Edit tour

Windows Analysis Report
http://ee12184204d024cfaa6c7e133acf5792.hostedonsporestack.com

Overview

General Information

Sample URL:	http://ee12184204d024cfaa6c7e133acf5792.hostedonsporestack.com
Analysis ID:	1467820

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6296 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://ee12184204d024cfaa6c7e133acf5792.hostedonsporestack.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5724 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1912,i,15712761873450727688,16979190800082808932,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://googleads.g.doubleclick.net/pagead/html/r20240702/r20110914/zrt_lookup_fy2021.html	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240702/r20110914/zrt_lookup_fy2021.html	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240702/r20110914/zrt_lookup_fy2021.html	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240702/r20110914/zrt_lookup_fy2021.html	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240702/r20110914/zrt_lookup_fy2021.html	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240702/r20110914/zrt_lookup_fy2021.html#RS-1-&adk=1812271803&client=ca-pub-4019308616400908&fa=3&ifi=5&uci=a!5	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4019308616400908&output=html&h=280&slotname=3324737349&adk=2166188311&adf=1056458448&pi=t.ma~as.3324737349&w=900&abgtt=5&fwrn=4&fwrnh=100&lmt=1720117848&rafmt=1&format=900x280&url=http%3A%2F%2F134.209.ip-address-location.com%2F3.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1720117847440&bpp=1&bdt=1321&idt=1521&shv=r20240702&mjsv=m202406260101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0%2C900x280&nras=1&correlator=827160638955&frm=20&pv=1&ga_vid=1665255972.1720117849&ga_sid=1720117849&ga_hid=132749002&ga_fc=0&u_tz=-240&u_his=3&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=182&ady=986&biw=1263&bih=907&scr_x=0&scr_y=487&eid=44759842%2C44798934%2C95330412%2C95330414%2C95334511%2C95334529%2C95334564%2C95334830%2C31084926%2C31078668%2C31078670&oid=2&pvsid=2765448911141648&tmod=1659632508&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CeE%7C&a...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4019308616400908&output=html&h=280&slotname=3324737349&adk=2166188311&adf=1056458448&pi=t.ma~as.3324737349&w=900&abgtt=5&fwrn=4&fwrnh=100&lmt=1720117848&rafmt=1&format=900x280&url=http%3A%2F%2F134.209.ip-address-location.com%2F3.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1720117847440&bpp=1&bdt=1321&idt=1521&shv=r20240702&mjsv=m202406260101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0%2C900x280&nras=1&correlator=827160638955&frm=20&pv=1&ga_vid=1665255972.1720117849&ga_sid=1720117849&ga_hid=132749002&ga_fc=0&u_tz=-240&u_his=3&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=182&ady=986&biw=1263&bih=907&scr_x=0&scr_y=487&eid=44759842%2C44798934%2C95330412%2C95330414%2C95334511%2C95334529%2C95334564%2C95334830%2C31084926%2C31078668%2C31078670&oid=2&pvsid=2765448911141648&tmod=1659632508&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CeE%7C&a...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4019308616400908&output=html&h=280&slotname=8669042291&adk=2354505830&adf=54630664&pi=t.ma~as.8669042291&w=900&abgtt=5&fwrn=4&fwrnh=100&lmt=1720117848&rafmt=1&format=900x280&url=http%3A%2F%2F134.209.ip-address-location.com%2F3.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1720117847438&bpp=2&bdt=1318&idt=1502&shv=r20240702&mjsv=m202406260101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0&nras=1&correlator=827160638955&frm=20&pv=1&ga_vid=1665255972.1720117849&ga_sid=1720117849&ga_hid=132749002&ga_fc=0&u_tz=-240&u_his=3&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=182&ady=118&biw=1263&bih=907&scr_x=0&scr_y=487&eid=44759842%2C44798934%2C95330412%2C95330414%2C95334511%2C95334529%2C95334564%2C95334830%2C31084926%2C31078668%2C31078670&oid=2&pvsid=2765448911141648&tmod=1659632508&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4019308616400908&output=html&h=280&slotname=8669042291&adk=2354505830&adf=54630664&pi=t.ma~as.8669042291&w=900&abgtt=5&fwrn=4&fwrnh=100&lmt=1720117848&rafmt=1&format=900x280&url=http%3A%2F%2F134.209.ip-address-location.com%2F3.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1720117847438&bpp=2&bdt=1318&idt=1502&shv=r20240702&mjsv=m202406260101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0&nras=1&correlator=827160638955&frm=20&pv=1&ga_vid=1665255972.1720117849&ga_sid=1720117849&ga_hid=132749002&ga_fc=0&u_tz=-240&u_his=3&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=182&ady=118&biw=1263&bih=907&scr_x=0&scr_y=487&eid=44759842%2C44798934%2C95330412%2C95330414%2C95334511%2C95334529%2C95334564%2C95334830%2C31084926%2C31078668%2C31078670&oid=2&pvsid=2765448911141648&tmod=1659632508&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&...	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240702/r20110914/zrt_lookup_fy2021.html#RS-0-&adk=1812271808&client=ca-pub-4019308616400908&fa=8&ifi=4&uci=a!4	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240702/r20110914/zrt_lookup_fy2021.html#RS-0-&adk=1812271808&client=ca-pub-4019308616400908&fa=8&ifi=4&uci=a!4	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240702/r20110914/zrt_lookup_fy2021.html#RS-3-&adk=1812271801&client=ca-pub-4019308616400908&fa=1&ifi=6&uci=a!6	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20240702/r20110914/zrt_lookup_fy2021.html#RS-3-&adk=1812271801&client=ca-pub-4019308616400908&fa=1&ifi=6&uci=a!6	HTTP Parser: No favicon
Source: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/aframe	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49751 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.16:49766 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49766 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49766 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49766 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49766 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49766 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49766 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 04 Jul 2024 18:30:46 GMTServer: ApacheVary: Host,Accept-EncodingContent-Encoding: gzipContent-Length: 51853Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad fd eb ae 25 49 9a 1e e8 fd 26 01 de 43 30 a9 c1 74 8f 98 2b 97 bb 99 b9 9b 57 75 95 d4 d3 07 0c 81 96 40 40 03 08 02 45 11 51 99 51 95 c1 ce ca 48 65 44 56 b1 d4 9c 1b d1 1d e8 1e f4 4b 37 a4 5b 90 9b 65 56 f5 7e 1f db 2d 92 c0 34 d1 1d 8c c8 bd d7 f2 83 d9 67 df e1 3d fc c5 bf fc ea c3 97 9f fe f0 dd bb 37 5f 7f fa ed 37 bf fc 17 ff fc 2f fe f4 e7 bb b7 5f 8d 3f 7f f5 f6 e3 fd 1f bf 7f f7 eb 5f 7c f6 f5 a7 4f df fd ec 8b 2f 7e ff fb df 3f de 7f f7 f9 db af be fa fe dd c7 8f 9f 7f f3 e1 cb b7 9f de 7f f8 f6 f1 e5 87 df 7e f1 d9 9b 2f c6 2f fd f6 dd a7 b7 6f c6 8f 7f fe ee ff fe c3 fb df fd e2 b3 2f 3f 7c fb e9 dd b7 9f 3e 1f 5f f5 d9 9b 9f fe f6 8b cf 3e bd fb 4f 9f be 18 df f8 f3 2f bf 7e fb fd c7 77 9f 7e f1 c3 a7 5f 7f de ff a9 4f f9 ab 9f 3e e5 ef de 7e fb 9b 1f de fe e6 e5 27 bd fb f6 e5 2f 7d fb f6 b7 ef 7e f1 d9 ef de bf fb fd 77 1f be ff f4 e2 c7 7e ff fe ab 4f 5f ff e2 ab 77 bf 7b ff e5 bb cf e7 5f 3e 1b bf f4 e9 fd a7 6f de fd f2 df fc db 37 7f f7 d3 cd bc 79 fb ed 57 6f fe cf 5f 7f 78 ff f1 cd af 3f 7c ff 66 2b f5 b1 3f af c7 f3 f1 7c f3 f9 9f fe b6 b7 36 fe f7 cd bf 7e f3 dd 7d 31 6f ca 17 f5 2f be f8 f1 93 ee 8f fc e6 fd b7 7f ff e6 fb 77 df fc e2 b3 8f 5f df d7 f0 e5 0f 9f de bc bf 2f e3 b3 9f 9e e5 af df fe 6e fc f5 71 ff 9f cf de 8c a7 f2 8b cf de ff f6 fe 94 2f fe d3 e7 3f fe d8 bc 99 8f 9f fe f0 cd bb 9f fe f3 7c 56 5f 7e fc 38 2e f8 7f f8 87 7f f1 cf ff d9 77 f7 1b 78 ff ed 6f 7e f6 fc ee 3f fd fc fe eb 6f df 7e ff 9b f7 df 8e bf bd 79 fb c3 a7 0f f7 3f fd 2f ff e2 9f ff ea c3 57 7f f8 87 f1 9b 9f bf fd e6 fd 6f be fd d9 97 f7 53 78 f7 fd cf 7f 7d 3f 8f cf 3f be ff 7f bc fb d9 b6 7f f7 e9 e7 ff f8 ab 3f 7f f9 a1 f7 ef bf fd 87 2f 3f 7c f3 e1 fb 9f fd ab 76 fd e5 5f fd ed df ce 7f fa d9 d7 1f 7e f7 ee fb 1f 3f f5 ab 77 5f 7e f8 7e 3e b1 9f 7d fb e1 db 77 3f ff e9 a7 9f cf f3 7f fc db 73 fc f4 e3 df fc dd df fd cf 1f be fb 87 79 81 ff e9 c7 47 fe b3 eb 19 d7 fc f9 af 3e 7c fa f4 e1 b7 3f db 7e fa d7 f1 f1 bf fe e6 c3 ef 7f f6 f5 fb af be 7a f7 ed 8f 77 32 3e 68 3e dc f1 51 f7 7f 7d fb e9 67 df bc fb f5 a7 1f ff e3 d7 db fc d7 7f bc ab 1e 9f ff e9 c3 77 3f db da fc a7 9f 3e e9 6f 3f 7c ff db 7f 78 f5 07 fe d9 77 1f 3e be 9f 37 74 bf bc fb ce 7e f7 ee e7 af 7c e1 fb 6f bf fb e1 13 df 59 bf fb f4 f3 17 af 65 ff e3 f7 fd ef 7f fb ee ab f7 6f ff ec b7 f7 f7 fc 78 fb e7 71 5f de 9f ff c3 cb 7b fa f1 3f b4 e7 7f f7 f2 fa fe f4 8f e3 41 be f8 a0 3f 3d c7 f3 38 5f ff a0 ed f9 e3 2f f1 51 7f fc e7 9f fe cb ff e1 dd b7 3f fc 13 2f e6 eb 77 ef 7f f3 f5 a7 9f ed ed 9f 7a 23 6f ee ff f9 d5 87 ef bf 7a f7 fd cf b6 7b c5 7d fc f0 cd fb af de fc ab bf da ff fa fa db 6d fc c6 af de 7e f9 f7 bf f9 fe c3 0f df 7e f5 b3 7f f5 37 e5 6f fe e6 6f af f9 4b 2f be f9 cd db 17 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 04 Jul 2024 18:31:01 GMTServer: ApacheLast-Modified: Sun, 07 Jan 2018 05:25:27 GMTETag: "47e-56228e8ce6a18-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 512Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: image/x-iconData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 93 31 48 5b 51 14 86 6f 30 0d 45 85 0a 29 01 07 b5 4b 49 11 04 85 0e 2e d2 a1 01 75 89 83 a2 38 08 0d a5 12 34 6a e3 a0 14 2a 48 74 52 83 4a 50 87 52 5c 1c 8a e0 5c 97 4a 4a b1 5a 12 8d 21 24 79 3e 13 15 a5 e0 28 be b6 b6 10 38 3d e7 e4 dd 90 27 79 c1 1b be 70 cf b9 ff c7 bd 09 f7 0a 61 c1 4f 4d 8d c0 ef 27 c2 6b 15 c2 21 84 78 86 60 0b 3b f9 be 1c f6 aa 3c 66 63 bb 55 38 91 20 12 43 40 27 a6 f7 9c e6 26 bb e3 5f 5d 96 db 58 6f 05 a8 af ad 70 31 fa 80 a1 39 f5 68 8d 32 25 3c 1b f2 f9 87 db 0a ea 60 25 9c 8f 55 97 84 d6 28 43 59 72 8a fc d0 9e fb 21 a8 43 76 c8 f8 1e 97 85 32 94 45 67 49 77 9b c2 2e 5b 2e f1 a6 16 2e 42 fd 50 3c 14 5f 1d fc 56 be 15 e6 12 ca 92 43 2e ef dd 6d 87 a4 cf c9 9c 87 3c 9c 97 f5 2f 65 d7 50 4b c8 a1 33 20 27 07 9e a7 90 18 6d 61 ce 56 bc 9c 97 b5 a6 ec 1b ce f4 f3 d3 0c f7 c9 41 37 89 fc 8b 8d b4 42 dc df c6 64 d7 fc 9c 93 b5 76 1c 29 d4 97 9b f3 3c 4f cf f6 01 39 e8 6a ec fb 5f c2 d1 44 07 93 fd f0 8e 33 b2 be 51 0f 0d 75 ee 8f 06 97 5b cb 40 0e ba d7 88 12 19 7e 01 f1 f7 3d 4c 76 3d 90 df 4f af b5 4c bc 50 cb 35 75 75 02 c8 d1 cf bf b4 3b d0 0c 89 99 57 70 b6 31 67 f8 ad d4 d3 4e 93 86 de d5 97 4d ee 93 a3 df c9 a6 9d 4e 47 2e 3e d5 0f a9 85 e1 7b 41 59 72 d0 6d d4 ef 00 9f 21 bd f8 16 8e 57 26 cb 42 19 b9 f7 dd fb fb dd f3 1c 52 c1 11 c8 7c 0c 94 84 d6 28 73 f7 fe 16 bf 9f 70 57 fd 6d 74 ac 1d 52 f3 43 f8 7f cd 32 34 a7 1e ad 95 7a 3f 26 ef 37 8a e4 74 a2 66 ef f7 6f 83 10 d7 8f 84 08 57 08 31 6d c9 63 36 e4 3a 65 c9 21 f7 3f f6 98 ae 20 7e 04 00 00 Data Ascii: 1H[Qo0E)KI.u84j*HtRJPR\\JJZ!$y>(8='ypaOM'k!x`;<fcU8 C@'&_]Xop19h2%<`%U(CYr!Cv2EgIw.[..BP<_VC.m</ePK3 'maVA7Bdv)<O9j_D3Qu[@~=Lv=OLP5uu;Wp1gNMNG.>{AYrm!W&BR\|(spWmtRC24z?&7tfoW1mc6:e!? ~
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 04 Jul 2024 18:31:02 GMTServer: ApacheLast-Modified: Sun, 07 Jan 2018 05:25:27 GMTETag: "47e-56228e8ce6a18-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 512Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: image/x-iconData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 93 31 48 5b 51 14 86 6f 30 0d 45 85 0a 29 01 07 b5 4b 49 11 04 85 0e 2e d2 a1 01 75 89 83 a2 38 08 0d a5 12 34 6a e3 a0 14 2a 48 74 52 83 4a 50 87 52 5c 1c 8a e0 5c 97 4a 4a b1 5a 12 8d 21 24 79 3e 13 15 a5 e0 28 be b6 b6 10 38 3d e7 e4 dd 90 27 79 c1 1b be 70 cf b9 ff c7 bd 09 f7 0a 61 c1 4f 4d 8d c0 ef 27 c2 6b 15 c2 21 84 78 86 60 0b 3b f9 be 1c f6 aa 3c 66 63 bb 55 38 91 20 12 43 40 27 a6 f7 9c e6 26 bb e3 5f 5d 96 db 58 6f 05 a8 af ad 70 31 fa 80 a1 39 f5 68 8d 32 25 3c 1b f2 f9 87 db 0a ea 60 25 9c 8f 55 97 84 d6 28 43 59 72 8a fc d0 9e fb 21 a8 43 76 c8 f8 1e 97 85 32 94 45 67 49 77 9b c2 2e 5b 2e f1 a6 16 2e 42 fd 50 3c 14 5f 1d fc 56 be 15 e6 12 ca 92 43 2e ef dd 6d 87 a4 cf c9 9c 87 3c 9c 97 f5 2f 65 d7 50 4b c8 a1 33 20 27 07 9e a7 90 18 6d 61 ce 56 bc 9c 97 b5 a6 ec 1b ce f4 f3 d3 0c f7 c9 41 37 89 fc 8b 8d b4 42 dc df c6 64 d7 fc 9c 93 b5 76 1c 29 d4 97 9b f3 3c 4f cf f6 01 39 e8 6a ec fb 5f c2 d1 44 07 93 fd f0 8e 33 b2 be 51 0f 0d 75 ee 8f 06 97 5b cb 40 0e ba d7 88 12 19 7e 01 f1 f7 3d 4c 76 3d 90 df 4f af b5 4c bc 50 cb 35 75 75 02 c8 d1 cf bf b4 3b d0 0c 89 99 57 70 b6 31 67 f8 ad d4 d3 4e 93 86 de d5 97 4d ee 93 a3 df c9 a6 9d 4e 47 2e 3e d5 0f a9 85 e1 7b 41 59 72 d0 6d d4 ef 00 9f 21 bd f8 16 8e 57 26 cb 42 19 b9 f7 dd fb fb dd f3 1c 52 c1 11 c8 7c 0c 94 84 d6 28 73 f7 fe 16 bf 9f 70 57 fd 6d 74 ac 1d 52 f3 43 f8 7f cd 32 34 a7 1e ad 95 7a 3f 26 ef 37 8a e4 74 a2 66 ef f7 6f 83 10 d7 8f 84 08 57 08 31 6d c9 63 36 e4 3a 65 c9 21 f7 3f f6 98 ae 20 7e 04 00 00 Data Ascii: 1H[Qo0E)KI.u84j*HtRJPR\\JJZ!$y>(8='ypaOM'k!x`;<fcU8 C@'&_]Xop19h2%<`%U(CYr!Cv2EgIw.[..BP<_VC.m</ePK3 'maVA7Bdv)<O9j_D3Qu[@~=Lv=OLP5uu;Wp1gNMNG.>{AYrm!W&BR\|(spWmtRC24z?&7tfoW1mc6:e!? ~

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 134.209.191.107Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3.html HTTP/1.1Host: 134.209.ip-address-location.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: https://www.google.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 134.209.191.107Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.ip-address-location.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://134.209.ip-address-location.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __gads=ID=ad2eb0bb26c241eb:T=1720117850:RT=1720117850:S=ALNI_Mar2JAfQFvNj_LOUbsWWIGZu7Tmdw; __gpi=UID=00000e726d074a5f:T=1720117850:RT=1720117850:S=ALNI_MbSCiD7UA-csugS-V6CwdG_e4e9vg; __eoi=ID=81c2ede7f8df9b38:T=1720117850:RT=1720117850:S=AA-AfjaES15ef0ERuv7fvZ9nt3Yc; FCNEC=%5B%5B%22AKsRol9v1LDFarIRO4a81t9cwMKlZBTuicGLxflsGlP9gtuDcyCd_xo9Tvk-jUQLwNR_fgRTe0LFgPF4JudQPFg2ngRMZHXJRCLAWWX7d88d-pwjYpr5bJQWWOHU-tEPdlKefmaz9ox81IxQz8QDTr6oW8RciDGhdw%3D%3D%22%5D%5D
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.ip-address-location.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __gads=ID=ad2eb0bb26c241eb:T=1720117850:RT=1720117850:S=ALNI_Mar2JAfQFvNj_LOUbsWWIGZu7Tmdw; __gpi=UID=00000e726d074a5f:T=1720117850:RT=1720117850:S=ALNI_MbSCiD7UA-csugS-V6CwdG_e4e9vg; __eoi=ID=81c2ede7f8df9b38:T=1720117850:RT=1720117850:S=AA-AfjaES15ef0ERuv7fvZ9nt3Yc; FCNEC=%5B%5B%22AKsRol9v1LDFarIRO4a81t9cwMKlZBTuicGLxflsGlP9gtuDcyCd_xo9Tvk-jUQLwNR_fgRTe0LFgPF4JudQPFg2ngRMZHXJRCLAWWX7d88d-pwjYpr5bJQWWOHU-tEPdlKefmaz9ox81IxQz8QDTr6oW8RciDGhdw%3D%3D%22%5D%5D
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 134.209.191.107Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: ee12184204d024cfaa6c7e133acf5792.hostedonsporestack.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: 134.209.ip-address-location.com
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: g.bidbrain.app
Source: global traffic	DNS traffic detected: DNS query: cdn.bidbrain.app
Source: global traffic	DNS traffic detected: DNS query: fundingchoicesmessages.google.com
Source: global traffic	DNS traffic detected: DNS query: serve.bidbrain.app
Source: global traffic	DNS traffic detected: DNS query: cr.adsappier.com
Source: global traffic	DNS traffic detected: DNS query: ad.appier.net
Source: global traffic	DNS traffic detected: DNS query: usrtb.c.appier.net
Source: global traffic	DNS traffic detected: DNS query: www.ip-address-location.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49751 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@31/63@54/253

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://ee12184204d024cfaa6c7e133acf5792.hostedonsporestack.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1912,i,15712761873450727688,16979190800082808932,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1912,i,15712761873450727688,16979190800082808932,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://ee12184204d024cfaa6c7e133acf5792.hostedonsporestack.com	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://134.209.191.107/	0%	Avira URL Cloud	safe
about:blank	0%	Avira URL Cloud	safe
http://www.ip-address-location.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	142.250.186.46	true	false	unknown
plus.l.google.com	172.217.16.206	true	false	unknown
play.google.com	172.217.18.14	true	false	unknown
googleads.g.doubleclick.net	142.250.184.194	true	false	unknown
www3.l.google.com	142.250.186.46	true	false	unknown
cdn.bidbrain.app	104.21.80.92	true	false	unknown
www.google.com	142.250.186.164	true	false	unknown
www.ip-address-location.com	47.88.34.17	true	false	unknown
134.209.ip-address-location.com	47.88.34.17	true	false	unknown
serve.bidbrain.app	104.21.80.92	true	false	unknown
g.bidbrain.app	172.67.176.164	true	false	unknown
ad.appier.net	unknown	unknown	false	unknown
fundingchoicesmessages.google.com	unknown	unknown	false	unknown
cr.adsappier.com	unknown	unknown	false	unknown
ee12184204d024cfaa6c7e133acf5792.hostedonsporestack.com	unknown	unknown	false	unknown
apis.google.com	unknown	unknown	false	unknown
usrtb.c.appier.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://googleads.g.doubleclick.net/pagead/html/r20240702/r20110914/zrt_lookup_fy2021.html#RS-1-&adk=1812271803&client=ca-pub-4019308616400908&fa=3&ifi=5&uci=a!5	false		unknown
http://134.209.191.107/	false	Avira URL Cloud: safe	unknown
http://www.ip-address-location.com/favicon.ico	false	Avira URL Cloud: safe	unknown
http://134.209.ip-address-location.com/3.html	false		unknown
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4019308616400908&output=html&h=280&slotname=3324737349&adk=2166188311&adf=1056458448&pi=t.ma~as.3324737349&w=900&abgtt=5&fwrn=4&fwrnh=100&lmt=1720117848&rafmt=1&format=900x280&url=http%3A%2F%2F134.209.ip-address-location.com%2F3.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1720117847440&bpp=1&bdt=1321&idt=1521&shv=r20240702&mjsv=m202406260101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0%2C900x280&nras=1&correlator=827160638955&frm=20&pv=1&ga_vid=1665255972.1720117849&ga_sid=1720117849&ga_hid=132749002&ga_fc=0&u_tz=-240&u_his=3&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=182&ady=986&biw=1263&bih=907&scr_x=0&scr_y=487&eid=44759842%2C44798934%2C95330412%2C95330414%2C95334511%2C95334529%2C95334564%2C95334830%2C31084926%2C31078668%2C31078670&oid=2&pvsid=2765448911141648&tmod=1659632508&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&fsb=1&dtd=1525	false		unknown
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4019308616400908&output=html&h=280&slotname=8669042291&adk=2354505830&adf=54630664&pi=t.ma~as.8669042291&w=900&abgtt=5&fwrn=4&fwrnh=100&lmt=1720117848&rafmt=1&format=900x280&url=http%3A%2F%2F134.209.ip-address-location.com%2F3.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1720117847438&bpp=2&bdt=1318&idt=1502&shv=r20240702&mjsv=m202406260101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0&nras=1&correlator=827160638955&frm=20&pv=1&ga_vid=1665255972.1720117849&ga_sid=1720117849&ga_hid=132749002&ga_fc=0&u_tz=-240&u_his=3&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=182&ady=118&biw=1263&bih=907&scr_x=0&scr_y=487&eid=44759842%2C44798934%2C95330412%2C95330414%2C95334511%2C95334529%2C95334564%2C95334830%2C31084926%2C31078668%2C31078670&oid=2&pvsid=2765448911141648&tmod=1659632508&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=1512	false		unknown
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4019308616400908&output=html&adk=1812271804&adf=3025194257&abgtt=5&lmt=1720117848&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=174x816_l%7C193x816_r&format=0x0&url=http%3A%2F%2F134.209.ip-address-location.com%2F3.html&pra=5&wgl=1&easpi=0&aihb=0&asro=0&ailel=32~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aiael=32~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aifxl=32_7~27_14~29_10~30_19&aiixl=32_9~27_3~29_5~30_6&aslmct=0.7&asamct=0.7&aisaib=1&dt=1720117847431&bpp=5&bdt=1311&idt=1482&shv=r20240702&mjsv=m202406260101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=827160638955&frm=20&pv=2&ga_vid=1665255972.1720117849&ga_sid=1720117849&ga_hid=132749002&ga_fc=0&u_tz=-240&u_his=3&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=907&scr_x=0&scr_y=487&eid=44759842%2C44798934%2C95330412%2C95330414%2C95334511%2C95334529%2C95334564%2C95334830%2C31084926%2C31078668%2C31078670&oid=2&pvsid=2765448911141648&tmod=1659632508&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1504	false		unknown
about:blank	false	Avira URL Cloud: safe	unknown
https://googleads.g.doubleclick.net/pagead/html/r20240702/r20110914/zrt_lookup_fy2021.html#RS-3-&adk=1812271801&client=ca-pub-4019308616400908&fa=1&ifi=6&uci=a!6	false		unknown
https://googleads.g.doubleclick.net/pagead/html/r20240702/r20110914/zrt_lookup_fy2021.html#RS-0-&adk=1812271808&client=ca-pub-4019308616400908&fa=8&ifi=4&uci=a!4	false		unknown
http://134.209.ip-address-location.com/3.html#google_vignette	false		unknown
https://googleads.g.doubleclick.net/pagead/html/r20240702/r20110914/zrt_lookup_fy2021.html	false		unknown
https://www.google.com/recaptcha/api2/aframe	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.176.164	g.bidbrain.app	United States	13335	CLOUDFLARENETUS	false
142.250.186.46	google.com	United States	15169	GOOGLEUS	false
142.250.186.67	unknown	United States	15169	GOOGLEUS	false
172.217.18.14	play.google.com	United States	15169	GOOGLEUS	false
142.250.185.202	unknown	United States	15169	GOOGLEUS	false
8.8.8.8	unknown	United States	15169	GOOGLEUS	false
104.124.11.58	unknown	United States	20940	AKAMAI-ASN1EU	false
142.250.186.131	unknown	United States	15169	GOOGLEUS	false
172.217.18.97	unknown	United States	15169	GOOGLEUS	false
142.250.186.110	unknown	United States	15169	GOOGLEUS	false
142.250.186.99	unknown	United States	15169	GOOGLEUS	false
142.250.186.98	unknown	United States	15169	GOOGLEUS	false
142.250.185.66	unknown	United States	15169	GOOGLEUS	false
142.250.186.78	unknown	United States	15169	GOOGLEUS	false
142.250.186.34	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
216.58.212.131	unknown	United States	15169	GOOGLEUS	false
34.86.87.90	unknown	United States	15169	GOOGLEUS	false
172.217.16.206	plus.l.google.com	United States	15169	GOOGLEUS	false
142.250.184.194	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false
74.125.71.84	unknown	United States	15169	GOOGLEUS	false
216.58.206.46	unknown	United States	15169	GOOGLEUS	false
172.217.18.1	unknown	United States	15169	GOOGLEUS	false
142.250.181.226	unknown	United States	15169	GOOGLEUS	false
2.19.126.155	unknown	European Union	16625	AKAMAI-ASUS	false
142.250.181.227	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.80.92	cdn.bidbrain.app	United States	13335	CLOUDFLARENETUS	false
142.250.185.194	unknown	United States	15169	GOOGLEUS	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
134.209.191.107	unknown	United States	14061	DIGITALOCEAN-ASNUS	false
47.88.34.17	www.ip-address-location.com	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
172.217.16.132	unknown	United States	15169	GOOGLEUS	false
172.217.18.100	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467820
Start date and time:	2024-07-04 20:29:24 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://ee12184204d024cfaa6c7e133acf5792.hostedonsporestack.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@31/63@54/253

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.212.131, 142.250.186.78, 74.125.71.84, 34.104.35.123
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://ee12184204d024cfaa6c7e133acf5792.hostedonsporestack.com

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 17:29:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.992230180339755
Encrypted:	false
SSDEEP:
MD5:	13FF4372430276E03B209B19DC9CA8EB
SHA1:	219AC3579DF1222E66AF959B83A5BD35D1406E27
SHA-256:	53A125503EFA39FC13B8DD2E60389FED34A0256DA8E7D2970C8EE4974221F947
SHA-512:	BACF4E4BFD8E5416860E6E3952A699113682F2C4EE3BB6E079C5ED7D7DD9E1C84840B1775B4FF189EC360BAB2C3A46D2AA7EF7AA6632CCC1A54CB92806F2D0B6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......+@...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............h+......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 17:29:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.009156258804424
Encrypted:	false
SSDEEP:
MD5:	A164FA17955E4235A980DCDDE123204C
SHA1:	88E7A27AE0BB6F52D2ECDF61A43DAFF4FFE6CB72
SHA-256:	754F4604C9F58C0ECE1B18FBC65349362D82BB0EE59F403B99F59D20B6413DB6
SHA-512:	C3CF8EB75C981029DF136B911B76CB2346C629840D33EF3D988F76E9F91BE221F5CCE15844C9282E346DCCE1281D435287E4D6E60ED9879797B855CC362B7D1D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....}<.+@...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............h+......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.0137469742010685
Encrypted:	false
SSDEEP:
MD5:	FDEEDCF833A8F63BA652038D84518C48
SHA1:	F7BB017A56AA7F7CB798C2D03C2833E0A285B3F4
SHA-256:	A88C7B0041E7AEBCCF45E12450B74CC9CBEAE1AD912357AC66D6C531EF224784
SHA-512:	7A7799D40B83B41E0909820A913CBEF82E8AE383CE5357D86FCC86FC3A3986A191C752B252AC9396B7BDE62BC1A5B4FCE2303523BC732D5F9222C31DB8816CF0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............h+......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 17:29:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.002861671934433
Encrypted:	false
SSDEEP:
MD5:	6A73FA1311B516F9E68CCD22CDBA9916
SHA1:	132737A60F887AD36AF0B005E1BB2A7F46DC6245
SHA-256:	08F82A8F37DC8CFCB170709BF7ABD36FFBDA9B8B9035419F7FD9B845E2FC270C
SHA-512:	587786A2AF99369C79BDD5B04B1C275358C1BBC745876534A0B01CBDBA1638CF444369B6B0E77BA013E276666A90E96F1A43456DE52C330EDBD8BE2EB3A68CAE
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....p.+@...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............h+......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 17:29:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.992055423074966
Encrypted:	false
SSDEEP:
MD5:	B124F28A38375BA45500FF04BB69D691
SHA1:	7E89DF9E4F9B4755BF5E76D8F2FBE9E408FBA846
SHA-256:	FACE406B9C83217516BB324C3A5410E2EDAC480071FB5A4DADA9AFD2628F5FAF
SHA-512:	1A4AC7EF6DD4B1192A3377F67F8D8F2C9FD7FB695563A1D5ADD32969EDB78FEC0762086F9B8E35D4CFE34A2F575FDD2E12DE172195163E9AF51FAA64694F5E90
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....l.+@...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............h+......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 17:29:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.003991597733259
Encrypted:	false
SSDEEP:
MD5:	3B278B5FF32E12FCFCBB5364A9A02772
SHA1:	305F9702E210A8CC076A1E5A36637E80BFBC95ED
SHA-256:	A90BEAC41053FA2F2364267F7138F76E74F82ED479A75BCD0AAF346BB81244F1
SHA-512:	917A4CE1A80CD34E8D3C5F5D882FE1F3484F6E3A871D0D272CBD5C5BB8B43568AAB10E5BD36162B512876951C9919D77D1DD6BBE0BF3299E1CD95DAAE493770B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....2.+@...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............h+......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5044), with no line terminators
Category:	downloaded
Size (bytes):	5044
Entropy (8bit):	5.236421644060331
Encrypted:	false
SSDEEP:
MD5:	199EA4D08120E89C2AF5238E79D29FB5
SHA1:	32795949BF2D9BDC964661C69B5AABDB57866933
SHA-256:	476EC14624475446DD9776AF62D1F60536DCE59A0DF243CE5471D5E552EF50EB
SHA-512:	51D552EA72BF0C1124879D3018D4537EB49AA4C16A45FF46A00F870C06C4BCCA64D28493E5B9FFB2CE2E9F51B29C302CC4248D025C6F9950E5E7342929143AD1
Malicious:	false
Reputation:	unknown
URL:	https://cr.adsappier.com/__lib/ct.js
Preview:	!function(){"use strict";async function t(t){try{await fetch(t,{method:"GET",keepalive:!0,mode:"no-cors"})}catch{}}const e={mopub:"0U8OxJ8u",adx:"0w8tQHmWy",inmobi_in:"0c8zWUmlEHmg9",inmobi_use:"0c8zWUmlEHDiP3M",inmobi_usw:"0c8zWUmlEHDiPJx",vungle:"0Jji93mVgHDiP3M"},n=["_self","_blank","_parent","_top"],i=["noopener","noreferrer"],r=" ";function o(e,o){o?.ping&&o.ping.split(" ").filter(Boolean).forEach((e=>t(e)));const a=n.includes(o?.target)?o.target:"_self",c=o?.rel?.split(r).filter((t=>i.includes(t))).join(r)??"";try{const t=Boolean(window.mraid)&&"loading"!==window.mraid.getState(),n=Boolean(window.admob)&&window.admob.isAdMobSdk();return t?window.mraid.open(e):n?window.admob.opener.openUrl(e,!0):window.open(e,a,c),!0}catch{return!1}}function a(t,e){try{const n=new URL(t);for(const[t,i]of Object.entries(e))null!=i&&n.searchParams.set(t,String(i));return n.toString()}catch{return t}}var c=function(t,e,n){const i=t.closest(e);return n?n.contains(i)?i:null:i};function u(t,e){const n=N

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	47
Entropy (8bit):	4.453005074851736
Encrypted:	false
SSDEEP:
MD5:	7F5F2BE159837D73B72A4B37616BCE44
SHA1:	C93D7F25B530B05C26440D3352213B683D03DCC3
SHA-256:	CCECD185AC16BA0A538840F37701053FBB861F7FBBDD86039C7415FCD924D1F2
SHA-512:	A1002883CA1DD74080546C6D34A38144B867A8E8A22E4BAD80EB1D221A86FE9EDEA81A5F12D3CA6B2BF29E686FC80CC32B06E37B83381750B6E773A62052A0A8
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/pagead/js/google_top_exp.js?fcd=true
Preview:	window['google_empty_script_included'] = true;.

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1055)
Category:	downloaded
Size (bytes):	2690
Entropy (8bit):	5.39866636776827
Encrypted:	false
SSDEEP:
MD5:	76A4D84DE75340D59CA06503A14184D4
SHA1:	2FE3C4A95AF88BE57D1912BB09DC463F69924402
SHA-256:	66E9BF446316F6EEC5EAEFA7098592BBD2144A60EB38C481DB233A6CA8B8D94A
SHA-512:	2ABE6C816B265B72A8023E8F832B9BED0FFD2C931BA07C5DA1AE0CB5D60178CBD1CEA9CE6AE0BB88F77614954C20836342AD6BAFE25EB1CA4D2AEB495E4E2BD2
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/pagead/js/r20240702/r20110914/client/window_focus_fy2021.js
Preview:	(function(){'use strict';function f(a,b,e){a.addEventListener&&a.addEventListener(b,e,!1)};/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .function g(a,b,e){if(Array.isArray(b))for(var c=0;c<b.length;c++)g(a,String(b[c]),e);else b!=null&&e.push(a+(b===""?"":"="+encodeURIComponent(String(b))))};function l(a=document){return a.createElement("img")};function m(a,b,e=null,c=!1){n(a,b,e,c)}function n(a,b,e,c){a.google_image_requests\|\|(a.google_image_requests=[]);const d=l(a.document);if(e\|\|c){const k=h=>{e&&e(h);if(c){h=a.google_image_requests;const v=Array.prototype.indexOf.call(h,d,void 0);v>=0&&Array.prototype.splice.call(h,v,1)}d.removeEventListener&&d.removeEventListener("load",k,!1);d.removeEventListener&&d.removeEventListener("error",k,!1)};f(d,"load",k);f(d,"error",k)}d.src=b;a.google_image_requests.push(d)};function p(a=null){return a&&a.getAttribute("data-jc")==="22"?a:document.querySelector('[data-jc="22"]')};var q=document,r=window;functi

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 120 x 44, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3064
Entropy (8bit):	7.485972573075985
Encrypted:	false
SSDEEP:
MD5:	DD2F7982DBC0643B4636CA62C5C865F2
SHA1:	03485A72EDC4B23CE1DF32F198BACC9AEB64E102
SHA-256:	8B936806575C16CDA3695CCF24C6DEEAF8FE0BE8310E76C051033BADBB72AC74
SHA-512:	649506A359AAFA10BDB255209307DBAE88774319AB3827D59E62B16A2A3A1CEA57776C57E3CE05AC0211D3616D532E5111C076A550795F65A76CD3275B417E88
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...x...,.............PLTE...K..M..M..M..M..M..M..N...[(.[(.['.[).[)M..M..M..L..M...['.[(.[(.Z&.X..[(.t..[(N..M..M..C..M..M..M..M...['.[(.[(.[&.W..X..Z".['.Z".[(.['.[(M..D..7..7...Z".[(.[).Z!.[).[(.Z%.[(M..M..D...[(M..M..M..M..M..J...[(=...Z&.['.[).Z$.[(.Y!.[(.[)M..M...['=..=..=..<..;..=..M..M...Y!.Z&M..L..M..H...[(=..<..<..:..=..=..<..;...[(M..M..C...[(M..M..N..<..>...[).[(.[(=..=...[(.[(.[(.Y!...>..=..:...[).[(M..M...[(M..3..=..A..=...T..\,.[(M...[(M..<..=..<...[(<..=..>..M..>..=..4......[(.[(@..F..J..M..M...[(.[(<...U.M..L..E...[(.[(.X..\,M...[).W.N..<..M..M..M..M..?...[(<..?...[(.[(.[(.['M..M...[(.V..[(.[(M..=..6...Z$.T..[(0...U..Z B...V.M..-...S.8..M...X.1...R.6...Y.J...T..[(F...Y"@...W..W..[(.[(2..B...W..Y.=..M...W..W.....S.Q..A..1..9...[).S.....P.P..$..>......aC.T..V...H_....tRNS. V.....9Q..29...k....5.t..J...w..]&......./W...G6!.H...j#f.............D.Aw..>g..j/=.q.U..c-..9.._..eS.Z...\|4Dw.<...[a..O.....a.....a..u.*r.MB......6..W.+s.s.k$...{..........o...Zo

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	226586
Entropy (8bit):	5.726827785814232
Encrypted:	false
SSDEEP:
MD5:	6200D5E65B54332FB48EB5137E263537
SHA1:	1E0BDB0B8C457246CC2F29A5ECCF2C8FA1A1F39C
SHA-256:	2629889CD67C5EAA3857ADF6A7CC1CA7A7B94F0973179A16D57D40816E8028D1
SHA-512:	3DC1A7119C47DEE535DBEE39282A134F7DC2FDF7DBD1B94D6832FA4F6681A8B43C65799948CB19FA1BDF8F254B5EA01AC32AF57C6A432A73F46BEC122808F1F9
Malicious:	false
Reputation:	unknown
URL:	https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4019308616400908&output=html&adk=1812271804&adf=3025194257&abgtt=5&lmt=1720117848&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=174x816_l%7C193x816_r&format=0x0&url=http%3A%2F%2F134.209.ip-address-location.com%2F3.html&pra=5&wgl=1&easpi=0&aihb=0&asro=0&ailel=32~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aiael=32~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aifxl=32_7~27_14~29_10~30_19&aiixl=32_9~27_3~29_5~30_6&aslmct=0.7&asamct=0.7&aisaib=1&dt=1720117847431&bpp=5&bdt=1311&idt=1482&shv=r20240702&mjsv=m202406260101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=827160638955&frm=20&pv=2&ga_vid=1665255972.1720117849&ga_sid=1720117849&ga_hid=132749002&ga_fc=0&u_tz=-240&u_his=3&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=907&scr_x=0&scr_y=487&eid=44759842%2C44798934%2C95330412%2C95330414%2C95334511%2C95334529%2C95334564%2C95334830%2C31084926%2C31078668%2C31078670&oid=2&pvsid=2765448911141648&tmod=1659632508&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1504
Preview:	<script>window.sra_later_blocks = [];</script><script>window.sra_later_blocks.push({creative:'\x3c!doctype html\x3e\x3chtml \x3e\x3chead\x3e\x3cstyle\x3e* {margin: 0;padding: 0;outline: none;}body {background: rgba(52, 58, 65, 0.600000);backdrop-filter: blur(15px); /potential issue: minimal browser support/-webkit-backdrop-filter: blur(15px); /for safari/height: 100%;}#ad_iframe {box-shadow: 0 !important;display: block;left: auto;margin: 0 auto;position: relative;top: auto;}.creative {transition: opacity 1s;-webkit-transition: opacity 1s;position: relative;}#card {background-color: #fff;border-radius: 6px;padding: 0 6px 1px;position: relative;box-shadow: 0px 8px 12px rgba(60, 64, 67, 0.15), 0px 4px 4px rgba(60, 64, 67, 0.3);}html {height: 100%;}.toprow {width: 100%;display: table;height: 24px;background-color: #fff;}.btn {display: table;transition: opacity 1s, background .75s;-webkit-transition: opacity 1s, background .75s;-moz-transition: opacity 1s, background .75s;-o-transition:

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4909)
Category:	downloaded
Size (bytes):	209664
Entropy (8bit):	5.421664736136507
Encrypted:	false
SSDEEP:
MD5:	8B4778BB22DCFCD74D1860041722EA01
SHA1:	6C2676FBB1B8A70A46EC0D518D3364C906D0149C
SHA-256:	066BF781659AF09BB40A24A7D87DD2310C2324C9619E347C6D6D05C00FFEB182
SHA-512:	99EF210BA36EC1EE9D5B4787E84D05FD9F2A7F0F8BB677437E95483077D6D66940002F3B0AA211BFF34EA4727BE82A54E0B88DB49012A020823726270A9A6691
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Preview:	(function(){var p,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");},da=.ca(this),q=function(a,b){if(b)a:{var c=da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.q("Symbol",function(a){if(a)return a;var b=function(f,g){this.pg=f;ba(this,"description",{configurable:!0,writable:!0,value:g})};b.prototype.toString=function(){return this.pg};var c="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",d=0,e=function(f){if(this instanceof e

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 1150
Category:	downloaded
Size (bytes):	512
Entropy (8bit):	7.54475411650317
Encrypted:	false
SSDEEP:
MD5:	C3536E3FFF373C1F1DC0BE17803A6120
SHA1:	2589271F2BB076564801881229B64F5A5483A8F2
SHA-256:	7E9594A5E5F3C89B6181581858EB884EDE4B46B26B821283EC116E0EBF630800
SHA-512:	F8584B0438C22F9D7EB773AB81A0CE634E8F6E3C809B0F1C3E3BF530934B9CCB9255131BD7E494BFA3DF0A73CA683366DD8353EB631E7985FF242A366CB7C8F8
Malicious:	false
Reputation:	unknown
URL:	http://www.ip-address-location.com/favicon.ico
Preview:	............1H[Q..o0.E..)...KI.......u...8....4j..*HtR.JP.R\...\.JJ.Z..!$y>....(....8=...'y...p......a.OM...'.k..!.x.`.;.....<fc.U8. .C@'....&.._]..Xo....p1...9.h.2%<.......`%..U...(CYr....!.Cv.....2.EgIw...[....B.P<._..V.....C...m.....<.../e.PK.3 '.....ma.V..............A7.....B...d.....v.)...<O...9.j.._..D.....3..Q..u...[.@.....~...=Lv=..O..L.P.5uu.....;....Wp.1g....N....M....NG.>.....{AYr.m....!....W&.B.........R...\|....(s.....pW.mt..R.C...24....z?&.7..t.f..o.....W.1m.c6.:e.!.?... ~...

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	134
Entropy (8bit):	4.822682755209272
Encrypted:	false
SSDEEP:
MD5:	1E62CCB7C7AFBB9D4F7E9F43B8BD17F5
SHA1:	C56362B028989BFC42D5B226886FDA09D3B7397D
SHA-256:	C945BF9D1E619F93DBAB7C7FD28B9F113ADF2DCE3A8E422C2F98E7D57EDEA5F7
SHA-512:	8F4EA73B09DD79E0E59CB8447497A8B3422ACC12A7D269FE74D787CFBF98FBB2C4792AEA774E7EAB19ECD8727D3A9951B7D0E0060636DE5889B2A402C18B2F99
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=134.209.191.10&oit=3&cp=14&pgcl=4&gs_rn=42&psi=tlE72-cPANIu7g5S&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["134.209.191.10",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	16718
Entropy (8bit):	6.017242432563332
Encrypted:	false
SSDEEP:
MD5:	3F2B07123C3A47948214B39216820544
SHA1:	DE5BD82166399616E0CBE47B352BDE8C87877F79
SHA-256:	088B8717C1A7E4A3F67F242464C697D1B859B052AD8057BA44660FEE02B86AC0
SHA-512:	B1D8628CABC3B1CDBEB1904BDC9DCFB69941C855687CE281CBB949518C7BEAFFE9D69F0662E9F019E7C288C3BD391B5826104C0DCD890140D178E6CF20B3EC73
Malicious:	false
Reputation:	unknown
Preview:	{"sodar_query_id":"ZuqGZoyjF5KxiM0P6Oel-Ak","injector_basename":"sodar2","bg_hash_basename":"dPU7tgJ6lZEjfzRbvp7RA8ZpdrT2Zo2REcyXm64uJow","bg_binary":"xgUkdJtDUxbO4IFmpLEhK7Gm5WUCFF2yDjWFN+sEm4yuTJnqwX450yg16uhtI5kEvhMsiLBEeAIwmPLe4jcxWfYiEfII9i3o1p1paxo85syMPunq88eUxitcTkmB8bU9OLCVklDYbaobCbq4FzOCvz7YtB+1/HOn+h43NINoWi8Qmh1iy9trnQYy57mQlMcSfFRJ+mCmE1bNbE7a1cLMHuAidCIK3JUpuet/JaqSvzYRp8nEaGE8A5e64A0oeFQTCFAagBheyaRW43Jk5/0fCTvmi0yu2nHkWHIH2RjD+VE6bSBA82wyGaVnj9g78RHLj+vaFZKrj3S7CJmmZnw12xhxRZ3RsBvaF3A4ij+gwTV6W1AT8YdmSInWAu7DGoSMCCLjTEnC3qdywEUqrPNh+YSlRTpfbASm0GA43YVztFIlt15jUoZ0dnTzumTILCC6ZxxNsDj0iWuTehEMtfhMGziymeJy3m/ZjqDV2yE/txDK2ng6sooRNnpU8KsJxQkgjW4arIGAlcikezWthtWUs/HDqbg6W4m4TUHsA0gnRL7ocVOYjkqhocn0ZWFVqOzeACEUXlWAC7Qz4WrjMZTHMU86GLnfgrPhV4CqSmSLV+3X70OCXCtx80vH5aMjWudnXPaQAKHjiQBWYlvP5VyAukxz30TmBDYMMHVRmrRr5KdVC8yVCPXq6sMHzQkMCYU9OH1VUGMVglFzfVRfzZFGpK8EG6SbbMZv2mcmA0/TsDGTx7s9JAHt7sD5MpXvgWw3/Cetl0wBy4yIfS6gCCA6I6Tfh0NKl8K0p9e+0qu5TgIHNe6NKovKHBixgQx3L+CqjkKAEKGPE5W5IGFB7

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (549)
Category:	downloaded
Size (bytes):	1038828
Entropy (8bit):	5.616278451386445
Encrypted:	false
SSDEEP:
MD5:	01B72CCD6C51DB0853FC3D957FA2D009
SHA1:	82BFBB77E4EB3610C3D7BA79ACD2E6250A3DECC1
SHA-256:	BF90B3113C58AF15CD7B9CB70D5DD95C189082647483851CBF3482A1917572EC
SHA-512:	F417D724CBA6650EA35AE38A282658C7B9D827A903F830EB99E2093CBBA4B6061B3415AD28E8C7E538B40D662603CA349F47AB7BF5BBF5D4A967481D15B2985F
Malicious:	false
Reputation:	unknown
URL:	"https://www.google.com/xjs/_/js/k=xjs.s.en_US.J5CICo_PjD8.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAACAkEAQAAAACgAAAAAAAAAAAAAAACEAgFAIABAADigREAAAIAAAQCAI4PefAAAAAABgAAAEgAkAAAAAXAAAgIIAAAEEAACAAAAAAACgAAAAAAAAAAAAAAAAABAIQD8AAAAAAAAAAAAAAAAAYADCDwAABIAAggDgAAMBAAACAAAAuAcAzwOGgxQWAAAAAAAAAAAAAAAAAUgQzIH0FwRAAAAAAAAAAAAAAAAAAFKCTlzeAAAJ/d=1/ed=1/dg=2/br=1/rs=ACT90oEbnDpnDHQybXJKayO1383S-xQfgA/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IZrNqe:P8ha2c;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;PqHfGe:im2cZe;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;Zen4yb:jMF88c;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:VruDBd;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qGV2uc:HHi04c;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;xbe2wc:uRMPBc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=attn,cdos,gwc,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl"
Preview:	this._s=this._s\|\|{};(function(_){var window=this;.try{./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. SPDX-License-Identifier: Apache-2.0././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT./.var baa,caa,naa,oaa,paa,qaa,raa,saa,taa,uaa,vaa,zaa,xaa,waa,Aaa,yaa,Baa,Daa,Caa,Eaa,Faa,Gaa,Iaa,Jaa,Oaa,aba,gba,pba,rba,uba,yba,zba,Cba,Hba,Iba,Jba,Kba,Lba,Nba,Mba,Pba,Dba,Qba,Rba,bb,Vba,Wba,Yba,$ba,bca,fca,gca,ica,kca,mca,pca,rca,sca,yca,Aca,Nca,Oca,Pca,Gca,Qca,Fca,Rca,Eca,Sca,Tca,Uca,$ca,bda,cda,eda,ida,jda,nda,uda,kda,tda,oda,mda,lda,vda,xda,yda,zda,Cda,Dda,Eda,Fda,Gda,Jda,Kda,Nda,Lda,Sda,Tda,Zda,$da,bea,aea,dea,fea,eea,hea,gea,kea,jea,mea,oea,qea,rea,uea,vea,xea,yea,Aea,Cea,Oea,Qea,Pea,Rea,Sea,.wea,zea,Vea,Zea,cfa,hfa,ifa,rfa,nfa,tfa,ufa,kfa,xfa,yfa,vfa,Dfa,Efa,Ffa,Ifa,Jfa,lfa,Hfa,Lfa,Nfa,Rfa,Sfa,Ufa,cga,dga,fga,qg

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (51433)
Category:	downloaded
Size (bytes):	52697
Entropy (8bit):	5.693688318421677
Encrypted:	false
SSDEEP:
MD5:	12ED011B0B2F718FD5C3FED8DBDB688F
SHA1:	3F549EA5935C6082C3943CC09941D865E4040972
SHA-256:	74F53BB6027A9591237F345BBE9ED103C66976B4F6668D9111CC979BAE2E268C
SHA-512:	9674CFE614CDD39707020F69E42340A47A6775815BBBF62AA748DCF14E6C43C222391E115F55DD0B0C1E5C3B8CFC6E9D2B9FF482436FAD691130FBE6344B7C63
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/bg/dPU7tgJ6lZEjfzRbvp7RA8ZpdrT2Zo2REcyXm64uJow.js
Preview:	//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjogMywic291cmNlcyI6WyIiXSwic291cmNlc0NvbnRlbnQiOlsiICJdLCJuYW1lcyI6WyJjbG9zdXJlRHluYW1pY0J1dHRvbiJdLCJtYXBwaW5ncyI6IkFBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEifQ==.(function(){function n(e){return e}var Y=this\|\|self,S=function(e,U,u,Z,a,X,t,F,V,I,E,T){for(T=(E=9,50);;)try{if(E==80)break;else if(E==22)Y.console[a](I.message),E=42;else{if(E==44)return V;if(E==47)T=50,E=e;else if(E==u)E=F&&F.createPolicy?U:44;else{if(E==42)return T=50,V;E==9?(F=Y.trustedTypes,V=t,E=u):E==e?E=Y.console?22:42:E==U&&(T=Z,V=F.createPolicy(X,{createHTML:g,createScript:g,createScriptURL:g}),E=42)}}}catch(c){if(T==50)throw c;T==Z&&(I=c,E=47)}},g=function(e){return n.call(this,e)};(0,eval)(function(e,U){return(U=S(45,83,24,15,"error","bg",null))&&e.eval(U.createScript("1"))===1?function(u){return U.createScript(u)}:function(u){return""+u}}(Y)(Array(Math.random()*7824\|0).join("\n")+['//# sourceMappingURL=data:application/json;charset=

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (476)
Category:	downloaded
Size (bytes):	481
Entropy (8bit):	5.100374422766877
Encrypted:	false
SSDEEP:
MD5:	37E5017CBAF6D8A24CE92F788FE10D68
SHA1:	EB278B1C069F91485E64F147682B1DBAF22F42F6
SHA-256:	E559D1C4B408DCEF73DA637C1CF1F457820725000C8132955AA9C96F911C7D8F
SHA-512:	CD0CAD22490A4AC2680984E2498B17D6F6CA755905479EB86BBDC7C38E34F7A9833654DC706C236C8195BECD255CC8CDC4260DBEDD19B43B7F5F4DDDB7040D74
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=what+is+http%3A%2F%2F134.209.191.107%2F&oit=4&pgcl=15&gs_rn=42&psi=tlE72-cPANIu7g5S&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["what is http://134.209.191.107/",["what is http/1.1 403 forbidden","what is http //www.gstatic.com/generate_204","what is http status code 204","what is http/1.1 200","what is http/1.1"],["","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[601,600,552,551,550],"google:suggestsubtypes":[[512,546],[512,546],[512,546],[649,546],[512,546]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1150 x 116, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	10487
Entropy (8bit):	7.9121587676994105
Encrypted:	false
SSDEEP:
MD5:	C72DBDF08760DD192F988F7B835D7AF9
SHA1:	C2E3B192E0DA45050B2C241604F256AADEA3E0D0
SHA-256:	B0E94A0E3CD74BA4B394CA0F0BE71D1C0E6A9FBCCBC61E69597677CB8545A378
SHA-512:	776658AEA9FA0D3456AA9F5E47FE5985E0D0F7844609A77208B358A747736AFF3B9CB6AE761E11350A2117EB5EC207296A0F06B61AE80610ED91D08EC326D93A
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/logos/doodles/2024/fourth-of-july-2024-6753651837110246-shs.png
Preview:	.PNG........IHDR...~...t.......^....PLTE.........x..x..w..d..e..k..o..q..............}..m..{............................v..f.....k........i.......u..h..\|..............z.....m.............................t..v...........{..r..~......................y........l..{...................o..............~....................x...q...........i.......................s......................................h.........................................................................................................................\|..........i.....i..i..i........i..i.....i..i..i..i..i.......g....i.....p.....i..i.......kw...........i...l.....i.z...}......i.............v.......................................................y..x..x..x..x..x.....x..x.....x...............@[.....tRNS.y................................Cc...................p....e..............7.............!...............k..q.............2........T........%*....x.....K...=......c......BQ............#

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (792)
Category:	downloaded
Size (bytes):	797
Entropy (8bit):	5.151196668943552
Encrypted:	false
SSDEEP:
MD5:	42F5ED52A677913B06E5A07FFB211599
SHA1:	5E152F4D27D50027F45E50F5D1BF4D0F5627161F
SHA-256:	55A3E5E571A6A3757B3396906952D00F3A87CED8E325AEDEA089DB06D2A9A3D7
SHA-512:	8C50EF76F5613574A0AE540792A82B2163E58130E60DAE15406F86356A948C2E60FB91628A2FAD87643E71B507FC49223C9ED4EDB7A123DE96A21DEFA6D1AF49
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["4th july sales","riccardo calafiori arsenal","jjk chapter 263 spoilers","zenless zone zero redeem codes","french exuserbur sword vanishes","firefly alpha rocket launch","the boys season 4 episode 6 recap","candice miller brandon miller"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2347)
Category:	downloaded
Size (bytes):	164667
Entropy (8bit):	5.548424174425685
Encrypted:	false
SSDEEP:
MD5:	AE24BF0080748F49266530ECFDB428F7
SHA1:	D7F5BDBDE805B355034B980C1DD46D82D02D5C5A
SHA-256:	EA7E71D255BFB6BA647EEBA156F3B71386CE3B7DCF65D3D8CE05E0C9C48DBAAC
SHA-512:	0549F34FC5CDF0E5589C181AA59A1938FD1D39E2B9889B6458D3B5398C330B591E59BA1B9135760C1EDBAA89F0BA40182DD2DC7C0B951EAA869F2193650BDC68
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.k_rHrBjflTk.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTt1hnGqeS6CLgm_ywEWql2sJwW4iA"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.qj=function(a){if(a!=null&&typeof a!=="number")throw Error("r`"+typeof a+"`"+a);return a};.}catch(e){_._DumpException(e)}.try{._.rj=function(a,b,c){return c?a\|b:a&~b};_.sj=function(a,b,c,d){a=_.sb(a,b,c,d);return Array.isArray(a)?a:_.yc};_.tj=function(a,b){a=_.rj(a,2,!!(2&b));a=_.rj(a,32,!0);return a=_.rj(a,2048,!1)};_.uj=function(a,b){a===0&&(a=_.tj(a,b));return a=_.rj(a,1,!0)};_.vj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.wj=function(a,b,c){32&b&&c\|\|(a=_.rj(a,32,!1));return a};._.xj=function(a,b,c,d,e,f){var g=!!(2&b);const h=g?1:2;e=!!e;f&&(f=!g);g=_.sj(a,b,d);var k=g[_.v]\|0;const l=!!(4&k);if(!l){k=_.uj(k,b);var m=g,p=b;const r=!!(2&k);r&&(p=_.rj(p,2,!0));let q=!r,y=!0,G=0,C=0;for(;G<m.length;G++){const E=_.Sa(m[G],c,p);if(E instanceof c){if(!r){const A=!!((E.na[_.v]\|0)&2);q&&(q=!A);y&&(y=A)}m[C++]=E}}C<G&&(m.length=C);k=_.rj(k,4,!0);k=_.rj(k,16,y);k=_.rj(k,8,q);_.wa(m,k);r&&Object.freeze(m)}if(f&&!(8&k\|\|!g.len

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (11822)
Category:	downloaded
Size (bytes):	11824
Entropy (8bit):	5.2927390094370335
Encrypted:	false
SSDEEP:
MD5:	659A1EC658C77B9C936C856B9B72A548
SHA1:	C1076FE1A694D561FFAA673793CB6418763FA1E4
SHA-256:	B2D12B381E4F471679E903D6C8FE634AB8DDA43764168C8F3C1EE1269FE7EDAB
SHA-512:	77F2057B03E14C9378F6C6CB087263D7239EDA44D57104DF48105B88938656F594BD68DCAD9CDA0409AFDB78205C872B65F63816146923676F522C3626232558
Malicious:	false
Reputation:	unknown
URL:	https://cdn.bidbrain.app/ng-assets/creative/assets/polyfills-a3f452c3.js
Preview:	export function __vite_legacy_guard(){import.meta.url;import("_").catch(()=>1);(async function*(){})().next()};var t="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=function(t){return t&&t.Math===Math&&t},r=n("object"==typeof globalThis&&globalThis)\|\|n("object"==typeof window&&window)\|\|n("object"==typeof self&&self)\|\|n("object"==typeof t&&t)\|\|n("object"==typeof t&&t)\|\|function(){return this}()\|\|Function("return this")(),e={},o=function(t){try{return!!t()}catch(n){return!0}},i=!o((function(){return 7!==Object.defineProperty({},1,{get:function(){return 7}})[1]})),u=!o((function(){var t=function(){}.bind();return"function"!=typeof t\|\|t.hasOwnProperty("prototype")})),c=u,a=Function.prototype.call,f=c?a.bind(a):function(){return a.apply(a,arguments)},l={},s={}.propertyIsEnumerable,p=Object.getOwnPropertyDescriptor,y=p&&!s.call({1:2},1);l.f=y?function(t){var n=p(this,t);return!!n&&n.enumerable}:s

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (546), with no line terminators
Category:	downloaded
Size (bytes):	546
Entropy (8bit):	4.969626604885632
Encrypted:	false
SSDEEP:
MD5:	D055AFED3DE5FCF7A4560E0BC7F147BE
SHA1:	04249AD6A59AF3A329385A5C79B2B0DACE87E119
SHA-256:	C08F374829C352D1A3C4BE106BDBCFCCC348CA18CE90FD9FAA1A5F44E0B230D5
SHA-512:	0511F3697796AF1E7D9F5E112461D3ABFA7DE7684E96B856D1C5B5423329F2CBA147C8DC215A786E63043F5BFC0CF6A8334E8D027451498A8E7CEA52D95FF706
Malicious:	false
Reputation:	unknown
URL:	https://cr.adsappier.com/__lib/rwd.js
Preview:	!function(){const e=document.currentScript?.dataset.image?document.querySelector(document.currentScript.dataset.image):null;function t(){e instanceof HTMLImageElement&&((window.visualViewport?.width\|\|window.innerWidth)/(window.visualViewport?.height\|\|window.innerHeight)>e.naturalWidth/e.naturalHeight?(e.style.width="auto",e.style.height="100%"):(e.style.width="100%",e.style.height="auto"))}e instanceof HTMLImageElement&&(e.complete?t():e.addEventListener("load",(()=>t())),window.addEventListener("resize",(()=>requestAnimationFrame(t))))}();

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2141)
Category:	downloaded
Size (bytes):	125593
Entropy (8bit):	5.491909935656491
Encrypted:	false
SSDEEP:
MD5:	C8F70ECF911EB38BF7BAA1157D661E30
SHA1:	82DCE89C697C1DAE3290764A2C3A36BD83ED2756
SHA-256:	9F661DF876D6CDD9B5A68CA4B4523FFB2D53C291CFA521C0B9B3CA64C1637210
SHA-512:	E5EB7EB530F6584435A0C74DA78A1ACEBF96554C9989C39CC22D09029D6FF0CF3193C53E3DD658BBC0264B2B00A40C6BE1874521DCD120C9EE181E2075DFFE84
Malicious:	false
Reputation:	unknown
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.iZZZ0XsR8bM.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_0-97nH_2IxP0suYF105-PdJv4zg/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x100000, ]);.var ba,ha,ia,na,oa,va,wa,Ba;ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ha=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ia=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.ma=ia(this);na=function(a,b){if(b)a:{var c=_.ma;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ha(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (51682), with no line terminators
Category:	downloaded
Size (bytes):	51682
Entropy (8bit):	6.103472032338962
Encrypted:	false
SSDEEP:
MD5:	D0DD09E20C3CC1A4F459AE08B203A445
SHA1:	C80EB21D87E8398494AD8C997AC70914634DDB25
SHA-256:	0ED5ADFD66F14FDDD4671E764864609B0513B1F24E3F20FD5279259ED064CB50
SHA-512:	759F00D18B7CCA48E92362C5946BC3153A71F9949AC558C25000048F8C827382F269207BD47F859847B7D69645C8A1E94B8C6511385AA852400FFFC276A520FC
Malicious:	false
Reputation:	unknown
URL:	https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4019308616400908&output=html&h=280&slotname=8669042291&adk=2354505830&adf=54630664&pi=t.ma~as.8669042291&w=900&abgtt=5&fwrn=4&fwrnh=100&lmt=1720117848&rafmt=1&format=900x280&url=http%3A%2F%2F134.209.ip-address-location.com%2F3.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1720117847438&bpp=2&bdt=1318&idt=1502&shv=r20240702&mjsv=m202406260101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0&nras=1&correlator=827160638955&frm=20&pv=1&ga_vid=1665255972.1720117849&ga_sid=1720117849&ga_hid=132749002&ga_fc=0&u_tz=-240&u_his=3&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=182&ady=118&biw=1263&bih=907&scr_x=0&scr_y=487&eid=44759842%2C44798934%2C95330412%2C95330414%2C95334511%2C95334529%2C95334564%2C95334830%2C31084926%2C31078668%2C31078670&oid=2&pvsid=2765448911141648&tmod=1659632508&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=1512
Preview:	<!doctype html><html><head><script>var jscVersion = 'r20240702';</script><script>var google_casm=[];</script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>window.dicnf = {};</script><script data-jc="42" data-jc-version="r20240702" data-jc-flags="["x%278446'9efotm(&20067;>8&>`dopb/%<1732261!=\|vqc)!7201061?'9efotm(&20723;>:&>`dopb/%<1245;05!=nehu`/!361:<320!9sqrmy"]">(function(){'use strict';/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var u=this\|\|self;function v(a,b){a:{var c=["CLOSURE_FLAGS"];for(var d=u,e=0;e<c.length;e++)if(d=d[c[e]],d==null){c=null;break a}c=d}a=c&&c[a];return a!=null?a:b};var aa=v(610401301,!1),ba=v(188588736,v(1,!0));var w;const ca=u.navigator;w=ca?ca.userAgentData\|\|null:null;function x(a){return aa?w?w.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function y(a){var b;a:{if(b=u.navigator)if(b=b.userAgent)break a;b=""}return b.index

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15436, version 1.0
Category:	downloaded
Size (bytes):	15436
Entropy (8bit):	7.986311903040136
Encrypted:	false
SSDEEP:
MD5:	037D830416495DEF72B7881024C14B7B
SHA1:	619389190B3CAFAFB5DB94113990350ACC8A0278
SHA-256:	1D5B7C64458F4AF91DCFEE0354BE47ADDE1F739B5ADED03A7AB6068A1BB6CA97
SHA-512:	C8D2808945A9BF2E6AD36C7749313467FF390F195448C326C4D4D7A4A635A11E2DDF4D0779BE2DB274F1D1D9D022B1F837294F1E12C9F87E3EAC8A95CFD8872F
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Preview:	wOF2......<L.......\|..;..........................d..z..J.`..L.H..<........e..^...x.6.$..6. ..~. ..).7{...K.. .k~....".v(...[...RE.$..K..C,.'..{BK.C&.....'L!...DZ........+6.r...K..._...<..0..].V..........e.r(RN.43k;g`...?<?.......b..c.`.. .6..p...5.$zd.R%.........h....";.^WU.....H........S.j..M:..=K..\B.6"f......z.........$...%w.?$-....9.:u....u.I..Tt..s........lY...J.6oN..y...1,I.Yx..lu..}.e...Og..d...Xv.. ...iF.]..x.N..#%,y.&..,$.^.n...\.K.P.J.x...H$..-.....p.....t.v...gD^....?..6o......e....,f.)..h...P...<.:.E...X..p....U.?.[m....l.Y.S..p..%..K.,U..3U.qFZo....U...3..3.]\.C.#..9T.8P`8......P...R;..r..J.*...u.j..^vnf.v.... .pw...Z.(.6%$U.[.\|....!mU\}./..i,..7D........:t'.a;.W(.."G....q.-.Z......;J..0.&/.5. .T......w..;...t...H.t.<y ..@xx .JA.U.t..;g....@..... .t......<.5(^.\|s..Ko.O.x.....!...........lHF............So{.%..V...7..aA$....C;,"(.J..EE..@.....vOB.,V..../....B#.r+./-t.(.N.S...R.Z$4...4i.c.}t...#3`.......s..;.O,.\|..W.A.f.w.

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3992), with no line terminators
Category:	downloaded
Size (bytes):	3992
Entropy (8bit):	5.15787311370234
Encrypted:	false
SSDEEP:
MD5:	46EFC495ACF1BA651B495ED0789FC46F
SHA1:	5B280562E9921BE982E51097803DB8F7D32699E7
SHA-256:	B89519A15554EBE904BD0723BCA44D23CCD6D206E9D0B341AE46588C019A21D3
SHA-512:	8350991000C3EE0F90D59AF6AE578DC53E5109AE90129B1A091C52AF23FA4FE4E7F745D57A51E2ACE2328532527AEEF83A28E56BADFBB49A12A1F4B3FB8B9760
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.nuHTXYWlLd0.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuab1saMfPg0iiAR9TwFTm87PY2ug"
Preview:	.gb_Oe{background:rgba(60,64,67,.9);-webkit-border-radius:4px;border-radius:4px;color:#fff;font:500 12px "Roboto",arial,sans-serif;letter-spacing:.8px;line-height:16px;margin-top:4px;min-height:14px;padding:4px 8px;position:absolute;z-index:1000;-webkit-font-smoothing:antialiased}.gb_wc{text-align:left}.gb_wc>*{color:#bdc1c6;line-height:16px}.gb_wc div:first-child{color:white}.gb_fa{background:none;border:1px solid transparent;-webkit-border-radius:50%;border-radius:50%;-webkit-box-sizing:border-box;box-sizing:border-box;cursor:pointer;height:40px;margin:8px;outline:none;padding:1px;position:absolute;right:0;top:0;width:40px}.gb_fa:hover{background-color:rgba(68,71,70,.08)}.gb_fa:focus,.gb_fa:active{background-color:rgba(68,71,70,.12)}.gb_fa:focus-visible{border-color:#0b57d0;outline:1px solid transparent;outline-offset:-1px}.gb_i .gb_fa:hover,.gb_i .gb_fa:focus,.gb_i .gb_fa:active{background-color:rgba(227,227,227,.08)}.gb_i .gb_fa:focus-visible{border-color:#a8c7fa}.gb_ga .gb_ha{bord

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	16918
Entropy (8bit):	6.015423956410055
Encrypted:	false
SSDEEP:
MD5:	10954016770CB471ABBC17070B89C73F
SHA1:	9A9F52A2FA262154D27CDFE3F966D95C091AF94B
SHA-256:	C7D6F51958A39D69629A2358B661AA5A52666114262369F2F52F3DD70C62CF35
SHA-512:	EE49C83AC674F8FBB969B6FE425AC43B98C7A04A4EB2A028DD312B085E1F8B4FD952529715CDFBB2C375A5AFA4A9E14ED674DDAFD7EA25FE606A41EC7BE533A1
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240702&st=env
Preview:	{"sodar_query_id":"ZeqGZuOHFZDk78EPkIOouAQ","injector_basename":"sodar2","bg_hash_basename":"dPU7tgJ6lZEjfzRbvp7RA8ZpdrT2Zo2REcyXm64uJow","bg_binary":"xgURoTs3cZCSSEMurIHq4Bf0AM5prVgstsk8QUlEf7RN6obZxw+FQzL+LvSz/vGNhWsk97o/xoqc7gqBs1MVU7B8BEVUvMgwuzxjVtMYfSE/XLnLFDT/pR0XU12q4SE9nIcBnfOtZSNn1gNqXwPJZXLc+m7knL8spDkNLGOR7CGzSX1Caq0bNKRJj0n1rF+6EgtWFTbq39WFVXxmVRFkf8vvtsTy2KdqZWoNRxzOGh+Mj/lsuks/fQJlXlmiXsc6Tuwxff/GGcY+hYvr+UOVTxuqHz1YABRC+ZJthA4p1+VrJAuwa56hgfZCiefcOsbgquXvL2tSFspjGSp68fighzc689F+3DnKG2pl6VVsxJvPucJNhxwdiA1vt8Dum0+yXR4PltuEdXIHuuTb520zwRHKJ+FekLpkjQUghtNNi9/AB79UUEPz/wtCiilETzcOe+kUykZj8pUskdgHkk9iYCZD6USGi8luyoAC0b1HDukVs7wL0mku2WMfmS9kOBnbJd+vpDBMV2fVJSVQ+zFLo+QKkA4kYNVuavrHr9J31HSKOZlECZE7j+Ss7k5OkV+W/JEDrNqzUZ8dDZLPxJYAT0DpBcXa3Bfn5aUgMc8kMWBteeB6QeGUU05ClEF+kn65yrqPE54mxb96HhvIze1eT701khyUdJo39tedRwdV+z3PgkklZljPnEyRpfs2N8f78Kjk76JvsVfA0+5rPVqLUokBnJjucXtiUu3gtDe80aWXhofKR4Tm7JxZu1UPmi43o9UQKZJnvOrU5w9KROGeAvGFmdBYlPx2R3UWhhG9deilrxeBHuEDFDZSs4SP3rMMVavHtXO9LoAjoGmge

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C++ source, ASCII text, with very long lines (3323)
Category:	downloaded
Size (bytes):	9076
Entropy (8bit):	5.521814033404203
Encrypted:	false
SSDEEP:
MD5:	035969BA7FE185582CA9A372CCE6B616
SHA1:	13A0A6E38FBB29B6486A3346D61C888F11D25E3F
SHA-256:	0979555DB2B62146491AE2F96BBFEDD1C4E16FFCEC94310C95B5645E934BAF38
SHA-512:	3C8B2C8F3B9C9A370AEA8B6F34EBCAED46B2D7F2B164A03F3AFA8DFE1C8EE9004753D88E4D15B73D2FE0215633877CC7B61541232D4EF1A5379C5827411E5995
Malicious:	false
Reputation:	unknown
URL:	https://googleads.g.doubleclick.net/pagead/html/r20240702/r20110914/zrt_lookup_fy2021.html
Preview:	<!DOCTYPE html><script>.(function(){'use strict';/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var k=this\|\|self;function m(a){return a};var n,v;a:{for(var ca=["CLOSURE_FLAGS"],z=k,A=0;A<ca.length;A++)if(z=z[ca[A]],z==null){v=null;break a}v=z}var da=v&&v[610401301];n=da!=null?da:!1;function ea(){var a=k.navigator;return a&&(a=a.userAgent)?a:""}var B;const fa=k.navigator;B=fa?fa.userAgentData\|\|null:null;function C(a){return n?B?B.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function E(a){return ea().indexOf(a)!=-1};function F(){return n?!!B&&B.brands.length>0:!1}function G(){return F()?C("Chromium"):(E("Chrome")\|\|E("CriOS"))&&!(F()?0:E("Edge"))\|\|E("Silk")};function ha(a,b){Array.prototype.forEach.call(a,b,void 0)};function H(a){H[" "](a);return a}H[" "]=function(){};var ia=ea().toLowerCase().indexOf("webkit")!=-1&&!E("Edge");!E("Android")\|\|G();G();E("Safari")&&(G()\|\|(F()?0:E("Coast"))\|\|(F()?0:E("Opera"))\|\|(F()?0:E("Edge"))\|\|(F()?C("Microsoft E

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3907)
Category:	downloaded
Size (bytes):	197902
Entropy (8bit):	5.507531706476668
Encrypted:	false
SSDEEP:
MD5:	32F41A859C261702E969456775695C7F
SHA1:	FF5DFFBA5B4AEFDCC109C42F236DFBC46BBA21DF
SHA-256:	0C15C82A80CB27B396597D29330038877887386EBB593ED5248DBBFEEDAA616A
SHA-512:	F9D83180DF386D3BAD06C723DDB870D8BE69018CDCD31718C821F97ABE9C0893B47D2C202F8B66AC524AA979021D875E1E63BA0884A6B54B59C81A9FCC20F454
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/og/_/js/k=og.asy.en_US.sy4m_TYpbc8.2019.O/rt=j/m=_ac,_awd,ada,lldp/exm=/d=1/ed=1/rs=AA2YrTvA6ePtftTfdGBjHwQkqaFPPVyCXg"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);.var aa,ba,ca,da;aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};ba=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};ca=ba(this);.da=function(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&aa(c,a,{configurable:!0,writable:!0,value:b})}};da("Symbol.dispose",function(a){return a?a:Symbol("b")});da("globalThis",function(a){return a\|\|ca});.da("Promise.prototype.finally",f

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2856)
Category:	downloaded
Size (bytes):	21289
Entropy (8bit):	5.516291610823751
Encrypted:	false
SSDEEP:
MD5:	15BC4A3B7959F01364CC4458533E6ED6
SHA1:	92149E8317A32A17B433045C19B313195359EBE2
SHA-256:	8CE762592033C45920E4A76FED59E1859AB53E6CC3D638A4F8F324836C8AD951
SHA-512:	DD4589B1436D3014E6E09CC0D3F0AD54379C17443A4F6216DE8C0A24C1A679397A15B513313785B8166C9FBC2204984AAF9C875CA1C58DBEB33BD192F9A5D50D
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/pagead/js/r20240702/r20110914/client/qs_click_protection_fy2021.js
Preview:	(function(){'use strict';var aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this); .function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var f=a[d];if(!(f in c))break a;c=c[f]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&aa(c,a,{configurable:!0,writable:!0,value:b})}}da("Symbol.dispose",function(a){return a?a:Symbol("Symbol.dispose")});/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var p=this\|\|self;function q(a,b){a:{var c=["CLOSURE_FLAGS"];for(var d=p,f=0;f<c.length;f++)if(d=d[c[f]],d==null){c=null;break a}c=d}a=c&&c[a];return a!=null?a:b}fu

Chrome Cache Entry: 136

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 276660
Category:	downloaded
Size (bytes):	51853
Entropy (8bit):	7.988983721212877
Encrypted:	false
SSDEEP:
MD5:	DFF598ED6B08823822DD13FCF94D3417
SHA1:	EC5A183B6C32DA5CB0BF09F8127CCEF8E885C1B4
SHA-256:	481C5D5DE627B14559048A02131AEA5E9EC53C201A469AFF7FD63569BF08E968
SHA-512:	C10428FF03813CD3425D02CE49D2C34EA07385E7BBCBB1273A0F7526F56463C130108FDA7C4330A5B6A1D2D044DC847860FDD860C096F92CC1024A8EA1730592
Malicious:	false
Reputation:	unknown
URL:	http://134.209.ip-address-location.com/3.html
Preview:	.............%I....&..C0..t..+.....Wu.......@@...E.Q.Q....HeDV........K7.[..eV.~..-..4.......g..=.........7_...7...../..._.?.........._\|...O.../~...?.......................~.././....o.........../?\|....>._.......>..O....../.~...w.~.._....O...>...~.......'..../}....~......w......~...O_..w.{...._>......o......7....y..Wo.._.x...?\|.f+..?....\|......6...~..}1o.../............w..._......../.....n..q............/...?...........\|V_~.8..........w..x..o~...?....o.~......y....?./.....W........o....Sx....}?..?.............?......./?\|......v.._.........~....?..w_~.~>..}...w?.......s.............y....G........>\|...?.~..............z..w2>h>..Q..}..g...................w?.....>.o?\|...x....w.>..7t....~...\|..o.....Y......e.........o.....x..q_....{..?.........A...?=..8_...../.Q........?../..w........z#o.....z...{.}..............m...~........~....7.o..o..K/......x.....?..RJy...r-.*^...:....\|..O..o.....x7...?~.......>.?....o.o~.......cS.x/..

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	136628
Entropy (8bit):	5.433761038236107
Encrypted:	false
SSDEEP:
MD5:	0C1BD73A7613AC4FA0ED9997BB957C7E
SHA1:	6C0726FB32029F87198063F87834249107F63554
SHA-256:	96F38498DD9E9320154FBE03225A769D14861615CE46CA4197E596998CEA6AD7
SHA-512:	E915F0DB8418D22D22ADC6BFA20ABA025AFB2E858C3937D9BD19EE291C6A8B42FC4296060738A0C9937B9C037D6F09D8E31B7478375760456BCC7CDA1B9AD809
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_ga gb_8a gb_Kd gb_ed\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_yd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_id gb_bd gb_pd gb_od\"\u003e\u003cdiv class\u003d\"gb_hd gb_7c\"\u003e\u003cdiv class\u003d\"gb_Ec gb_m\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Ec gb_Ic gb_m\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 24652, version 1.0
Category:	downloaded
Size (bytes):	24652
Entropy (8bit):	7.991535968589447
Encrypted:	true
SSDEEP:
MD5:	87C2B09A983584B04A63F3FF44064D64
SHA1:	8796D5EF1AD1196309EF582CECEF3AB95DB27043
SHA-256:	D4A4A801C412A8324A19F21511A7880815B373628E66016BC1785A5A85E0AFB0
SHA-512:	DF1F0D6F5F53306887B0B16364651BDA9CDC28B8EA74B2D46B2530C6772A724422B33BBDCD7C33D724D2FD4A973E1E9DBC4B654C9C53981386C341620C337067
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/googlesans/v29/4UaRrENHsxJlGDuGo1OIlJfC6mGS6vhAK1YobMu2vgCI.woff2
Preview:	wOF2......`L.........._...............................b...?HVAR.X.`?STAT~'..../<.....D..i..$.0..".6.$..@. ..T. ........v .u'.(.n[...68...^...VQZQ...OHPc..m...jM....5.FZ1.e..H.D.....~.* ...>].N....6..4.....rG...$Sw....u........yD5LY;E...w5...[....1...i.$.<.E.\\|.~....G....[.G..gZ...i_\.\......O.#..1...t.....%.rI.t1..!.t..J(-.j..B+........t,....A;..kG..p?.....I#6......#m.;.S..^u.4.Q....mI<....}........F&.p.r.H2...Y........o.xc.......>...!...T...e.7..\|Z.i.R[Y.zC.Al..wb.?..9.. =..P(..v....9`.pxI..O9.}2.,..H...........^.q..c.....f..tVU.$.x....s....%hy.......fAKj..C....WP.....o...!.:).r......Al...>..G....G.....W...a.i}...0O..v...=^.D.x...\ST..U.4...#Pvv...GJ...0.W9.n.J..=.v......5A8&}.......y\-.t.......K?...)]........`&@.7.O3g_.4z.9H...C.&...24K......}.Z....h(T.._...&}.l.'....!.B<.?...D...e. i7 R......D:....@Jer"5Q.D{..Mv...&&.)sC..l........5}.."...S..v.A1.....$..9.....e\|z.....\..J....%#O...-......m.P2R2T...T.#.....0.y.,9...M1..!..N..g.>...SW.....1"b

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1921)
Category:	downloaded
Size (bytes):	434871
Entropy (8bit):	5.596699433374838
Encrypted:	false
SSDEEP:
MD5:	14AD7F0DA8D9E21319A565885FAB8328
SHA1:	19D21706F247982DA69498BCE758A7BFF48A5576
SHA-256:	611C7CA6EE2472443B4B2F3D0AAA18A4F13799F315D72F5B58CA88BD877770E8
SHA-512:	7047F6F40F5D81512B77DA4C21D1B13DDDDB0F33F44E9EE995EC2269BDD88BA71CB734D5E3FBF238396EFE2CBEB8873A980C39E7FAAD20A20866100C60437570
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202406260101/show_ads_impl_fy2021.js?bust=31084926
Preview:	(function(sttc){'use strict';var r,aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");} .var ca=ba(this),da=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",ha={},ja={};function ka(a,b,c){if(!c\|\|a!=null){c=ja[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function ma(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in ha?f=ha:f=ca;for(e=0;e<d.length-1;e++){var h=d[e];if(!(h in f))break a;f=f[h]}d=d[d.length-1];c=da&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?aa(ha,d,{configurable:!0,writable:!0,value:b}):b!==c&&(ja[d]===void 0&&(a=Math.random()*1E9>>>0,ja[d]=da?ca.Symbol(d):"$jscp$"+a+"

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4246)
Category:	downloaded
Size (bytes):	173506
Entropy (8bit):	5.5079199386134
Encrypted:	false
SSDEEP:
MD5:	43D41E19C9D04DDBD91FCC69A89CA492
SHA1:	31C481B37404EC61CB623764CE03CF96E55F7A92
SHA-256:	B293AA9C8E55ED80624CE6A80F24F4A39E05ADBFEA44A5809535CCEFE7F34EC9
SHA-512:	91096E245B37C52A48103B0D65D771C85421A29AE2C4F143E61F71642FC3114DD7BA68A8C684A9D9533B72534C9BA33155D72659B094E3D5386C793A2A7E7044
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202406260101/reactive_library_fy2021.js?bust=31084926
Preview:	(function(sttc){'use strict';var p,aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");} .var ca=ba(this),da=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",ea={},ha={};function ia(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in ea?f=ea:f=ca;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))break a;f=f[g]}d=d[d.length-1];c=da&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?aa(ea,d,{configurable:!0,writable:!0,value:b}):b!==c&&(ha[d]===void 0&&(a=Math.random()*1E9>>>0,ha[d]=da?ca.Symbol(d):"$jscp$"+a+"$"+d),aa(f,ha[d],{configurable:!0,writable:!0,value:b})))}} .ia("Symbol.dispose",function(a){return a

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1321)
Category:	downloaded
Size (bytes):	17314
Entropy (8bit):	5.342134706855769
Encrypted:	false
SSDEEP:
MD5:	2CC87E9764AEBCBBF36FF2061E6A2793
SHA1:	B4F2FFDF4C695AA79F0E63651C18A88729C2407B
SHA-256:	61C32059A5E94075A7ECFF678B33907966FC9CFA384DAA01AA057F872DA14DBB
SHA-512:	4ED31BF4F54EB0666539D6426C851503E15079601A2B7EC7410EBF0F3D1EEC6A09F9D79F5CF40106249A710037A36DE58105A72D8A909E0CFCE872C736CB5E48
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/sodar/sodar2.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.'use strict';function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var l="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var n=ba(this),p="function"===typeof Symbol&&"symbol"===typeof Symbol("x"),r={},u={};function w(a,b){var c=u[b];if(null==c)return a[b];c=a[c];return void 0!==c?c:a[b]}.function x(a,b,c){if(b)a:{var d=a.split(".");a=1===d.length;var g=d[0],h;!a&&g in r?h=r:h=n;for(g=0;g<d.length-1;g++){var e=d[g];if(!(e in h))break a;h=h[e]}d=d[d.length-1];c=p&&"es6"===c?h[d]:null;b=b(c);

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:
MD5:	BED71406025F53F9308B64EB681F7339
SHA1:	3C3B7DC232FA826AB8BBF1C5112794C8AE199DDD
SHA-256:	D55A7ACE85F2320F9A6E202CAD6DB62521E821452F51A80AC2A8EDBE460D3F51
SHA-512:	02B051E60ABDE7FC42F85CEF85469582515490C49683FFFE58E313EB2CABE5D56B7E032C7A5A4F80020F0AC260DBA198D2D4FEB3E9A5FF17EB74E8DBA4E5C2EC
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAko8KNsP7nh3BIFDZoMJ_E=?alt=proto
Preview:	CgkKBw2aDCfxGgA=

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	660
Entropy (8bit):	7.7436458678149815
Encrypted:	false
SSDEEP:
MD5:	C3DFF0D9F30EC0BCF4DEC9524505916B
SHA1:	4B378403ACBEBC3747E08C69B5FD7770A850C9EB
SHA-256:	73D788F86BE22112BB53762545989C0F1BBDB7343161130952C9BA3834FF81E3
SHA-512:	677EA304D00D176ACF61FF68BF23BD5F77AD2928D7DE9F4B842292BC9D3FB7029FE9F578B62F142DCE689230F392E828098EED3484FE2DBEE6E1A7AA5378E2C6
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp
Preview:	RIFF....WEBPVP8L..../'....Hv.=n.......Q...a..(Rv.o..U.....l..m........0l.6l..f.......A?B.C.A...2h..Ag0....G8.n#)R.j.x..P.F..I;.Ox......7-...bX./..]...3..T....5...x...G.C....%.u.....u/._.=....<!q.\...9.....\....p:..P.4.aS.N).>.>.."..9..Vh ....no....l.1..#6p\c..2..>..=8...........FP.^....+/.~......hs..D.Jm..9...r....t*.H..~T^\|.....l..l......he..}f....d.."....K...&1..................pl.Pf.%6...2X..I...eXQ(.K..1%c..w.s._..._K`K.1}..D.E=...<..ytM..>.q'.e.L.~$...b..;k.M.....t\O..m.I._..F....'........z.]..u?~..P.zJM.. k...p~9..D....".Zl$?f..+...\.Pg..%...;.[R>N.#.W.e..@q...(....]&......K.......?.\|.z..(...:&m.V.C.'...D^.R....

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1662), with no line terminators
Category:	downloaded
Size (bytes):	1662
Entropy (8bit):	5.107499415302647
Encrypted:	false
SSDEEP:
MD5:	EE290BD22AEB1FDD91FCDDC84ECD8E80
SHA1:	D23DF2518B4C0E43AB92B46337BE245AA65EB991
SHA-256:	64F15C14A29BEE8BB27CEAE290502A38B2D37C72FF69FC8FB9413DC7C2F7503E
SHA-512:	2C066BD14EDBAE98C179A40707BF5913657AE1F086FBDACAE7E0FC681A7A8B857845A8A54193287DCAEF6E13C1D8C9EDE7DEC397AB6E18361D979552EE9F629C
Malicious:	false
Reputation:	unknown
URL:	https://cr.adsappier.com/__lib/ua-replacement.js
Preview:	!function(){const{beacon1Selector:e="",videoTrackerSelector:n="",viewabilitySelector:t="",bottomPlusSelector:o="",injectInBannerScript:c="",inBannerScript:r="",bottomPlusScript:l="",partnerId:a,viewabilityScript:i=""}=document.currentScript.dataset,d=e?document.querySelector(e):null,p=n?document.querySelector(n):null,u=t?document.querySelector(t):null,m=o?document.querySelector(o):null;(async()=>{if(!!navigator.userAgentData&&await new Promise((e=>navigator.userAgentData.getHighEntropyValues(["model","platformVersion"]).then((n=>{let{model:t="",platformVersion:o=""}=n;[d,p,u].filter((e=>Boolean(e))).forEach((e=>{e.innerHTML=e.innerHTML.replaceAll("[ua_model]",encodeURIComponent(t)).replaceAll("[ua_osv]",encodeURIComponent(o)).replaceAll("%5Bua_model%5D",encodeURIComponent(encodeURIComponent(t))).replaceAll("%5Bua_osv%5D",encodeURIComponent(encodeURIComponent(o)))})),e(!0)})).catch((()=>e(!1)))))\|\|[d,p,u].filter((e=>Boolean(e))).forEach((e=>{e.innerHTML=e.innerHTML.replaceAll("[ua_model

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3975)
Category:	downloaded
Size (bytes):	162493
Entropy (8bit):	5.59649255876135
Encrypted:	false
SSDEEP:
MD5:	F4C74116C2DA1E17A9D6551F5C430985
SHA1:	472A661C6F9311EBCB02CD812BBD97FA5A779805
SHA-256:	6F85F631409A132FC2B780660810214F71468DB2ACFBC3150D8BA078F423A695
SHA-512:	E012A659BF04214F73E0B5F8AF71E484D09A6B61EBA7039DB020BF5E12BFB7DCC0857601AC87D93CC736C5EF8ECBDECF71682FE0A8B41F897D33756C536D4C3C
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Preview:	(function(sttc){'use strict';var aa={};/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 ./ .var p=this\|\|self;function ba(a,b){var c=ca("CLOSURE_FLAGS");a=c&&c[a];return a!=null?a:b}function ca(a){a=a.split(".");for(var b=p,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b}function da(a){var b=typeof a;return b=="object"&&a!=null\|\|b=="function"}function ea(a){return Object.prototype.hasOwnProperty.call(a,fa)&&a[fa]\|\|(a[fa]=++ha)}var fa="closure_uid_"+(Math.random()1E9>>>0),ha=0;function ia(a,b,c){return a.call.apply(a.bind,arguments)} .function ja(a,b,c){if(!a)throw Error();if(arguments.length>2){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}}function ka(a,b,c){ka=Function.prototype.bind&&Function.prototype.bind.toString().indexOf("native code")!=-1?ia:ja;return ka.apply(null,ar

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (45974)
Category:	downloaded
Size (bytes):	232741
Entropy (8bit):	5.876385883695752
Encrypted:	false
SSDEEP:
MD5:	7C73956849F6D7EC2A646256E1E492C2
SHA1:	14187E8AC271FCEB5FE22724E167E6564FEF789C
SHA-256:	39462D6E6FC5A0BE078DB0842ADA5840A32F3B830A5B48BC04305F1FC07F8BB4
SHA-512:	234294BADBD0A1F399C87BA0BD70F1430E2D82DF24E3E564B78B68DE4DECBEEC7163819285FD7240375B973C0FB731B86F55F2DC11F113032FC13403A5C53CEA
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/search?q=what+is+http%3A%2F%2F134.209.191.107%2F&oq=what+is+http%3A%2F%2F134.209.191.107%2F&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCTIyMzVqMGoxNagCALACAA&sourceid=chrome&ie=UTF-8
Preview:	<!doctype html><html itemscope="" itemtype="http://schema.org/SearchResultsPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>what is http://134.209.191.107/ - Google Search</title><script nonce="VD6v6T4T5VXOV2fQXdxezQ">(function(){var b=window.addEventListener;window.addEventListener=function(a,c,d){a!=="unload"&&b(a,c,d)};}).call(this);(function(){var _g={kEI:'U-qGZpukHauWxc8P2ay_kAo',kEXPI:'31',kBL:'UndH',kOPI:89978449};(function(){var a;((a=window.google)==null?0:a.stvsc)?google.kEI=_g.kEI:window.google=_g;}).call(this);})();(function(){google.sn='web';google.kHL='en';})();(function(){.var h=this\|\|self;function l(){return window.google!==void 0&&window.google.kOPI!==void 0&&window.google.kOPI!==0?window.google.kOPI:null};var m,n=[];function p(a){for(var b;a&&(!a.getAttribute\|\|!(b=a.getAttribute("eid")));)a=a.parentNode;return b\|\|m}function q(a){for(va

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1573)
Category:	downloaded
Size (bytes):	22542
Entropy (8bit):	5.5080257601731315
Encrypted:	false
SSDEEP:
MD5:	C34C130205F9148E7053DE35DA0E7E93
SHA1:	5F8A3D4E3EC420668EE53A868E2D19BBC02E14C2
SHA-256:	5437ABA183116F4E2111D8A7962A05935775FEDCC389F540BE40B3EB06685F80
SHA-512:	DD4D510FBE7BCAD170A2679850CD3547229E0E3F74B3C9FB77BE29B6D4D9D66D867108CE066AE3A3679EE2B23F16F6BA25DD01C141FFF7C887B4E3C163F86150
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/pagead/js/r20240702/r20110914/elements/html/interstitial_ad_frame_fy2021.js
Preview:	(function(){'use strict';/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var n=this\|\|self;function ba(a,b){a:{var c=["CLOSURE_FLAGS"];for(var d=n,e=0;e<c.length;e++)if(d=d[c[e]],d==null){c=null;break a}c=d}a=c&&c[a];return a!=null?a:b}function ca(a,b,c){return a.call.apply(a.bind,arguments)}function da(a,b,c){if(!a)throw Error();if(arguments.length>2){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}} .function r(a,b,c){r=Function.prototype.bind&&Function.prototype.bind.toString().indexOf("native code")!=-1?ca:da;return r.apply(null,arguments)};var ea=ba(610401301,!1),fa=ba(188588736,ba(1,!0));var t;const ha=n.navigator;t=ha?ha.userAgentData\|\|null:null;function ia(a){return ea?t?t.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function v(a){var b;a:{if(b=n.navigator)if(b=b.userAgent

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 61736, version 1.0
Category:	downloaded
Size (bytes):	61736
Entropy (8bit):	7.996579108855938
Encrypted:	true
SSDEEP:
MD5:	EDE84D96808C486E3DE74CBD8F2A2C80
SHA1:	BAE3CE34F928BE471EE489BBFE5B7425AEE8298E
SHA-256:	02F1DCC0C722E24CBA9BE4B720831A79489E766D5EDF8B77F582E0869312D86E
SHA-512:	996D7258DD45F8676916F05138E7F3141ABD7C0207AE43CA820A10211BD237C6BDAC0209967B45C4A1D27C08DBAAD2F933D16D0400B0710981804E651D4B804B
Malicious:	false
Reputation:	unknown
URL:	https://cdn.bidbrain.app/compressedFonts/RobotoRegular.woff2
Preview:	wOF2.......(......................................D...$..h.`..H.L..<.....`..C..F...l.6.$.... .... ..[[OG..........m.P.t../..F4....V.<m.BH7........k...o......./K&2f...... s.:....;.Bh.Q.G...4...QH..&.m.:J.......X.8:.].S[Oo..$.Y.}.........&9...:/..]..i....>..+$!.Y.&..L...T..o,3zo..:.....H...9a...k.[.9.?tR..$.......j...B..:Uo\..$.M...-op...B..6..lx.~.....p,...0.............>.%k..;Q'..GV......!..?.... <.?.-.$.<.:..j.e7.sa.e!.....&.'..R.^.Z~.N=....x....^.E.z..<.$.)%..;...K..'.B.+......{~.A.....].~.n$Vw....\d.Ce.k.).shnB"*..:...{.A.....=.^....HH.>.....W.....9..a.z.7&q....(...E>eD.\..R."~j..........y..(.M-R.vny..xRQ.V...y.O..0........._..U.<^.n...~..Gp.NW>...3.LC..`'.oR..eD.%p........&.....Ytb..x_\|e.....g.....Ds..#W:r...U..=!l.Z...f...........UQv...X..n..B.eT.)Fm`.Q..O.K..I+Y.d.8..(...>..w\.............U.}....!:.,...l.JaA!,F..?....l........i&.......e.IW~...`R@.BH..2....z.o..5b..`T.H...R...B..LJ....$...)z....6w.H.. l..y..'jr..6....c....\|]......y.O...c.f.X$E5..{s.

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (574)
Category:	downloaded
Size (bytes):	579
Entropy (8bit):	4.9122957394721185
Encrypted:	false
SSDEEP:
MD5:	184D8F29A6BECD9ACCD0022C5A65914D
SHA1:	B41F9572430CCD39B5740DAC4022C7E1E68E2826
SHA-256:	081B8474D4E5877B861F23A4E3480202FB304357B9878D609E666C2E48012AB3
SHA-512:	DF7E5E68A8B10DEB95FE55F481EE78DC9A0B02C2D9E63C912E62A6B4D534881FD139C9F3E5C944ADD749A89FD21CD018487A60E202BC801A6DEFDDC58B0F0257
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=134.&oit=4&cp=4&pgcl=4&gs_rn=42&psi=tlE72-cPANIu7g5S&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["134.",["134.4 lbs to kg","134.5","134.6 lbs to kg","134. gas station","134.04 rounded to the nearest tenth","134.2 lbs to kg","134.28 x 23","134.6 cm to inches","134.7 kg to lbs","134.5 lbs to kg"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[1230,600,557,556,555,554,553,552,551,550],"google:suggestsubtypes":[[512],[512],[512],[512],[512],[512],[512],[512],[512],[512]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"],"google:verbatimrelevance":1229}]

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Category:	downloaded
Size (bytes):	120675
Entropy (8bit):	5.457776481213916
Encrypted:	false
SSDEEP:
MD5:	24572A895873C58146F91C65225F9FA3
SHA1:	3337D0307DEC4ADE6EB92ECDE4C61D46E5EE3AEC
SHA-256:	1CFCDF7F240C15A6084F9E08F965D6DF7D6145083D12B8D0953F32CACE6A1C39
SHA-512:	1439329D2F7D99B6916A2CA204CDCB19FF00873735EA3F5F6125BD3F580040B7E2455152FEEC884C91A0B97A53D13C900BAACA47013757E93DF770F80807BCCC
Malicious:	false
Reputation:	unknown
URL:	https://cdn.bidbrain.app/ng-assets/creative/assets/index-b07b5576.js
Preview:	var Si=Object.defineProperty;var Ci=(e,t,n)=>t in e?Si(e,t,{enumerable:!0,configurable:!0,writable:!0,value:n}):e[t]=n;var H=(e,t,n)=>(Ci(e,typeof t!="symbol"?t+"":t,n),n);function yf(){import.meta.url,import("_").catch(()=>1),async function*(){}().next()}(function(){const t=document.createElement("link").relList;if(t&&t.supports&&t.supports("modulepreload"))return;for(const o of document.querySelectorAll('link[rel="modulepreload"]'))r(o);new MutationObserver(o=>{for(const i of o)if(i.type==="childList")for(const s of i.addedNodes)s.tagName==="LINK"&&s.rel==="modulepreload"&&r(s)}).observe(document,{childList:!0,subtree:!0});function n(o){const i={};return o.integrity&&(i.integrity=o.integrity),o.referrerPolicy&&(i.referrerPolicy=o.referrerPolicy),o.crossOrigin==="use-credentials"?i.credentials="include":o.crossOrigin==="anonymous"?i.credentials="omit":i.credentials="same-origin",i}function r(o){if(o.ep)return;o.ep=!0;const i=n(o);fetch(o.href,i)}})();var Gt,P,uo,Xe,ir,fo,pn,jn,yn,vn,h

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x1200, components 3
Category:	downloaded
Size (bytes):	67541
Entropy (8bit):	7.969217814302524
Encrypted:	false
SSDEEP:
MD5:	D8B74B03A3C904FE19DA7B252C743F80
SHA1:	9BFBFCC7B79C9AE164DC9DFFAF73934D1B8CE05C
SHA-256:	1BDB1B6DFFD618E44B8001823E317D9A569EB7E5E51D7E6382C0056AC041FEAE
SHA-512:	FE1FF634CEE9793125F57BF53C44679BF85FF4D5FD23C2E48E206A34AB02F32417C70BB882AD0257AAF65AD4B7E0F80178DA3E6EC8114EB433DEADB9C4B2A9E9
Malicious:	false
Reputation:	unknown
URL:	https://cr.adsappier.com/i/9791b44f-dfd3-4b31-851b-7145512506e4/QzZ9nv1_1719896472011_0.jpeg?cachebuster=956870602
Preview:	......JFIF.............C....................................................................C.........................................................................@.."..........................................o..........................!..1A."Qa.q.2B...#R...$3br........Wu...4C....DGSTVest.....%&7FUcd.589v..()6EXfg....................................8........................!1."AQ.aq2.......#..B.3Rb.C...............?...n+Z......J.p..._3..........b..I_.....s..J.p9..%~8....._.+.../......71........W..`........b..I_.....kW....Z.H.8....._.+....?.....kW.......?.....kW....Z.H.8....._....b..I_.....kW.......?.....s.>...b..W..`...~..p5....`....G.../......71........W..`........b..I_.....kW.......W..`........b..I_.....s..J.pf.Yq>eu...k.T\|...9.".g.........................................................................................................1.`......0...g....._3..............................................................................................;_..C............_

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	5594
Entropy (8bit):	4.283177450009118
Encrypted:	false
SSDEEP:
MD5:	52DA330BF5956A1211D34B0D78691F71
SHA1:	2BB2015AD3A98939152517490923DEEE959301DB
SHA-256:	73CA07A26B99FE259DE30854BC847BBCEDC426F18FE468818C1A1270FAE8F3A6
SHA-512:	AAF2AE8D9604DA47AF71698CD132B9AD739058818954A7FA623B70F1132FB4008ED62AFAA1DB46308D10F14FEB2E1720F64C0D9417F8024C057526B94719CC17
Malicious:	false
Reputation:	unknown
URL:	https://cdn.bidbrain.app/Logo(1)_1718271220.svg+xml
Preview:	<svg width="179" height="35" viewBox="0 0 179 35" fill="none" xmlns="http://www.w3.org/2000/svg">.<path d="M10.3199 25.278C8.40204 25.278 6.57551 24.962 4.84031 24.3301C3.1051 23.6981 1.46122 22.7051 0 21.3509L2.64847 18.2814C3.83571 19.3196 5.06862 20.087 6.30153 20.6287C7.53444 21.1703 8.95 21.4412 10.4569 21.4412C11.7811 21.4412 12.877 21.1252 13.6533 20.5835C14.4296 19.9967 14.8406 19.2745 14.8406 18.3717V18.3266C14.8406 17.8752 14.7492 17.4689 14.6122 17.153C14.4753 16.837 14.2013 16.4759 13.7446 16.205C13.288 15.9342 12.7857 15.6182 12.0551 15.3474C11.3245 15.0766 10.4112 14.8509 9.22398 14.58C7.89975 14.264 6.75816 13.9029 5.70791 13.5418C4.65765 13.1807 3.83571 12.6842 3.15077 12.1425C2.46582 11.6008 1.91786 10.9237 1.55255 10.1564C1.18724 9.34387 1.00459 8.44109 1.00459 7.26747V7.22233C1.00459 6.18413 1.23291 5.2362 1.64388 4.33342C2.05485 3.47577 2.64847 2.70841 3.37908 2.07646C4.10969 1.44451 5.02296 0.947977 6.02755 0.632003C7.07781 0.270889 8.21939 0.090332 9.40663 0.09033

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2885)
Category:	downloaded
Size (bytes):	15420
Entropy (8bit):	5.48761005339024
Encrypted:	false
SSDEEP:
MD5:	D98259CBA5214CF7CBFDECC5EC24156D
SHA1:	EAB4412B2AD7DA800CEA93CE7124F3ADCCE43C0F
SHA-256:	E780DB99412AC7767505A86797184695FC397F9043FB8C3E4DBECB2110875FC0
SHA-512:	1F9F6D7A48CC90D6E9CD17436A001CC1565288148F3A567EC52B6A8E53127B4A4F7EC70C139BF3C89DA25EE1FCEE23C01D2108B290E8EF47EDCECA2CA97710D4
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/pagead/js/r20240702/r20110914/elements/html/fullscreen_api_adapter_fy2021.js
Preview:	(function(){'use strict';/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var p=this\|\|self;function t(a,b){a:{var c=["CLOSURE_FLAGS"];for(var d=p,f=0;f<c.length;f++)if(d=d[c[f]],d==null){c=null;break a}c=d}a=c&&c[a];return a!=null?a:b};var aa=t(610401301,!1),ba=t(188588736,t(1,!0));var u;const ca=p.navigator;u=ca?ca.userAgentData\|\|null:null;function v(a){return aa?u?u.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function w(a){var b;a:{if(b=p.navigator)if(b=b.userAgent)break a;b=""}return b.indexOf(a)!=-1};function A(){return aa?!!u&&u.brands.length>0:!1}function B(){return A()?v("Chromium"):(w("Chrome")\|\|w("CriOS"))&&!(A()?0:w("Edge"))\|\|w("Silk")};function D(a){D[" "](a);return a}D[" "]=function(){};!w("Android")\|\|B();B();w("Safari")&&(B()\|\|(A()?0:w("Coast"))\|\|(A()?0:w("Opera"))\|\|(A()?0:w("Edge"))\|\|(A()?v("Microsoft Edge"):w("Edg/"))\|\|A()&&v("Opera"));var E=Symbol();var da={},ea={};function ka(a){return!(!a\|\|typeof a!=="object"\|\|a.g!==ea)}

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Category:	downloaded
Size (bytes):	15344
Entropy (8bit):	7.984625225844861
Encrypted:	false
SSDEEP:
MD5:	5D4AEB4E5F5EF754E307D7FFAEF688BD
SHA1:	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
SHA-256:	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
SHA-512:	7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h\|.l....A....b6........(......@e.]...:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P\|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].\|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)\|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed..'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1750), with no line terminators
Category:	downloaded
Size (bytes):	1750
Entropy (8bit):	5.226583328978619
Encrypted:	false
SSDEEP:
MD5:	29393B3471ADAA93A9E45E7FE4F3703F
SHA1:	BEE64C2834BE25BDAAA9851F7E0F00EFDD43B140
SHA-256:	3F267446BAA432126CCE831BC785D7865785B5026B145230F35FC906E926A344
SHA-512:	5ABB50739A6AE76C8E8DDB4AC15767B4A23ED8056E04F39B6186C6C96056A3AF9A9EC1FE8CE2F9C64F02CE18648A93C2A82F75E3BF2216603C8D6E35BC96402C
Malicious:	false
Reputation:	unknown
URL:	https://cr.adsappier.com/__lib/cq.js
Preview:	!function(){"use strict";const e="https://td-pixel.c.appier.net/creative-quality",t=((e=21)=>crypto.getRandomValues(new Uint8Array(e)).reduce(((e,t)=>e+((t&=63)<36?t.toString(36):t<62?(t-26).toString(36).toUpperCase():t>62?"-":"_")),""))(),n=document.currentScript,a=n.dataset.bidobjid??"";function i(e){return null==e}n.dataset.template;let d=function(e){return e.Loading="loading",e.DOMParsed="DOMParsed",e.Loaded="loaded",e.MRAIDViewable="MRAIDViewable",e}({});async function o(n){const d=JSON.stringify({bidobjid:a,show_id:t,metrics:n.map((e=>{let{type:t,value:n,details:a}=e;return{type:t,value:i(n)?"":JSON.stringify(n),...i(n)?void 0:{details:JSON.stringify(a)}}}))});try{await fetch(e,{method:"POST",keepalive:!0,mode:"no-cors",headers:{"Content-Type":"application/json"},body:d})}catch{}}const r=Math.random();function s(){const[e]=performance.getEntriesByType("navigation");e&&o([{type:d.DOMParsed,value:e.domContentLoadedEventStart},{type:d.Loaded,value:e.loadEventStart}])}a&&"${bidobjid}

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2244), with no line terminators
Category:	downloaded
Size (bytes):	2244
Entropy (8bit):	5.521033045191337
Encrypted:	false
SSDEEP:
MD5:	F0F80B0F9131541BDF0C33839A6F7885
SHA1:	CBA07532512BEACBCDA6C034146E09052B9AF821
SHA-256:	F25AE80D052F460DE45455D45D7949493A696545C196FB19BCF5D4F3C69D2E7B
SHA-512:	32B17B84B98E2A98D1D54696DB01515391B2AC463C6A1AAAEB31936B1DE3A752429C6E5EFF12DC578F2810E2C40E294BC3C186B338050BF6B3AAA91189540268
Malicious:	false
Reputation:	unknown
URL:	"https://www.google.com/xjs/_/ss/k=xjs.s.OWCUzwN5d3w.L.B1.O/am=AJgDhQAAQIBBAwIAAAAAAAAAAAAAAAAgAQCAAAAAAAACFADATAIAAgAbAgCAD-AQgAAAAAAAAFAAAAAATAMAQAAAJAAIAAgIAAAAAAAADgAAACAEEAAQQAAUQAAJgIIAyAAEAACIABgwDICoAGDgCAAAABAAAQAAAAC4IQCAAAEAIARAAB5ABAABQAAFAAYAEAgAAAjkAAMBAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAEA/d=1/ed=1/br=1/rs=ACT90oFOofXjsNgoBU-i_EwPJmgQ6i19nA/m=attn,cdos,gwc,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl"
Preview:	:root{--COEmY:#202124;--xhUGwc:#fff}:root{--gS5jXb:#dadce0;--Aqn7xd:#d2d2d2;--EpFNW:#fff;--IXoxUe:#70757a;--bbQxAb:#4d5156;--YLNNHc:#202124;--TMYS9:#1a73e8;--JKqx2:#1a0dab;--rrJJUc:#1a73e8;--mXZkqc:#dadce0;--Nsm0ce:#4285f4;--XKMDxc:#f7f8f9;--aYn2S:#ecedee;--Lm570b:#ecedee}.zJUuqf{margin-bottom:4px}.AB4Wff{margin-left:16px}.v0rrvd{padding-bottom:16px}@keyframes g-snackbar-show{from{pointer-events:none;transform:translateY(0)}to{transform:translateY(-100%)}}@keyframes g-snackbar-hide{from{transform:translateY(-100%)}to{transform:translateY(0)}}@keyframes g-snackbar-show-content{from{opacity:0}}@keyframes g-snackbar-hide-content{to{opacity:0}}.LH3wG,.jhZvod{bottom:0;height:0;position:fixed;z-index:999}.Ox8Cyd{height:0;position:fixed;z-index:999}.E7Hdgb{box-sizing:border-box;visibility:hidden;display:inline-block}.yK6jqe,.Wu0v9b{box-sizing:border-box;visibility:hidden}.rTYTNb{animation:g-snackbar-hide .4s cubic-bezier(0.4,0,0.2,1) both;visibility:inherit}.UewPMd{animation:g-snackbar-show .

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	132
Entropy (8bit):	4.80949395383677
Encrypted:	false
SSDEEP:
MD5:	A6A4301252C0881E6D3C6036A9DEED6F
SHA1:	94F52A441B868F85E9B6A9CB6D6A9B1AD658458F
SHA-256:	7E69D91904B08584DD85BE991831DDCC3F6DCB19784DD0D070A398732995B21D
SHA-512:	0EA4B5609D5057016AF9FC1D5DE4EFE7DA4B46117AE789625FB0DB94DE1BA150A275AFE4F9FF3743AB065DD63C2595C969A603297C2742495DF6DE8F8900F7D0
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=134.209.191.&oit=4&cp=12&pgcl=4&gs_rn=42&psi=tlE72-cPANIu7g5S&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["134.209.191.",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2020)
Category:	downloaded
Size (bytes):	12817
Entropy (8bit):	5.34459161517544
Encrypted:	false
SSDEEP:
MD5:	1D3D22DF067F5219073F9C0FABB74FDD
SHA1:	D5C226022639323D93946DF3571404116041E588
SHA-256:	55A119C0394F901A8A297E109C17B5E5402689708B999AB10691C16179F32A4A
SHA-512:	0B6B13B576E8CC05BD85B275631879875A5DBCB70FD78E6C93B259317ED6FD5D886F37D0CC6E099C3D3A8B66FEA2A4C2C631EB5548C1AB2CD7CB5FA4D41EA769
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Preview:	<!DOCTYPE html>.<meta charset=utf-8><script>.(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.'use strict';function m(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var p="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,d){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=d.value;return a};.function aa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var d=a[b];if(d&&d.Math==Math)return d}throw Error("Cannot find global object");}var r=aa(this),u="function"===typeof Symbol&&"symbol"===typeof Symbol("x"),v={},w={};function x(a,b){var d=w[b];if(null==d)return a[b];d=a[d];return void 0!==d?d:a[b]}.function y(a,b,d){if(b)a:{var e=a.split(".");a=1===e.length;var g=e[0],k;!a&&g in v?k=v:k=r;for(g=0;g<e.length-1;g++){var c=e[g];if(!(c in k))break a;k=k[c]}e=e[

Chrome Cache Entry: 162

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 61628, version 1.0
Category:	downloaded
Size (bytes):	61628
Entropy (8bit):	7.996560994602728
Encrypted:	true
SSDEEP:
MD5:	1033A47731E45F7BD46A1962359E96B4
SHA1:	AC6ABEF8D1819A685DB48A9515F77A24A153E2A0
SHA-256:	61C412FBDBBF1417355373A80125C8CF7E5CBAAB4218BAE0316FE6EF917BF798
SHA-512:	84CA95F89E0A16EFD962B44BD3F7FFE09B328F33C068ACD8A1FEFD08101D824929E8B9EECCB0786483AA2FD2C60BD0B76FC2242479268D69FAAB72C48902E34B
Malicious:	false
Reputation:	unknown
URL:	https://cdn.bidbrain.app/compressedFonts/RobotoBold.woff2
Preview:	wOF2.............~....U..........................D...\|..h.`..H.B..<.....l.....F...l.6.$.... ..". .."[.B...r...`..v..-.8.ko.0.W....)...B.........4..wf.......J&2.IZ.i)E.........FP.".Z.%j(...<...,.c..).5..bW.h..}......Mv.......,....7H...&...G..x..SzA.V.....}.. ..!s..H....:.....YZ.4.......~....@..T.WOK.?.k....".{..".R.><Tf.&.\|..r..F..z..I.+.5.\|=. l..J...A..&.^g/..#......O6..XS...r.g.}...._3....l..\.V.Nw...c...i.<.()..l4.3.2<...h}U. ........:7._...(S.AU..P.....bg...8..a./.x..oy............?UH...#.T.Tl.../..Z....f~..% .[/.D.6".2v97[.'...p...'a....i...x,.....@..vrq.kO....f..@2..5...U=..,.A.....]t.[d..".B ..,b..#J..q....'..E......8.........M.c....5....~.....g.....I...l..$.DM.$.B..wrM.;..p!#W..c....FTNO.P.@......WU...-...'.gB7........#......P.ItzxW..[*....R."/.....SV..&{......r+M...P..C..7.>E..kS.T.\...=s..I...Fh.4......gp..KJ..v...Y.....p"...i.I.d....jwH...t).cG.......>....^6..@.&\|....G......U..{.........$..7..]..r.2`..9..~....;....Y...g

Chrome Cache Entry: 163

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (36681)
Category:	downloaded
Size (bytes):	36686
Entropy (8bit):	6.054681706565153
Encrypted:	false
SSDEEP:
MD5:	F2AF562F9DE6FDE254B22F778CDAB48D
SHA1:	38AA0917D3721C2CFC8464C9F7BCD988C18C069D
SHA-256:	205515E0142A0DA6A8716C1BDFF0E3A031D2C3B6C47F71E2FB90DDECB561F761
SHA-512:	CC3EC66A8B7F1ECC6561876F727E90B363B8342FE0FD41ACB17B83CD714BB10E04DF6E77C5A83F3569F080CEB616154FA34CF1C907D49E04BA08FF0F88610CF5
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/async/ddljson?async=ntp:2
Preview:	)]}'.{"ddljson":{"alt_text":"Fourth of July 2024","dark_data_uri":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAfQAAADICAMAAAApx+PaAAAC/VBMVEUAAAA2Jnc1KHkzIncxKXs2KHg1KHg1KXc2KXg2KXc1J3g1KXc1KXc1KHhBLXRlOGlOMHE2KHhyOmaUSVqyU1DDWUvzaT7QV0irQlWgQFeMO1yIRV3oYj/ATE01J3c+SJFHYadegcdrld1+uf9vnOa2R0+WP1p8QGFHTJlOV5dXc7l3sfbaW0WvRFM4L4Bwqu46OpHfX0NDdeVAV7tHcN1NiP89SafuZz84NIg6QJlNgvU+UbNDY8xIhP9Dbd1Ef/dVreB9t/9eS45bgedIfO5KnsJCPYTV1+hhlv9QqNTJxtv///+nt9f2+f9Lhf8zQYtfa5/S4v9Si/9Hma9ZkP95pf89lp5rnP+PtP+mxP81L33C1/+ErP9wov9lf925cXzZc1bkakqgTFb2j22yzf9ugtFZNXH5tJ1EadSavf+ac6TzaTx9Xl2aclisgEvHlEnNY1s0OIVLOW3hqT34uDuJZF6hdZc8XcFoTmZ8fMKNea83a5hSP2nwsTz82c5Ac7/d6P5HjodUhWpWiFS7ikltdDX70MKjhzy7lTtZRmNqfzesjTvNoDvp8f9BTmpIo39ojTj/1Ej84lb/7l5MdFxiwEFasU9lnTtXm036yUb+8ew2NXLzckj5mkL2uEn/sEjal0jg7v/1hWD1eT+ySlinVGKXTV784trzZzzRkUjo1FX0e1Q3L4HVvk56rd0ySJNmhKxjsT/hn0TAZVHbUjzcUjtZYylmbDBJRh1WgC5IfuFSVSOrQVT4pInnk1CCRmnAWVu2UVzSXVVSabHHXlo8WqCeSGfynEyOwP9ZiNk6cOCUTWVrO3CwV2Dpp0E5adU4Zsx0pt03aWqYocQ9b30pZVU

Chrome Cache Entry: 164

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (51710), with no line terminators
Category:	downloaded
Size (bytes):	51710
Entropy (8bit):	6.103108014692408
Encrypted:	false
SSDEEP:
MD5:	FCFE57CC382CF08C41CC1E2DA2E8E96B
SHA1:	081B8ECAACD3F937F099675D9E32CC002878F236
SHA-256:	7ECE660F4649A76EC46511B110809F2756947CB05D0D2ADA44FFDB44517A99E7
SHA-512:	0A5AD2D06BF951505C39A02062451DD285D0EA719AFAB5A9E5B1A21D334D538298F786CBDEF14395A9F6EC9FBC248412F56E58E5648AC796AF12585871FF04C5
Malicious:	false
Reputation:	unknown
URL:	https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4019308616400908&output=html&h=280&slotname=3324737349&adk=2166188311&adf=1056458448&pi=t.ma~as.3324737349&w=900&abgtt=5&fwrn=4&fwrnh=100&lmt=1720117848&rafmt=1&format=900x280&url=http%3A%2F%2F134.209.ip-address-location.com%2F3.html&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1720117847440&bpp=1&bdt=1321&idt=1521&shv=r20240702&mjsv=m202406260101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0%2C900x280&nras=1&correlator=827160638955&frm=20&pv=1&ga_vid=1665255972.1720117849&ga_sid=1720117849&ga_hid=132749002&ga_fc=0&u_tz=-240&u_his=3&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&adx=182&ady=986&biw=1263&bih=907&scr_x=0&scr_y=487&eid=44759842%2C44798934%2C95330412%2C95330414%2C95334511%2C95334529%2C95334564%2C95334830%2C31084926%2C31078668%2C31078670&oid=2&pvsid=2765448911141648&tmod=1659632508&uas=0&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&fsb=1&dtd=1525
Preview:	<!doctype html><html><head><script>var jscVersion = 'r20240702';</script><script>var google_casm=[];</script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>window.dicnf = {};</script><script data-jc="42" data-jc-version="r20240702" data-jc-flags="["x%278446'9efotm(&20067;>8&>`dopb/%<1732261!=\|vqc)!7201061?'9efotm(&20723;>:&>`dopb/%<1245;05!=nehu`/!361:<320!9sqrmy"]">(function(){'use strict';/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var u=this\|\|self;function v(a,b){a:{var c=["CLOSURE_FLAGS"];for(var d=u,e=0;e<c.length;e++)if(d=d[c[e]],d==null){c=null;break a}c=d}a=c&&c[a];return a!=null?a:b};var aa=v(610401301,!1),ba=v(188588736,v(1,!0));var w;const ca=u.navigator;w=ca?ca.userAgentData\|\|null:null;function x(a){return aa?w?w.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function y(a){var b;a:{if(b=u.navigator)if(b=b.userAgent)break a;b=""}return b.index

Chrome Cache Entry: 165

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6740), with no line terminators
Category:	downloaded
Size (bytes):	6740
Entropy (8bit):	5.306588561425239
Encrypted:	false
SSDEEP:
MD5:	EFBF937E825E25956D2D526E32EDFECD
SHA1:	BBDF0E1AE9F59ED7E4BAEEDC8AE5BFC1CE732175
SHA-256:	C782A2FEF27DFFECE6D273FFEB3C39C667C17BD2083BF2083779C171DD602E5A
SHA-512:	EFD5F5E4651C699F86564D50DC86F47831E0FBEFE61B5F0F202963C35AE87D79B7CCFEE4D1DF03C72C2B43EF412A480965BEE7E44861A1F59A1943F1E0F07828
Malicious:	false
Reputation:	unknown
URL:	https://cr.adsappier.com/__lib/creative-feedback.js
Preview:	!function(){"use strict";var t={91:function(t,e,n){var o=n(81),r=n.n(o),i=n(645),a=n.n(i)()(r());a.push([t.id,".icon-container{-moz-column-gap:1px;column-gap:1px;display:flex;position:absolute;z-index:1000}.icon-container--top-right{right:1px;top:1px}.icon-container--top-left{left:1px;top:1px}.icon-container--bottom-right{bottom:1px;right:1px}.icon-container--bottom-left{bottom:1px;left:1px}.icon-container--hidden{display:none}.icon{background-color:transparent;background-repeat:no-repeat,no-repeat;border:0;cursor:pointer;height:15px;padding:0;width:15px}.icon:active,.icon:focus,.icon:hover{background-position-y:-15px,0}.icon--Info{background-image:url(https://cr.adsappier.com/4QGDNtuHG/icon/Info.svg),url(https://cr.adsappier.com/4QGDNtuHG/icon/Info_hover_focus.svg)}.feedback-page-iframe{border:0;bottom:0;height:100%;left:0;position:fixed;right:0;top:0;width:100%;z-index:1001}",""]),e.Z=a},645:function(t){t.exports=function(t){var e=[];return e.toString=function(){return this.map((func

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5905), with no line terminators
Category:	downloaded
Size (bytes):	5905
Entropy (8bit):	5.238405515864977
Encrypted:	false
SSDEEP:
MD5:	DF8AA7E35A22C6CBBC384E5CB2213815
SHA1:	CC498E4AFD077586E52CB9498DDBFD03FED36CD8
SHA-256:	DB17E4AEECD467C2088726F948279FDFB5B009745BC37A6386C40A69076AA5B4
SHA-512:	A2F3EE49E1E64F7F873550018B12FC17B03260A179986C9E1F41E4FAC75EC7A7C594A132B362751CCDCA83264849CC4E876B65804411BE261121B96C05AB6623
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/og/_/ss/k=og.asy.lIrihRtkXLc.L.W.O/m=ll_tdm,adcgm3,ll_fw/excm=/d=1/ed=1/ct=zgms/rs=AA2YrTsjYRVqCH5zoYAUN0HfRyfLhvdZZQ"
Preview:	.gb_Oe{background:rgba(60,64,67,.9);-webkit-border-radius:4px;border-radius:4px;color:#fff;font:500 12px "Roboto",arial,sans-serif;letter-spacing:.8px;line-height:16px;margin-top:4px;min-height:14px;padding:4px 8px;position:absolute;z-index:1000;-webkit-font-smoothing:antialiased}.gb_wc{text-align:left}.gb_wc>*{color:#bdc1c6;line-height:16px}.gb_wc div:first-child{color:white}.gb_d{-webkit-border-radius:50%;border-radius:50%}.gb_d:before{background:#444746;background:var(--gm3-sys-color-on-surface-variant,#444746);-webkit-border-radius:100px;border-radius:100px;content:"";height:100%;left:0;opacity:0;position:absolute;top:0;-webkit-transition:opacity .3s ease-out;-webkit-transition:opacity .3s ease-out;transition:opacity .3s ease-out;width:100%}.gb_i .gb_d:before{background:#c4c7c5;background:var(--gm3-sys-color-on-surface-variant,#c4c7c5)}.gb_d:hover{background-color:rgba(60,64,67,.08)}.gb_d:focus:before,.gb_d:focus:hover:before{opacity:.12}.gb_d:active:before{opacity:.16}.gb_d:hover:

Chrome Cache Entry: 167

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (12938)
Category:	downloaded
Size (bytes):	12941
Entropy (8bit):	5.31945657514442
Encrypted:	false
SSDEEP:
MD5:	B54BEC465DEC46A5F91FB40E972EEA06
SHA1:	76A7D303C1C831BE7FA10A9A238A196DA0CC4AD3
SHA-256:	CB91CA65B360A6BD75D831F57DD894ACBBB4522ACED1954916F8ED742E2A6AAD
SHA-512:	E29E1313267E8F0AA5F13E17024553BCACD1B2483A280E9A7F2EE508984EE9A80AF17D0F56FB9ADF54F841058CA666CF9EE94B3B9CA5FC8004E7DFEACF5E4574
Malicious:	false
Reputation:	unknown
URL:	https://cdn.bidbrain.app/ng-assets/creative/assets/index-cb91ca65.css
Preview:	@charset "UTF-8";._advertiser_1qsh0_1{position:absolute;z-index:501;width:fit-content;height:fit-content;font-size:12px;font-weight:700;background-color:transparent}._advertiserName_1qsh0_11{z-index:504;color:#b9b8b8;user-select:none}._clickable_1qsh0_17{cursor:pointer}._bottom_left_1rmpi_1{bottom:0;left:0}._top_left_1rmpi_6{top:0;left:0}._bottom_right_1rmpi_11{bottom:0;right:0}._top_right_1rmpi_16{top:0;right:0}._closeButton_5b4wb_2{position:absolute;border-radius:50%;height:20px;width:20px;background:#6f6f6f;user-select:none;display:flex;justify-content:center;align-items:center;color:#efeeee;font-family:auto}._closeStyle_5b4wb_16:before{content:".";height:20px;width:20px;font-size:16px;display:flex;align-items:flex-end;justify-content:center;transform:rotate(45deg);color:#efeeee;font-weight:400;font-style:normal;text-decoration:none;font-synthesis:none;text-rendering:optimizeLegibility;font-family:serif;line-height:18px;cursor:default}._altCloseStyleX_5b4wb_37{transform:rotate(45d

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (829), with no line terminators
Category:	downloaded
Size (bytes):	829
Entropy (8bit):	5.406951885647744
Encrypted:	false
SSDEEP:
MD5:	E5B7D2A12B83CE61C2B6B8493245FC12
SHA1:	CA9BF9F5D49580EA0949B09F3BB53273D279FE9D
SHA-256:	CF3EE6967E16D37C4E899F59908156D7CA8273441E1059152B4CF4BA03B429FC
SHA-512:	75F39A804A50AE486F5819D2C8A9B54FBB4E477C21B74BAA8DFE3F7CDCFA80CD815735F72C96E73D5BD6308492A69A641C4AD5340825FC924270A27F1E5424F3
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/recaptcha/api2/aframe
Preview:	<!DOCTYPE HTML><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body><script nonce="0HkWUjeRFa-zxm3XsOwckw">/** Anti-fraud and anti-abuse applications only. See google.com/recaptcha / try{var clients={'sodar':'https://pagead2.googlesyndication.com/pagead/sodar?'};window.addEventListener("message",function(a){try{if(a.source===window.parent){var b=JSON.parse(a.data);var c=clients[b['id']];if(c){var d=document.createElement('img');d.src=c+b['params']+'&rc='+(localStorage.getItem("rc::a")?sessionStorage.getItem("rc::b"):"");window.document.body.appendChild(d);sessionStorage.setItem("rc::e",parseInt(sessionStorage.getItem("rc::e")\|\|0)+1);localStorage.setItem("rc::h",'1720117863478');}}}catch(b){}});window.parent.postMessage("_grecaptcha_ready", "");}catch(b){}</script></body></html>

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://ee12184204d024cfaa6c7e133acf5792.hostedonsporestack.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 124

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Windows Analysis Report
http://ee12184204d024cfaa6c7e133acf5792.hostedonsporestack.com