sisr:0.01,sxs:false,taf:true,timl:false,tprc:false,vis:true,wh0:false,whu:false};})();(function(){
var p=this||self;window.google=w | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"riskscore": 1,
"reasons": "The provided JavaScript code appears to be related to Google's functionality, including tracking page load times, handling scroll events, and managing some UI elements. There are no obvious signs of malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The code includes some tracking functionality, which is considered no risk as per the instructions."
} |
(function(){google.caft=function(a){if(null===google.aftq)try{a()}catch(b){google.ml(b,!1)}else google.aftq=google.aftq||[],google.aftq.push(a)};window.google=window.google||{};google.c.iim=google.c.iim||{};(function(){var a=Date.now();google.tick("load","prt",a);google.c.e("load","imn",String(document.getElementsByTagName("img").length));google.c.ub();google.c.cae||google.c.maft(a,null);google.c.miml(a);google.rll(window,!1,function(){google.tick("load","old")})})();}).call(this);(function(){window.google=window.google||{};window.google.ishk=[];function a(){return window.scrollY+window.document.documentElement.clientHeight>=Math.max(document.body.scrollHeight,document.body.offsetHeight)}function b(){a()&&0===window.google.ishk.length&&(window.google.bs=!0,window.removeEventListener("scroll",b))}a()?window.google.bs=!0:(window.google.bs=!1,window.addEventListener("scroll",b));}).call(this);(function(){google.jl={bfl:0,dw:false,ine:false,ubm:false,uwp:true,vs:false};})();(function(){var pmc='{\x22aa\x22:{},\x22abd\x22:{\x22abd\x22:false,\x22deb\x22:false,\x22det\x22:false},\x22async\x22:{},\x22cdos\x22:{\x22bih\x22:907,\x22biw\x22:1280,\x22cdobsel\x22:false,\x22dpr\x22:\x221\x22},\x22csi\x22:{},\x22d\x22:{},\x22gf\x22:{\x22pid\x22:196},\x22hsm\x22:{},\x22ifl\x22:{\x22lsf_is_launched\x22:true,\x22opts\x22:[{\x22href\x22:\x22/search?q\x3dkeming\\u0026csf\x3db\x22,\x22id\x22:\x22curious\x22,\x22msg\x22:\x22I\x27m Feeling Curious\x22},{\x22href\x22:\x22/search?q\x3drestaurants+nearby\x22,\x22id\x22:\x22hungry\x22,\x22msg\x22:\x22I\x27m Feeling Hungry\x22},{\x22href\x22:\x22/search?q\x3dbat+signal\\u0026csf\x3db\x22,\x22id\x22:\x22adventurous\x22,\x22msg\x22:\x22I\x27m Feeling Adventurous\x22},{\x22href\x22:\x22/search?q\x3dpacman\\u0026csf\x3db\x22,\x22id\x22:\x22playful\x22,\x22msg\x22:\x22I\x27m Feeling Playful\x22},{\x22href\x22:\x22/url?url\x3dhttps://www.google.com/search?q%3Dorion%2Bnebula%26um%3D1%26ie%3DUTF-8%26tbm%3Disch%26csf%3Db\x22,\x22id\x22:\x22stellar\x22,\x22msg\x22:\x22I\x27m Feeling Stellar\x22},{\x22href\x22:\x22/url?url\x3d/doodles\x22,\x22id\x22:\x22doodley\x22,\x22msg\x22:\x22I\x27m Feeling Doodley\x22},{\x22href\x22:\x22/url?url\x3dhttps://trends.google.com/hottrends\\u0026sa\x3dt\\u0026usg\x3dAOvVaw0hXgzDMTx66unZaN8ANJHA\x22,\x22id\x22:\x22trendy\x22,\x22msg\x22:\x22I\x27m Feeling Trendy\x22},{\x22href\x22:\x22/url?url\x3dhttps://artsandculture.google.com/asset/mwFGGdzKbfGMkg\\u0026sa\x3dt\\u0026usg\x3dAOvVaw1Y3jt8dys_B6FXzDDPRvOW\x22,\x22id\x22:\x22artistic\x22,\x22msg\x22:\x22I\x27m Feeling Artistic\x22},{\x22href\x22:\x22/url?url\x3dhttps://google.com/doodles/122nd-birthday-of-charlie-chaplin\\u0026sa\x3dt\\u0026usg\x3dAOvVaw2MYsQhe_ILrDR0bOczLeM9\x22,\x22id\x22:\x22funny\x22,\x22msg\x22:\x22I\x27m Feeling Funny\x22}]},\x22jsa\x22:{\x22csi\x22:true,\x22csir\x22:100},\x22mb4ZUb\x22:{},\x22mu\x22:{\x22murl\x22:\x22https://adservice.google.com/adsid/google/ui\x22},\x22pHXghd\x22:{},\x22sb_wiz\x22:{\x22rfs\x22:[],\x22scq\x22:\x2 | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"riskscore": 2,
"reasons": "The JavaScript code appears to be part of Google's error reporting and logging mechanism. It collects error information and sends it to a server for analysis. While this behavior is generally benign and intended for debugging and improving user experience, it does involve sending potentially sensitive error information over the network. However, there are no clear signs of malicious intent such as phishing or data exfiltration beyond error reporting."
} |
(function(){window.google.erd={jsr:1,bv:2013,sd:true,de:true};})();(function(){var sdo=false;var mei=10;
var h=this||self;var k,l=null!=(k=h.mei)?k:1,n,p=null!=(n=h.sdo)?n:!0,q=0,r,t=google.erd,v=t.jsr;google.ml=function(a,b,d,m,e){e=void 0===e?2:e;b&&(r=a&&a.message);void 0===d&&(d={});d.cad="ple_"+google.ple+".aple_"+google.aple;if(google.dl)return google.dl(a,e,d,!0),null;b=d;if(0>v){window.console&&console.error(a,b);if(-2===v)throw a;b=!1}else b=!a||!a.message||"Error loading script"===a.message||q>=l&&!m?!1:!0;if(!b)return null;q++;d=d||{};b=encodeURIComponent;var c="/gen_204?atyp=i&ei="+b(google.kEI);google.kEXPI&&(c+="&jexpid="+b(google.kEXPI));c+="&srcpg="+b(google.sn)+"&jsr="+b(t.jsr)+
"&bver="+b(t.bv);var f=a.lineNumber;void 0!==f&&(c+="&line="+f);var g=a.fileName;g&&(0<g.indexOf("-extension:/")&&(e=3),c+="&script="+b(g),f&&g===window.location.href&&(f=document.documentElement.outerHTML.split("\n")[f],c+="&cad="+b(f?f.substring(0,300):"No script found.")));google.ple&&1===google.ple&&(e=2);c+="&jsel="+e;for(var u in d)c+="&",c+=b(u),c+="=",c+=b(d[u]);c=c+"&emsg="+b(a.name+": "+a.message);c=c+"&jsst="+b(a.stack||"N/A");12288<=c.length&&(c=c.substr(0,12288));a=c;m||google.log(0,"",a);return a};window.onerror=function(a,b,d,m,e){r!==a&&(a=e instanceof Error?e:Error(a),void 0===d||"lineNumber"in a||(a.lineNumber=d),void 0===b||"fileName"in a||(a.fileName=b),google.ml(a,!1,void 0,!1,"SyntaxError"===a.name||"SyntaxError"===a.message.substring(0,11)||-1!==a.message.indexOf("Script error")?3:0));r=null;p&&q>=l&&(window.onerror=null)};})();;this.gbar_={CONFIG:[[[0,"www.gstatic.com","og.qtm.en_US.s-_8OiN4zAs.2019.O","com","en","538",0,[4,2,"","","","635413608","0"],null,"21RQZrbxHYOli-gPsu6j6A4",null,0,"og.qtm._yk4Kx1DLwg.L.W.O","AA2YrTstZieUcIRJsHgW4g1D6WRCneCt9Q","AA2YrTs74be_nloI4pEoaS7eJYnNYpJ4fQ","",2,1,200,"USA",null,null,"1","538",1,null,null,89978449,0],null,[1,0.1000000014901161,2,1],null,[0,0,0,null,"","","","",0,0,0],[0,0,"",1,0,0,0,0,0,0,null,0,0,null,0,0,null,null,0,0,0,"","","","","","",null,0,0,0,0,0,null,null,null,"rgba(32,33,36,1)","rgba(255,255,255,1)",0,0,1,null,null,1,0,0],null,null,["1","gci_91f30755d6a6b787dcc2a4062e6e9824.js","googleapis.client:gapi.iframes","","en"],null,null,null,null,["m;/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/am=AAAC/d=1/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/m=__features__","https://apis.google.com","","","","",null,1,"es_plusone_gc_20240331.0_p2","en",null,0],[0.009999999776482582,"com","538",[null,"","0",null,1,5184000,null,null,"",null,null,null,null,null,0,null,0,null,1,0,0,0,null,null,0,0,null,0,0,0,0,0],null,null,null,0,null,null,["5061451","google\\.(com|ru|ca|by|kz|com\\.mx|com\\.tr)$",1]],[1,1,null,40400,538,"USA","en","635413608.0",8,1,0,0,null,null,null,null,"3700949,3701310",null,null,null,"21RQZrbxHYOli-gPsu6j6A4",0,0,0,null,2,5,"eh",8,0,0,0,0,1,89978449,0],[[null,null,null,"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.s-_8OiN4zAs.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,q_d | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"riskscore": 1,
"reasons": "The provided JavaScript code appears to be part of a legitimate web page, likely from a search engine or similar service. It includes functionality for logging, event handling, and other typical web page operations. There are no obvious signs of malicious behavior such as credential stealing, unauthorized data exfiltration, or harmful actions. The code does not exhibit characteristics of phishing or malware. The presence of tracking and advertisement functionality is noted but considered no risk."
} |
(function(){var _g={kEI:'21RQZoX3HLj_7_UP9825gAo',kEXPI:'31',kBL:'myoP',kOPI:89978449};(function(){var a;(null==(a=window.google)?0:a.stvsc)?google.kEI=_g.kEI:window.google=_g;}).call(this);})();(function(){google.sn='webhp';google.kHL='en';})();(function(){
var h=this||self;function l(){return void 0!==window.google&&void 0!==window.google.kOPI&&0!==window.google.kOPI?window.google.kOPI:null};var m,n=[];function p(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||m}function q(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function r(a){/^http:/i.test(a)&&"https:"===window.location.protocol&&(google.ml&&google.ml(Error("a"),!1,{src:a,glmm:1}),a="");return a}
function t(a,b,c,d,k){var e="";-1===b.search("&ei=")&&(e="&ei="+p(d),-1===b.search("&lei=")&&(d=q(d))&&(e+="&lei="+d));d="";var g=-1===b.search("&cshid=")&&"slh"!==a,f=[];f.push(["zx",Date.now().toString()]);h._cshid&&g&&f.push(["cshid",h._cshid]);c=c();null!=c&&f.push(["opi",c.toString()]);for(c=0;c<f.length;c++){if(0===c||0<c)d+="&";d+=f[c][0]+"="+f[c][1]}return"/"+(k||"gen_204")+"?atyp=i&ct="+String(a)+"&cad="+(b+e+d)};m=google.kEI;google.getEI=p;google.getLEI=q;google.ml=function(){return null};google.log=function(a,b,c,d,k,e){e=void 0===e?l:e;c||(c=t(a,b,e,d,k));if(c=r(c)){a=new Image;var g=n.length;n[g]=a;a.onerror=a.onload=a.onabort=function(){delete n[g]};a.src=c}};google.logUrl=function(a,b){b=void 0===b?l:b;return t("",a,b)};}).call(this);(function(){google.y={};google.sy=[];google.x=function(a,b){if(a)var c=a.id;else{do c=Math.random();while(google.y[c])}google.y[c]=[a,b];return!1};google.sx=function(a){google.sy.push(a)};google.lm=[];google.plm=function(a){google.lm.push.apply(google.lm,a)};google.lq=[];google.load=function(a,b,c){google.lq.push([[a],b,c])};google.loadAll=function(a,b){google.lq.push([a,b])};google.bx=!1;google.lx=function(){};var d=[];google.fce=function(a,b,c,e){d.push([a,b,c,e])};google.qce=d;}).call(this);google.f={};(function(){
document.documentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("click",function(b){var a;a:{for(a=b.target;a&&a!==document.documentElement;a=a.parentElement)if("A"===a.tagName){a="1"===a.getAttribute("data-nohref");break a}a=!1}a&&b.preventDefault()},!0);}).call(this);(function(){google.hs={h:true,nhs:false,sie:false};})();(function(){google.c={btfi:false,c4t:true,caf:false,cap:2000,cfr:false,cgpbc:false,cvb:true,di:false,fla:false,fli:false,frvt:true,gl:true,idt:16,inpp:98,inpsr:0.01,irsf:false,lfdt:50,lfsr:0.0,lhc:false,linp:true,llt:false,lsb:true,lsbsr:0.01,mais:false,marb:true,mcc:false,raf:false,si:true,sidt:200,sisr:0.01,sxs:false,taf:true,timl:false,tprc:false,vis:true,wh0:false,whu:false};})();(function(){
var p=this||self;window.google=w | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"riskscore": 0,
"reasons": "The provided JavaScript code appears to be related to Google's functionality, including handling asynchronous tasks, tracking page load times, and managing user interactions. There is no indication of malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The code includes some tracking and advertisement functionality, which is considered no risk as per the given instructions."
} |
(function(){google.caft=function(a){if(null===google.aftq)try{a()}catch(b){google.ml(b,!1)}else google.aftq=google.aftq||[],google.aftq.push(a)};window.google=window.google||{};google.c.iim=google.c.iim||{};(function(){var a=Date.now();google.tick("load","prt",a);google.c.e("load","imn",String(document.getElementsByTagName("img").length));google.c.ub();google.c.cae||google.c.maft(a,null);google.c.miml(a);google.rll(window,!1,function(){google.tick("load","old")})})();}).call(this);(function(){window.google=window.google||{};window.google.ishk=[];function a(){return window.scrollY+window.document.documentElement.clientHeight>=Math.max(document.body.scrollHeight,document.body.offsetHeight)}function b(){a()&&0===window.google.ishk.length&&(window.google.bs=!0,window.removeEventListener("scroll",b))}a()?window.google.bs=!0:(window.google.bs=!1,window.addEventListener("scroll",b));}).call(this);(function(){google.jl={bfl:0,dw:false,ine:false,ubm:false,uwp:true,vs:false};})();(function(){var pmc='{\x22aa\x22:{},\x22abd\x22:{\x22abd\x22:false,\x22deb\x22:false,\x22det\x22:false},\x22async\x22:{},\x22cdos\x22:{\x22bih\x22:907,\x22biw\x22:1280,\x22cdobsel\x22:false,\x22dpr\x22:\x221\x22},\x22csi\x22:{},\x22d\x22:{},\x22gf\x22:{\x22pid\x22:196},\x22hsm\x22:{},\x22ifl\x22:{\x22lsf_is_launched\x22:true,\x22opts\x22:[{\x22href\x22:\x22/search?q\x3dConway\x27s+game+of+life\\u0026csf\x3db\x22,\x22id\x22:\x22curious\x22,\x22msg\x22:\x22I\x27m Feeling Curious\x22},{\x22href\x22:\x22/search?q\x3dpizza+near+me\x22,\x22id\x22:\x22hungry\x22,\x22msg\x22:\x22I\x27m Feeling Hungry\x22},{\x22href\x22:\x22/search?q\x3dbat+signal\\u0026csf\x3db\x22,\x22id\x22:\x22adventurous\x22,\x22msg\x22:\x22I\x27m Feeling Adventurous\x22},{\x22href\x22:\x22/url?url\x3dhttps://google.com/doodles/wilbur-scovilles-151st-birthday\\u0026sa\x3dt\\u0026usg\x3dAOvVaw3n7tv5Kw-LIkbL5OE5_K0i\x22,\x22id\x22:\x22playful\x22,\x22msg\x22:\x22I\x27m Feeling Playful\x22},{\x22href\x22:\x22/url?url\x3dhttps://www.google.com/search?q%3Dorion%2Bnebula%26um%3D1%26ie%3DUTF-8%26tbm%3Disch%26csf%3Db\x22,\x22id\x22:\x22stellar\x22,\x22msg\x22:\x22I\x27m Feeling Stellar\x22},{\x22href\x22:\x22/search?q\x3dgoogle+doodles\\u0026csf\x3db\x22,\x22id\x22:\x22doodley\x22,\x22msg\x22:\x22I\x27m Feeling Doodley\x22},{\x22href\x22:\x22/url?url\x3dhttps://trends.google.com/hottrends\\u0026sa\x3dt\\u0026usg\x3dAOvVaw0hXgzDMTx66unZaN8ANJHA\x22,\x22id\x22:\x22trendy\x22,\x22msg\x22:\x22I\x27m Feeling Trendy\x22},{\x22href\x22:\x22/url?url\x3dhttps://artsandculture.google.com/partner/the-munch-museum-oslo\\u0026sa\x3dt\\u0026usg\x3dAOvVaw1aEEkHB_PCgR6wV0eTK5Wk\x22,\x22id\x22:\x22artistic\x22,\x22msg\x22:\x22I\x27m Feeling Artistic\x22},{\x22href\x22:\x22/search?q\x3dfriends+chandler\\u0026csf\x3db\x22,\x22id\x22:\x22funny\x22,\x22msg\x22:\x22I\x27m Feeling Funny\x22}]},\x22jsa\x22:{\x22csi\x22:true,\x22csir\x22:100},\x22mb4ZUb\x22:{},\x22mu\x22:{\x22murl\x22:\x22https://adservice.google.com/adsid/google/ui\x22},\x22pHXghd\x | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"riskscore": 1,
"reasons": "The JavaScript code appears to be part of Google's error reporting and logging mechanism. It collects error information and sends it to a Google endpoint for analysis. There is no indication of malicious activity such as phishing or data exfiltration beyond error reporting. The code is consistent with legitimate error tracking and debugging practices."
} |
(function(){window.google.erd={jsr:1,bv:2013,sd:true,de:true};})();(function(){var sdo=false;var mei=10;
var h=this||self;var k,l=null!=(k=h.mei)?k:1,n,p=null!=(n=h.sdo)?n:!0,q=0,r,t=google.erd,v=t.jsr;google.ml=function(a,b,d,m,e){e=void 0===e?2:e;b&&(r=a&&a.message);void 0===d&&(d={});d.cad="ple_"+google.ple+".aple_"+google.aple;if(google.dl)return google.dl(a,e,d,!0),null;b=d;if(0>v){window.console&&console.error(a,b);if(-2===v)throw a;b=!1}else b=!a||!a.message||"Error loading script"===a.message||q>=l&&!m?!1:!0;if(!b)return null;q++;d=d||{};b=encodeURIComponent;var c="/gen_204?atyp=i&ei="+b(google.kEI);google.kEXPI&&(c+="&jexpid="+b(google.kEXPI));c+="&srcpg="+b(google.sn)+"&jsr="+b(t.jsr)+
"&bver="+b(t.bv);var f=a.lineNumber;void 0!==f&&(c+="&line="+f);var g=a.fileName;g&&(0<g.indexOf("-extension:/")&&(e=3),c+="&script="+b(g),f&&g===window.location.href&&(f=document.documentElement.outerHTML.split("\n")[f],c+="&cad="+b(f?f.substring(0,300):"No script found.")));google.ple&&1===google.ple&&(e=2);c+="&jsel="+e;for(var u in d)c+="&",c+=b(u),c+="=",c+=b(d[u]);c=c+"&emsg="+b(a.name+": "+a.message);c=c+"&jsst="+b(a.stack||"N/A");12288<=c.length&&(c=c.substr(0,12288));a=c;m||google.log(0,"",a);return a};window.onerror=function(a,b,d,m,e){r!==a&&(a=e instanceof Error?e:Error(a),void 0===d||"lineNumber"in a||(a.lineNumber=d),void 0===b||"fileName"in a||(a.fileName=b),google.ml(a,!1,void 0,!1,"SyntaxError"===a.name||"SyntaxError"===a.message.substring(0,11)||-1!==a.message.indexOf("Script error")?3:0));r=null;p&&q>=l&&(window.onerror=null)};})();;this.gbar_={CONFIG:[[[0,"www.gstatic.com","og.qtm.en_US.s-_8OiN4zAs.2019.O","com","en","538",0,[4,2,"","","","635413608","0"],null,"_FRQZo32M6Svi-gPoteH-As",null,0,"og.qtm._yk4Kx1DLwg.L.W.O","AA2YrTstZieUcIRJsHgW4g1D6WRCneCt9Q","AA2YrTs74be_nloI4pEoaS7eJYnNYpJ4fQ","",2,1,200,"USA",null,null,"1","538",1,null,null,89978449,0],null,[1,0.1000000014901161,2,1],null,[0,0,0,null,"","","","",0,0,0],[0,0,"",1,0,0,0,0,0,0,null,0,0,null,0,0,null,null,0,0,0,"","","","","","",null,0,0,0,0,0,null,null,null,"rgba(32,33,36,1)","rgba(255,255,255,1)",0,0,1,null,null,1,0,0],null,null,["1","gci_91f30755d6a6b787dcc2a4062e6e9824.js","googleapis.client:gapi.iframes","","en"],null,null,null,null,["m;/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/am=AAAC/d=1/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/m=__features__","https://apis.google.com","","","","",null,1,"es_plusone_gc_20240331.0_p2","en",null,0],[0.009999999776482582,"com","538",[null,"","0",null,1,5184000,null,null,"",null,null,null,null,null,0,null,0,null,1,0,0,0,null,null,0,0,null,0,0,0,0,0],null,null,null,0,null,null,["5061451","google\\.(com|ru|ca|by|kz|com\\.mx|com\\.tr)$",1]],[1,1,null,40400,538,"USA","en","635413608.0",8,1,0,0,null,null,null,null,"3700949,3701310",null,null,null,"_FRQZo32M6Svi-gPoteH-As",0,0,0,null,2,5,"eh",24,0,0,0,0,1,89978449,0],[[null,null,null,"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.s-_8OiN4zAs.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,q_ | |
| URL: https://www.google.com/ Model: gpt-4o | ```json
{
"riskscore": 1,
"reasons": "The provided JavaScript code appears to be from a legitimate site, likely Google, based on the variable names and functionality. It includes typical operations such as event listeners for form submissions and clicks, logging functions, and other standard web functionalities. There are no obvious signs of malicious behavior such as data exfiltration, credential harvesting, or unauthorized access attempts. The code does not contain any suspicious patterns or obfuscated strings that are commonly associated with malicious scripts."
} |
(function(){var _g={kEI:'_FRQZtuEM6rZ7_UPvImt4Aw',kEXPI:'31',kBL:'myoP',kOPI:89978449};(function(){var a;(null==(a=window.google)?0:a.stvsc)?google.kEI=_g.kEI:window.google=_g;}).call(this);})();(function(){google.sn='webhp';google.kHL='en';})();(function(){
var h=this||self;function l(){return void 0!==window.google&&void 0!==window.google.kOPI&&0!==window.google.kOPI?window.google.kOPI:null};var m,n=[];function p(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||m}function q(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;return b}function r(a){/^http:/i.test(a)&&"https:"===window.location.protocol&&(google.ml&&google.ml(Error("a"),!1,{src:a,glmm:1}),a="");return a}
function t(a,b,c,d,k){var e="";-1===b.search("&ei=")&&(e="&ei="+p(d),-1===b.search("&lei=")&&(d=q(d))&&(e+="&lei="+d));d="";var g=-1===b.search("&cshid=")&&"slh"!==a,f=[];f.push(["zx",Date.now().toString()]);h._cshid&&g&&f.push(["cshid",h._cshid]);c=c();null!=c&&f.push(["opi",c.toString()]);for(c=0;c<f.length;c++){if(0===c||0<c)d+="&";d+=f[c][0]+"="+f[c][1]}return"/"+(k||"gen_204")+"?atyp=i&ct="+String(a)+"&cad="+(b+e+d)};m=google.kEI;google.getEI=p;google.getLEI=q;google.ml=function(){return null};google.log=function(a,b,c,d,k,e){e=void 0===e?l:e;c||(c=t(a,b,e,d,k));if(c=r(c)){a=new Image;var g=n.length;n[g]=a;a.onerror=a.onload=a.onabort=function(){delete n[g]};a.src=c}};google.logUrl=function(a,b){b=void 0===b?l:b;return t("",a,b)};}).call(this);(function(){google.y={};google.sy=[];google.x=function(a,b){if(a)var c=a.id;else{do c=Math.random();while(google.y[c])}google.y[c]=[a,b];return!1};google.sx=function(a){google.sy.push(a)};google.lm=[];google.plm=function(a){google.lm.push.apply(google.lm,a)};google.lq=[];google.load=function(a,b,c){google.lq.push([[a],b,c])};google.loadAll=function(a,b){google.lq.push([a,b])};google.bx=!1;google.lx=function(){};var d=[];google.fce=function(a,b,c,e){d.push([a,b,c,e])};google.qce=d;}).call(this);google.f={};(function(){
document.documentElement.addEventListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c||"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("click",function(b){var a;a:{for(a=b.target;a&&a!==document.documentElement;a=a.parentElement)if("A"===a.tagName){a="1"===a.getAttribute("data-nohref");break a}a=!1}a&&b.preventDefault()},!0);}).call(this);(function(){google.hs={h:true,nhs:false,sie:false};})();(function(){google.c={btfi:false,c4t:true,caf:false,cap:2000,cfr:false,cgpbc:false,cvb:true,di:false,fla:false,fli:false,frvt:true,gl:true,idt:16,inpp:98,inpsr:0.01,irsf:false,lfdt:50,lfsr:0.0,lhc:false,linp:true,llt:false,lsb:true,lsbsr:0.01,mais:false,marb:true,mcc:false,raf:false,si:true,sidt:200,sisr:0.01,sxs:false,taf:true,timl:false,tprc:false,vis:true,wh0:false,whu:false};})();(function(){
var p=this||self;window.google=w |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2677 |
| Entropy (8bit): | 3.9876576763235807 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 5EA6630C95A4E7FA3692AE0804B2B430 |
| SHA1: | E4CC65E78A3CDCB269C245BC7EEA245F29B4AE07 |
| SHA-256: | CED84F8776D99277100ACFFFB54E77AF27882B0DE050BB3497893CAC2673393B |
| SHA-512: | 88536F6FEDC79629D2A91FF0D504DEB9CA520F8144242D484D0BF8C2E4EB5A69D7052E317E4261D2069D2E5814C4676D60F5EA58F9B18494AD3872597C000721 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2679 |
| Entropy (8bit): | 4.00548825519568 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 321978137BCB343507C28BB080451A57 |
| SHA1: | 0FFFE6A2E3FA4CA8EAC761A69D6FDC087DDAFC83 |
| SHA-256: | 11BACDB10D864086EB52D0F683F61727F72C645AD09FBB669851AAB22989E10E |
| SHA-512: | 6CDE82F3F2FB77A17323AD7AF1A8E5F55CD816DC00ABE23AED13FAB76F59BB398B461FDD60854712897C308A928DE68ED40AFD840ECB68C336885779989F4F85 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2693 |
| Entropy (8bit): | 4.013154154789867 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B71680563EEC7BD5F43A22A50BA176B8 |
| SHA1: | 68551B578FE5FA731128AE788033E07EFE257CDE |
| SHA-256: | 2A2711A2E9265E03D30BFD1890CFDFA6133A37879BB8D82F73C548AA5D7533AA |
| SHA-512: | 2F1A0E32F0E43FB5ADD7E5C30087F015B55421AC2FA323C614C3EA8C1AA0F79BA5E312C174627FE312E307E7518A001C76B6FD36AA8E392E19641018E7751854 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2681 |
| Entropy (8bit): | 4.002864084013195 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 1755719952B311D8D6BB91F0CF7C924D |
| SHA1: | ABD18645CD6F2D44051464FAE687F68B6036C7AF |
| SHA-256: | 0276071B96A929969CB952CB398D23FAC69A346E3792C21A1B83FB2EE97FA177 |
| SHA-512: | 9D16E42B8D0F331341785DAD5725ED01B4CFC029791209D42F0C1BCEE08F2DBFF8926809103BBA4E3070EF6BB61A8017870AE22C53BADA33E8341B4D2D2AC27E |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2681 |
| Entropy (8bit): | 3.9902647490847936 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 78F2AA0556EC429E801DA22D3B5A8D4B |
| SHA1: | FE7A98BC9D15BCAF92A89BABA41641BFF94F28AF |
| SHA-256: | 44ADF71A86EF096E716D110F42A10ABECDD5CCDECD2F24CCA39134C157823761 |
| SHA-512: | 484FAC7CE2CC424DB2C3A3BC83662F9DB4D90DED258F0B819E9C64A646B3171B1712200178127603232A24CAD2DAEE684BC2E952FBF9F6449CDC237800865A06 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2683 |
| Entropy (8bit): | 4.005175751874429 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 6425F20FFE4C87049906143C74D2B4DD |
| SHA1: | 6A26A0880664C9A07AB6F1316B3AFA42131B2604 |
| SHA-256: | E8C7447387C8D5BF476D19FA180344CC7BBDA746AA2A9A3CB3156770FFAE9290 |
| SHA-512: | 2139745E3DA9AA23541FA6F08791D5E4A9CFF3192F1E1E912E4015A88DBD49958AC2498A242A5D6CCFAB51EEEA11614C48DEA829449B4AA62A79CD1245ED060D |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 1424 |
| Entropy (8bit): | 5.3558308963293335 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 71985D87FFE5043172104A74D3993013 |
| SHA1: | 6941F33823CA2149250F02A80A501F5DDBAD03BC |
| SHA-256: | D4A8021152815995EA08AB632AD11091A7E8F338C2886228FB356DFCFBFE9491 |
| SHA-512: | 0C7CF1EB65CCE42C3DE78C46E6E9003CDF8FF8747541119D3661840031FAB690008674C0FAB0FD3050654F660F0F015C9ED0EC305F5D2B6F57BBDDD5EFACF953 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.NCTQ3dd03yA.es5.O/ck=boq-one-google.OneGoogleWidgetUi.lQxTU8GKLk0.L.B1.O/am=kMCgYwM/d=1/exm=A7fCU,BVgquf,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,RqjULd,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,yYB61,zbML3c,zr1jrb/excm=_b,_tp,calloutview/ed=1/wt=2/ujg=1/rs=AM-SdHsTI3q6vvbdb-sbVRbV-focfxiANQ/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=bm51tf" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 84 |
| Entropy (8bit): | 5.2388191729027955 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B80A35DD58C051B8747F8C8B99CADC24 |
| SHA1: | 9B345B3AB87214EBA2EB7FB1ADBACB208D800ED6 |
| SHA-256: | 8FAE450379E278FFF373D4927CA699039560DE6CD918FAF2EE8B025713591C22 |
| SHA-512: | 8E4DF14BCE3C15145F7B28C1A12D34FDD3CE3C77E19CD7EA20D2CD8375AA2D4EC21C514AD3A6BD87629CF575F13EA3C59BDB9BA67CE1DBDC1728CF5C36BA4E99 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 131 |
| Entropy (8bit): | 4.796729704981251 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 37A93D84542301FD3781C5AC905D8C3F |
| SHA1: | 6E62194831B5523340DE9837CCBA73349F73C76F |
| SHA-256: | 6630175A6AC62DD800776B5D9C9C1DDB61A12535D287E265F4610E355922F479 |
| SHA-512: | B43EBB9D27B54AAED5F2154B23ABA9BF019ADF86C32639CFC99D5B711D5EB02540D65608686CDF4A9CE8C0750D95ABF10988E05061217D283697F93681EB77D4 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=192.243.59.&oit=4&cp=11&pgcl=4&gs_rn=42&psi=FuJIYVMmMHW0-1t3&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 84 |
| Entropy (8bit): | 5.343044024119028 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 86D42BD2D665122541A3550C417EAFA6 |
| SHA1: | FC446D39966A1824752F73227E679CF0CBBD0770 |
| SHA-256: | 9DCA2B140A8F1217C9D965097B71390C7F057BD28FCFE11D642959EFCA8DDA0A |
| SHA-512: | 07ACBF315E15E1DEEE6392B40F71342F3107809A5172397084B0F22CE3475FD3D63530A746EE5D0C71C0423AFEB272973FF021BD673B7BB169B646B80436D8B3 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5969 |
| Entropy (8bit): | 7.949719859611916 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 8F9327DB2597FA57D2F42B4A6C5A9855 |
| SHA1: | 1737D3DFB411C07B86ED8BD30F5987A4DC397CC1 |
| SHA-256: | 5776CD87617EACEC3BC00EBCF530D1924026033EDA852F706C1A675A98915826 |
| SHA-512: | B807694ED1EF6DFA6CB5D35B46526FF9584D9AAD66CE4DC93CDEB7B8B103A7C78369D1141D53F092EDDEA0441E982D3A16DF6E98959A5557C288B580CF5191E6 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 5430 |
| Entropy (8bit): | 3.6534652184263736 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F3418A443E7D841097C714D69EC4BCB8 |
| SHA1: | 49263695F6B0CDD72F45CF1B775E660FDC36C606 |
| SHA-256: | 6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770 |
| SHA-512: | 82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/favicon.ico |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 6368 |
| Entropy (8bit): | 6.0864070584360555 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 801518B188A7FF7E71C3B41ED2C72DD0 |
| SHA1: | ED8B145F8A6359C11E0D3698C9C7DE9B674294F6 |
| SHA-256: | 07622E08871C9F7947728152365782D93181D19BC1D6A6B81396F96B7379BCC3 |
| SHA-512: | C6652C9AEBD5579331F7A3B9865EA66F9B273081BEFC6CE46CAF9815667FE458F0E9B585AC5AD84FE05B7D1395F6C8B25EA272FE4DFDF877B6B5629472AD7733 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=21RQZoX3HLj_7_UP9825gAo.1716540634851&dpr=1&nolsbt=1 |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 24249 |
| Entropy (8bit): | 5.427430237649541 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B35C4599C097E84AAEA4D52DE805FB60 |
| SHA1: | 905B237E44262B9E557192A97FA9E44AB7D885CD |
| SHA-256: | F22D17F03102F0FC7D6FD69F87A88043CA4E0184D7CEA5D4863EBE7E47838A39 |
| SHA-512: | 2BF592617F19AC15FDC5473042929892FFC4CEB0097752D685263D173F229F1EA320E2A2DD5E27303D6E24211564B399EC6CED42BC132DE4256819E72AE6A54A |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.google.com/xjs/_/js/k=xjs.hd.en.0rxFBJhsdCU.O/ck=xjs.hd.NZMlOe2MUXU.L.B1.O/am=AEYBAAAAAAAABgAAAAAAAAAAAAAAAAAQAAABAAAAAKQA-gkHQAGwIQgAAEAAAACAEAAAAQAIwHsAIARQAAIBADAATBCAhzIBAAQyAQEQQASQBAI5CABABCMMQCoAMAAAAAABEgAAAA4gYACBAREAAQ8hAIABnSAACwAACWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0/d=1/exm=B2qlPe,DhPYme,GU4Gab,MpJwZc,NzU6V,SNUn3,UUJqVe,Wo3n8,aa,abd,async,cEt90b,cdos,csi,d,dtl0hd,eHDfl,epYOx,hsm,ifl,jsa,mb4ZUb,ms4mZb,mu,pHXghd,q0xTif,qddgKe,s39S4,sOXFj,sTsDMc,sb_wiz,sf,sonic,spch/ed=1/dg=0/br=1/ujg=1/rs=ACT90oGmDdPioDKXRZKsNEhyUfK8BWUhtw/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:VruDBd;eHDfl:ofjVkb;eO3lse:nFClrf;fWLTFc:TVBJbf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uknmt:GkPrzb;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=CnSW2d,DPreE,P10Owf,WlNQGd,fXO0xe,gSZvdb,nabPbb?xjs=s2" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 929 |
| Entropy (8bit): | 5.579339795962667 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 855866AF3D3ECE0C7E4CF0DC3E6FD767 |
| SHA1: | 200BCEEFB88155EC400C7536AE41362BE25C4EE0 |
| SHA-256: | 342538718FFE846C5CC2AC117F62E02AD2E88800BD4F65F2A816FF02D821E3C8 |
| SHA-512: | E6A45B4938E908780B7589EF30866299B26787FC78F38FC61D3F54DDCD06174B6FD10A635FF0B62D073C5F0814DA2C46DD263146D5723EB3C2F5FD9679751427 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=192&oit=4&cp=3&pgcl=4&gs_rn=42&psi=FuJIYVMmMHW0-1t3&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 84 |
| Entropy (8bit): | 5.253641940734182 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 1F7DB2BAD7B81830F790888C3EE49B90 |
| SHA1: | 9276678DF7410A6D4D9461CA1469E328393FB0F3 |
| SHA-256: | AF20EA66E85C711683D4166A65D0FF818F472898020F63CBF1C42ECD390DB6D6 |
| SHA-512: | 6F13260DD0D9BC575F61CED530B6C3E3086F42585DF4F6CFC8EAD8F3D461F08E5877827551B2C3F9D74B1F925E107A0D345775C854A8B5B2CDB0F37755DE3418 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 581 |
| Entropy (8bit): | 4.794171768178413 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 44C55DA9625461F5D4956FE0A16E5270 |
| SHA1: | B21F070AE0677DA0CADC2DE035BEA6E84DF3F16C |
| SHA-256: | FA2C5F4E60BB1B659BBC5089F8742E11D83074C1C8ACF8DB419D497AA9FB0C00 |
| SHA-512: | FD10922ED80A3D84843ABC092F9AE8D141A39F90BC90F1942BDB53CF373E1BD68421280D6B32393B2E7CC623F9B32245681C0D489B0364867C45881DD94DDD0E |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=photo&oit=1&cp=5&pgcl=4&gs_rn=42&psi=FuJIYVMmMHW0-1t3&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 130 |
| Entropy (8bit): | 4.789660625746157 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 5E462C420EC2637E3F93DF1762506944 |
| SHA1: | 282487FA1EDDC0E0AB3C60E54AEB2956741E7F52 |
| SHA-256: | C625FC771D9DABDF98808AAD43D945B0F2FF451881228442703D910884D5A586 |
| SHA-512: | BA5B35C3ECCF681D9BE597E8FC63920462BC6C42B0FE1033406ED30D0111946A808FEE72F9406C9417E567E6A7DF109AA96CA4F792869081D8A037A687129C78 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=192.243.59&oit=4&cp=10&pgcl=4&gs_rn=42&psi=FuJIYVMmMHW0-1t3&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 202853 |
| Entropy (8bit): | 5.853855677504104 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 15C3E889CBB643FA018D5EF355AC498E |
| SHA1: | 9EACDF9F5C737BD085389501052844328A8F69ED |
| SHA-256: | F4B44EA91E090AE67F77AC72725DEF9390819BB4E9009AFE7D6AAA385C70CED0 |
| SHA-512: | E6B9EC4F75445E317060B5BDFEBDFFE446E5A9A81997955BC2EE17CA3ADDA25CE10A125DC4CA03B5524689F6ECD5310A3C468056866388A55B6F93212BEDE005 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/ |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 84 |
| Entropy (8bit): | 5.286438220521843 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 43183806704CB67B93E0814D799A6A95 |
| SHA1: | C5C9B1B24D0B11DAF743890849782980C03A7199 |
| SHA-256: | 8F223E5A578846E931A739474C980E33D16B995E0746FF8972BE1ABED55CE97D |
| SHA-512: | 2E5D7271D5B0D4BC340C88E6FF21B91D39AE1AAA96585C6379813BFE548D63F9578935D38E83FDEADA3F2844B4C352DED3F75282A4B42680DE3C405EE115DEF7 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.google.com/async/hpba?vet=10ahUKEwiBrNHx86WGAxVq_7sIHQY3CpIQj-0KCBU..i&ei=jlRQZoGtAur-7_UPhu6okAk&opi=89978449&yv=3&cs=0&async=isImageHp:false,eventId:jlRQZoGtAur-7_UPhu6okAk,_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.0rxFBJhsdCU.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAIQACgAAQAEAAAgAAAAAAACAEAAAAQAIwHsAIAQQAAIBADAARBCAhzIBAAQwAQAAAAQABAIgCAAABAAAACgAAAAAAAAAAAAAAA4gQAAAAAAAAAAAAAAAnQAAAgAAAWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oGzkRT4PxqiIQeqNluSxrmI588KJQ,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.NZMlOe2MUXU.L.B1.O%2Fam%3DAEYBAAAAAAAABgAAAAAAAAAAAAAAAAAQAAABAAAAAKAA8AkHQACwIQAAAEAAAAAAAAAAAQAAgHEAAABAAAIBADAACBAAAAAAAAQCAAEQQASQBAIZCABABCMMQCoAMAAAAAABEgAAAAAgIACBAREAAQ8hAIABnSAACQAACGAAQQAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAACAACAAgAAAAAAAAAAAAAAAAAAQA%2Fbr%3D1%2Frs%3DACT90oFOfE0vJfii7J3wB2SRV5OC7jYw4w,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.0rxFBJhsdCU.O%2Fck%3Dxjs.hd.NZMlOe2MUXU.L.B1.O%2Fam%3DAEYBAAAAAAAABgAAAAAAAAAAAAAAAAAQAAABAAAAAKQA-gkHQAGwIQgAAEAAAACAEAAAAQAIwHsAIARQAAIBADAATBCAhzIBAAQyAQEQQASQBAI5CABABCMMQCoAMAAAAAABEgAAAA4gYACBAREAAQ8hAIABnSAACwAACWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oGmDdPioDKXRZKsNEhyUfK8BWUhtw,_fmt:prog,_id:a3JU5b" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 474 |
| Entropy (8bit): | 4.897027990340374 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 24529C202DAC01481FC341D78702339B |
| SHA1: | DA307FBC74E1244C7656CF0E5855C8C53CB6DFA0 |
| SHA-256: | 425888F138662CA5E911BD52B623947E7A058F00D20506D7835DB4B2DA2BA0A4 |
| SHA-512: | FDC9F96DE1B0CC4A0436F8565FA3C02AD8FEF56B69613341436A4F24D76A58AF85DBB5388339766B0F52528D18BBDC95A1732EAA4DC01E416F2B78F92D13EAED |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=surgicalconceivedrighteous&oit=1&cp=26&pgcl=4&gs_rn=42&psi=FuJIYVMmMHW0-1t3&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 797 |
| Entropy (8bit): | 5.144359253609236 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 8128F31F739713EFB49D7E8225853F65 |
| SHA1: | 5C0F3E079A6163822DDC748B5B7AAD54729A3602 |
| SHA-256: | 6456DF460184EC0636F90CA69E00D58EBF2D7E5AB8FE1043EE255109C647EE07 |
| SHA-512: | B0E66C864E046EED8E0CE2C74644D899592A49D930971A07A0A74C3F59A4193D5EF92F3274374AF37840691EC79D670D9B05E20F754741DE05AB4C11B9B7F5F6 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 500 |
| Entropy (8bit): | 4.733101001493226 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 018B67D6898B0D590AFA92D1771089E6 |
| SHA1: | 829E14E3257A0498B8427B080AAD0FC9979BB333 |
| SHA-256: | D19964EC243CA2307EF6CA1A94AC72AA4A1E25C023BED5E669E60E06286F7510 |
| SHA-512: | 84C034791B55E0D377E2A4474E13500A5FEED7AE80A31928402726A2534526A7B1C1FC368714CCDDF220110A4BEE5264630E8CF2216C78B96B06B8E700803C65 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=192.2&oit=4&cp=5&pgcl=4&gs_rn=42&psi=FuJIYVMmMHW0-1t3&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 18822 |
| Entropy (8bit): | 5.4108295841276135 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | CC8410DD05BB839B207DA7A8A586CD5D |
| SHA1: | A55D04CF57E4006EC5F0A9E1359B150FE7A1D0B0 |
| SHA-256: | A7F09679DEC75A59515B70DE38099B7EBF8CF3A4B7D91B44187B8116EF197544 |
| SHA-512: | 0B097CF13ABE19CC7B05CDA75A47D10ED1E60234133C0BB0B6239ABEA8CFB9EA94AB666B4281A00B284F26029FFCC91D760B7E9B88FBE5B1271C8502F29F07A3 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.NCTQ3dd03yA.es5.O/ck=boq-one-google.OneGoogleWidgetUi.lQxTU8GKLk0.L.B1.O/am=kMCgYwM/d=1/exm=A7fCU,BVgquf,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,yYB61,zbML3c,zr1jrb/excm=_b,_tp,calloutview/ed=1/wt=2/ujg=1/rs=AM-SdHsTI3q6vvbdb-sbVRbV-focfxiANQ/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=RqjULd" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 1282 |
| Entropy (8bit): | 7.514824246756376 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 45BCA3103E87D420C4DE15E2FF637BD8 |
| SHA1: | 28CDFD2AB45BBB3A4EF013CC396A770A82D969E0 |
| SHA-256: | 877F1E79C6B7BDC7F44AB70673FD22F21FBBE4237FCDC8464317D522B9B39D64 |
| SHA-512: | 10853949384BF9F3AE31A8FAAA7D88E0A6A330270F4F873CB47EFBA80623C2CA473C39E7A1F1FCC112A882742BFC32260091ECBAA709359416A59E6E23AEA726 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRHFP8zjSUc_vJijxFj_FLIqPirbnTnjMFfzv3pqpmYmEqukywLKwW86v4&s=10 |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 410 |
| Entropy (8bit): | 4.856773880246635 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 6877DC2B30510BC4C99CA9B9B73F4648 |
| SHA1: | 3879A029F31B4D6EB6B34612CAE2A40C82816BBA |
| SHA-256: | 4935990A5B2DF77A9F9B36AD7F1A731C1AE8175016AF94CCC6B0F45D4728D314 |
| SHA-512: | 686DFC46C40E7502F12C238742517B679021F14545EE0D17B3B61AFA7B197D4113F4479976DC26CB6F321FDAC000F8A2C299B483E4583BE38F2FB4A4850FFB4A |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=surgicalconceivedright&oit=1&cp=22&pgcl=4&gs_rn=42&psi=FuJIYVMmMHW0-1t3&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 1670 |
| Entropy (8bit): | 5.336740204091077 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 12AE52AF018C7387313B4801574E1D59 |
| SHA1: | 11FAED5F65C09F5FDA3FDA7F9562D08BF33E8A69 |
| SHA-256: | D4756CC416CAC97AD9D352B02683C440658005329095DF8BA573AAA6741876E0 |
| SHA-512: | 0A93EF3FCC0DCD9C0EAA4E86E4CE85F39DD6595C157422CBFCBC91B270C06368916804F8DD75D696C70422CBCD1DB5A184E9D039600232866EC8008D32306A2C |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.google.com/xjs/_/js/k=xjs.hd.en.0rxFBJhsdCU.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAIQACgAAQAEAAAgAAAAAAACAEAAAAQAIwHsAIAQQAAIBADAARBCAhzIBAAQwAQAAAAQABAIgCAAABAAAACgAAAAAAAAAAAAAAA4gQAAAAAAAAAAAAAAAnQAAAgAAAWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0/d=0/dg=0/br=1/rs=ACT90oGzkRT4PxqiIQeqNluSxrmI588KJQ/m=kMFpHd,sy8x,bm51tf?xjs=s3" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 833 |
| Entropy (8bit): | 5.329958267795506 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 4119C48CB407B0B6CEA237526E3DFF10 |
| SHA1: | 8961A0008A191D84A15EA2AD48DF8646566122F8 |
| SHA-256: | 219FEF17DFAF6289CB75957510D48253B2C021585D6056ADD2B617F73929CAA4 |
| SHA-512: | F8617F8ED57807F013D2140916042F5F419A86EDDDBC5AD1D9C9BAFEC7175C9692AE68FBA110C5E308B8781454CE991EFDDEC5981692AA3C4B4DE79EDB787E3E |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 2091 |
| Entropy (8bit): | 7.8938748179764 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 6282A05D151E7D0446C655D1892475E2 |
| SHA1: | B2B05F319DA0E73250200AE9BB518A318D6B4C5D |
| SHA-256: | 4CAB9CF78FD7C85AE2236CDD47B905FA4173F664946DFAB008591B3CFE4280B7 |
| SHA-512: | DF0C4C01555430BD2AFAD409E40A422F5EFB0ED9B6E86168874B46312FFC0BA7CA2B5503E49858035056C342A83CBC42721AA89077BD2E1F698692AF4277BAB5 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/images/hpp/ic_wahlberg_product_core_48.png8.png |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 1573 |
| Entropy (8bit): | 5.102047332815111 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 92053C4C387222D2ED4FEFF105CC24DD |
| SHA1: | 10A2FBD91F3AB733825898FDC5613D7BC272AB12 |
| SHA-256: | BDDEC8214DAD1BBA5A3E4E1C823262F1E84DCC0006E2ADF83810753DFFF1CE77 |
| SHA-512: | EEDE34D07748F051E2D642193332441601A3C8B1468CCD35877F19CB746D7DDBA2189CB83E7D43A5FDEE8D0B08DF14AD6BADEA05510601B4540AFB07AF422EC1 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.google.com/xjs/_/js/k=xjs.hd.en.0rxFBJhsdCU.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAIQACgAAQAEAAAgAAAAAAACAEAAAAQAIwHsAIAQQAAIBADAARBCAhzIBAAQwAQAAAAQABAIgCAAABAAAACgAAAAAAAAAAAAAAA4gQAAAAAAAAAAAAAAAnQAAAgAAAWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0/d=0/dg=0/br=1/rs=ACT90oGzkRT4PxqiIQeqNluSxrmI588KJQ/m=syf9,aLUfP?xjs=s3" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 150 |
| Entropy (8bit): | 4.666170302320321 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | A67A60CE57A42CC0C549056482118EF3 |
| SHA1: | 3F93B5C8F01AF401047453947EC6FB26CB06C325 |
| SHA-256: | 782FDABDB7BDB0AD8C9F442DCC025791C78A5244411A51890145E140A3E3E679 |
| SHA-512: | 2AF8DD8FD39DEF428769C7DAC1F0A7E177C77E7400E32A7221DF54290C597117DA4731CD43499EF814BDEC9035FCA546BFAECC7F70FBAC989ED0B3825B297E8B |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=surgicalconceivedrighteous.com&oit=3&cp=30&pgcl=4&gs_rn=42&psi=FuJIYVMmMHW0-1t3&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 6368 |
| Entropy (8bit): | 6.08619273687415 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 10071E2CC6599CC0190BDE5C25B5887B |
| SHA1: | DC2FF35170A42870CCBCD20DB3480F95B4E2A967 |
| SHA-256: | B92E6DC611115F3D2CCC69BADAD49CFEC0B7AF82764B4C1381079CDF4A83BA02 |
| SHA-512: | CFE2F2A59C03579F35E30B22CF948DF49F548C9C6B4778098856BE12782394D1952FAB238DF2F233717C8A4762E96F46C16A188877049729527BCD45F33942BD |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=qlRQZongHsLp7_UP3tSo4A0.1716540586004&dpr=1&nolsbt=1 |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 2429 |
| Entropy (8bit): | 5.50752123360415 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 19DEAED2152D2C417B2BBB3E19407C7B |
| SHA1: | B1B5C1DB2EB103262EDEAB28AA5F1BC2BD545598 |
| SHA-256: | DB3FD74A70D02B222FBA7602081C79A796BA2CEBE5CC9E432D3E1B8F02717757 |
| SHA-512: | 016BB4D9888217F08AF7D410A7BCA48673D57FA49ADC5F1BC0AB2E5F66D197C7126FD40BD35364DF660BDC8BE478D8E90F1D8C834B696B16725B9FA92BC78009 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.google.com/xjs/_/ss/k=xjs.hd.NZMlOe2MUXU.L.B1.O/am=AEYBAAAAAAAABgAAAAAAAAAAAAAAAAAQAAABAAAAAKAA8AkHQACwIQAAAEAAAAAAAAAAAQAAgHEAAABAAAIBADAACBAAAAAAAAQCAAEQQASQBAIZCABABCMMQCoAMAAAAAABEgAAAAAgIACBAREAAQ8hAIABnSAACQAACGAAQQAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAACAACAAgAAAAAAAAAAAAAAAAAAQA/d=1/ed=1/br=1/rs=ACT90oFOfE0vJfii7J3wB2SRV5OC7jYw4w/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 84 |
| Entropy (8bit): | 5.295424976499978 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 066935CB3F7716383292CE393C57769D |
| SHA1: | 5D9736D18F8E6B525F13A70D23E72A23DFBCD914 |
| SHA-256: | 29585619A50DF8CF8BC6F5BE9E7D9B26B96AAE13DD807C6B14162107A2B2DBA9 |
| SHA-512: | 9B7CBE7F6E633A9156F81E4DC4372E8575DD8B4CD5B9F1E1BD3ED7A0B185E834F8D7EAE27F60F0BC851E59121659ECA2C8BA82B32C2B8F53F8210A07C96024C9 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4621 |
| Entropy (8bit): | 6.103156482081796 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | C4DACC3A33105128FE02560CA0354FAE |
| SHA1: | 8A84A37502C5D4BC88B91092A831FA1E7AACFDED |
| SHA-256: | F54BD4B7C8366AD14A6B402D21704A64483C19D396B8F09E30606C309730BD36 |
| SHA-512: | 91C8AEDE760BE8EB64B17AB4D09A94508F9123FEDC5829AAAF062494B866FC188552DB7A8D7CE1C472304A9CA0187F90FB96C34118BA98152C8E6E432AE11AD2 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 185088 |
| Entropy (8bit): | 5.457322351175282 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F82CEAD176873B4BA2FD23E39E2FCD54 |
| SHA1: | CDF5C2616170E1C0ABDB78D3EC3B82434E250F5E |
| SHA-256: | 1E040462CEEB24631083E5673B7BF017111F3690D349CCE3BBF647D5875CA508 |
| SHA-512: | 99D9FD4D327489EA7C3EA4079FD1DDB5447960E54DF7F49740F472808D0ADDAD9B19BB8F8C7BAEA373DEE70EB569D0A36000E9E9D323C9292A2E8C1AEC8D2643 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.NCTQ3dd03yA.es5.O/am=kMCgYwM/d=1/excm=_b,_tp,calloutview/ed=1/dg=0/wt=2/ujg=1/rs=AM-SdHvKwruccSTHYyL-voHgGm6qkapgLA/m=_b,_tp" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 258 |
| Entropy (8bit): | 4.971680387889532 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B4B692C1ADA662B0B5F3148BF5549565 |
| SHA1: | 53FD8957D4DC40E46C7B80357A66AFF8234B6310 |
| SHA-256: | 2B03AAA8E13DED964F00381C0EAE97D8DFDA9461459019C4129F5DD37F44A597 |
| SHA-512: | ACF378677C22003CEEEBEE199AF4CE4BAAAB75DA163267E4C1730ABEC6193F1BB5C437BA64578BA669D00EBD98C847D8D078E7D6565D317B8F08F51A5906E63A |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=192.243.&oit=4&cp=8&pgcl=4&gs_rn=42&psi=FuJIYVMmMHW0-1t3&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 370 |
| Entropy (8bit): | 4.839855123522571 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B0113A59B81CE3DE805A1B5A53F1A2BF |
| SHA1: | F685225BB892EF358EF3516B42353CC5DB7B0B2F |
| SHA-256: | 0C03D03578BB4197953C1262758B809171D0292E904D938A55E2E0ED657969BF |
| SHA-512: | B95A93F9FB1C409E9AA40D3649514AB41FA5A3DE0E2897200AE1D1832136F852E3DFACE394ACE945C765854CBE3E334346A0671926FED7AC65A147138F943841 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=surgicalconce&oit=1&cp=13&pgcl=4&gs_rn=42&psi=FuJIYVMmMHW0-1t3&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 84 |
| Entropy (8bit): | 5.2716154526904555 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 4AF5A54BDF8A85FA09A9D1D2BCCFABF1 |
| SHA1: | 64DE816B85E592D6244292642193C2FCC4D42A61 |
| SHA-256: | 92611961AA39E1177CB6482FB89B8EC2A0FE99E33C10FAE0E18750F4692179A1 |
| SHA-512: | 7433FD63C41BB355349C9507C22E7EA2701C178E325CD53D82C1B8EF30E0EDD5154F99C1FDD04DFFD68294B06199D8BD010DCA36A33387F0F27CDE0C1EEDA1F9 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.google.com/async/hpba?vet=10ahUKEwjF0MeW9KWGAxW4_7sIHfdmDqAQj-0KCBU..i&ei=21RQZoX3HLj_7_UP9825gAo&opi=89978449&yv=3&cs=0&async=isImageHp:false,eventId:21RQZoX3HLj_7_UP9825gAo,_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.0rxFBJhsdCU.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAIQACgAAQAEAAAgAAAAAAACAEAAAAQAIwHsAIAQQAAIBADAARBCAhzIBAAQwAQAAAAQABAIgCAAABAAAACgAAAAAAAAAAAAAAA4gQAAAAAAAAAAAAAAAnQAAAgAAAWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oGzkRT4PxqiIQeqNluSxrmI588KJQ,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.NZMlOe2MUXU.L.B1.O%2Fam%3DAEYBAAAAAAAABgAAAAAAAAAAAAAAAAAQAAABAAAAAKAA8AkHQACwIQAAAEAAAAAAAAAAAQAAgHEAAABAAAIBADAACBAAAAAAAAQCAAEQQASQBAIZCABABCMMQCoAMAAAAAABEgAAAAAgIACBAREAAQ8hAIABnSAACQAACGAAQQAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAACAACAAgAAAAAAAAAAAAAAAAAAQA%2Fbr%3D1%2Frs%3DACT90oFOfE0vJfii7J3wB2SRV5OC7jYw4w,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.0rxFBJhsdCU.O%2Fck%3Dxjs.hd.NZMlOe2MUXU.L.B1.O%2Fam%3DAEYBAAAAAAAABgAAAAAAAAAAAAAAAAAQAAABAAAAAKQA-gkHQAGwIQgAAEAAAACAEAAAAQAIwHsAIARQAAIBADAATBCAhzIBAAQyAQEQQASQBAI5CABABCMMQCoAMAAAAAABEgAAAA4gYACBAREAAQ8hAIABnSAACwAACWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oGmDdPioDKXRZKsNEhyUfK8BWUhtw,_fmt:prog,_id:a3JU5b" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 265345 |
| Entropy (8bit): | 5.477071429649453 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | E7EE95FDBDDF1E708A04811A54448905 |
| SHA1: | B88BFE8C8F079258EBEBA5F53647DEA9C5D8DAC6 |
| SHA-256: | 99240B2C1E9A0A334F29A37FABF060E964BEBF76BBE8041ED748C0484850C3AC |
| SHA-512: | 9D2C4850FE10DE402A424F567DF70061816C0B162AA91FE390971EE50A7EF10786FD66FC086F7700F6DA4A4C0D3E7DD54C1BCAB07D6AAD4CDA853346B739738E |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.NCTQ3dd03yA.es5.O/ck=boq-one-google.OneGoogleWidgetUi.lQxTU8GKLk0.L.B1.O/am=kMCgYwM/d=1/exm=_b,_tp/excm=_b,_tp,calloutview/ed=1/wt=2/ujg=1/rs=AM-SdHsTI3q6vvbdb-sbVRbV-focfxiANQ/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,ZwDk9d,V3dDOb,mI3LFb,yYB61,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,lazG7b,XVMNvd,L1AAkb,KUM7Z,Mlhmy,s39S4,lwddkf,gychg,w9hDv,EEDORb,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,mdR7q,wmnU7d,xQtZb,JNoxi,kWgXee,MI6k7c,kjKdXe,BVgquf,QIhFr,ovKuLd,hKSk3e,yDVVkb,hc6Ubd,SpsfSb,KG2eXe,Z5uLle,MdUzUe,VwDzFe,zbML3c,A7fCU,zr1jrb,Uas9Hd,pjICDe" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 3505 |
| Entropy (8bit): | 5.5526155868652705 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | EC349A20201BCEFD2637C8F539EBEC86 |
| SHA1: | E2071A929F6974594D665FB9393CBE64EB4ADFB3 |
| SHA-256: | 089E0DB650FE9EEA92D6843BDA5E38987C54BF5E4E3321CA371FB0B5336D771D |
| SHA-512: | B53AD82ACA99AC2227D757CC364248ACD52D63F3CD3CCE9A309CE1A510FEF19A76B5D99A98CD9C0147EF24B56527873BD47D1274A8E293C1318897850973FE4C |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.NCTQ3dd03yA.es5.O/ck=boq-one-google.OneGoogleWidgetUi.lQxTU8GKLk0.L.B1.O/am=kMCgYwM/d=1/exm=A7fCU,BVgquf,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,RqjULd,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,bm51tf,byfTOb,e5qFLc,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,yYB61,zbML3c,zr1jrb/excm=_b,_tp,calloutview/ed=1/wt=2/ujg=1/rs=AM-SdHsTI3q6vvbdb-sbVRbV-focfxiANQ/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 1684 |
| Entropy (8bit): | 5.196533883391509 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 6EC989DE62DF88DA46CB04D4EF164D06 |
| SHA1: | 39F40C99E5091984F414E38A217C90554BA809A3 |
| SHA-256: | 95BAC848DFBC30C1452DEB69F05891AED70C7C9042428826CC7D85F53F2DA702 |
| SHA-512: | 53F085E353F1EA003FF4C52B740B4C582CD7B0418BF489373D512C6DB58B11656A7532C9215445F17BEA91F8A05B8E13F561B6053A590638B68B7078283556F5 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.gstatic.com/og/_/ss/k=og.qtm._yk4Kx1DLwg.L.W.O/m=qcwid/excm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/ct=zgms/rs=AA2YrTs74be_nloI4pEoaS7eJYnNYpJ4fQ" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 16 |
| Entropy (8bit): | 3.875 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | BEEDCB4EB0A559E6CE2D1E20D38CB330 |
| SHA1: | A04EE9801770C0E81B170D7992EC3735E878AA58 |
| SHA-256: | 6E9D99B87595B07B10676B68EBE9AA8B63DF7D9A74F59CC91EED60EA1FBDC6EF |
| SHA-512: | BD101CDF7FDF1210127D83CE76E3F6F6F1378259F0A55C112E39C49A9131B8636FB020E07E985B8427A35B62A544F2F7C5F75B11AD69EF2C4AE67A41BD5898B2 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1555 |
| Entropy (8bit): | 5.249530958699059 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | FBE36EB2EECF1B90451A3A72701E49D2 |
| SHA1: | AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D |
| SHA-256: | E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63 |
| SHA-512: | 7B1FD6CF34C26AF2436AF61A1DE16C9DBFB4C43579A9499F4852A7848F873BAC15BEEEA6124CF17F46A9F5DD632162364E0EC120ACA5F65E7C5615FF178A248F |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.878507740407502 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 3CB51C578451C01DA863EE4F8C30C099 |
| SHA1: | E61C6E587D7E34653B4ECC82A4230764ED58D99D |
| SHA-256: | A553536553D7A9AFD6BCCEBBCCBDCF6AEE116C2FD52C5E64E7F750AFF152AB90 |
| SHA-512: | DB4246F8DA3AA198960221CEEE3D2F1D4EEC66F46A0E0FDF417DCD2DD057D7744FCAAB57FE9C604F609B64BB8C3BDA5AB43C3352CD72C515244C11938A088860 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=surgicalconceivedrighte&oit=1&cp=23&pgcl=4&gs_rn=42&psi=FuJIYVMmMHW0-1t3&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 882715 |
| Entropy (8bit): | 5.596660060093637 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 0D277BCC8CEA552C0FA59EC7F3D3A798 |
| SHA1: | 57F6CD7487177003B8612E98781D76D370034B00 |
| SHA-256: | 4F3365643CD731B687A0B148B102992BAFC7DFE54A9DDC8E7A2896C97388868F |
| SHA-512: | 149F00C139EF1DAA59122262D0F0F390860F89BE6AD4C593A822E0C2F1AF9154BEC3B3FCA97C9DA3469FE8BFCFA95811074741472471F83CC20CD26CCB1EEEF2 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.google.com/xjs/_/js/k=xjs.hd.en.0rxFBJhsdCU.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAIQACgAAQAEAAAgAAAAAAACAEAAAAQAIwHsAIAQQAAIBADAARBCAhzIBAAQwAQAAAAQABAIgCAAABAAAACgAAAAAAAAAAAAAAA4gQAAAAAAAAAAAAAAAnQAAAgAAAWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0/d=1/ed=1/dg=2/br=1/rs=ACT90oGzkRT4PxqiIQeqNluSxrmI588KJQ/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:VruDBd;eHDfl:ofjVkb;eO3lse:nFClrf;fWLTFc:TVBJbf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uknmt:GkPrzb;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 498103 |
| Entropy (8bit): | 5.601523001619763 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 0DC03FEE82F39C77AFDB52BF1ED0A4D7 |
| SHA1: | F0BA91802155D498A23FF68E1C2391ABEBF5B5F4 |
| SHA-256: | 1AF1828EA048BA60837CDA194FC0F587C3143D1DE60862F1D7BBC35295DCC255 |
| SHA-512: | A21B271AD4FED1A2D809E6462006D17EB2030FD4740A593D1C27012722F4A3C4EC7ACE6534957F84E255F642A333192E34F2F4799E27C55A5DC0BE7B3D42C5FE |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.google.com/xjs/_/js/k=xjs.hd.en.0rxFBJhsdCU.O/ck=xjs.hd.NZMlOe2MUXU.L.B1.O/am=AEYBAAAAAAAABgAAAAAAAAAAAAAAAAAQAAABAAAAAKQA-gkHQAGwIQgAAEAAAACAEAAAAQAIwHsAIARQAAIBADAATBCAhzIBAAQyAQEQQASQBAI5CABABCMMQCoAMAAAAAABEgAAAA4gYACBAREAAQ8hAIABnSAACwAACWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0/d=1/exm=SNUn3,cEt90b,cdos,csi,d,dtl0hd,eHDfl,hsm,jsa,mb4ZUb,qddgKe,sTsDMc/ed=1/dg=0/br=1/ujg=1/rs=ACT90oGmDdPioDKXRZKsNEhyUfK8BWUhtw/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:VruDBd;eHDfl:ofjVkb;eO3lse:nFClrf;fWLTFc:TVBJbf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uknmt:GkPrzb;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;yGxLoc:FmAr0c;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=B2qlPe,DhPYme,GU4Gab,MpJwZc,NzU6V,UUJqVe,Wo3n8,aa,abd,async,epYOx,ifl,ms4mZb,mu,pHXghd,q0xTif,s39S4,sOXFj,sb_wiz,sf,sonic,spch?xjs=s1" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 84 |
| Entropy (8bit): | 5.243466310111879 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | CEF44B8DBFB5EED49FE5DFE7AA0CA44E |
| SHA1: | 639437CF70F8F7B337D5AC452D320567517488C7 |
| SHA-256: | 0EA827C40E8888B47DB9C6FFA49E85C4A306E3368EB63A785C8CE21748D958CE |
| SHA-512: | 65CE2BE3DD83A96E8BE51A5D8449F63D5C9837A77BE9813162E180E779FA6DA049BC44A528E0CC7CB34ED5479CBB200E9D45B4CC1517CF6F475B1C4F2B380548 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.google.com/async/hpba?vet=10ahUKEwjb8rum9KWGAxWq7LsIHbxEC8wQj-0KCBU..i&ei=_FRQZtuEM6rZ7_UPvImt4Aw&opi=89978449&yv=3&cs=0&async=isImageHp:false,eventId:_FRQZtuEM6rZ7_UPvImt4Aw,_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.0rxFBJhsdCU.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAIQACgAAQAEAAAgAAAAAAACAEAAAAQAIwHsAIAQQAAIBADAARBCAhzIBAAQwAQAAAAQABAIgCAAABAAAACgAAAAAAAAAAAAAAA4gQAAAAAAAAAAAAAAAnQAAAgAAAWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oGzkRT4PxqiIQeqNluSxrmI588KJQ,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.NZMlOe2MUXU.L.B1.O%2Fam%3DAEYBAAAAAAAABgAAAAAAAAAAAAAAAAAQAAABAAAAAKAA8AkHQACwIQAAAEAAAAAAAAAAAQAAgHEAAABAAAIBADAACBAAAAAAAAQCAAEQQASQBAIZCABABCMMQCoAMAAAAAABEgAAAAAgIACBAREAAQ8hAIABnSAACQAACGAAQQAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAACAACAAgAAAAAAAAAAAAAAAAAAQA%2Fbr%3D1%2Frs%3DACT90oFOfE0vJfii7J3wB2SRV5OC7jYw4w,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.0rxFBJhsdCU.O%2Fck%3Dxjs.hd.NZMlOe2MUXU.L.B1.O%2Fam%3DAEYBAAAAAAAABgAAAAAAAAAAAAAAAAAQAAABAAAAAKQA-gkHQAGwIQgAAEAAAACAEAAAAQAIwHsAIARQAAIBADAATBCAhzIBAAQyAQEQQASQBAI5CABABCMMQCoAMAAAAAABEgAAAA4gYACBAREAAQ8hAIABnSAACwAACWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oGmDdPioDKXRZKsNEhyUfK8BWUhtw,_fmt:prog,_id:a3JU5b" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 660 |
| Entropy (8bit): | 7.7436458678149815 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | C3DFF0D9F30EC0BCF4DEC9524505916B |
| SHA1: | 4B378403ACBEBC3747E08C69B5FD7770A850C9EB |
| SHA-256: | 73D788F86BE22112BB53762545989C0F1BBDB7343161130952C9BA3834FF81E3 |
| SHA-512: | 677EA304D00D176ACF61FF68BF23BD5F77AD2928D7DE9F4B842292BC9D3FB7029FE9F578B62F142DCE689230F392E828098EED3484FE2DBEE6E1A7AA5378E2C6 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 955 |
| Entropy (8bit): | 5.427803026859853 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 2DCA8DCA0DFAB47520A39927DB9E26CB |
| SHA1: | 5DE73E34A8EC6ABC7A74783C3114A25D33699D22 |
| SHA-256: | 17E46F8DF012E22C7AF01C6B0B6B3F6ABAAB31D54AC488312050ACECCAA7F2AC |
| SHA-512: | 91900C5CA93A4F1725A2C3854AFA92E1AC16FC8A5762BBFBCB94BB064F2FE5F85DDCA1E61D4894A2988BFB9A96B52CC247069F57F59DACD9638A196C3FCE26EF |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=surgical&oit=1&cp=8&pgcl=4&gs_rn=42&psi=FuJIYVMmMHW0-1t3&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 212093 |
| Entropy (8bit): | 5.520435541960994 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F349A3499FB23627167BECF449FA7D23 |
| SHA1: | 9A629A659D9B88C2999B97DB926C974407754301 |
| SHA-256: | 6748927250253AB899F0EAF737E0C88A24C5547D8A211688A9C2B4C7252D8AD7 |
| SHA-512: | 0740D21B69B7DAA1FA41068CA1EF8D407E0CD7B3C4E9FEB9019D722463F19EC6140B9F096624179B8A01A0B885F5C29DB24F1470364FD917892A6874C41DE60A |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.gstatic.com/og/_/js/k=og.qtm.en_US.s-_8OiN4zAs.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTstZieUcIRJsHgW4g1D6WRCneCt9Q" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 216293 |
| Entropy (8bit): | 5.518665794107557 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 25AFEA707584CADCA44A8B06EC78D5EB |
| SHA1: | 01384720879E339B22C39FD06333FE88BCEFB93C |
| SHA-256: | B94B8ED69955F6732D885B8EFA87CF06BC241E2B1EAE20E9638009E510DBA25A |
| SHA-512: | 70B805F98C4634B433F923F9E09C04DDD96D6EDC0A09A36CB91C2AC71E8E1229A4F026EDB2C2A408652D8106E8B764DF20D01AC5DAE7B6361AC0426C7D147F6E |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.gstatic.com/og/_/js/k=og.qtm.en_US.s-_8OiN4zAs.2019.O/rt=j/m=qabr,q_d,qcwid,qapid,qald,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTstZieUcIRJsHgW4g1D6WRCneCt9Q" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 22308 |
| Entropy (8bit): | 7.991797344190553 |
| Encrypted: | true |
| SSDEEP: | |
| MD5: | 16ED7FFDC347C24C8275E6907B508257 |
| SHA1: | EEA712285E89D88243C29F8A5B306A4B565A89BD |
| SHA-256: | D7F62CCD6D9784466FB9B92202B71A63182DE790D0575E13641E027B39E0590E |
| SHA-512: | F906D22EA8354DB0826210F6A94C4F654600BCA2255FB8689CDD2BFF13F33E578E95B46E6CA93A60A5793E62F1E2DDB1EAF67A8E4A01953301F7D5D7E5557F0D |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://fonts.gstatic.com/s/googlesans/v58/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpyk.woff2 |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 83 |
| Entropy (8bit): | 5.3249368350087165 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 9A77CEB97A08C66D5D2D26CB8724536D |
| SHA1: | 5379B414C0D43943EF0E53D183C10096A4BE3725 |
| SHA-256: | 90FF20AB3CE9F174C05F7DF4CABD423325D662ECFB71C0AA9B98FB64188776E6 |
| SHA-512: | 2CB53EA3CC6EDA819012BCABE69C3F32C713B6DBB43DD8406BED4812255ED2848AEE487A4D8868018722D65861D10ED24CA0258572DBD8EE7A6D267D5780049C |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.google.com/async/hpba?vet=10ahUKEwiJ3Zr_86WGAxXC9LsIHV4qCtwQj-0KCBU..i&ei=qlRQZongHsLp7_UP3tSo4A0&opi=89978449&yv=3&cs=0&async=isImageHp:false,eventId:qlRQZongHsLp7_UP3tSo4A0,_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.0rxFBJhsdCU.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAIQACgAAQAEAAAgAAAAAAACAEAAAAQAIwHsAIAQQAAIBADAARBCAhzIBAAQwAQAAAAQABAIgCAAABAAAACgAAAAAAAAAAAAAAA4gQAAAAAAAAAAAAAAAnQAAAgAAAWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oGzkRT4PxqiIQeqNluSxrmI588KJQ,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.NZMlOe2MUXU.L.B1.O%2Fam%3DAEYBAAAAAAAABgAAAAAAAAAAAAAAAAAQAAABAAAAAKAA8AkHQACwIQAAAEAAAAAAAAAAAQAAgHEAAABAAAIBADAACBAAAAAAAAQCAAEQQASQBAIZCABABCMMQCoAMAAAAAABEgAAAAAgIACBAREAAQ8hAIABnSAACQAACGAAQQAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAACAACAAgAAAAAAAAAAAAAAAAAAQA%2Fbr%3D1%2Frs%3DACT90oFOfE0vJfii7J3wB2SRV5OC7jYw4w,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.0rxFBJhsdCU.O%2Fck%3Dxjs.hd.NZMlOe2MUXU.L.B1.O%2Fam%3DAEYBAAAAAAAABgAAAAAAAAAAAAAAAAAQAAABAAAAAKQA-gkHQAGwIQgAAEAAAACAEAAAAQAIwHsAIARQAAIBADAATBCAhzIBAAQyAQEQQASQBAI5CABABCMMQCoAMAAAAAABEgAAAA4gYACBAREAAQ8hAIABnSAACwAACWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oGmDdPioDKXRZKsNEhyUfK8BWUhtw,_fmt:prog,_id:a3JU5b" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 15344 |
| Entropy (8bit): | 7.984625225844861 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 5D4AEB4E5F5EF754E307D7FFAEF688BD |
| SHA1: | 06DB651CDF354C64A7383EA9C77024EF4FB4CEF8 |
| SHA-256: | 3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC |
| SHA-512: | 7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 191645 |
| Entropy (8bit): | 5.19116175225433 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 2EEA78F8E609AC87B4C3A11F4EC7CF19 |
| SHA1: | 99DD20E4396F12BA47656F096581DDF31F09D07A |
| SHA-256: | DAC0379D38E6AB44DD85808B2F1791F7CE6ED277FBEFD07A463A22A370BB0C82 |
| SHA-512: | 76382C93E11A39649FAAA3B37AFBAFF943EC3565BC074CE64C98BF0BEA595E3196EAA59419C2A6FBD5EBA9B02EDF1F0087D12B8E5B3FB32AAC600B498BEC86CD |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/xjs/_/js/md=3/k=xjs.hd.en.0rxFBJhsdCU.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAIQACgAAQAEAAAgAAAAAAACAEAAAAQAIwHsAIAQQAAIBADAARBCAhzIBAAQwAQAAAAQABAIgCAAABAAAACgAAAAAAAAAAAAAAA4gQAAAAAAAAAAAAAAAnQAAAgAAAWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0/rs=ACT90oGzkRT4PxqiIQeqNluSxrmI588KJQ |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 23397 |
| Entropy (8bit): | 5.405602859308735 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B73747D232969BCDCADD853C74BA1DB0 |
| SHA1: | 3FD19F87CF924D250BB59FA142525B254FA13646 |
| SHA-256: | 8419EA231F1645D252A95A786191D7B6DE9A2CBFACE10A0BEA39D497F385B191 |
| SHA-512: | 734EE35A946CA8E4BC557FF869477DA811ED958803FF5B1F1CB2E2C94AA0BF46385A1341F04A29717CE7A8B68ED3184DE0AA58B3FE6E73464AC213DD8E776EDD |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://www.google.com/xjs/_/js/k=xjs.hd.en.0rxFBJhsdCU.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAIQACgAAQAEAAAgAAAAAAACAEAAAAQAIwHsAIAQQAAIBADAARBCAhzIBAAQwAQAAAAQABAIgCAAABAAAACgAAAAAAAAAAAAAAA4gQAAAAAAAAAAAAAAAnQAAAgAAAWAAQQAACAAAAEAeAIIDYJCCAAAAAAAAAAAAAAAgAAmCuZCAgogIAAAAAAAAAAAAAAAAUtKJhQ0/d=0/dg=0/br=1/rs=ACT90oGzkRT4PxqiIQeqNluSxrmI588KJQ/m=sy1b2,P10Owf,sypl,sy19o,sy19q,gSZvdb,syva,syvb,WlNQGd,syvo,syvq,nabPbb,sypk,sypm,sypn,sypq,DPreE,syk9,syv3,syv5,CnSW2d,kQvlef,syvp,fXO0xe?xjs=s3" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 121628 |
| Entropy (8bit): | 5.506662476672723 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F46ACD807A10216E6EEE8EA51E0F14D6 |
| SHA1: | 4702F47070F7046689432DCF605F11364BC0FBED |
| SHA-256: | D6B84873D27E7E83CF5184AAEF778F1CCB896467576CD8AF2CAD09B31B3C6086 |
| SHA-512: | 811263DC85C8DAA3A6E5D8A002CCCB953CD01E6A77797109835FE8B07CABE0DEE7EB126274E84266229880A90782B3B016BA034E31F0E3B259BF9E66CA797028 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 128 |
| Entropy (8bit): | 4.748031762916416 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 7A9A2DE90291BEBF13562819C80D1E0B |
| SHA1: | FFAE488AF298C5E16AFCDC0FB602E479C18B42D4 |
| SHA-256: | A9783BFEBB8030F8F273ABC236DBB631643CA3ED8A66D52D2F3CFB4FE2E38609 |
| SHA-512: | 9A9E1603B468D3626864EEF18E79466366541100E33D538705329620433C5474262C345382A7DFA711B391BEDDAB853AC0C3CAD2D2FE44967533F9B287FC1209 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=192.243&oit=4&cp=7&pgcl=4&gs_rn=42&psi=FuJIYVMmMHW0-1t3&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 37572 |
| Entropy (8bit): | 5.865114115494016 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 7897F6919A543B0AAB42E5AFA9CFE4BB |
| SHA1: | 7AE392561BAFD97D81BAC15948DB56ACDE6D4076 |
| SHA-256: | 89B88A0F6F9A6639EB08A284807F9ED27EB060381EAB17A32B3D62786F59E8FB |
| SHA-512: | D2679FD7C866731689F663434C1139B4FCDED203191E12388182968253DEEBE786688F902055192E54C7EFF46B7FA51DA59BAE6474F6954171295A5CC2683674 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en |
| Preview: |
⊘No static file info
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node