Edit tour

Windows Analysis Report
https://firebasestorage.googleapis.com/v0/b/beast7-d96c5.appspot.com/o/redirectgeo%20-%20ES%20BBQ%202.htm?alt=media&token=eadf3df4-ffcd-49cd-a601-dc91c9420bb3

Overview

General Information

Sample URL:	https://firebasestorage.googleapis.com/v0/b/beast7-d96c5.appspot.com/o/redirectgeo%20-%20ES%20BBQ%202.htm?alt=media&token=eadf3df4-ffcd-49cd-a601-dc91c9420bb3
Analysis ID:	1543735

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1892,i,16408627090209725124,13882016901138540655,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6336 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://firebasestorage.googleapis.com/v0/b/beast7-d96c5.appspot.com/o/redirectgeo%20-%20ES%20BBQ%202.htm?alt=media&token=eadf3df4-ffcd-49cd-a601-dc91c9420bb3" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://firebasestorage.googleapis.com/v0/b/beast7-d96c5.appspot.com/o/redirectgeo%20-%20ES%20BBQ%202.htm?alt=media&token=eadf3df4-ffcd-49cd-a601-dc91c9420bb3	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49796 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212

Source: global traffic	DNS traffic detected: DNS query: g10498469755.co
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.prod.website-files.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ogs.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49796 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@18/40@24/244

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1892,i,16408627090209725124,13882016901138540655,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://firebasestorage.googleapis.com/v0/b/beast7-d96c5.appspot.com/o/redirectgeo%20-%20ES%20BBQ%202.htm?alt=media&token=eadf3df4-ffcd-49cd-a601-dc91c9420bb3"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1892,i,16408627090209725124,13882016901138540655,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	142.250.186.78	true	false	unknown
www3.l.google.com	216.58.206.46	true	false	unknown
plus.l.google.com	142.250.186.46	true	false	unknown
play.google.com	142.250.184.206	true	false	unknown
cdn.prod.website-files.com	104.18.160.117	true	false	unknown
www.google.com	142.250.74.196	true	false	unknown
g10498469755.co	34.120.31.228	true	false	unknown
ogs.google.com	unknown	unknown	false	unknown
apis.google.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.46	plus.l.google.com	United States	15169	GOOGLEUS	false
142.250.184.195	unknown	United States	15169	GOOGLEUS	false
142.250.186.78	google.com	United States	15169	GOOGLEUS	false
142.250.110.84	unknown	United States	15169	GOOGLEUS	false
142.250.185.67	unknown	United States	15169	GOOGLEUS	false
142.250.74.202	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
216.58.212.138	unknown	United States	15169	GOOGLEUS	false
216.58.212.131	unknown	United States	15169	GOOGLEUS	false
104.18.160.117	cdn.prod.website-files.com	United States	13335	CLOUDFLARENETUS	false
142.250.186.163	unknown	United States	15169	GOOGLEUS	false
216.58.206.67	unknown	United States	15169	GOOGLEUS	false
142.250.185.238	unknown	United States	15169	GOOGLEUS	false
34.120.31.228	g10498469755.co	United States	15169	GOOGLEUS	false
142.250.185.202	unknown	United States	15169	GOOGLEUS	false
216.58.206.46	www3.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.163	unknown	United States	15169	GOOGLEUS	false
142.250.185.164	unknown	United States	15169	GOOGLEUS	false
142.250.184.206	play.google.com	United States	15169	GOOGLEUS	false
142.250.186.42	unknown	United States	15169	GOOGLEUS	false
142.250.74.196	www.google.com	United States	15169	GOOGLEUS	false
172.217.16.142	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1543735
Start date and time:	2024-10-28 10:52:35 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://firebasestorage.googleapis.com/v0/b/beast7-d96c5.appspot.com/o/redirectgeo%20-%20ES%20BBQ%202.htm?alt=media&token=eadf3df4-ffcd-49cd-a601-dc91c9420bb3
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@18/40@24/244

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.110.84, 216.58.206.67, 142.250.186.46, 142.250.186.42, 142.250.185.138, 142.250.186.106, 142.250.186.170, 172.217.16.202, 216.58.206.42, 142.250.185.170, 142.250.186.138, 142.250.185.202, 142.250.185.106, 142.250.181.234, 142.250.186.74, 142.250.184.202, 142.250.185.234, 172.217.18.10, 142.250.74.202, 34.104.35.123, 142.250.185.163, 88.221.110.91
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://firebasestorage.googleapis.com/v0/b/beast7-d96c5.appspot.com/o/redirectgeo%20-%20ES%20BBQ%202.htm?alt=media&token=eadf3df4-ffcd-49cd-a601-dc91c9420bb3

LLM Input / Output

Input	Output
URL: https://www.google.com/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "I'm Feeling Lucky", "prominent_button_name": "I'm Feeling Lucky", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://www.google.com/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Sign in to Google", "prominent_button_name": "Sign in", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://www.google.com/ Model: claude-3-haiku-20240307	```json { "brands": [ "Google" ] }
	```json { "brands": [ "Google" ] }
URL: https://www.google.com/ Model: claude-3-haiku-20240307	```json { "brands": [ "Google" ] }
	```json { "brands": [ "Google" ] }

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 08:53:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.982532523305584
Encrypted:	false
SSDEEP:
MD5:	206ADE53EB6A02B4AE1023CE8881CEB6
SHA1:	84CA7C1B30E0EB6707A4AAB6B8DCC683564936FF
SHA-256:	24F36C991589B6156B35BAE4A8D06F6D94FF3736427941EAA6598B7802FA3752
SHA-512:	323B2D385C24DF01C002F39C40D26F1DF609A4DAEBF15D8F28283EF8452B38F7881BAE70D53713400F589B2734964A7CCDFE6A70EE9FB8D099083FA488031124
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....=.-.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y.N....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.N....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.N....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.N..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.N...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 08:53:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9991836514195636
Encrypted:	false
SSDEEP:
MD5:	B5AB2DEDE57E439017AC5B91C6249950
SHA1:	A13C0901C6F2261717D40DA00F9C6BFD1D03BC7D
SHA-256:	FB97877F4B264D5D1D7304FAAD9B56CA54A1093D8BB3970A51B0370DEA367C02
SHA-512:	7A7CE0620B9AB2A408CAC23E1E2B95CAEF49AEE76E1FB565F7787D36443FCA5A47F222912F12069B0454588F0A64736F36FC83F4D3F24F2D6ABC123931E0A794
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......-.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y.N....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.N....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.N....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.N..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.N...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.007143745141579
Encrypted:	false
SSDEEP:
MD5:	EDE300D9761FAB9870D5226006BE252B
SHA1:	BCF07B85A63A7FDBDDC8BB07B665AA7CF5514504
SHA-256:	C40BFA8D4AD8ADAFC89BB68C7DC647FC2634210C813227171645C0A24E90EF1C
SHA-512:	FB5A18D009CF8C73685CC1BD5BF61BFE2DAEA7CA37C8BA4E9E60AC6B012F86797726FEDF263F23F16C628371B36CDC4CFDC3A4AC9EE24B5BB116819901AAFAC3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y.N....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.N....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.N....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.N..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 08:53:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9967839183393474
Encrypted:	false
SSDEEP:
MD5:	49EB8D34368BFC185CD87DCBD21ACC86
SHA1:	2C2A93E786B91E8A2B08BCFA3D02A64DFC8D53E5
SHA-256:	5F1613255E01F301E0EE0741E84F8466FDD8311F6CDEFEA6C92905B2B6109035
SHA-512:	4A04F472440E7B68A9DC7BFCE0C880B5E9AD52985B35CBCE60F227FE90C85ECAD24FA147266F729F6CCCA6CB60335A17B805D7257B07C87ADE5A71F8B9CC6C11
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......-.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y.N....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.N....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.N....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.N..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.N...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 08:53:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.985720993676411
Encrypted:	false
SSDEEP:
MD5:	8EC62C681A5567753838EEEA9FD7D07B
SHA1:	F462FD0A209917C566BDD3B3758BDFA5AF1B80B4
SHA-256:	9EA6FBD7F5F6A06F36B81B740C8EFE5EF83A71BED167A48A679D58FB0E15055F
SHA-512:	E1D4283383737249F4DA47C31B3C8DD40D48442DDB33CA98B03722962A45DDF63C6F6B072CBB2CFB9DE11611832169D95E3F1B63FCC5F95AF82D08F443CF3A7F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......-.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y.N....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.N....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.N....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.N..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.N...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 08:53:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.992544474333665
Encrypted:	false
SSDEEP:
MD5:	7BEB26746EB0398EC4E1A28E113FB9DD
SHA1:	8DA14C381D77C79ED35979EDF8F2E2B856D438ED
SHA-256:	0E7A8FD571372477CC207D941FD1237D6A945813D4683323FFBF90686F0E4A81
SHA-512:	03824B1C846F1C68FCD5CAF3FFFDF1D85D210240B212213F3BF8A1DF49A2E319EE9EB65C4ED1928740FC965D5A178F211E6F842F2B519B478D7D774C0D9DC2BA
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....vo.-.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y.N....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.N....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.N....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.N..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.N...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	102
Entropy (8bit):	5.1241654855684455
Encrypted:	false
SSDEEP:
MD5:	02AE273841421E2EABDD79F570618DC3
SHA1:	7E9E02B4D09119FD7D81AD6B86EB87E12A8C51AC
SHA-256:	FD8F036E1BEE1D4AEAA41706182E3B403BD5A2345E1385A5AE60BB1CF24DA373
SHA-512:	FC6DC6048C0B3572B7ADBF30611B3F6367731109CE15A5AFF96A4981BA8440BBE56CAA7C0366AA6283A0F91FFB1FDCB53AF5FED3D0EFB68F7C01FC105DC8979F
Malicious:	false
Reputation:	unknown
Preview:	)]}'.22;["Cl8fZ4ylH8K2i-gPsfH_sAE","2104"]c;[2,null,"0"]1b;<div jsname="Nll0ne"></div>c;[9,null,"0"]0;

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	7.8938748179764
Encrypted:	false
SSDEEP:
MD5:	6282A05D151E7D0446C655D1892475E2
SHA1:	B2B05F319DA0E73250200AE9BB518A318D6B4C5D
SHA-256:	4CAB9CF78FD7C85AE2236CDD47B905FA4173F664946DFAB008591B3CFE4280B7
SHA-512:	DF0C4C01555430BD2AFAD409E40A422F5EFB0ED9B6E86168874B46312FFC0BA7CA2B5503E49858035056C342A83CBC42721AA89077BD2E1F698692AF4277BAB5
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...0...0.....W.......IDATx........m.tm.86.m.m...m.Xo..._~..Mm.&..x....v.....?... .~^.TV....z.wK.....-.`..w.............4....."...z6Z."....`;@....!...S.Q..E...L$..`01..S(.v...vn._...H.......H.fs.8).....q....\....9B>...)>#2...A....z..8.#+A.V-..hh....3.......c.......F. 3.......~.^Q......c.....a.1...gZ....y....wU..2...].-.0b].......[......w...&K..$..K..\.t..QoY..O?....u.Sa.-...na.Z..}..._s..~[.Ue.M.!#Y.....%.t.7y....J......Q.0fC.Fo..@..&...B.....&..}.ld....O.#+...<.z..,."?vC....Y.....<d..."b.D.(sX..c..5.z,..!...oV.. .....>O.#..pHG..y.j.7.-@.K.s..,...&.%6.. O=dj....S..;.O..ylc.O.~....Tn.F.\|.Y..X..@........e..O.Z......}(H...vp.... ...y..&..:.......8y...{n..R^...:.q.......>....C.....^P..C..%..<. 6...9..,.$0x.M.=.`\..MI..\|.........^...W-"...@..J........K.m...h...x.H.>.c.>.w!......:X.b%.v....)..[R..-..>.+!..?...?.....Q.G:F...k..A.)`*.^N$...{9.<.PD...7`).3.d........h.k..{]&.;^.h.s>BREP.X.O.~P\|[....R].m,.......Z..Pk.g0.yl...Z.qp..

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (13691)
Category:	downloaded
Size (bytes):	212809
Entropy (8bit):	5.88512298960979
Encrypted:	false
SSDEEP:
MD5:	47EA41DABE157B2C9650CC30593605FA
SHA1:	C08E61FC51E317FDB629D5A2C1DDF14E523B1DB7
SHA-256:	BB32321C8F503C82B2246D451D3670C59D1289456CCDE2F820FCFFC52D79F99C
SHA-512:	AD41939FC7B223363BBA63CEF07CD3F03C27EBD6F9A81E513774531A8444D59169DE6128B4CF351C272F016844B1F0ED3995643E3478B252894E2398365EC40F
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/
Preview:	<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="I4V2svchDl1vUQLzn3YsKg">window._hst=Date.now();performance&&performance.mark&&performance.mark("SearchHeadStart");</script><script nonce="I4V2svchDl1vUQLzn3YsKg">(function(){var _g={kEI:'A18fZ6-oE_-Li-gP6MTSuAs',kEXPI:'31',kBL:'8Kd0',kOPI:89978449};(function(){var a;((a=window.google)==null?0:a.stvsc)?google.kEI=_g.kEI:window.google=_g;}).call(this);})();(function(){google.sn='webhp';google.kHL='en';})();(function(){.var h=this\|\|self;function l(){return window.google!==void 0&&window.google.kOPI!==void 0&&window.google.kOPI!==0?window.google.kOPI:null};var m,n=[];function p(a){for(var b;a&&(!a.getAttribute\|\|!(b=a.getAttribute("eid")));)a=a.parentNode;return b\|\|m}function q(a){for(var b=null;a&&(!a.getAttribute\|\|!

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6297)
Category:	dropped
Size (bytes):	6302
Entropy (8bit):	6.0573810151495975
Encrypted:	false
SSDEEP:
MD5:	34AAF464D55E55B8EFAA1518CA1975C4
SHA1:	4456D22CE71DD6BC206BDC6E816531CFA2B57E9A
SHA-256:	854D22392E91E2BDA4D7AC336A87E52672FFF6B0035A6BC9CDCAF547135E64DF
SHA-512:	6880B2C318EF4B7DD01D414E690C54881E8A9B9B448F31A03BCFDAF86C3FA9669F8B9BEC991B45E20AFBD8A56C1B5D48B9912EE27C26AB81330BEFCCDAFF9388
Malicious:	false
Reputation:	unknown
Preview:	)]}'.[[["jacob degrom trade",0,[3,357,362,396,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["nba",46,[3,357,362,396,143],{"lm":[],"zf":33,"zh":"NBA","zi":"League","zl":8,"zp":{"gs_ssp":"eJzj4tDP1TcwzSqrMGD0Ys5LSgQAIikESg"},"zs":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFAAAABQCAMAAAC5zwKfAAAAn1BMVEX///8AQ4zaGjLYAB3zwsaQocEAOYcAM4W/yNoANYYAK4IAMYQAO4i0v9UAQYsAPorZACTXAAD65+nXAAvXABKsudD20tUAKIHxvMDa4OroipH1zdDrmJ+cq8flc33++fkAHH3j6PDy9PhyiLHP2OVFZ59pga3jaXTmfocwWJcSSY/88fIkUZNYcqThWGXcKz+AlLndP07gT13soafuqrBsc7hjAAACRElEQVRYhe2Xy5qiMBCFC4IBEiGIIKKNCiKN4gWn5/2fbRJQodeVxSw4C6jj4v8qJFZVACZNmjTpv1DqdYpLWK0ty2qwvFNiu1KskvH3kpBFjeOdqdGJl8oR0zQJiuiwnudfcumaSALNBWbVs1eC86Nya5WhSSwNQIMqtwk0AX3hCpVgt2I80OfXWyb3JOzy0wCcp30c3okWICs/bhNpAIrbyG4jPJClY/8VYIHu9ZdXRxsHTLzfP6AzpGMXAjyQwDYb4ubxpQFYDPEm2gHsAhwwHsWB+QD4QQJnQyhLzXIPqwgJrD7IFelQT+yxGXKsA/OpEsUBD0NsETPaQhjhgKM/yj4yA5niIkIBx6XhD7nLox2aKOBlZDbP7tWsMcBDPpj6ldoeA+TVYNYhgvQG0mRIMVzpAPYdudeuf21RQF8MR/vxo5531KZQw2cf4nf0qOtgiW707P0ZZUcJsNVGAcX55Zql

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
Reputation:	unknown
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	102
Entropy (8bit):	5.212209112934585
Encrypted:	false
SSDEEP:
MD5:	B67CF2D947B692CD8D2071258B571F53
SHA1:	0AD6F4192130768067C4255A0BADADEFECA8BAAA
SHA-256:	9466FC30CA7D6BE6E385FA218B5AA71A69912C18A25744E6EFC3DEFA252DAB16
SHA-512:	F9CC46539439C388B3AAF3581838B25F0DECC6FEBE1C9D5A6110B112CEF261E251C5331AB0348B243EB85E95D60DA30B40278B62F6102793E01958BDFC6276E4
Malicious:	false
Reputation:	unknown
Preview:	)]}'.22;["B18fZ_CzD5yPi-gPnueA4Qw","2104"]c;[2,null,"0"]1b;<div jsname="Nll0ne"></div>c;[9,null,"0"]0;

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	850
Entropy (8bit):	5.469981389829776
Encrypted:	false
SSDEEP:
MD5:	6FA7F746F51322F0680B55476D9CD4A8
SHA1:	A19589840118247AC517B9C4E7BD61299930E185
SHA-256:	561410D561988D2B36E73B2AC4BB109C67C88A6BF862D52CCC5E52CC5EE040CF
SHA-512:	ADE88A2C56E2BBF9DAF2004FC4B059A90FCFA71E514037357F2FE4C120DC6AA4FD10E1254A73ADCAAA2D1AEDC86C63DA04AE16352BE3B0FBD813292C00E46387
Malicious:	false
Reputation:	unknown
URL:	https://firebasestorage.googleapis.com/v0/b/beast7-d96c5.appspot.com/o/redirectgeo%20-%20ES%20BBQ%202.htm?alt=media&token=eadf3df4-ffcd-49cd-a601-dc91c9420bb3
Preview:	<!DOCTYPE html>..<html>..<head>..<script>..(function(g,e,o,t,a,r,ge,tl,y,s){..g.getElementsByTagName(o)[0].insertAdjacentHTML('afterbegin','<style id="georedirect1729899834421style">body{opacity:0.0 !important;}</style>');..s=function(){g.getElementById('georedirect1729899834421style').innerHTML='body{opacity:1.0 !important;}';};..t=g.getElementsByTagName(o)[0];y=g.createElement(e);y.async=true;..y.src='https://g10498469755.co/gr?id=-OA539iLFtdhUCrb82yN&refurl='+g.referrer+'&winurl='+encodeURIComponent(window.location);..t.parentNode.insertBefore(y,t);y.onerror=function(){s()};..georedirect1729899834421loaded=function(redirect){var to=0;if(redirect){to=5000};..setTimeout(function(){s();},to)};..})(document,'script','head');..</script>..</head>..<body>..The content of the body element is displayed in your browser...</body>....</html>......

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1521)
Category:	dropped
Size (bytes):	269928
Entropy (8bit):	5.485525052250323
Encrypted:	false
SSDEEP:
MD5:	42C55AC61D3DC31CC01F17703D60FA16
SHA1:	9C057FCD41C079BCAD70E64C0B6EDE81CDEEDDB8
SHA-256:	A45B2F2A7ED5B6E1D3CB116DCCDC20FFAA05A3D4CBDD47BE3DA7BE24EC9845B7
SHA-512:	B05DC2749A6A0F3FC0817B31499EE93D48722868BA9B1B0EF9506E3851F655497581A8FA4C73DDF1E9789504324DBAEB14CBFCB9093B22D38740199726111236
Malicious:	false
Reputation:	unknown
Preview:	"use strict";_F_installCss(".KL4X6e{background:#eee;bottom:0;left:0;opacity:0;position:absolute;right:0;top:0}.TuA45b{opacity:.8}sentinel{}");.this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._.zA=function(a,b,c,d,e,f,g){var h=(0,_.Pd)(a.wa);_.Ec(h);a=_.se(a,h,c,b,2,f,!0);if(g){if(typeof e!=="number"\|\|e<0\|\|e>a.length)throw Error();}else d=d!=null?d:new c;e!=void 0?a.splice(e,g,d):a.push(d);(0,_.Cc)(d.wa)&2?(0,_.wl)(a,8):(0,_.wl)(a,16)};_.BA=function(a){if(a instanceof _.AA)return a.j;throw Error("x");};_.CA=function(a){return new _.AA(_.La,a[0].toLowerCase())};._.DA=function(a,b,c,d){if(a.length===0)throw Error("x");a=a.map(function(f){return _.BA(f)});var e=c.toLowerCase();if(a.every(function(f){return e.indexOf(f)!==0}))throw Error("ia`"+c);b.setAttribute(c,d)};_.Et.prototype.jc=_.ca(28,function(){return this.j.length==0?null:new _.H(this.j[0])});_.H.prototype.jc=_.ca(27,function(){return this});_.Et.prototype.Ja=_.ca(26,function(){

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1302)
Category:	downloaded
Size (bytes):	117949
Entropy (8bit):	5.4843553913091005
Encrypted:	false
SSDEEP:
MD5:	A5D33473ED0997C008D1C053E0773EBE
SHA1:	FEB4CB89145601A0141CC5869BEDF9AE7CD5CB80
SHA-256:	14C27BB0224FCF89A43B444B427DABE3D0AF184CAA7B6B4990CE228C51AE01C1
SHA-512:	3C0A48F9FA05469F950D9A268F1B3E9285A783A555EE597A2E203B688EB0FBCAEA3F4DE9BC8F5381C661007D0C6C4AFA70C19B7826D69A0E2A914A55973D14BD
Malicious:	false
Reputation:	unknown
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);.var da,ea,ha,na,oa,sa,ta,wa;da=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);na=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (621)
Category:	downloaded
Size (bytes):	1070719
Entropy (8bit):	5.7194760614401154
Encrypted:	false
SSDEEP:
MD5:	82B36D0DF5EFB11B1247BF58D0F53B73
SHA1:	D2381508AB596698AB2FADE0634A432984E639C4
SHA-256:	FE4E42C191A0491B4BDD5E953A6EC3804415DECB98E53B9E35DF5AA4A5A10F4D
SHA-512:	CE36F8741ACD3699423C22A1E85946ADF7DC9BD609B02ACD3386E1BA74575BCAB052AC0FC07C9A051F2A2E0EBB3E2D8AD084FA5529F4033A5E7BF372CED72A35
Malicious:	false
Reputation:	unknown
URL:	"https://www.google.com/xjs/_/js/k=xjs.hd.en.BIIZr0bjNfY.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAACAgAAJAAAAAIACAAAAAAAAAAAAAAAAAAAgQCAAQCQAAAgAAACABQAAAgEAEAAAACAQAAAQIAHgUSYAAEQAkAAAAAAAIAAACICCAAAACAAAwAAAAOABAAAAAIACAAAAAAAAAAAAAAAAAAAAAQQIAAAAAAAAAAAAABAAAAAAoAcAAAAAAAAAAAgAAEAQAAAYIAMQAAAAAAAAoA8AggfAkMICAAAAAAAAAAAAAAAIQIJgLiSgIAABAAAAAAAAAAAAAAAAQEqauLAB/d=1/ed=1/dg=3/br=1/rs=ACT90oGOCMLOOIzysjJnEq6YEdv1oi7Z6w/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi"
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,caa,naa,Aaa,Caa,Laa,Waa,cba,lba,nba,pba,qba,uba,vba,Aba,Fba,Gba,Iba,Kba,Lba,Mba,Pba,Oba,Rba,Hba,Va,Sba,Wba,Xba,Yba,bca,eca,fca,hca,ica,jca,lca,mca,oca,pca,sca,uca,wca,xca,Hca,Ica,Jca,Kca,Lca,Eca,Mca,Bca,Nca,Aca,Cca,Dca,Oca,Pca,Qca,Sca,ada,cda,dda,hda,ida,mda,pda,jda,oda,nda,lda,kda,qda,rda,vda,xda,wda,Ada,Bda,Cda,Eda,Gda,Fda,Pda,Qda,Rda,Tda,Uda,Vda,Wda,Xda,$da,aea,bea,fea,eea,iea,jea,oea,pea,qea,sea,rea,uea,tea,xea,wea,zea,Bea,Eea,Fea,Iea,Jea,Nea,Oea,Tea,Vea,ffa,gfa,ifa,Mea,Qea,xb,lfa,pfa,.ufa,wfa,Afa,Dfa,Hfa,Jfa,Cfa,Kfa,Mfa,Nfa,Qfa,Tfa,Ufa,Wfa,Zfa,aga,bga,cga,hga,kga,pga,rga,Bga,Cga,Dga

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	102
Entropy (8bit):	5.2148038433903725
Encrypted:	false
SSDEEP:
MD5:	A3B58B135AB3723169610B4DE2BD006D
SHA1:	60751E1BF6A77286A89FA36503C818311B382F07
SHA-256:	92CAC372ECEFC54A5CE198338BD1C21FCA6F8EED9131CA0AE50D862DBBCE9295
SHA-512:	AE2DA2D583D8889D41F25A3D7EC36A366BD3C9789975C5087DC750A551C1711BD05119EF82A1AEC26FF2EA2B6E3D8B4D73F82BB0DC8BEBF46B7ED6D3F6BD48DD
Malicious:	false
Reputation:	unknown
URL:	"https://www.google.com/async/hpba?vet=10ahUKEwjvtaH85rCJAxX_xQIHHWiiFLcQj-0KCBY..i&ei=A18fZ6-oE_-Li-gP6MTSuAs&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.BIIZr0bjNfY.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAACAgAAJAAAAAIACAAAAAAAAAAAAAAAAAAAgQCAAQCQAAAgAAACABQAAAgEAEAAAACAQAAAQIAHgUSYAAEQAkAAAAAAAIAAACICCAAAACAAAwAAAAOABAAAAAIACAAAAAAAAAAAAAAAAAAAAAQQIAAAAAAAAAAAAABAAAAAAoAcAAAAAAAAAAAgAAEAQAAAYIAMQAAAAAAAAoA8AggfAkMICAAAAAAAAAAAAAAAIQIJgLiSgIAABAAAAAAAAAAAAAAAAQEqauLAB%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oGOCMLOOIzysjJnEq6YEdv1oi7Z6w,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.NPqPuxjEs7s.L.B1.O%2Fam%3DJFUAAAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAgAAQAAAAAAAAAAAoACwkwAAAIwAAGwAgAAAAAAAEAAAGAAAAAAAACQAAAAAAAIAFQAAAAAAQAAACAASBAAAFAEAAACAAEKAAAACKID3IwAJCICCIB6FAAAAwAAAAOEBDGAYgKACAKMAAQAAAAAAAAhACAAAAEQAIEAAgB5AABgAgDQQAABBoAcAAgAAAAAEACAABACAmQAYIAMQAAAAAAAAgAwAAAAAAAAAAAAAAAAAAAAAAAAAAIAAIACgAAAAAAAAAAAAAAAAAAAAAAg%2Fbr%3D1%2Frs%3DACT90oFazpcOVCDR6wmgzsZJCgcmKDpxhg,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.BIIZr0bjNfY.es5.O%2Fck%3Dxjs.hd.NPqPuxjEs7s.L.B1.O%2Fam%3DJFUAAAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAgAAQAAAAAAAAACAoAC5kwAAAIwCAGwAgAAAAAAAEAAAGAAgQCAAQCQAAAgAAAKAFQAAAgEAUAAACCASBAAQNAHgUSaAAEaAkAACKID3IwAJCICCIB6FCAAAwAAAAOEBDGAYgKACAKMAAQAAAAAAAAhACAAAAUQIIEAAgB5AABgAgDQQAABBoAcAAgAAAAAEACgABECQmQAYIAMQAAAAAAAAoA8AggfAkMICAAAAAAAAAAAAAAAIQIJgLiSgIAABAAAAAAAAAAAAAAAAQEqauLAB%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oG7-SX3mQhSUHY7Psa0X0cV6XLFEg,_fmt:prog,_id:_A18fZ6-oE_-Li-gP6MTSuAs_9"
Preview:	)]}'.22;["CV8fZ_uUEpioi-gPhLi9gA8","2104"]c;[2,null,"0"]1b;<div jsname="Nll0ne"></div>c;[9,null,"0"]0;

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (766)
Category:	downloaded
Size (bytes):	1423
Entropy (8bit):	5.340155215497175
Encrypted:	false
SSDEEP:
MD5:	601F70E857A6953CBDA4B9CE9BC98A18
SHA1:	F560E43C98CFE8641EE7DC773E5152910EFC8C9F
SHA-256:	F61D46987F8A646B3FB3356F84E69831FB269C8426D6971924E7154CEC957759
SHA-512:	49CFAC8659AD0B51EBA1D61D86C8D5E5618AAA4350BB6F64D28D1DBB0705868FD504A99081471208EB86DCA90705BBBA12B5DCFBBBC1ECF2DC6F6DF2841242F5
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.HyLTZ-VVzwQ.es5.O/ck=boq-one-google.OneGoogleWidgetUi.GggoXlw0wTY.L.B1.O/am=gDAYMGw/d=1/exm=A1yn5d,A7fCU,BVgquf,EEDORb,EFQ78c,FCpbqb,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,RqjULd,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ug7Xab,Ulmmrd,V3dDOb,WhJNk,Wt6vjf,XVMNvd,Z5uLle,ZDZcre,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,ebZ3mb,fKUV3e,gychg,hKSk3e,hc6Ubd,hhhU8,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,yYB61,zbML3c,zr1jrb/excm=_b,_tp,calloutview/ed=1/wt=2/ujg=1/rs=AM-SdHvnaX27gCDIp4WyJbtluL3aRIPNSw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=P6sQOc"
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._.p("P6sQOc");.var Hqa=!!(_.Pi[0]>>25&1);var Iqa=function(a,b,c,d,e){this.o=a;this.N=b;this.v=c;this.O=d;this.T=e;this.j=0;this.l=Y_(this)},Jqa=function(a){var b={};_.Ea(a.rs(),function(e){b[e]=!0});var c=a.hs(),d=a.ks();return new Iqa(a.js(),c.j()1E3,a.bs(),d.j()1E3,b)},Y_=function(a){return Math.random()Math.min(a.NMath.pow(a.v,a.j),a.O)},Z_=function(a,b){return a.j>=a.o?!1:b!=null?!!a.T[b]:!0};var $_=function(a){_.N.call(this,a.oa);this.l=a.service.Dt;this.o=a.service.metadata;a=a.service.nH;this.fetch=a.fetch.bind(a)};_.E($_,_.N);$_.V=function(){return{service:{Dt:_.W_,metadata:_.S_,nH:_.PY}}};$_.prototype.j=function(a,b){if(this.o.getType(a.Db())!==1)return _.Pp(a);var c=this.l.jt;(c=c?Jqa(c):null)&&Z_(c)?(b=a0(this,a,b,c),a=new _.Op(a,b,2)):a=_.Pp(a);return a};.var a0=function(a,b,c,d){return c.then(function(e){return e},function(e){if(Hqa)if(e instanceof _.Hf){if

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	BEEDCB4EB0A559E6CE2D1E20D38CB330
SHA1:	A04EE9801770C0E81B170D7992EC3735E878AA58
SHA-256:	6E9D99B87595B07B10676B68EBE9AA8B63DF7D9A74F59CC91EED60EA1FBDC6EF
SHA-512:	BD101CDF7FDF1210127D83CE76E3F6F6F1378259F0A55C112E39C49A9131B8636FB020E07E985B8427A35B62A544F2F7C5F75B11AD69EF2C4AE67A41BD5898B2
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto
Preview:	CgkKBw1pSEdHGgA=

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3521)
Category:	dropped
Size (bytes):	22053
Entropy (8bit):	5.41304679760341
Encrypted:	false
SSDEEP:
MD5:	08D44C8857573C459C2098F02BC251F8
SHA1:	D4BD0C4B428EBD184C5C1EA6C331BA1C87EC8B92
SHA-256:	9830BAE24B5950DAED52A956FFB1D0F170C1E8ABADCC7EA3458C4DE893ACB3CA
SHA-512:	EE893D1E634F4BE09DDA72CB9109C5FB65044E9FB0087E35EBFC0DAEC959280B2C777F935089ABB9984F77976FE8D98E69629132B11C5BD06CF43D7E43CD8233
Malicious:	false
Reputation:	unknown
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{.var cG;._.eG=function(){var a=cG(_.Ne("xwAfE"),function(){return _.Ne("UUFaWc")}),b=cG(_.Ne("xnI9P"),function(){return _.Ne("u4g7r")}),c,d,e,f;return(f=dG)!=null?f:dG=Object.freeze({isEnabled:function(g){return g===-1\|\|_.xf(_.Ne("iCzhFc"),!1)?!1:a.enabled\|\|b.enabled},Eg:(c=_.um(_.Ne("y2FhP")))!=null?c:void 0,Ov:(d=_.um(_.Ne("MUE6Ne")))!=null?d:void 0,yg:(e=_.um(_.Ne("cfb2h")))!=null?e:void 0,xf:_.wm(_.Ne("yFnxrf"),-1),mw:_.Am(_.Ne("fPDxwd")).map(function(g){return _.wm(g,0)}).filter(function(g){return g>0}),.Ez:a,rV:b})};cG=function(a,b){a=_.xf(a,!1);return{enabled:a,Ht:a?_.Ud(_.xm(b(),_.fG)):Jia()}};_.fG=function(a){this.wa=_.x(a)};_.E(_.fG,_.C);var Jia=function(a){return function(){return _.qd(a)}}(_.fG);var dG;._.p("RqjULd");.var Via=function(a){if(_.n&&_.n.performance&&_.n.performance.memory){var b=_.n.performance.memory;if(b){var c=new XG;isNaN(b.jsHeapSizeLimit)\|\|_.Df

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7408)
Category:	dropped
Size (bytes):	557803
Entropy (8bit):	5.628648092468642
Encrypted:	false
SSDEEP:
MD5:	1ED292E65706B01E63C364311884A2AC
SHA1:	4541FC8918E26266FD2D676AAA59CB193B0516AF
SHA-256:	C3C05B93B9AA0CE06AC15BF580A878177EB039FE44B9D4D24933228CBF98DD88
SHA-512:	ADCEE846A9BEFEE172F582AD9B0009037C5FB697DF1F7F7E1B6A21F1CE1DE456832FECEC7AAE973346BA456746F3EA184BC03697453080CFC27BE9AEDFEE4D33
Malicious:	false
Reputation:	unknown
Preview:	_F_installCss("c-wiz{contain:style}c-wiz>c-data{display:none}c-wiz.rETSD{contain:none}c-wiz.Ubi8Z{contain:layout style}.jbBItf{display:block;position:relative}.DU0NJ{bottom:0;left:0;position:absolute;right:0;top:0}.lP3Jof{display:inline-block;position:relative}.nNMuOd{animation:qli-container-rotate 1568.2352941176ms linear infinite}@keyframes qli-container-rotate{from{transform:rotate(0)}to{transform:rotate(1turn)}}.RoKmhb{height:100%;opacity:0;position:absolute;width:100%}.nNMuOd .VQdeab{animation:qli-fill-unfill-rotate 5332ms cubic-bezier(0.4,0,0.2,1) infinite both,qli-blue-fade-in-out 5332ms cubic-bezier(0.4,0,0.2,1) infinite both}.nNMuOd .IEqiAf{animation:qli-fill-unfill-rotate 5332ms cubic-bezier(0.4,0,0.2,1) infinite both,qli-red-fade-in-out 5332ms cubic-bezier(0.4,0,0.2,1) infinite both}.nNMuOd .smocse{animation:qli-fill-unfill-rotate 5332ms cubic-bezier(0.4,0,0.2,1) infinite both,qli-yellow-fade-in-out 5332ms cubic-bezier(0.4,0,0.2,1) infinite both}.nNMuOd .FlKbCe{animation:qli

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	660
Entropy (8bit):	7.7436458678149815
Encrypted:	false
SSDEEP:
MD5:	C3DFF0D9F30EC0BCF4DEC9524505916B
SHA1:	4B378403ACBEBC3747E08C69B5FD7770A850C9EB
SHA-256:	73D788F86BE22112BB53762545989C0F1BBDB7343161130952C9BA3834FF81E3
SHA-512:	677EA304D00D176ACF61FF68BF23BD5F77AD2928D7DE9F4B842292BC9D3FB7029FE9F578B62F142DCE689230F392E828098EED3484FE2DBEE6E1A7AA5378E2C6
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp
Preview:	RIFF....WEBPVP8L..../'....Hv.=n.......Q...a..(Rv.o..U.....l..m........0l.6l..f.......A?B.C.A...2h..Ag0....G8.n#)R.j.x..P.F..I;.Ox......7-...bX./..]...3..T....5...x...G.C....%.u.....u/._.=....<!q.\...9.....\....p:..P.4.aS.N).>.>.."..9..Vh ....no....l.1..#6p\c..2..>..=8...........FP.^....+/.~......hs..D.Jm..9...r....t*.H..~T^\|.....l..l......he..}f....d.."....K...&1..................pl.Pf.%6...2X..I...eXQ(.K..1%c..w.s._..._K`K.1}..D.E=...<..ytM..>.q'.e.L.~$...b..;k.M.....t\O..m.I._..F....'........z.]..u?~..P.zJM.. k...p~9..D....".Zl$?f..+...\.Pg..%...;.[R>N.#.W.e..@q...(....]&......K.......?.\|.z..(...:&m.V.C.'...D^.R....

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (589)
Category:	dropped
Size (bytes):	1667
Entropy (8bit):	5.277873735482114
Encrypted:	false
SSDEEP:
MD5:	9F810AA0EF12543DB9BAAA37ADC937B0
SHA1:	E9A1278D08198AAFEE5437D8EE93D6B786C03487
SHA-256:	3D00166142B7768869FE895A4524C0CE09BBB2EE6DA5BC64A5C9FFE85D44355F
SHA-512:	4246EFCE332497D5952C43DC1523DD5849C0CF37AD00BE3E514D39A7A2D0F8AA166DB0057EA11590C044673B97F64014D1536D7963AD01BD6AED2D1CC2B7FA58
Malicious:	false
Reputation:	unknown
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{._.x("lOO0Vd");._.Qcb=new _.Ud(_.CMa);._.y();.}catch(e){_._DumpException(e)}.try{.var adb;_.bdb=function(a,b,c,d,e){this.WEa=a;this.ymd=b;this.Qlb=c;this.Csd=d;this.oFd=e;this.Ocb=0;this.Plb=adb(this)};adb=function(a){return Math.random()Math.min(a.ymdMath.pow(a.Qlb,a.Ocb),a.Csd)};_.bdb.prototype.j4b=function(){return this.Ocb};_.bdb.prototype.Kja=function(a){return this.Ocb>=this.WEa?!1:a!=null?!!this.oFd[a]:!0};_.cdb=function(a){if(!a.Kja())throw Error("Ae`"+a.WEa);++a.Ocb;a.Plb=adb(a)};.}catch(e){_._DumpException(e)}.try{._.x("P6sQOc");.var ddb=function(a){var b={};_.Ga(a.ktb(),function(e){b[e]=!0});var c=a.esb(),d=a.qsb();return new _.bdb(a.psb(),c.ka()1E3,a.Rib(),d.ka()1E3,b)},edb=!!(_.lh[33]&8);var fdb=function(a){_.ko.call(this,a.La);this.logger=null;this.ka=a.service.tEb;this.ta=a.service.metadata;a=a.service.jcd;this.fetch=a.fetch.bind(a)};_.C(fdb,_.ko);fdb.Ga=function(){return{service:{tEb:_.Wcb,metadata:_.Qcb,jcd:_.

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1136)
Category:	dropped
Size (bytes):	1555
Entropy (8bit):	5.249530958699059
Encrypted:	false
SSDEEP:
MD5:	FBE36EB2EECF1B90451A3A72701E49D2
SHA1:	AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D
SHA-256:	E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
SHA-512:	7B1FD6CF34C26AF2436AF61A1DE16C9DBFB4C43579A9499F4852A7848F873BAC15BEEEA6124CF17F46A9F5DD632162364E0EC120ACA5F65E7C5615FF178A248F
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 400 (Bad Request)!!1</title>. <style>. {margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px} > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//ww

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1281)
Category:	dropped
Size (bytes):	205740
Entropy (8bit):	5.474096482517275
Encrypted:	false
SSDEEP:
MD5:	AF2B61C14E81AED046BD457370689B3E
SHA1:	BC9B2DC5798AD22FD9DD4B3E3D1FB7F2B5E29085
SHA-256:	C6C7767D9C19E031954167DF691194A7B560C10CE31F3EE507CF1FBC50BA76C6
SHA-512:	64D71474EFF9FE74101CB23837C6BF40BE10DFDEA2DCDF90377C1695EDAE5E00037A62A5C7C61C8B31EE9D83161319F04AFEC74C83D9EBA52E5CD36E9F07CFAF
Malicious:	false
Reputation:	unknown
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x30183080, 0x1b0, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT./.var ha,aaa,Ga,baa,Ja,bb,sb,eaa,Lb,Qb,Rb,Sb,Tb,Ub,Vb,Wb,Zb,faa,gaa,bc,dc,kc,nc,pc,haa,uc,vc,Dc,Lc,Oc,Qc,Sc,Uc,Pc,Wc,Xc,maa,md,nd,od,naa,oaa,yd,xd,paa,Bd,qaa,Dd,raa,Ed,saa,Ld,taa,Qd,Wd,Xd,Zd,ce,de,be,fe,Fe,Ie,Qe,Oe,Re,z,Ve,Ye,bf,jf,of,zaa,Aaa,Baa,Caa,Daa,Eaa,Faa,Gaa,Haa,Iaa,Jaa,Kaa,Laa,Maa,kg,og,Saa,Qaa,zg,Waa,Gg,Jg,Yaa,Zaa,Lg,Zg,cba,dba,dh,eba,fba,sh,gba,hba,Hh,Ih,Jh,iba,jba,Mh,lba,mba,Qh,Rh,qba,sba,tba,uba,vba,wba,xba,yba,Aba,Bba,Cba,Eba

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2287)
Category:	dropped
Size (bytes):	222084
Entropy (8bit):	5.526058708190933
Encrypted:	false
SSDEEP:
MD5:	484184FA115B901608813FF9AD662D66
SHA1:	03940204713774B0333168624F38E1C8F38CD9A7
SHA-256:	3705D85A13B50B2C1A500E16A40EF349D62D3F06A847A903C31A2444F6063D03
SHA-512:	7CD0D549F01EB3DBFDCCB0BDCEFC8FDE98B5D96AF1BBAEF70AD085DA576F9485D34315BD68A93A38E33E29724477E0C5172B0E25AEB46843E38BF51F7DFA52E4
Malicious:	false
Reputation:	unknown
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Ke=function(a){return _.Qb(a)&&a.nodeType==1};_.Le=function(a,b){if("textContent"in a)a.textContent=b;else if(a.nodeType==3)a.data=String(b);else if(a.firstChild&&a.firstChild.nodeType==3){for(;a.lastChild!=a.firstChild;)a.removeChild(a.lastChild);a.firstChild.data=String(b)}else _.He(a),a.appendChild(_.we(a).createTextNode(String(b)))};var Me;_.Ne=function(a,b,c){Array.isArray(c)&&(c=c.join(" "));var d="aria-"+b;c===""\|\|c==void 0?(Me\|\|(Me={atomic:!1,autocomplete:"none",dropeffect:"none",haspopup:!1,live:"off",multiline:!1,multiselectable:!1,orientation:"vertical",readonly:!1,relevant:"additions text",required:!1,sort:"none",busy:!1,disabled:!1,hidden:!1,invalid:"false"}),c=Me,b in c?a.setAttribute(d,c[b]):a.removeAttribute(d)):a.setAttribute(d,c)};var Re;_.Qe=function(a,b,c,d,e,f){if(_.tc&&e)return _.Oe(a);if(e&&!d)return!1;if(!_.rc){typeof b==="number"&&(b=_.Pe(b));var g=b==17\|\|b==18\|\|_.tc&&b==91;if((!c\|\|_.tc)&&g\|\|_.tc&&b

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	102
Entropy (8bit):	5.221794466157011
Encrypted:	false
SSDEEP:
MD5:	3F630FB1EDF44612ECF63D507C33FA61
SHA1:	D3F731A8265F9A623951BCA038263F294D3847F4
SHA-256:	7516B2C734C70CDA56C27E775546811E0DB3A7580F531BA14DE0C1834D9204B0
SHA-512:	AAF6AF0EC6B1B4E93091464DFA9FF2098000685279946990F919420053A4FE6D7438F8D142E6B2AA94D9D6AD1D5243DE6B962C3796626A70D50BB686AE716904
Malicious:	false
Reputation:	unknown
URL:	"https://www.google.com/async/hpba?yv=3&cs=0&ei=A18fZ6-oE_-Li-gP6MTSuAs&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en.BIIZr0bjNfY.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAACAgAAJAAAAAIACAAAAAAAAAAAAAAAAAAAgQCAAQCQAAAgAAACABQAAAgEAEAAAACAQAAAQIAHgUSYAAEQAkAAAAAAAIAAACICCAAAACAAAwAAAAOABAAAAAIACAAAAAAAAAAAAAAAAAAAAAQQIAAAAAAAAAAAAABAAAAAAoAcAAAAAAAAAAAgAAEAQAAAYIAMQAAAAAAAAoA8AggfAkMICAAAAAAAAAAAAAAAIQIJgLiSgIAABAAAAAAAAAAAAAAAAQEqauLAB/dg%3D0/br%3D1/rs%3DACT90oGOCMLOOIzysjJnEq6YEdv1oi7Z6w,_basecss:/xjs/_/ss/k%3Dxjs.hd.NPqPuxjEs7s.L.B1.O/am%3DJFUAAAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAgAAQAAAAAAAAAAAoACwkwAAAIwAAGwAgAAAAAAAEAAAGAAAAAAAACQAAAAAAAIAFQAAAAAAQAAACAASBAAAFAEAAACAAEKAAAACKID3IwAJCICCIB6FAAAAwAAAAOEBDGAYgKACAKMAAQAAAAAAAAhACAAAAEQAIEAAgB5AABgAgDQQAABBoAcAAgAAAAAEACAABACAmQAYIAMQAAAAAAAAgAwAAAAAAAAAAAAAAAAAAAAAAAAAAIAAIACgAAAAAAAAAAAAAAAAAAAAAAg/br%3D1/rs%3DACT90oFazpcOVCDR6wmgzsZJCgcmKDpxhg,_basecomb:/xjs/_/js/k%3Dxjs.hd.en.BIIZr0bjNfY.es5.O/ck%3Dxjs.hd.NPqPuxjEs7s.L.B1.O/am%3DJFUAAAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAgAAQAAAAAAAAACAoAC5kwAAAIwCAGwAgAAAAAAAEAAAGAAgQCAAQCQAAAgAAAKAFQAAAgEAUAAACCASBAAQNAHgUSaAAEaAkAACKID3IwAJCICCIB6FCAAAwAAAAOEBDGAYgKACAKMAAQAAAAAAAAhACAAAAUQIIEAAgB5AABgAgDQQAABBoAcAAgAAAAAEACgABECQmQAYIAMQAAAAAAAAoA8AggfAkMICAAAAAAAAAAAAAAAIQIJgLiSgIAABAAAAAAAAAAAAAAAAQEqauLAB/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oG7-SX3mQhSUHY7Psa0X0cV6XLFEg,_fmt:prog,_id:_A18fZ6-oE_-Li-gP6MTSuAs_8&sp_imghp=false&sp_hpep=2&sp_hpte=0&vet=10ahUKEwjvtaH85rCJAxX_xQIHHWiiFLcQj-0KCBU..i"
Preview:	)]}'.22;["Bl8fZ6TpA7mIi-gPoLTAyAI","2104"]c;[2,null,"0"]1b;<div jsname="Nll0ne"></div>c;[9,null,"0"]0;

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Category:	downloaded
Size (bytes):	15344
Entropy (8bit):	7.984625225844861
Encrypted:	false
SSDEEP:
MD5:	5D4AEB4E5F5EF754E307D7FFAEF688BD
SHA1:	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
SHA-256:	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
SHA-512:	7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h\|.l....A....b6........(......@e.]...:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P\|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].\|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)\|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed..'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (550)
Category:	downloaded
Size (bytes):	1521
Entropy (8bit):	5.083648011779233
Encrypted:	false
SSDEEP:
MD5:	886BE6C3817524F0A9C670AA712F7963
SHA1:	C535C66BF3FA4F69290DB50DD6DFA26C3539198C
SHA-256:	401A366F7B672D735595C59AC319BD3F937CB36FCFCE187044BB738F50B265D4
SHA-512:	CB25B4D9C4F57A107A1844C1B8C1F9563892F2C4FBC54D53F0BC0CC4E4ED937FD859010B073974F4CE1F52DC6916E08F2DDB3AE64808C32CA8160BD210789729
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/xjs/_/js/k=xjs.hd.en.BIIZr0bjNfY.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAACAgAAJAAAAAIACAAAAAAAAAAAAAAAAAAAgQCAAQCQAAAgAAACABQAAAgEAEAAAACAQAAAQIAHgUSYAAEQAkAAAAAAAIAAACICCAAAACAAAwAAAAOABAAAAAIACAAAAAAAAAAAAAAAAAAAAAQQIAAAAAAAAAAAAABAAAAAAoAcAAAAAAAAAAAgAAEAQAAAYIAMQAAAAAAAAoA8AggfAkMICAAAAAAAAAAAAAAAIQIJgLiSgIAABAAAAAAAAAAAAAAAAQEqauLAB/d=0/dg=0/br=1/rs=ACT90oGOCMLOOIzysjJnEq6YEdv1oi7Z6w/m=aLUfP?xjs=s4
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{._.x("aLUfP");.var Wrb=function(a){this.Rp=a};var Xrb=function(a){_.ko.call(this,a.La);var b=this;this.window=a.service.window.get();this.ta=this.Rp();this.oa=window.orientation;this.ka=function(){var c=b.Rp(),d=b.yYa()&&Math.abs(window.orientation)===90&&b.oa===-1window.orientation;b.oa=window.orientation;if(c!==b.ta\|\|d){b.ta=c;d=_.Sa(b.Id);for(var e=d.next();!e.done;e=d.next()){e=e.value;var f=new Wrb(c);try{e(f)}catch(g){_.ca(g)}}}};this.Id=new Set;this.window.addEventListener("resize",this.ka);this.yYa()&&this.window.addEventListener("orientationchange",.this.ka)};_.C(Xrb,_.ko);Xrb.Ga=function(){return{service:{window:_.lo}}};_.m=Xrb.prototype;_.m.addListener=function(a){this.Id.add(a)};_.m.removeListener=function(a){this.Id.delete(a)};._.m.Rp=function(){if(_.na()&&_.ma()&&!navigator.userAgent.includes("GSA")){var a=_.Il(this.window);a=new _.Al(a.width,Math.round(a.widththis.window.innerHeight/this.window.innerWidth))}else a

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1689), with no line terminators
Category:	downloaded
Size (bytes):	1689
Entropy (8bit):	5.640520027557763
Encrypted:	false
SSDEEP:
MD5:	45DD7BD58C9F085DA52FA16A2A150066
SHA1:	9B5CF4B288EDE14AE8834F3EF2A58145B8EC8CBC
SHA-256:	0D5C53FCC37C7A2CE26367BBE6197FCD9272DD7EBC81823D088A4DFFF5AE599B
SHA-512:	520B8DF68524C2CEF393B837D7EAD0168028C94697E1DA0AC4BDDAFAB849D1B26D7E7933082146AE6A220A449F066CBBBA2EBFC6CC30D3F756FBD98EE061C8DF
Malicious:	false
Reputation:	unknown
URL:	"https://www.google.com/xjs/_/ss/k=xjs.hd.NPqPuxjEs7s.L.B1.O/am=JFUAAAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAgAAQAAAAAAAAAAAoACwkwAAAIwAAGwAgAAAAAAAEAAAGAAAAAAAACQAAAAAAAIAFQAAAAAAQAAACAASBAAAFAEAAACAAEKAAAACKID3IwAJCICCIB6FAAAAwAAAAOEBDGAYgKACAKMAAQAAAAAAAAhACAAAAEQAIEAAgB5AABgAgDQQAABBoAcAAgAAAAAEACAABACAmQAYIAMQAAAAAAAAgAwAAAAAAAAAAAAAAAAAAAAAAAAAAIAAIACgAAAAAAAAAAAAAAAAAAAAAAg/d=0/br=1/rs=ACT90oFazpcOVCDR6wmgzsZJCgcmKDpxhg/m=syj8,syng?xjs=s4"
Preview:	.MTIaKb,.LwDUdc,.FAoEle,.RlTCPd,.wPNfjb,.caNvfd,.Vnob4b,.bbxTBb,.DpgmK,.YKUhfb,.uNnvb,.aVsZpf,.RoOVmf,.dIfvQd,.V3Ezn,.Enb9pe,.mYuoaf,.kJSB8,.tUr4Kc,.iQMtqe{--Yi4Nb:var(--mXZkqc);--pEa0Bc:var(--bbQxAb);--kloG3:var(--mXZkqc);--YaIeMb:var(--XKMDxc);--Pa8Wlb:var(--Nsm0ce);--izGsqb:var(--Nsm0ce);--todMNcl:var(--EpFNW);--p9J9c:var(--Nsm0ce)}:root{--KIZPne:#a3c9ff;--xPpiM:#001d35;--Ehh4mf:var(--Nsm0ce)}:root{--Yi4Nb:#d2d2d2;--pEa0Bc:#474747;--kloG3:#d2d2d2;--YaIeMb:#f7f8f9;--Pa8Wlb:#0b57d0;--izGsqb:#0b57d0;--todMNcl:#fff;--p9J9c:#0b57d0}.EpPYLd{display:block;position:relative}.YpcDnf{padding:0 16px;vertical-align:middle}.YpcDnf.HG1dvd{padding:0}.HG1dvd>*{padding:0 16px}.WtV5nd .YpcDnf{padding-left:28px}.Zt0a5e .YpcDnf{line-height:48px}.GZnQqe .YpcDnf{line-height:23px}.EpPYLd:hover{cursor:pointer}.EpPYLd,.CB8nDe:hover{cursor:default}.LGiluc,.EpPYLd[disabled]{pointer-events:none;cursor:default}@media (forced-colors:active){.EpPYLd[disabled]{color:GrayText}}.LGiluc{border-top:1px solid;height:0;

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	5506
Entropy (8bit):	4.079249173365559
Encrypted:	false
SSDEEP:
MD5:	CDAA6F978EB8AE6A3F06C302576E516A
SHA1:	DBE242ED2BF0F09E6F3D433238A3A3C66088CDBE
SHA-256:	EB28B704465A04EA324D59B3F0F6BBF0D870BCE9744F1B8AA25C077BEF05443D
SHA-512:	B10E446D5BA9323C011D543DD37B30DA45BA6248DBF8564BBAC74250B7FC94A9A239506059B8996717931C19344F50DB957BDFB87189289F5B9F6B80C2E7BCE8
Malicious:	false
Reputation:	unknown
Preview:	<svg width="174" height="60" viewBox="0 0 174 60" fill="none" xmlns="http://www.w3.org/2000/svg">.<path d="M47.381 36.156C42.376 36.156 38.766 32.834 38.766 27.896C38.766 22.869 42.487 19.657 47.27 19.657C49.728 19.657 52.009 20.477 53.316 21.739L50.924 24.463C50.193 23.622 48.931 23.002 47.403 23.002C44.746 23.002 42.797 25.084 42.797 27.896C42.797 30.775 44.502 32.834 47.581 32.834C48.467 32.834 49.286 32.701 49.95 32.413V29.557H46.96V26.501H53.427V34.805C51.899 35.602 49.795 36.156 47.381 36.156Z" fill="#434F65"/>.<path d="M67.2461 31.239H59.251C59.362 32.457 60.5801 33.321 61.8861 33.321C63.0381 33.321 63.835 32.834 64.322 32.17L66.847 33.764C65.806 35.27 64.079 36.112 61.842 36.112C58.52 36.112 55.774 34.007 55.774 30.287C55.774 26.677 58.387 24.375 61.731 24.375C64.986 24.375 67.267 26.611 67.267 30.376C67.268 30.664 67.2681 30.974 67.2461 31.239ZM63.924 28.98C63.924 27.829 63.1931 26.876 61.7541 26.876C60.3591 26.876 59.34 27.85 59.252 28.98H63.924Z" fill="#434F65"/>.<path d="M7

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4232), with no line terminators
Category:	downloaded
Size (bytes):	4232
Entropy (8bit):	5.531069792601157
Encrypted:	false
SSDEEP:
MD5:	DA43A25BD1F9DD99ABEEE97AE6E6BCA6
SHA1:	FAF739B5A3ACE85BABEF8AF8C123C7B140D5222A
SHA-256:	FC42CAFE3E110C38CB62AB04E51E2F806F308D3ED3F95C9E3AB5D0B7B3C9978A
SHA-512:	CB7ABBCBFF96B0B6C7AA9A674C8DB81FD6D3AD3D1F950B08F6F64AE3BC86E0ECD3DDF05C6542CAD98CE5ED59BBF2C1B510B2598064DE0B42DEB051F1CF368DFD
Malicious:	false
Reputation:	unknown
URL:	"https://www.google.com/xjs/_/ss/k=xjs.hd.NPqPuxjEs7s.L.B1.O/am=JFUAAAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAgAAQAAAAAAAAAAAoACwkwAAAIwAAGwAgAAAAAAAEAAAGAAAAAAAACQAAAAAAAIAFQAAAAAAQAAACAASBAAAFAEAAACAAEKAAAACKID3IwAJCICCIB6FAAAAwAAAAOEBDGAYgKACAKMAAQAAAAAAAAhACAAAAEQAIEAAgB5AABgAgDQQAABBoAcAAgAAAAAEACAABACAmQAYIAMQAAAAAAAAgAwAAAAAAAAAAAAAAAAAAAAAAAAAAIAAIACgAAAAAAAAAAAAAAAAAAAAAAg/d=1/ed=1/br=1/rs=ACT90oFazpcOVCDR6wmgzsZJCgcmKDpxhg/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,d,csi"
Preview:	:root{--COEmY:#1f1f1f;--xhUGwc:#fff}:root{--vZe0jb:#a8c7fa;--nwXobb:#638ed4;--VuZXBd:#001d35;--uLz37c:#545d7e;--jINu6c:#001d35;--TyVYld:#0b57d0;--ZEpPmd:#c3d9fb;--QWaaaf:#638ed4;--DEeStf:#f5f8ff;--TSWZIb:#e5edff;--BRLwE:#d3e3fd;--gS5jXb:#dadce0;--Aqn7xd:#d2d2d2;--EpFNW:#fff;--IXoxUe:#5e5e5e;--bbQxAb:#474747;--YLNNHc:#1f1f1f;--TMYS9:#0b57d0;--JKqx2:#1a0dab;--rrJJUc:#0b57d0;--mXZkqc:#d2d2d2;--Nsm0ce:#0b57d0;--XKMDxc:#f3f5f6;--aYn2S:#f3f5f6;--Lm570b:#dee1e3}.zJUuqf{margin-bottom:4px}.AB4Wff{margin-left:16px}.OhScic{margin:0px}.v0rrvd{padding-bottom:16px}.zsYMMe{padding:0px}.wHYlTd{font-family:Roboto,Arial,sans-serif;font-size:14px;line-height:22px}.yUTMj{font-family:Roboto,Arial,sans-serif;font-weight:400}.VDgVie{text-align:center}.TUOsUe{text-align:left}@keyframes g-snackbar-show{from{pointer-events:none;transform:translateY(0)}to{transform:translateY(-100%)}}@keyframes g-snackbar-hide{from{transform:translateY(-100%)}to{transform:translateY(0)}}@keyframes g-snackbar-show-content{from{op

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (960)
Category:	downloaded
Size (bytes):	3314
Entropy (8bit):	5.4988895503589506
Encrypted:	false
SSDEEP:
MD5:	3AD81844EDFBFE7698ECC0E114A0F680
SHA1:	494710FF611ED4C997F3DE7B46D12050C84C9314
SHA-256:	954DD56F9F4399D43A1BBA4D69E901F47EFBCB66650A02C60D630E16089A0E3A
SHA-512:	FB69AA92874FD68B2EA9F43EB805B3CAB846A91A03B00917C451CE854A5B41D5730A4C587F06F7DC16980B6D3FB2C20EDFCC2549AD4646D9659AB63D2759A52E
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.HyLTZ-VVzwQ.es5.O/ck=boq-one-google.OneGoogleWidgetUi.GggoXlw0wTY.L.B1.O/am=gDAYMGw/d=1/exm=A1yn5d,A7fCU,BVgquf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ug7Xab,Ulmmrd,V3dDOb,XVMNvd,Z5uLle,ZDZcre,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,ebZ3mb,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,yYB61,zbML3c,zr1jrb/excm=_b,_tp,calloutview/ed=1/wt=2/ujg=1/rs=AM-SdHvnaX27gCDIp4WyJbtluL3aRIPNSw/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._.p("Wt6vjf");.var rA=function(a){this.wa=_.x(a,0,rA.ob)};_.E(rA,_.C);rA.prototype.Xa=function(){return _.Ll(this,1)};rA.prototype.rc=function(a){_.Xl(this,1,a)};rA.ob="f.bo";var sA=function(){_.op.call(this)};_.E(sA,_.op);sA.prototype.nb=function(){this.Es=!1;tA(this);_.op.prototype.nb.call(this)};sA.prototype.j=function(){uA(this);if(this.hl)return vA(this),!1;if(!this.Lt)return wA(this),!0;this.dispatchEvent("p");if(!this.Oq)return wA(this),!0;this.yp?(this.dispatchEvent("r"),wA(this)):vA(this);return!1};.var xA=function(a){var b=new _.Vu(a.Az);a.Cr!=null&&b.l.set("authuser",a.Cr);return b},vA=function(a){a.hl=!0;var b=xA(a),c="rt=r&f_uid="+_.lm(a.Oq);_.Sq(b,(0,_.rh)(a.l,a),"POST",c)};.sA.prototype.l=function(a){a=a.target;uA(this);if(_.$q(a)){this.vo=0;if(this.yp)this.hl=!1,this.dispatchEvent("r");else if(this.Lt)this.dispatchEvent("s");else{try{var b=_.ar(a),c=JSON.par

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10109), with no line terminators
Category:	downloaded
Size (bytes):	10109
Entropy (8bit):	5.301925163267041
Encrypted:	false
SSDEEP:
MD5:	E67394A50AD30DD0A4FC371B2F9F2A36
SHA1:	3167C010A7C76D0F9054980C819815BB0E291F2D
SHA-256:	487FBC096FEB40C5D01414F5FE41A2A175411C1712E761A97BFD69A57C4FE664
SHA-512:	707E6F2BCA60585FAEA6841A3B5F19BF1543F84939D6A4A59830C496852C21357D17B61D3B987B096579BC6DE697B6FABD4AB12DF2CE780FA4528E05206968F9
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.GZmhE2vV14w.L.W.O/m=qcwid,d_b_gm3,d_wi_gm3,d_lo_gm3/excm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/ct=zgms/rs=AA2YrTuKvZ-nsYNivRzfGpm8QSi6tMFrvg"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	12243
Entropy (8bit):	1.4018288684647429
Encrypted:	false
SSDEEP:
MD5:	CB2C992FFBC6B5F12E7BE00540BE7E55
SHA1:	977BA74C9F6482B062705BD28E50BF68122C34A5
SHA-256:	9783A9508B9B7CB2115BA836C7C2FAE42BC8C8A9A676B40784D3434AE2022080
SHA-512:	37364C9D5D569B0F3A8C8EE0AD018EA616356AD7B0429FCC0063D016800934C2F77F139B3110E508A6F57913266578571FCBE0C8D9CB24B2E17F55D7CF07FA20
Malicious:	false
Reputation:	unknown
Preview:	{"chunkTypes":"1000011111110011110001000010110100000011111111111111111111111111111110110111111111110101111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111101110111111111310110111111111111011111111111111011111111111111110001101111111111111111111111010100222222221221221212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212221212121212121212221222222212212121212121212122212121212121221212121212121212121212121212121222121212121212121212121212121212121212121212122221221221222122122122122122122122122122122122122122122122122122122122122122122122122122122122122122121212121222122222222221212212112122121212121212121212122121212212112121212121212122222222121112112222112121212122121212121212122121222222212122122122122121121212212121

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 272 x 92, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5969
Entropy (8bit):	7.949719859611916
Encrypted:	false
SSDEEP:
MD5:	8F9327DB2597FA57D2F42B4A6C5A9855
SHA1:	1737D3DFB411C07B86ED8BD30F5987A4DC397CC1
SHA-256:	5776CD87617EACEC3BC00EBCF530D1924026033EDA852F706C1A675A98915826
SHA-512:	B807694ED1EF6DFA6CB5D35B46526FF9584D9AAD66CE4DC93CDEB7B8B103A7C78369D1141D53F092EDDEA0441E982D3A16DF6E98959A5557C288B580CF5191E6
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......\............IDATx..]...U..:.................].{.A.A.(......\....1........A@6.......$...(.CXX\|..d...IUu..dz...g..u.....sO.1..g..W.....~..fv..+.TL.z.q.c..e..;..{..._"...`V...NwUwg....L.{6...y...]....2yo.x}^\|.....)....444.....r7.f&.<...t.!.l'8.s..LCCcl...t........ ......;..,a..0.xju........\|.. D%.l._..........]Y.. ...&N.r.~$g...&...Z}.w.3q......RKwm.ihh.I.pL.n..7j.W..%..Ld...@......q7x)..A.x.0..M .H..Wq.g.h..k.\|P..-Q.}.Ca...@.A.....D....x.....vOp.....+.z...N...T..o.?...?.%e....&..#..3.....P..Np9...$m.Ne. ..3y?......]....l.).z...g.^.v.!....-...&..M .Eg..w.K. ..;..@.qiP4yhh.....U.l7X-.u...-.tP..X..D.i......p'.T>Y.\o.TM.....xx&...&..M ..{.MQ...@.......C.ihh...]].ws..L.<.1...M ..>/yl...yhh.Yh..y..n...H.iW!..4444.p'8G.<...4444. .!.$'.._`....&....h=@8..........T.Ao..4444..#..i.q.'t.u........T..+j.ASyjT...u..(f.y.uw...-e.B...5.W........m~..5-\|_">.j....c[o..m+....K.v.Tak_.".\.....<........u.....},..02..'.h.v.^.....s..A..Ctw

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (526)
Category:	dropped
Size (bytes):	25206
Entropy (8bit):	5.416836634519755
Encrypted:	false
SSDEEP:
MD5:	0DD87837E5E9C0B4B80F34AA25C1D259
SHA1:	0D12A3253AE7800E5A6E42B3BA221AA0302000A1
SHA-256:	2A4166342767E63CE34855AAAEDA613BBCF5D7F116B67F5F24FAA8F096A8619D
SHA-512:	E30E2FA45A612EA981F2B9FDF4A962636C9508A65A27DBAFEF4612D106689501D6741BE2FC8AACE2411AC68262F08565C2E8EC562BF8F578240FCC5C9DF083B7
Malicious:	false
Reputation:	unknown
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{._.Dad=_.Hd("P10Owf",[_.Hq]);.}catch(e){_._DumpException(e)}.try{._.x("P10Owf");.var mE=function(a){_.A.call(this,a.La);this.ka=this.getData("cmep").Kb();this.Ob=a.service.Ob;this.data=a.Pd.jda};_.C(mE,_.A);mE.Ga=function(){return{service:{Ob:_.eu},Pd:{jda:_.MD}}};mE.prototype.wa=function(){this.Ob.ka().oa(this.getRoot().el(),1).log(!0)};mE.prototype.ta=function(a){var b;a.data?b=_.Tb(_.MD,a.data):b=new _.MD;Ead(this,b)};mE.prototype.oa=function(a){Ead(this,a.data)};.var Ead=function(a,b){var c;(b==null?0:b.Ju())&&((c=a.data)==null?0:c.Ju())&&(b==null?void 0:b.Ju())!==a.data.Ju()\|\|a.Ob.ka().oa(a.getRoot().el(),2).log(!0)};mE.prototype.Ia=function(a){this.Ob.ka().ka(a.ob.el()).log(!0);_.Ve(document,_.aHc)};mE.prototype.Ea=function(a){this.Ob.ka().ka(a.ob.el()).log(!0);if(this.ka){var b;_.Ve(document,_.$Gc,(b=this.data)==null?void 0:b.Fc())}else _.Ve(document,_.ZGc,this.data)};_.K(mE.prototype,"kEOk4d",function(){return this.Ea});_.

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (32553)
Category:	downloaded
Size (bytes):	48997
Entropy (8bit):	5.800996672631247
Encrypted:	false
SSDEEP:
MD5:	F3422A35446544C286FC7C335CFFD168
SHA1:	F6BAF9DE80161CBF421B3A5D782D5C42C8EBD12F
SHA-256:	0FD0CFF8E42470710BFA10B80B7C8496854E4432E93F1D67A334C2A825318226
SHA-512:	65B0FC8D2AA818DDF0DFEA77F5D2E2160780F6B95F0E87CDE091A866952D8F69A9B5C2829ADE7D634C1749267AC35503960C854C8AA4E938817B732520AE6795
Malicious:	false
Reputation:	unknown
URL:	https://ogs.google.com/widget/callout?prid=19040333&pgid=19037049&puid=86ee7442362823ae&eom=1&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en
Preview:	<!doctype html><html lang="en" dir="ltr"><head><base href="https://ogs.google.com/"><link rel="preconnect" href="//www.gstatic.com"><meta name="referrer" content="origin"><link rel="canonical" href="https://ogs.google.com/widget/callout"><link rel="preconnect" href="https://www.gstatic.com"><link rel="preconnect" href="https://ssl.gstatic.com"><script data-id="_gd" nonce="rk1p6ebU8FOrq863u9QafQ">window.WIZ_global_data = {"DpimGf":false,"EP1ykd":["/_/*"],"FdrFJe":"-4033690724038367660","Im6cmf":"/_/OneGoogleWidgetUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"MUE6Ne":"OneGoogleWidgetUi","NrSucd":false,"OwAJ6e":false,"QrtxK":"","Rf2tsb":0,"S06Grb":"","S6lZl":128566913,"TSDtV":"%.@.[[null,[[45459555,null,false,null,null,null,\"Imeoqb\"]],\"CAMSDx0K99WlEPaumhAKs5wNCg\\u003d\\u003d\"]]]","UUFaWc":"%.@.null,1000,2]","Vvafkd":false,"Yllh3e":"%.@.1730109191692666,151690793,52293477]","ZwjLXe":538,"cfb2h":"boq_onegooglehttpserver_20241020.00_p0","eptZe":"/_/OneGoogleWidgetUi/","fPDxwd":[48802160,975

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (615)
Category:	dropped
Size (bytes):	15590
Entropy (8bit):	5.26024625611266
Encrypted:	false
SSDEEP:
MD5:	C3176A95DD26A7D1BDA416C455DA4602
SHA1:	9F9A6236EF34D915479CEEFB3DD8CB038E808DF4
SHA-256:	50F218FBE63BEF6584DF5368F4589C7164D099E5D287A56B3F130D53B747F141
SHA-512:	80B1CCD060019E0D3587A7749E2E00B38F341B673DD042C3A64B6B3692B32BAE75FBED455A7DB43586CAEB889565BBD75F3257ECEA07B2BD56A4B490E54CA91D
Malicious:	false
Reputation:	unknown
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{._.x("xUdipf");.var a$a,b$a,c$a,d$a,e$a,f$a,i$a;_.X9a=function(a){return a instanceof _.Lb?{aP:a}:a};_.Y9a=function(a){var b=_.T9a(a.ka());return _.V9a(a.Mk(),b)};_.$9a=function(a){a=_.Z9a(_.X9a(a));return _.Y9a(a)};a$a=function(){this.wa=new _.qo;this.Ja=new _.qo;this.ka=new _.qo;this.Ea=new _.qo;this.ta=new _.qo;this.Ia=[];this.oa=new _.Md;this.xg=null};b$a={};c$a={};d$a=function(a,b){if(a=a[b])return Object.values(a)[0]};.e$a=function(a){var b=a?_.$ya:_.bza;a=a?b$a:c$a;for(var c in b){var d=d$a(b,parseInt(c,10)),e=d.Db.prototype.Za;e&&(a[e]=d.Kv)}};f$a=function(a,b){var c=b?b$a:c$a,d=c[a.toString()];d\|\|(e$a(b),d=c[a.toString()]);return d};_.g$a=function(a){var b=f$a(a.Za,!0);return{aP:d$a(_.aza,b),M4:d$a(_.$ya,b),request:a}};_.h$a=function(a){var b=f$a(a.Za,!1);return{aP:d$a(_.cza,b),Eua:d$a(_.bza,b),PAb:a}};.i$a=function(a){var b=a.Za;var c=b$a[b.toString()];c\|\|(e$a(!0),c=b$a[b.toString()]);c?b=!0:(c=c$a[b.toString()],c\|\|(e$a(

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://firebasestorage.googleapis.com/v0/b/beast7-d96c5.appspot.com/o/redirectgeo%20-%20ES%20BBQ%202.htm?alt=media&token=eadf3df4-ffcd-49cd-a601-dc91c9420bb3

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 127

Chrome Cache Entry: 131

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Windows Analysis Report
https://firebasestorage.googleapis.com/v0/b/beast7-d96c5.appspot.com/o/redirectgeo%20-%20ES%20BBQ%202.htm?alt=media&token=eadf3df4-ffcd-49cd-a601-dc91c9420bb3