Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NW_EmployerNewsletter_11142024_pdf.html

Overview

General Information

Sample name:NW_EmployerNewsletter_11142024_pdf.html
Analysis ID:1558706
MD5:0337eaae9aa6eec5e8d9c654c1600401
SHA1:929b7e06c4002026c832ac0e89bd2010555df107
SHA256:f58f8a244dd7263b1ce8604f3332cba45772c1bef872afc89a3047e091a737f0
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
AI detected landing page (webpage, office document or email)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Drops PE files
Drops PE files to the windows directory (C:\Windows)
HTML page contains hidden javascript code
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 4976 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\NW_EmployerNewsletter_11142024_pdf.html MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 5628 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1908,i,9759588495099123003,10039254472244785708,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected phishing page
Source: https://kpoj.my.salesforce.com/sfc/p/#300000001VhD/a/8Z000001lAmI/NMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJUJoe Sandbox AI: Score: 8 Reasons: The brand 'Adobe' is well-known and typically associated with the domain 'adobe.com'., The URL 'kpoj.my.salesforce.com' does not match the legitimate domain for Adobe., The URL is a subdomain of 'salesforce.com', which is a legitimate domain for Salesforce, not Adobe., Salesforce is a cloud service provider, and the presence of a subdomain could indicate a customer-specific instance., The URL does not contain any direct reference to Adobe, which is suspicious given the brand association. DOM: 3.2.pages.csv
AI detected landing page (webpage, office document or email)
Source: https://kpoj.my.salesforce.com/sfc/p/#300000001VhD/a/8Z000001lAmI/NMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJUJoe Sandbox AI: Page contains button: 'Download' Source: '3.2.pages.csv'
Source: https://kpoj.my.salesforce.com/sfc/p/#300000001VhD/a/8Z000001lAmI/NMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJUHTTP Parser: Base64 decoded: {"alg":"HS256","typ":"JWT"}
Source: NW_EmployerNewsletter_11142024_pdf.htmlHTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/NW_EmployerNewsletter_11142024_pdf.htmlHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.17:63265 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:63266 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.182:443 -> 192.168.2.17:63269 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 31MB
Source: global trafficTCP traffic: 192.168.2.17:63259 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:63259 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:63259 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:63259 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:63259 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:63259 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:63259 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global trafficDNS traffic detected: DNS query: kpoj.my.salesforce.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: kpoj.lightning.force.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63262
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 63266 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 63262 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63265
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63267
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63266
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63269
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63268
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 63265 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 63268 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63267 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63269 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.17:63265 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:63266 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.182:443 -> 192.168.2.17:63269 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_715961706
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_715961706\sets.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_715961706\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_715961706\LICENSE
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_715961706\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_715961706\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_715961706\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1868158159
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1868158159\Google.Widevine.CDM.dll
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1868158159\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1868158159\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1868158159\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1868158159\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_998377002
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_998377002\module_list_proto
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_998377002\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_998377002\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_998377002\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_998377002\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1731024972
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1731024972\kp_pinslist.pb
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1731024972\ct_config.pb
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1731024972\crs.pb
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1731024972\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1731024972\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1731024972\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1731024972\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\chrome_BITS_4976_2135347210
Source: classification engineClassification label: mal52.phis.winHTML@25/42@8/131
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\NW_EmployerNewsletter_11142024_pdf.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1908,i,9759588495099123003,10039254472244785708,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1908,i,9759588495099123003,10039254472244785708,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1868158159\Google.Widevine.CDM.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1868158159\Google.Widevine.CDM.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		21
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Extra Window Memory Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1868158159\Google.Widevine.CDM.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
file:///C:/Users/user/Desktop/NW_EmployerNewsletter_11142024_pdf.html0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
na210-ia5.ia5.r.my.salesforce.com
13.110.40.235
truefalse
    		unknown
    www.google.com
    		142.250.186.68
    		truefalse
      		high
      na210-ia5.ia5.r.force.com
      		13.110.253.31
      		truefalse
        		unknown
        fp2e7a.wpc.phicdn.net
        		192.229.221.95
        		truefalse
          		high
          kpoj.my.salesforce.com
          		unknown
          		unknowntrue
            		unknown
            kpoj.lightning.force.com
            		unknown
            		unknownfalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://kpoj.my.salesforce.com/sfc/p/#300000001VhD/a/8Z000001lAmI/NMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJUtrue
                		unknown
                file:///C:/Users/user/Desktop/NW_EmployerNewsletter_11142024_pdf.htmlfalse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                142.250.186.68
                		www.google.comUnited States
                		15169GOOGLEUSfalse
                13.110.253.31
                		na210-ia5.ia5.r.force.comUnited States
                		14340SALESFORCEUSfalse
                34.104.35.123
                		unknownUnited States
                		15169GOOGLEUSfalse
                1.1.1.1
                		unknownAustralia
                		13335CLOUDFLARENETUSfalse
                142.250.186.163
                		unknownUnited States
                		15169GOOGLEUSfalse
                216.58.206.78
                		unknownUnited States
                		15169GOOGLEUSfalse
                13.110.40.235
                		na210-ia5.ia5.r.my.salesforce.comUnited States
                		14340SALESFORCEUSfalse
                142.250.186.106
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.251.168.84
                		unknownUnited States
                		15169GOOGLEUSfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                142.250.185.195
                		unknownUnited States
                		15169GOOGLEUSfalse
                172.217.16.142
                		unknownUnited States
                		15169GOOGLEUSfalse

                Private

                IP
                192.168.2.17

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1558706
                Start date and time:2024-11-19 18:10:15 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:21
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • EGA enabled
                Analysis Mode:stream
                Analysis stop reason:Timeout
                Sample name:NW_EmployerNewsletter_11142024_pdf.html
                Detection:MAL
                Classification:mal52.phis.winHTML@25/42@8/131
                Cookbook Comments:
                • Found application associated with file extension: .html

                Warnings

                • Exclude process from analysis (whitelisted): dllhost.exe
                • Excluded IPs from analysis (whitelisted): 142.250.186.163, 172.217.16.142, 142.251.168.84, 34.104.35.123
                • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                • Not all processes where analyzed, report is missing behavior information
                • VT rate limit hit for: NW_EmployerNewsletter_11142024_pdf.html

                LLM Input / Output

                InputOutput
                URL: :// Model: Joe Sandbox AI
                {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                URL: ://
                URL: https://kpoj.my.salesforce.com/sfc/p/#300000001VhD/a/8Z000001lAmI/NMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJU Model: Joe Sandbox AI
                ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Download",
  "prominent_button_name": "Download",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": true,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                URL: https://kpoj.my.salesforce.com/sfc/p/#300000001VhD/a/8Z000001lAmI/NMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJU Model: Joe Sandbox AI
                ```json
{
  "brands": [
    "Adobe"
  ]
}
                URL: https://kpoj.my.salesforce.com/sfc/p/#300000001VhD/a/8Z000001lAmI/NMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJU Model: Joe Sandbox AI
                ```json{  "legit_domain": "adobe.com",  "classification": "wellknown",  "reasons": [    "The brand 'Adobe' is well-known and typically associated with the domain 'adobe.com'.",    "The URL 'kpoj.my.salesforce.com' does not match the legitimate domain for Adobe.",    "The URL is a subdomain of 'salesforce.com', which is a legitimate domain for Salesforce, not Adobe.",    "Salesforce is a cloud service provider, and the presence of a subdomain could indicate a customer-specific instance.",    "The URL does not contain any direct reference to Adobe, which is suspicious given the brand association."  ],  "riskscore": 8}
Google indexed: False
                URL: kpoj.my.salesforce.com
            Brands: Adobe
            Input Fields: u, n, k, n, o, w, n
                URL: https://salesforce.com Model: Joe Sandbox AI
                {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                URL: https://salesforce.com

                Created / dropped Files

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 16:10:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2677
                Entropy (8bit):3.9885703945247246
                Encrypted:false
                SSDEEP:
                MD5:19D01ED26E1F001A4CA64AFA3ECD3E0E
                SHA1:A693F325C71F3233C1C703E62FD1F669F3B6CD12
                SHA-256:2BEAF8AB6915645A9B76FCFEEB032330BF4BE3A7AF695BDECD6D0706F9BD8CC1
                SHA-512:023E1579848879D70D00DAA456544AB73D744923CCBF96F733A4992DBAE0D7BFA6579621D48814647C26F0503FF0420AF8DD425BF31D849D8B0B06A8E4DBA9C8
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....dM...:......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IsYO.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsYW.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VsYW.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VsYW............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VsYW............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 16:10:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2679
                Entropy (8bit):4.007066265303762
                Encrypted:false
                SSDEEP:
                MD5:C955A596B0BE79AD083676FA12FA6070
                SHA1:A2A497B4AF035DC32680935E88B2BEBED7279195
                SHA-256:3CED52A069C1FB6985668D0211B1FCCCD0E77EADB1B2A2A3EA22E5A4496340DA
                SHA-512:2DF746A93CB7074584BAAF0EE6BE13405AD62B90FC044FF51DAABB28517251B09618402FB2FF39CD9DF151130AF95D832B836E3A4F7364EB5CA052FC8E05D873
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.........:......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IsYO.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsYW.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VsYW.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VsYW............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VsYW............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2693
                Entropy (8bit):4.016173705371976
                Encrypted:false
                SSDEEP:
                MD5:5E113EEDCA4D6B8B9B9EC3C25D61B51A
                SHA1:6845D9C27DE1377F74FA373D0826A8C60543A0E7
                SHA-256:58C4CEB46B6A84D5C61C1A81F7487A97BA6169CB3CD44CA58C65368C860B20FB
                SHA-512:096ABFF0C3017D57284DAF0B0A2CF429752CE66461DB64D639E4E94FE6E80AF41FF79C8E47998026A4DA677C7070B72249D7E4439D55ABF10C875AA842C07306
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IsYO.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsYW.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VsYW.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VsYW............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 16:10:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2681
                Entropy (8bit):4.005480464325544
                Encrypted:false
                SSDEEP:
                MD5:CD2C5772FF73E3C21731BF798A94F826
                SHA1:0B7D70900DD40EE57C549BD74B193689DB516749
                SHA-256:0CAFA96A0A14190B3EC49D275C0210B6E82EFBF4BE4F5C36C03DCC0A1EDE3E3D
                SHA-512:0097B341D9B77777792E416C718DF9D75BAD1575CE0168CC68EFE31CBE7F5098B5883CF20189B311FAFF0342BC182C87F8B64C70E93E36E60719CAF0D87FDC1F
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.........:......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IsYO.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsYW.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VsYW.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VsYW............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VsYW............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 16:10:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2681
                Entropy (8bit):3.9918007127793733
                Encrypted:false
                SSDEEP:
                MD5:BBB16BE4310AC8A60C7BE118C4B2863A
                SHA1:1351CC20B252900DC6BF1A85F117C32D52FEF13A
                SHA-256:CD590932D7DDC9C607CEF4F2133252D63808483DD94AAA5DA5B354C00704D6F0
                SHA-512:804F8B1D42800F53A7D07AD44805DCAF280719CBD0FC0B9D81447355813122B92169590A46D11FA1E0DEB46E2A94EDB94099654E2876ED20833AC8A6ECABF164
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....:....:......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IsYO.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsYW.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VsYW.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VsYW............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VsYW............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 16:10:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2683
                Entropy (8bit):4.002311080268509
                Encrypted:false
                SSDEEP:
                MD5:6571FBED1626F4B3D305C406BC9E76A4
                SHA1:059A10D5E3FF3235BA5B22CF8B4409DEB4FDF015
                SHA-256:B01F019EBF0A82E419D4C1489127AEC69D62C3A3D148AC6EFEC7E953845FB50F
                SHA-512:F32601B6F90712DACB6A17BA4CB724FFB45A49FE65435161AC969F8A20C0120230420AF0B1B617768D869BBC39F1E7A0AD45619670B1F66F20259E58C04433E2
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.........:......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IsYO.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsYW.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VsYW.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VsYW............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VsYW............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1731024972\_metadata\verified_contents.json

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1969
                Entropy (8bit):5.996813951234031
                Encrypted:false
                SSDEEP:
                MD5:B58D793BB67953463F894A8E93480C86
                SHA1:51BF4FD3A526DEC399BB26893C6CCE44D09A3BCF
                SHA-256:79EED636045C18C455B2E03F7DC44BB3B62D7A83CAC052C73290BDA69BF6C33F
                SHA-512:39B4B28A6BC121CA40366760381BDE4434BD12F01650BC13B6BDADA3850A9DA86F56BC35E09AE79EE660769600E8474A45E183C221CAD48361EE85A9C89C09EC
                Malicious:false
                Reputation:unknown
                Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJjcnMucGIiLCJyb290X2hhc2giOiJuYnkzdVpTb1Jhd0tEZ2NyRW42RGlfQ0tIUlVxN0ZHZi1FYy0tMnRfUGIwIn0seyJwYXRoIjoiY3RfY29uZmlnLnBiIiwicm9vdF9oYXNoIjoib3phZzYyRE5UNHI3ZUJtVzBjekpCR3BXM3g4RjhGd2NncThXd2VIcDBCUSJ9LHsicGF0aCI6ImtwX3BpbnNsaXN0LnBiIiwicm9vdF9oYXNoIjoicF9PZ1FKTzJ2cElDQUZmdWxaMDhreW1wNzZha2tjRG5iR1pyZWJXWEtwZyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiI1Z0J5Uk9MdjZzLVRVM096dl9IeXJsd3hXUFFMeXZ4X0RWQVFtNnRORmZVIn1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoiZWZuaW9qbG5qbmRtY2JpaWVlZ2tpY2Fkbm9lY2pqZWYiLCJpdGVtX3ZlcnNpb24iOiIxMTMzIiwicHJvdG9jb2xfdmVyc2lvbiI6MX0","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"gmy15aPY2gwWPFgg7g14P5pu1pN_Iy5cSN4mydLwXRWXghSykBhP4_EgKDN_4igxZJXgHozkoUJFOSVe56EcAh47EYlHuXebyWVMclsvEgs5JgeibxMfixgFeNDSraX4f4XOP2ILavVaHV

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1731024972\crs.pb

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:data
                Category:dropped
                Size (bytes):145314
                Entropy (8bit):7.683479094783282
                Encrypted:false
                SSDEEP:
                MD5:57086B02F74C3FE7B79A5E2E3D852322
                SHA1:6420387225DDCD5210175DE4F3FDB0AB2BE8EE9C
                SHA-256:A1B5BE8D4AAB349AFF58ED34E1F3BC6647CF440830DA0A12A8BD5A1C976C6407
                SHA-512:B195EB9A9129863E75BE603B00B85ECFE46360910529FB38513AF6940F9D17EFD56F234B47963452329CD85B16BEBB5A85AB5D304743E57D33BAFD5B59900468
                Malicious:false
                Reputation:unknown
                Preview:.....2.23.140.1.1...0...0..........W...B...0...*.H........0k1.0...U....IT1.0...U....Milan1#0!..U....Actalis S.p.A./033585209671'0%..U....Actalis Authentication Root CA0...110922112202Z..300922112202Z0k1.0...U....IT1.0...U....Milan1#0!..U....Actalis S.p.A./033585209671'0%..U....Actalis Authentication Root CA0.."0...*.H.............0...........).,....P.oQ;..Z..H8..........@?..h....-.....V.m......_.l... ...Q.iM..Zo/.D~....X.....EG.'.....!..A-/L.(....".Ve..T..C).9Fx.0#...}.W.].kHL...Z[:.."?.'3[....].7..l.zG"D5......*.}f._aQ"U..F..=.5b....[....0&......G...9.......OP......<e...$....T>.:v$O.!.......G .....h...z...STy.........>.m.%...Ba.J.....e...9..<.....Z.Y...{..N.OYE..^(_..?E...o...wZ.o......J.J..D!.1EaPN...5|L................z.tU.h....bd.m.....W............~..S.4P(X..Pq.0..xc.....+...9.^.. ..{....V....;...]...L+.....K......c0a0...U......R.:.xf..{8p....6.0...U.......0....0...U.#..0...R.:.xf..{8p....6.0...U...........0...*.H..............{r..`.IL.X.....dH..X

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1731024972\ct_config.pb

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:data
                Category:dropped
                Size (bytes):51839
                Entropy (8bit):7.7548636835837295
                Encrypted:false
                SSDEEP:
                MD5:D456000930D63C0AFAD6D2C362F72353
                SHA1:8D4198DBB0AAD1FB5A70FF00EE32C180B985A2E2
                SHA-256:B5368DCFFAA943DC57081275E1E5557BEAF9691DA0D9845BF148424723950F92
                SHA-512:5FC8C16AFD03D20C04E4399B2F38BC5EC8808EA56AB92178E939C32543171BCD0B2C8BF8924601B0018021F09D65CC33E7B95E5382A0300ADABDD5199AA5B54C
                Malicious:false
                Reputation:unknown
                Preview:.....1.......... .*)..Google..google-ct-logs@googlegroups.com*i..Cloudflare..ct-logs@cloudflare.com..mihir@cloudflare.com..dkozlov@cloudflare.com..leland@cloudflare.com*...DigiCert..ctops@digicert.com*...Sectigo..ctops@sectigo.com*$..Let's Encrypt..sre@letsencrypt.org*,..TrustAsia..trustasia-ct-logs@trustasia.com2....Google 'Argon2024' log.|MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHblsqctplMVc5ramA7vSuNxUQxcomQwGAVAdnWTAWUYr3MgDHQW0LagJ95lB7QT75Ve6JgT2EVLOFGU7L3YrwA==.,7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZs= ...*-https://ct.googleapis.com/logs/us1/argon2024/2...............B..........J...Google.......R.google_argon2024...https://crbug.com/889033...2....Google 'Argon2025h1' log.|MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIIKh+WdoqOTblJji4WiH5AltIDUzODyvFKrXCBjw/Rab0/98J4LUh7dOJEY7+66+yCNSICuqRAX+VPnV8R1Fmg==.,TnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8= ...*/https://ct.googleapis.com/logs/us1/argon2025h1/2...............B.........J...Google.......R.google_argon2025h1...https://crbug.c

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1731024972\kp_pinslist.pb

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:data
                Category:dropped
                Size (bytes):11431
                Entropy (8bit):5.1043346249507495
                Encrypted:false
                SSDEEP:
                MD5:B17572C069B858DDEC1CBCD618171E60
                SHA1:7765C792CA9671EB3BFC5D393A9F944270612191
                SHA-256:B6DD2F4DA516310BE9E70BFD75998D920C01E21072116B9B629347F0278F5189
                SHA-512:2B819B2ED01C8EA35B362DE310E5A80CB95544037D18DFEF49CF0C9E23FB604149DFDDFED9FE9440B8369BF76859B903779784F0ED31209F5A83D4ACA0B0D56F
                Malicious:false
                Reputation:unknown
                Preview:...........I..test. ................................".http://report-example.test/test.....google. .....U!..c.X.w_..%gu..`.....&.. .........@.L.RJ./w..._....h.z.g. U.}...y$(....Q."[.:U..&.(.e>.... Ay...ttw..&@..=.,.....,.`.@.wCH. .G.e>^..u......uD.....6mPi...CG. ...3_.^..T9....;.&..a.K.[..... ....f..E..o...._.j..9h.U.... Ho....s. '.....2..2T...S(..... ..b.H.....Z..Z'..!.nP....."+http://clients3.google.com/cert_upload_json.....facebook. ...M.G..z.!.*..S@j:.&...k..rD.. ........{:.pDn.).`.A......c... .3= ..B...#oNP..7..s.~%M..E.M.. !.~.&9E.Y.?.s.A9.<AO.<..~..).;. ....m...].......2.[.....A.&.... ....;..."..|Tx.......bT...k..&. .L......W..'.....i.%d9../E...... Z..G".T....r$R...X.K.pPc....._. Y.1{..O...QMwr)j..e.vd...s..dr.. j......>].d..l..5[.~up...En.... ./.......AUO.....*......d|..... +..X...F_..o..1/.%..P...kg....d. pk..|.\Y...\...Y......=.J.t...... h'G..b....)^..."...6=.h..(.x... ...,.....3....q..u..#+j...=... ......q\&...q.On.-X..^.3z9..

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1731024972\manifest.fingerprint

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):66
                Entropy (8bit):3.754262356053725
                Encrypted:false
                SSDEEP:
                MD5:162F764C737474EAEC887285938AA068
                SHA1:4761675A05DF1323623A8D80989CD39485EE3781
                SHA-256:9213E5FF92B833DEF56572F713E00B2D24961596ECF5BB957C6308178C8A526C
                SHA-512:42D888338C940D2B9AA27C880A778A5DD31890D5FC3E4B97984372BA1C87B23567DCDD153264C2B1EB8B48A3DC37351298DA8C0C6F357457AF390CA5CD9BDD2A
                Malicious:false
                Reputation:unknown
                Preview:1.125cd9b2e114daf787612b37c3ef1b6c7f31c317242011c455695f255c253229

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1731024972\manifest.json

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):73
                Entropy (8bit):4.309926621657846
                Encrypted:false
                SSDEEP:
                MD5:CEE5B0BF41DB27E17701D7406FBADDEA
                SHA1:7B4115272CBD12E321F9A8052EE14D490C57D1EE
                SHA-256:E6007244E2EFEACF935373B3BFF1F2AE5C3158F40BCAFC7F0D50109BAB4D15F5
                SHA-512:F0F91D670F5D0237850F58FA3E5B5FFE65D92568EF8896739A29191AC8E55852003D55760387C9B1D0CD02323EC7FCE068B5D99507F6B23ADD9038028DB3BDCC
                Malicious:false
                Reputation:unknown
                Preview:{. "manifest_version": 2,. "name": "pkiMetadata",. "version": "1133".}

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1868158159\Google.Widevine.CDM.dll

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                Category:dropped
                Size (bytes):2877728
                Entropy (8bit):6.868480682648069
                Encrypted:false
                SSDEEP:
                MD5:477C17B6448695110B4D227664AA3C48
                SHA1:949FF1136E0971A0176F6ADEA8ADCC0DD6030F22
                SHA-256:CB190E7D1B002A3050705580DD51EBA895A19EB09620BDD48D63085D5D88031E
                SHA-512:1E267B01A78BE40E7A02612B331B1D9291DA8E4330DEA10BF786ACBC69F25E0BAECE45FB3BAFE1F4389F420EBAA62373E4F035A45E34EADA6F72C7C61D2302ED
                Malicious:false
                Antivirus:
                • Antivirus: ReversingLabs, Detection: 0%
                Reputation:unknown
                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....fd.........." ......(..........A&.......................................,.......,...`A.........................................V*......V*......`,......`+..p....+. )...p,......D*.8....................C*.(.....(.8...........p\*..............................text.....(.......(................. ..`.rdata..h.....(.......(.............@..@.data....l....*..&....*.............@....pdata...p...`+..r....*.............@..@.00cfg..(.....+......p+.............@..@.gxfg....$....+..&...r+.............@..@.retplnel.... ,.......+..................tls.........0,.......+.............@....voltbl.D....@,.......+................._RDATA.......P,.......+.............@..@.rsrc........`,.......+.............@..@.reloc.......p,.......+.............@..B........................................................................................................................................

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1868158159\_metadata\verified_contents.json

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1778
                Entropy (8bit):6.02086725086136
                Encrypted:false
                SSDEEP:
                MD5:3E839BA4DA1FFCE29A543C5756A19BDF
                SHA1:D8D84AC06C3BA27CCEF221C6F188042B741D2B91
                SHA-256:43DAA4139D3ED90F4B4635BD4D32346EB8E8528D0D5332052FCDA8F7860DB729
                SHA-512:19B085A9CFEC4D6F1B87CC6BBEEB6578F9CBA014704D05C9114CFB0A33B2E7729AC67499048CB33823C884517CBBDC24AA0748A9BB65E9C67714E6116365F1AB
                Malicious:false
                Reputation:unknown
                Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJHb29nbGUuV2lkZXZpbmUuQ0RNLmRsbCIsInJvb3RfaGFzaCI6Im9ZZjVLQ2Z1ai1MYmdLYkQyWFdBS1E5Nkp1bTR1Q2dCZTRVeEpGSExSNWMifSx7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiYk01YTJOU1d2RkY1LW9Tdml2eFdqdXVwZ05pblVGakdPQXRrLTBJcGpDZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6Im5laWZhb2luZGdnZmNqaWNmZmtncG1ubHBwZWZmYWJkIiwiaXRlbV92ZXJzaW9uIjoiMS4wLjI3MzguMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"KTPeHzS0ybFaz3_br3ASYWHjb6Ctul92067u2JMwtNYYm-4KxLiSkJZNBIzhm6hNSEW2p5kUEvHD0TjhhFGCZnWm9titj2bqJayCOAGxZb5BO74JJCRfy5Kwr1KSS4nvocsZepnHBmCiG2OV3by-Lyf1h1uU3X3bDfD92O0vJzrA8rwL2LrwIk-BolLo5nlM0I_MZwg8DhZ8SFBu9GGRVB2XrailDrv4SgupFE9gqA1HY6kjRjoyoAHbRRxZdBNNt9IKNdxNyaF9NcNRY8dAedNQ9Tw3YNp5jB7R9lcjO4knn58RdH2h_GiJ4l96StcXA4e7cqbJ77P-c

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1868158159\manifest.fingerprint

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):66
                Entropy (8bit):3.974403644129192
                Encrypted:false
                SSDEEP:
                MD5:D30A5BBC00F7334EEDE0795D147B2E80
                SHA1:78F3A6995856854CAD0C524884F74E182F9C3C57
                SHA-256:A08C1BC41DE319392676C7389048D8B1C7424C4B74D2F6466BCF5732B8D86642
                SHA-512:DACF60E959C10A3499D55DC594454858343BF6A309F22D73BDEE86B676D8D0CED10E86AC95ECD78E745E8805237121A25830301680BD12BFC7122A82A885FF4B
                Malicious:false
                Reputation:unknown
                Preview:1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_1868158159\manifest.json

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):145
                Entropy (8bit):4.595307058143632
                Encrypted:false
                SSDEEP:
                MD5:BBC03E9C7C5944E62EFC9C660B7BD2B6
                SHA1:83F161E3F49B64553709994B048D9F597CDE3DC6
                SHA-256:6CCE5AD8D496BC5179FA84AF8AFC568EEBA980D8A75058C6380B64FB42298C28
                SHA-512:FB80F091468A299B5209ACC30EDAF2001D081C22C3B30AAD422CBE6FEA7E5FE36A67A8E000D5DD03A30C60C30391C85FA31F3931E804C351AB0A71E9A978CC0F
                Malicious:false
                Reputation:unknown
                Preview:{. "manifest_version": 2,. "name": "windows-mf-cdm",. "version": "1.0.2738.0",. "accept_arch": [. "x64",. "x86_64",. "x86_64h". ].}

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_715961706\LICENSE

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):1558
                Entropy (8bit):5.11458514637545
                Encrypted:false
                SSDEEP:
                MD5:EE002CB9E51BB8DFA89640A406A1090A
                SHA1:49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
                SHA-256:3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
                SHA-512:D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
                Malicious:false
                Reputation:unknown
                Preview:// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_715961706\_metadata\verified_contents.json

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1864
                Entropy (8bit):6.018989605004616
                Encrypted:false
                SSDEEP:
                MD5:C4709C1D483C9233A3A66A7E157624EA
                SHA1:99A000EB5FE5CC1E94E3155EE075CD6E43DC7582
                SHA-256:225243DC75352D63B0B9B2F48C8AAA09D55F3FB9E385741B12A1956A941880D9
                SHA-512:B45E1FD999D1340CC5EB5A49A4CD967DC736EA3F4EC8B02227577CC3D1E903341BE3217FBB0B74765C72085AC51C63EEF6DCB169D137BBAF3CC49E21EA6468D7
                Malicious:false
                Reputation:unknown
                Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJVczFpOUt3Zm5uMThTVVR1RVItRXBDTTMwVzFkNTc0cGJwUlJSdGJYM0JVIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiM0hiWThLc3poeEF6UDVSUU9fZEpvZGNwbEtpRXR0RWh2UmZMZEtjSTdjZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC4xMS44LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"lGxZ1-AH7F8MftKSBdZiFULmC8hZkIHy1_2XIoU81Z5mK0wHVwNV7-55CBTcuuvKjTje-AnKLDoG4S0A_Jeg4lSQK5V_Q4f6JVqp5Vj_ge86YkRZEv4m1bjKRY4N17SHobwuH8Hc_kAugFIlG1LIDHnrm1N7ZWIqo3fVlnVqgSstmvFXAhBazgs1UYRi3hPjPM6e1q1i2N1mIUbxLvG41frGo2QJ8W5J3buUjzs-0y250k-YkadKAR0

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_715961706\manifest.fingerprint

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):66
                Entropy (8bit):3.820000180714897
                Encrypted:false
                SSDEEP:
                MD5:BBEC7670A2519FEB0627F17D0C0B5276
                SHA1:9C30B996F1B069F86EF7C0136DFAF7E614674DEA
                SHA-256:670A6F6BBADAB2C2BE63898525FCAF72E7454739E77C04D120BC1A46B6694CAC
                SHA-512:1ED4ED6AE2A2CBE86F9E8C6C7A2672EBB2F37DBE83D2BF09D875DB435ED63BF5F5CF60CA846865166F9A498095F6D61BD51B0A092E097430439E8A5A3A14CB15
                Malicious:false
                Reputation:unknown
                Preview:1.03cccbb22b17080279ea1707c9ab093c59f4f4dd09580c841cfa794cb372228d

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_715961706\manifest.json

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):85
                Entropy (8bit):4.462192586591686
                Encrypted:false
                SSDEEP:
                MD5:084E339C0C9FE898102815EAC9A7CDEA
                SHA1:6ABF7EAAA407D2EAB8706361E5A2E5F776D6C644
                SHA-256:52CD62F4AC1F9E7D7C4944EE111F84A42337D16D5DE7BE296E945146D6D7DC15
                SHA-512:0B67A89F3EBFF6FEC3796F481EC2AFBAC233CF64FDC618EC6BA1C12AE125F28B27EE09E8CD0FADB8F6C8785C83929EA6F751E0DDF592DD072AB2CF439BD28534
                Malicious:false
                Reputation:unknown
                Preview:{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.11.8.0".}

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_715961706\sets.json

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):9817
                Entropy (8bit):4.629347296880043
                Encrypted:false
                SSDEEP:
                MD5:8C702C686B703020BC0290BAFC90D7A0
                SHA1:EB08FF7885B4C1DE3EF3D61E40697C0C71903E27
                SHA-256:97D9E39021512305820F27B9662F0351E45639124F5BD29F0466E9072A9D0C62
                SHA-512:6137D0ED10E6A27924ED3AB6A0C5F9B21EB0E16A876447DADABD88338198F31BB9D89EF8F0630F4573EA34A24FB3FD3365D7EA78A97BA10028A0758E0A550739
                Malicious:false
                Reputation:unknown
                Preview:{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_998377002\_metadata\verified_contents.json

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1770
                Entropy (8bit):6.021316461962017
                Encrypted:false
                SSDEEP:
                MD5:7D6EDE6F96A0B67B0B65B7FE4D0BD8C6
                SHA1:32819342DE1353DD7B7C2277132A2C8AC713B027
                SHA-256:AFAD87D6408424912274B737E10ACD09FF47EFFAC7C0DFF3A658BE32AD8E81E5
                SHA-512:2FCAD2E981C56BBF2794CBC9A419E34A67D63E5D1C8D5A1FD4C26A8EFC748F28875EE7883E8A6806B1A436DD72FBAA4015A43CA43A13DDBA53079CD24547F186
                Malicious:false
                Reputation:unknown
                Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiY3F2TlBrVVh6U2E5NUMxeXpZVERadTJTRHhhTjdNMEFXWS1TR1lrZlkwVSJ9LHsicGF0aCI6Im1vZHVsZV9saXN0X3Byb3RvIiwicm9vdF9oYXNoIjoiSzZ0VTZILU5oazlzcGc1V01GVnVRcjZKbVJnek1ja3dMZzVHV0dBVkwxMCJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImVoZ2lkcG5kYmxsYWNwamFsa2lpbWtiYWRnamZubm1jIiwiaXRlbV92ZXJzaW9uIjoiMjAxOC44LjguMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"fDxxNvHaqyhoShwdeGpUS5F0GxOrj3bfBznLiYGmP62C4oRY-Vf3I9J6_nzcQ6SPRe8CpJflAGD5eSQnbtsb6prHKZ2oYOLcKarpvQGVIS9WL9Z4hrTUsAqVmW0n8cTv7jo3cXkGg8lWdI8tj5yjrAE09XLSitPIdL_xmJIR5dEZfVpvFKgRbWTUr_5SSvZbny_8niCUuOADpas1X3uXPW-sT0jXotiwzvJgnM3rKiHr3Tsnira9E7iFZcB5JatGJwVnMnoDSfXkNhQxu1YAAYeBRKN9Ev3XAE1EBtmBLDHy33DJIihci-Slrx2j_afRk1_zi6JuH3GA60P6G6D6n

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_998377002\manifest.fingerprint

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):66
                Entropy (8bit):3.872935977280404
                Encrypted:false
                SSDEEP:
                MD5:A43371DACA3F176ED5A048BC5E2899B1
                SHA1:32FC0A9ECB568BDF3CE13F9EA17E827A900EDB42
                SHA-256:736DB43A7CCB37136CAEFF0B80670BD76BFE528203856CB19CB6C3D161B48F9C
                SHA-512:8754C5D823A9EED2749852B37084F5ED14176B6CB74D946CA3F152DD91F2C03CC4457F1CA0219D883522C7213C4CD04FCD2E33BBB31C7F7EBD6968CEE35AF951
                Malicious:false
                Reputation:unknown
                Preview:1.a8a79d350c2a5e3bc36226633a8e0bed0dfab184e77f38fc8f0820ebacf8eafc

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_998377002\manifest.json

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):95
                Entropy (8bit):4.62652268830492
                Encrypted:false
                SSDEEP:
                MD5:713CD498ACBE38CCD3A83F9ACBAB4A18
                SHA1:20D43E9E26EB68915062A9EF1686C8C5AE232B54
                SHA-256:72ABCD3E4517CD26BDE42D72CD84C366ED920F168DECCD00598F9219891F6345
                SHA-512:8AA869C9CC8A7EE4161E8DA8E7CEC11DDBB99218120A59690E23AC545A41D20DD7E6F91CECB2A91F3DBF5132DC90D316ADBC9835973DA556E5DDB55E3D52F230
                Malicious:false
                Reputation:unknown
                Preview:{. "manifest_version": 2,. "name": "win_third_party_module_list",. "version": "2018.8.8.0".}

                C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4976_998377002\module_list_proto

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:data
                Category:dropped
                Size (bytes):2120
                Entropy (8bit):7.424032397848591
                Encrypted:false
                SSDEEP:
                MD5:9E7D797CC67A0142F6CB3844B04D4851
                SHA1:9CE8A316A8A6A41670F4F18C0B24569855B9C47B
                SHA-256:2BAB54E87F8D864F6CA60E5630556E42BE8999183331C9302E0E465860152F5D
                SHA-512:57757C7080F87AB982B1A7ACD25E666AF86DD4EB235726D79EDC4A931B9F0968A76E448B773C18BFFEE887B4A065FE7C7A44E316B72F5775459309B99918FAFB
                Malicious:false
                Reputation:unknown
                Preview:..................P.m.'.8.. ......n........a..........9G.|%.cW&7..w.9...x........]........`DJZ..I...../.K.3"..h......3l.....'...*..<.H&..0q.?.......H'\:..P&j........@.....o.$.....I.......Y.=.......KH..E....l.N<..A.....q..w....l8d.....%@.......gP.4<...8..}?..?....v.Ti&.6. Z.Q.<.:..C....v.|A.....T....)]\.I;....D........'q3.S..........T.@)b..z@Q0..LI........M..h...w....7._..........B...P5.>...3.._......k|..c..J.O...Sfs,.......^....&.F<C._\..8.Y.........29.....+..a$/T.1.....p.6...._....@!.Q......`.43....4...|............^.0.....SC./...L........I.8..V3.|...........J.>0_.8...,.A=...'........8.4...P,.V.$..............0k.......c.........D.x.`..(.3k+m..Ig.?.....s\e+...6c.....)...........;.E....(. .............o%..Fi...'QX.*..t......!......E...V'........y.......,.Z.`.....>......>(..F."...E..F......d.n............"..........eQA>}_t.+...>...q..........h..'*.=.3q........@...-Z.`'..5.*....3......w.*...j.....g`..,......f$....`\.f?..^...3.....M....MI3..ufL.t...(....s...:.

                Chrome Cache Entry: 198

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (688)
                Category:dropped
                Size (bytes):2619755
                Entropy (8bit):5.359105534900601
                Encrypted:false
                SSDEEP:
                MD5:25CCE997441AD8AE174D92FB13B8D73D
                SHA1:73DF645D1AA9E6DE7615C836682314303C70FE32
                SHA-256:F7A8A05A219079C4FEA49808E3CF855D3E508DF1C0FFDED1A219D67206059B95
                SHA-512:6F925F958166C5B3436CF2F51A5FB38667F1806B7A40E6FCC83FDD626CFF6DEC99B336C3114E041E648229B04EEBDC78DCF292C64C80FA9DF73E7B05532BAC78
                Malicious:false
                Reputation:unknown
                Preview:"undefined"===typeof Aura&&(Aura={});Aura.bootstrap||(Aura.bootstrap={});Aura.frameworkJsReady||(Aura.ApplicationDefs={cmpExporter:{},libExporter:{}},$A={componentService:{addComponent:function(a,b){Aura.ApplicationDefs.cmpExporter[a]=b},addLibraryExporter:function(a,b){Aura.ApplicationDefs.libExporter[a]=b},initEventDefs:function(a){Aura.ApplicationDefs.eventDefs=a},initLibraryDefs:function(a){Aura.ApplicationDefs.libraryDefs=a},initControllerDefs:function(a){Aura.ApplicationDefs.controllerDefs=a},initModuleDefs:function(a){Aura.ApplicationDefs.moduleDefs=a}}});.$A.componentService.addLibraryExporter("js://offline.offlineDraftLib.Log",function(){/*$A.componentService.addLibraryInclude("js://offline.offlineDraftLib.Log",[],function(){return{getLogConfig:function(a,c,b){a="synthetic-"+a.replace(":","-");b&&(a+="-"+b);return{context:{eventSource:a,eventType:c,attributes:{}}}},log:function(a,c){$A.log(["OfflineLog",a,c].join(": "))},logError:function(a,c,b){b=b||!0;a=["OfflineError",a,c].

                Chrome Cache Entry: 201

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (65536), with no line terminators
                Category:downloaded
                Size (bytes):1283940
                Entropy (8bit):4.999740916952206
                Encrypted:false
                SSDEEP:
                MD5:91596D7431BDD47A7B5B0C6A8E4EFD3E
                SHA1:6E31F3EF4D76FD9340B4A09ECCC9AA36ACD663EE
                SHA-256:22BF37E8D6FC4F11B7C11DA769A3E518062B07B68CD9FFD664D57B09F742B10D
                SHA-512:172A2DF5E0909C7922A9F8C3D60104679B21298D0D353C13A759FEDB09E6290F5D14C944BB02C70472A8247CE7C55AE723BF2A8642CA741CDFF9A78A4C701305
                Malicious:false
                Reputation:unknown
                URL:https://kpoj.my.salesforce.com/sfc/ld/300000001VhD/a/8Z000001lAmI/NMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJU/l/%7B%22mode%22%3A%22PROD%22%2C%22dfs%22%3A%228%22%2C%22app%22%3A%22forceContent%3AcontentDistributionApp%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2FforceContent%3AcontentDistributionApp%22%3A%221673_NlaMsW3lrp8048dmvnSf6A%22%7D%2C%22styleContext%22%3A%7B%22c%22%3A%22webkit%22%2C%22x%22%3A%5B%223%22%2C%22SLDS%22%2C%22isDesktop%22%5D%2C%22tokens%22%3A%5B%22markup%3A%2F%2Fforce%3AsldsTokens%22%2C%22markup%3A%2F%2Fforce%3Abase%22%2C%22markup%3A%2F%2Fforce%3AformFactorLarge%22%5D%2C%22tuid%22%3A%22CGPTi0LcSV8Xi3_qCMevNg%22%2C%22cuid%22%3A856233832%7D%2C%22pathPrefix%22%3A%22%2Fsfc%2Fld%2F300000001VhD%2Fa%2F8Z000001lAmI%2FNMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJU%22%7D/app.css?3=
                Preview::root{--lwc-paletteIndigo10:rgb(32, 6, 71);--lwc-popoverWalkthroughHeaderImage:;--lwc-zIndexDialog:6000;--lwc-colorPickerSelectorWidth:14rem;--lwc-nubbinSizeDefault:1rem;--lwc-paletteCloudBlue40:rgb(5, 98, 138);--lwc-colorBackgroundContextBarInverseItemHover:rgba(255, 255, 255, 0.2);--lwc-dropZoneSlotHeight:0.25rem;--lwc-colorTextTabLabelSelected:rgb(1, 118, 211);--lwc-colorStrokeBrandActive:rgb(3, 45, 96);--lwc-paletteIndigo15:rgb(31, 9, 116);--lwc-cardBodyPadding:0 1rem;--lwc-varSpacingHorizontalSmall:0.75rem;--lwc-tableColorBackgroundHeaderResizableHandle:rgb(174, 174, 174);--lwc-colorBackgroundPathActiveHover:rgb(3, 45, 96);--lwc-brandPrimaryTransparent:rgba(21, 137, 238, 0.1);--lwc-brandPrimaryTransparent40:rgba(21, 137, 238, 0.4);--lwc-colorBorderButtonDefault:rgb(201, 201, 201);--lwc-paletteIndigo20:rgb(50, 29, 113);--lwc-popoverColorText:rgb(201, 201, 201);--lwc-paletteCloudBlue30:rgb(8, 73, 104);--lwc-colorTextButtonDefaultActive:rgb(1, 118, 211);--lwc-colorPickerSliderHeight:

                Chrome Cache Entry: 202

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with no line terminators
                Category:downloaded
                Size (bytes):16
                Entropy (8bit):3.875
                Encrypted:false
                SSDEEP:
                MD5:39A8E3B58CBC4E1D5BC31477B0FA34F6
                SHA1:ED5A2BF9839AB6B94C546B79214F227D109DB1F2
                SHA-256:78F3A521935C55914CFF30AAE9A6EF23D57FA2BE8A87BF9685508310E3722594
                SHA-512:2FB8A7733D96BAA6B05BC6AB50B6A0F4308E8A1A36A0435B19A62E296D24776EBB9E356FA911A40B332DC00B3232AC3E26AED52A7B21FE62F42793253E674B13
                Malicious:false
                Reputation:unknown
                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAkyDg0zrSXeGxIFDTd43gQ=?alt=proto
                Preview:CgkKBw03eN4EGgA=

                Chrome Cache Entry: 207

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (65536), with no line terminators
                Category:dropped
                Size (bytes):625208
                Entropy (8bit):5.394338285913631
                Encrypted:false
                SSDEEP:
                MD5:63B11FC9CB1A211D077CD71200D9A75A
                SHA1:4DAC898F08DB9C5589B66ECFAC77994C8A31A2C7
                SHA-256:315967119466CAB678315AE6C3F21344D23E972641621AB0FD3E530F7493851A
                SHA-512:412C4E3FFAEA8AD9FFCCCCE0EAE913217C1FE3D80BB7F2CDAA5FD1036F7677FB63E8955AEC3D718361988851A9555DB88C43FF5323C7899FB6D0FE31C167CE87
                Malicious:false
                Reputation:unknown
                Preview:$A.componentService.initModuleDefs([{"xs":"G","co":"function() { $A.componentService.addModule('markup://lightning:iconSvgTemplatesUtility', \"lightning/iconSvgTemplatesUtility\",[\"exports\",\"lwc\"],function(e,t){const a=t.parseFragment`<svg${\"c0\"} focusable=\"false\"${\"a0:data-key\"} aria-hidden=\"true\" viewBox=\"0 0 520 520\" part=\"icon\"${2}><g${3}><path d=\"M376 117a287 287 0 00-65 30 441 441 0 01-8 104l61 46 9 8 43-18 1-1a222 222 0 0015-55c3-19 4-40 2-63l-58-51zm-15-27l-1-3a198 198 0 00-157-19v27a235 235 0 0188 29 366 366 0 0135-20 298 298 0 0135-14zM222 430a611 611 0 00111-22 321 321 0 0017-46l6-33-11-9a1307 1307 0 00-63-48 170 170 0 01-37 17c-11 3-28 6-52 8a247 247 0 00-17 45 402 402 0 00-7 44 195 195 0 0022 23 269 269 0 0031 20zM94 374h46a248 248 0 0123-83 431 431 0 01-30-37c-5-8-13-17-22-39a59 59 0 00-13 3 158 158 0 00-37 19 201 201 0 0033 137zm359-61a202 202 0 006-66 252 252 0 01-12 44l4 8a70 70 0 012 14zM106 185l1-2a444 444 0 0133-49c7-9 19-19 34-32a589 589 0 01-1-22A

                Chrome Cache Entry: 208

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:gzip compressed data, was "05T8Z00002h97Yk.pdf.pdf.svg.3.svg", last modified: Fri Nov 15 20:55:56 2024, max compression, from Unix, original size modulo 2^32 185082
                Category:downloaded
                Size (bytes):24052
                Entropy (8bit):7.9853866857770965
                Encrypted:false
                SSDEEP:
                MD5:44375643876130BC70A72079F4269802
                SHA1:F53B8EAE52FB74ADA0ECD5F79992A86FB1DD40F2
                SHA-256:41945E8406E93754B065B78934B8E78CFD93967F192657B84B0B12C9E9E6E595
                SHA-512:48B57BFAEB504E9234482BE5186BCA1AC5A4F0A0A31D283423F1C7C32531897717E333B81C9FD0C361C217EE18D4112DFD2B577CD6E8068761FFEDEF8A42C295
                Malicious:false
                Reputation:unknown
                URL:https://kpoj.my.salesforce.com/sfc/dist/version/renditionDownload?rendition=SVGZ&versionId=0688Z00000qapOb&operationContext=DELIVERY&contentId=05T8Z00002h97Yk&page=2&d=/a/8Z000001lAmI/NMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJU&oid=00D300000001VhD&dpt=null&viewId=
                Preview:....\.7g..05T8Z00002h97Yk.pdf.pdf.svg.3.svg..K.%.&..H.`..`2....5..t..r.-..v.(...a.$.._/....,.I^^.5.bz...u.......................~.9.......?......w.......2?.........._.........?..w.../...?....O.../JJ........._........Z.......O?.............o......w..:..........~.9}J..G>....1...P...............O?~.i..W?....>..................~...%.~.w...?...~...............~............1F%..~.?z.}.....s.........z....zT..P_..z.c.c.5*...k.k..WW....?.G.3.ZR.....?.....h.....v}k.x.._.=.5....j.|:..Y..{...Z..S.........c.s...{!F..8.p.^2.....!...f].......%.E{].1JsC_?...x....6}..>.w....x..=..A~.\y...=.:4..L.6y...m.......8'.k.....W[>D....u.C.......t....*.<.{.y..~......D.yF..&=$..r..yJ__...W...y...o.>|\.n...:b..^.M.vm.+....ox.' ..........a.W..h{H.d.k._M.M.........'*.....$..=..V/{...+_..\r'.&f.n.*.9.r."}p..}..!>.t.}.fm....sx]u{......u...y._....<....v^..*...^..^...'.C..e._.V..{V~...*{..5.^...?..i?..P&.....?t].yn.....]...3_..y.Xw..*.y..T...<..~.SV..u.yS/..

                Chrome Cache Entry: 209

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (615)
                Category:downloaded
                Size (bytes):2296704
                Entropy (8bit):5.396439857862358
                Encrypted:false
                SSDEEP:
                MD5:BB5424F17E6ECE9F849CA38457A3737F
                SHA1:B2ECA806E120F7DF0644CF7E490174A494116E90
                SHA-256:19EC9D2284F074C9CB061A1F6AAC0B02607520DA4E3A59870EB29BAC0DBF9A65
                SHA-512:EAE36EC8C8EF67E5CB32DC3D9A74A4BC656B8C1E9C58FEC6BE383A097F5AC200DEBEE1FDDD03AA1B2F8FDB59DFA01AEF2E31CE5E48007261425C996C09BD5467
                Malicious:false
                Reputation:unknown
                URL:https://kpoj.my.salesforce.com/sfc/ld/300000001VhD/a/8Z000001lAmI/NMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJU/aurafile/%7B%22mode%22%3A%22PROD%22%2C%22dfs%22%3A%228%22%2C%22app%22%3A%22forceContent%3AcontentDistributionApp%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22-386269907%22%7D/u1Qk8X5uzp-EnKOEV6Nzfw/apppart2-3.js
                Preview:"undefined"===typeof Aura&&(Aura={});Aura.bootstrap||(Aura.bootstrap={});Aura.frameworkJsReady||(Aura.ApplicationDefs={cmpExporter:{},libExporter:{}},$A={componentService:{addComponent:function(a,b){Aura.ApplicationDefs.cmpExporter[a]=b},addLibraryExporter:function(a,b){Aura.ApplicationDefs.libExporter[a]=b},initEventDefs:function(a){Aura.ApplicationDefs.eventDefs=a},initLibraryDefs:function(a){Aura.ApplicationDefs.libraryDefs=a},initControllerDefs:function(a){Aura.ApplicationDefs.controllerDefs=a},initModuleDefs:function(a){Aura.ApplicationDefs.moduleDefs=a}}});.$A.componentService.addLibraryExporter("js://lightning.menuKeyboardLibrary.menuKeyboard",function(){/*$A.componentService.addLibraryInclude("js://lightning.menuKeyboardLibrary.menuKeyboard",[],function(){var d=function(a){a.preventDefault();a.stopPropagation()},f=function(a,c){this._clearBufferId&&clearTimeout(this._clearBufferId);var b=String.fromCharCode(a.keyCode);this._keyBuffer=this._keyBuffer||[];this._keyBuffer.push(b);

                Chrome Cache Entry: 212

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:Unicode text, UTF-8 text, with very long lines (25553)
                Category:downloaded
                Size (bytes):880989
                Entropy (8bit):5.438729035841015
                Encrypted:false
                SSDEEP:
                MD5:48041D553781303C48BF51F0319331AD
                SHA1:13B01CBC47495E860192C32BE628CD24EB93EFF9
                SHA-256:7160C2030D57A24F03682D72AC165BD0DE1890BEC43298F440866B087BD85768
                SHA-512:D77BF5A19DA716BF47CCA01011259E1EE91004224423D83BA9E9A060F1DC67C78F0AAEBF03D19D1D5F787F6FAD8BBC21C55D510DB203127E4EE541363D92D57C
                Malicious:false
                Reputation:unknown
                URL:https://kpoj.my.salesforce.com/sfc/ld/300000001VhD/a/8Z000001lAmI/NMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJU/auraFW/javascript/dzlEdDRVZ1RsVXFtVkduczVYNVVfZ1ZuNVJhc1EyaHA2ZTdMUkxCNEw5Y1E5LjMyMC4y/aura_prod.js
                Preview:!function(){"use strict";if(globalThis.lwcRuntimeFlags||Object.defineProperty(globalThis,"lwcRuntimeFlags",{value:Object.create(null)}),!lwcRuntimeFlags.ENABLE_FORCE_SHADOW_MIGRATE_MODE){const{assign:e,create:t,defineProperties:n,defineProperty:l,entries:r,freeze:o,getOwnPropertyDescriptor:a,getOwnPropertyDescriptors:i,getOwnPropertyNames:c,getPrototypeOf:u,hasOwnProperty:s,isFrozen:f,keys:h,seal:g,setPrototypeOf:p}=Object,{concat:b,copyWithin:m,every:d,fill:y,filter:E,find:w,findIndex:v,includes:T,indexOf:N,join:M,map:S,pop:C,push:L,reduce:O,reverse:R,shift:D,slice:$,some:H,sort:I,splice:P,unshift:A,forEach:B}=Array.prototype;function x(e){return void 0===e}function _(e){return null===e}function F(e){return!0===e}function k(e){return!1===e}function W(e){return"function"==typeof e}function K(e){return"object"==typeof e}const U="$shadowResolver$",j="$$ShadowResolverKey$$",q="$shadowStaticNode$",G="$shadowStaticNodeKey$",Y="$shadowToken$",X="$$ShadowTokenKey$$",V="$legacyShadowToken$",z=

                Chrome Cache Entry: 214

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text
                Category:dropped
                Size (bytes):14453
                Entropy (8bit):4.107727370616212
                Encrypted:false
                SSDEEP:
                MD5:F9D99832C28AB437701943CA06650846
                SHA1:059E83A3453F837F065E8621AB176F7EA40B3292
                SHA-256:C48D12BBD32419F359FDE4884D2AA0CED81CBDFC408BCC3940796E4EF35040EF
                SHA-512:4273CC059475BA44B7A04651BFAABF10606FE3BFB2EAE219319DA66FF881A9CFA88F99FF0A1A629C049427D6ED3782153C9B262D0855B36397325CCFA55E8370
                Malicious:false
                Reputation:unknown
                Preview:$Lightning = $Lightning || {};.$Lightning._delegate = (function() {.. // private state. var _application, _applicationTag, _auraContextCallback;. var _pendingReadyRequests = [];. const _error = [];. var _ready = false;. var _previousRequestAuthToken;.. function ready(callback) {. if (_ready) {. _auraContextCallback(callback);. } else {. _pendingReadyRequests.push(callback);. }. };.. function initAbsoluteGVP(absoluteUrl) {. var initGVP = function(url) {. var prefix = "$Absolute";. if (!$A.getContext() || !$A.get(prefix)) {. $A.addValueProvider(prefix, { url : url});. }. }.. if (window.Aura && window.Aura.frameworkJsReady) {. initGVP(absoluteUrl);. } else {. var Aura = window.Aura || (window.Aura={});. Aura.beforeFrameworkInit = Aura.beforeFrameworkInit || [], window.Aura.beforeFrameworkInit.push(initGVP(absolut

                Chrome Cache Entry: 216

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:SVG Scalable Vector Graphics image
                Category:downloaded
                Size (bytes):44065
                Entropy (8bit):4.725169316888599
                Encrypted:false
                SSDEEP:
                MD5:65DF9D077756E0DDB62AD180393E301C
                SHA1:EE6B280C61769D121B30FE7500F6CCF914D46DDC
                SHA-256:3F7A16000AD9478E57006DE93EAD2E3D75F83DAC0523A8730FA2B2A30F7199E9
                SHA-512:5E6849D562D6DCEE3E423A87E8410B2EAC5AC3AF8B80CC6819D60501EC1AE0D2356549D1EC387CEA2F8F74748EF64552D2E86D63E0B2BFBFBCD65B48BFDA0BC4
                Malicious:false
                Reputation:unknown
                URL:https://kpoj.my.salesforce.com/sfc/ld/300000001VhD/a/8Z000001lAmI/NMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJU/_slds/icons/doctype-sprite/svg/symbols.svg?cache=10.8.2
                Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" display="none"><symbol viewBox="0 0 56 64" id="ai" xmlns="http://www.w3.org/2000/svg"><path d="M5.075.006A5.074 5.074 0 00.002 5.08v53.841a5.073 5.073 0 005.073 5.074h45.774a5.074 5.074 0 005.074-5.074V20.316L37.02.006H5.075z" fill-rule="evenodd" clip-rule="evenodd" fill="#FCC003"/><path d="M55.923 20.357v.999h-12.8s-6.312-1.26-6.128-6.707c0 0 .253 5.708 6.003 5.708h12.925z" fill-rule="evenodd" clip-rule="evenodd" fill="#E4A201"/><path d="M37.02.006v14.56c0 1.656 1.104 5.792 6.104 5.792h12.8L37.02.006z" fill-rule="evenodd" clip-rule="evenodd" fill="#F9E3B6"/><path d="M20.136 53.923a.776.776 0 01-.72-.486l-.9-2.287h-5.978l-.9 2.287a.776.776 0 01-.72.486.804.804 0 01-.811-.792c0-.09.018-.198.054-.288l4.141-10.335a1.304 1.304 0 011.225-.811c.522 0 .99.324 1.188.811l4.177 10.335c.036.09.054.198.054.288 0 .36-.324.792-.81.792zm-4.61-10.569l-2.557 6.463h5.095l-2.538-6.463zm8.513 10.569a.73.73 0 01-.738-.738V42

                Chrome Cache Entry: 217

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text
                Category:downloaded
                Size (bytes):12020
                Entropy (8bit):5.133442044122834
                Encrypted:false
                SSDEEP:
                MD5:9494F3D18A638CEC3B6A3576A61B7E7F
                SHA1:999E9BC8B88880619A3D36211C1C0634DF7545FC
                SHA-256:38017D2158918ED723102DB845D16699DFEF7C01A3A40FE10EEE7528988E28E5
                SHA-512:BC3572ECABCDA26D5946B824D3831A7C4129D3E50050B67203742678B3F98E304476283AA13F067D2E851B22F33E827A98036F56327A2F81262C6DE1A82CC984
                Malicious:false
                Reputation:unknown
                URL:https://kpoj.my.salesforce.com/static/111213/sfc/javascript/lib/AC_OETags.js
                Preview:// Flash Player Version Detection - Rev 1.6.// Detect Client Browser type.// Copyright(c) 2005-2006 Adobe Macromedia Software, LLC. All rights reserved..var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false;.var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false;.var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false;..function ControlVersion().{..var version;..var axo;..var e;...// NOTE : new ActiveXObject(strFoo) throws an exception if strFoo isn't in the registry...try {...// version will be set for 7.X or greater players...axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7");...version = axo.GetVariable("$version");..} catch (e2) {..}...if (!version)..{...try {....// version will be set for 6.X players only....axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.6");........// installed player is some revision of 6.0....// GetVariable("$version") crashes for versions 6.0.22 through 6.0.29,....// so we have t

                Chrome Cache Entry: 219

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                Category:downloaded
                Size (bytes):5430
                Entropy (8bit):2.6916960685487825
                Encrypted:false
                SSDEEP:
                MD5:CCDA8DF05E9A37B3131AFD4D451B44EC
                SHA1:ED9D0F9C4224FBD4C768BE237B4B59F27F1B718C
                SHA-256:92842FC6C2F66B46F69458C14621FC2ECA5D6C02D7937F9124FE8A3A9A55BC91
                SHA-512:A91F53C07B327C35864FE903ACFE30AFE2DE3C26FDCE1BDBF65842598B3A7B2FB19E54DE27495519BF1E2A2BF7358561DA16E931324E5B1112DA4FE7EFE4BC7E
                Malicious:false
                Reputation:unknown
                URL:https://kpoj.my.salesforce.com/favicon.ico
                Preview:............ .h...&... .... .........(....... ..... .....@........................................................................................................................................................................_..i..'............................................%..............I................................A.............................I................1.........................................3......}............................................'..u...............................................!...................................................s..........................................................................................'......I......................................1.....................................U..............................'..I..#..............................................................

                Chrome Cache Entry: 222

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (2480)
                Category:downloaded
                Size (bytes):3891
                Entropy (8bit):5.577991169107475
                Encrypted:false
                SSDEEP:
                MD5:2F8DDA149C5C5F4CB86847187D4AB6C4
                SHA1:D42578F1D40BD7A1D44CB998878A41117799AA8E
                SHA-256:2A92C5BD7ADCD6CA0B819E2F3AC7B51020F806E3C72A40D98AD14E01EDEE8FC3
                SHA-512:BAA3E8F38D1F6165B9FABF00C4A8DC23B0995660385B75431F540D2A14D49154AF2F9D6A987BB5E3AF361B8C6B62B0AFC0F9A9390290364F69B1596820132BCA
                Malicious:false
                Reputation:unknown
                URL:https://kpoj.my.salesforce.com/sfc/ld/300000001VhD/a/8Z000001lAmI/NMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJU/l/%7B%22mode%22%3A%22PROD%22%2C%22dfs%22%3A%228%22%2C%22app%22%3A%22forceContent%3AcontentDistributionApp%22%2C%22fwuid%22%3A%22dzlEdDRVZ1RsVXFtVkduczVYNVVfZ1ZuNVJhc1EyaHA2ZTdMUkxCNEw5Y1E5LjMyMC4y%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2FforceContent%3AcontentDistributionApp%22%3A%221673_NlaMsW3lrp8048dmvnSf6A%22%7D%2C%22mlr%22%3A1%2C%22pathPrefix%22%3A%22%2Fsfc%2Fld%2F300000001VhD%2Fa%2F8Z000001lAmI%2FNMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJU%22%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22-386269907%22%7D/resources.js?pv=17319737540001670851990&rv=1730862679000
                Preview:'undefined'===typeof Aura&&(Aura={});.(function() { .. function initAccessResources() {.... $A.componentService.addModule('markup://force:customPerms', 'force/customPerms', ['exports'], null, {}); .... $A.componentService.addModule('markup://force:userPerms', 'force/userPerms', ['exports'], null, {EnableNotifications: true,ActivitiesAccess: true,}); .. };.. if(Aura.frameworkJsReady)initAccessResources();else{Aura.beforeFrameworkInit=Aura.beforeFrameworkInit||[],Aura.beforeFrameworkInit.push(initAccessResources)}.})(); .Aura.StaticResourceMap = {"VidImage":{"APXTConga4":1543362065000},"TemplateBuilder":{"APXTConga4":1543362065000},"VueDesktop":{"maps":1730862678000},"Composer_SF1_Icon_small":{"APXTConga4":1543362065000},"TerritoryPlanning":{"maps":1730862677000},"Conga_O_Logo_SM":{"APXTConga4":1543362065000},"Composer_SF1_Icon":{"APXTConga4":1543362065000},"Composer_App_Logo":{"APXTConga4":1543362065000},"ComposerSolutionCheckMark":{"APXTConga4":1543362065000},"sertifi":{"APXTConga4":15

                Chrome Cache Entry: 223

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:gzip compressed data, was "05T8Z00002h97Yk.pdf.pdf.svg.2.svg", last modified: Fri Nov 15 20:55:56 2024, max compression, from Unix, original size modulo 2^32 609575
                Category:downloaded
                Size (bytes):181017
                Entropy (8bit):7.998077778235226
                Encrypted:true
                SSDEEP:
                MD5:F994915643ABC23A547318E725575892
                SHA1:CCD6BF9E74E93B68AAFBC98A9B4F8BB7D7E09291
                SHA-256:1E690D5562648719CCC91D8198112195D79AE6A2C668E1A2A7A5EF3EEC6C832F
                SHA-512:73DA7546111A582F41CBA89481AD0D353A3D05039370D1CDDA59AC49C2B7B3BCFA4F88C26E372EE873D3860C59B062E875FF1806A8C1C0E2E9B5409076C88527
                Malicious:false
                Reputation:unknown
                URL:https://kpoj.my.salesforce.com/sfc/dist/version/renditionDownload?rendition=SVGZ&versionId=0688Z00000qapOb&operationContext=DELIVERY&contentId=05T8Z00002h97Yk&page=1&d=/a/8Z000001lAmI/NMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJU&oid=00D300000001VhD&dpt=null&viewId=
                Preview:....\.7g..05T8Z00002h97Yk.pdf.pdf.svg.2.svg...k.....~?...W..~...]5O.A..&(."|SAD......FF..%".p.9.....jm...fF.G........>.....<....>.'...=..O.?....|................Gg.|..>......O.}{.....'%....'>.>.?.|.....>....'......O...._....x..G??z...W..xX...y............G>:...O.||vR.......{.;.w.....~;..O.~{....<......}.......w/~N...K/....G..z...>.....>....{.............r.>J'9.y..hs6....I7....]N'..>]NR...Fj-g.g..']...m7....?..X....n.j..u5...l......v....}...h-.|6..z..r2..w......nl....O.h.....G....Hw2.`.k<.{:......r.....U...C...oN..=.u...2...O......|.NZ...`w.v.w=.iwG..P7.......6l>.OR.j..:^......w'...O..t.......pv..t..n....t.Y.[`CvS5......W.Q....u...gW.!N..>7............>..pJg.?...o.....4rv....3xh.n&...xA.....7.3..{...jw.xzJ..}._WgC...d...U...T..N]../.<.r..9....^...yt68N....i....W...........N..O3aw.m...I?=.+..;Y.._.;.S.lV.....n...6=X..1.[.p.....qF..6-..l..7u..n.K..'...n..yz...8..O....#...v.l...H.^....O.....xk3..Gpv..{U.Ae..=O...:'....%..4.x[.....

                Chrome Cache Entry: 226

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text
                Category:downloaded
                Size (bytes):2330
                Entropy (8bit):4.908162134332329
                Encrypted:false
                SSDEEP:
                MD5:B2208EADD71EEEBC6043EFBE11EE7B96
                SHA1:48673401F9F7F4BE06BF80817F495D19FEE98517
                SHA-256:455EB995C7A6D4AF3CD5EC37E1F93DA6751ED13901F05FC0D918CD434E61A89C
                SHA-512:DA59943A4FA6EBCC93D9BDF641F31D42AD45585F70CDF2C062321CD62B1B8863CA37F6318D9936D614EFB8E4F3EF07C0008D18F458E24356293967357B2F5231
                Malicious:false
                Reputation:unknown
                URL:https://kpoj.my.salesforce.com/lightning/lightning.out.js
                Preview:// make sure we don't redefine the api if already present.if (!window.$Lightning) {..$Lightning = (function() {...// delegate status...var delegateLoaded = false;......// queue to store un-delegated calls...var callQueue = [];......// util methods...function getDelegateScriptUrl() {....// load the delegate script based on stored version (got from aura nonce) or get latest version....var url = "/lightning/lightning.out.delegate.js?v=" + getDelegateScriptVersion();........// Extract the base path from our own <script> include to adjust for LC4VF/Communities/Sites....var scripts = document.getElementsByTagName("script");....for (var m = 0; m < scripts.length; m++) {.....var script = scripts[m].src;.....var i = script.indexOf("/lightning/lightning.out.js");.....if (i >= 0) {......var basePath = script.substring(0, i);......url = basePath + url;......break;.....}....}........return url;...}......function getDelegateScriptVersion(){....try {.....if(localStorage.lightningOutDelegateVersion){.

                Chrome Cache Entry: 227

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (11046)
                Category:downloaded
                Size (bytes):11202
                Entropy (8bit):5.1736802073748605
                Encrypted:false
                SSDEEP:
                MD5:9F7ACC1956CE07431C262B4AD9125C63
                SHA1:7639033A3B7260313EB334BA4CE76411CF79D684
                SHA-256:DBE9852814C46A8DA6DA12FF49F4887FA70CADDE16C878957C0B6BA4AA1045EC
                SHA-512:DA85D6057FB9D42754DB7FA30C13AA2F88548319AE18FE14DB9C4F4979206D87C69656EBF69C06FC5D52E58C48F32BC94F3CEFD6754534FDB025816B26F93D1A
                Malicious:false
                Reputation:unknown
                URL:https://kpoj.my.salesforce.com/sCSS/62.0/sprites/1729589050000/Theme3/default/gc/contentDistribution.css
                Preview:/*. * This code is for Internal Salesforce use only, and subject to change without notice.. * Customers shouldn't reference this file in any web pages.. */.body.distributionPasswordPage{height:100%;margin:0;padding:0;background:rgb(51,51,51)}.container{display:inherit;zoom:1}.container_unused{display:none !important}#container_sidebar{position:absolute;width:205px;z-index:10}#container_content{display:block;padding-left:5px;zoom:1}#container_pageFooter{clear:both}.setupTab #container_sidebar{width:230px;padding-left:0}.setupTab #container_content{margin-left:25px}.setupTab #container_sidebar h2{margin:0;margin-top:15px}.setupTab .mTreeSelection{padding-top:0}.setupTab .bPageBlock .pbHeader .pbHelp{width:auto}body .ptBreadcrumb{margin-bottom:4px}.contentPageBlock .cbPageTitle{margin:0}.contentPageBlock .toolbar .x-toolbar{background:#eee url(/sfc/images/toolbar_bg.gif) repeat-x scroll left top;border-bottom:1px solid #999}#deliveryWizard .cpbBody{padding:0 !important}#deliveryWizard .bu

                Chrome Cache Entry: 228

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (698)
                Category:dropped
                Size (bytes):1950938
                Entropy (8bit):5.323062917026264
                Encrypted:false
                SSDEEP:
                MD5:F7EF20D188F19AE8A4180D30E5524DA3
                SHA1:A044E572BFCA017CD9BC139E113899087B9625A3
                SHA-256:6E698009DDC7867B63C5C1CC4444C07672D691A037700A00BA16AA8693E5A66D
                SHA-512:05B38A3D7777C3F4DC223D3180EA45E7215DD50512D24F062115518FEC3E46B3BB3451EC61C3DD5CDE449B288E453B7D63075386F68029532E3EA61C9A8A9715
                Malicious:false
                Reputation:unknown
                Preview:"undefined"===typeof Aura&&(Aura={});Aura.bootstrap||(Aura.bootstrap={});Aura.frameworkJsReady||(Aura.ApplicationDefs={cmpExporter:{},libExporter:{}},$A={componentService:{addComponent:function(a,b){Aura.ApplicationDefs.cmpExporter[a]=b},addLibraryExporter:function(a,b){Aura.ApplicationDefs.libExporter[a]=b},initEventDefs:function(a){Aura.ApplicationDefs.eventDefs=a},initLibraryDefs:function(a){Aura.ApplicationDefs.libraryDefs=a},initControllerDefs:function(a){Aura.ApplicationDefs.controllerDefs=a},initModuleDefs:function(a){Aura.ApplicationDefs.moduleDefs=a}}});.$A.componentService.addLibraryExporter("js://forceContent.previewLib.PagingPlugin",function(){/*$A.componentService.addLibraryInclude("js://forceContent.previewLib.PagingPlugin",[],function(){function c(){}var g=window.requestAnimationFrame;c.prototype={init:function(){this.opts.paging||(this.opts.paging={});this._previousY=this._currentPage=0;this._pages=[];this._pageLocked=!1;this.on("_update",this._updateCurrentPage);this._

                Chrome Cache Entry: 229

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:gzip compressed data, was "05T8Z00002h97Yk.pdf.pdf.svg.1.svg", last modified: Fri Nov 15 20:55:56 2024, max compression, from Unix, original size modulo 2^32 376694
                Category:dropped
                Size (bytes):131550
                Entropy (8bit):7.996237754822831
                Encrypted:true
                SSDEEP:
                MD5:72819079B57F5534AF228F07E2E1343C
                SHA1:EB248E504097F0D9A6140CA2D02F27853D80A10E
                SHA-256:176D835EC6B2303955E87B610D2DB63D64606E605BCB568DF782B02F3ABA152A
                SHA-512:380BBCC568AD087E98B8F793BA73D33EAA16909F66AF3E52C20E0F2E54A822AF332143584660B1F7770BFDA60DEAB0DD7D27EF00D9CA21C95F38322FEB31063C
                Malicious:false
                Reputation:unknown
                Preview:....\.7g..05T8Z00002h97Yk.pdf.pdf.svg.1.svg..Yw*.-.._Q..b..%2..co{.It.....!@..@..~.....H.l.N.;l..{.>..d.u.............j.\..O.....b........i_..........\m'.D.\....t.~..Lf......}.q,..D..3.......W_...l&....f..._.......x6....g..?ng.]~........W......t...j4~\E.gr|....r..2...|.....j.0....l..?'.....e...:XO.X.....\.....X,.....?./^..;Y'.g....B.....[....Hf...F_8.C/k..a..7.s'0n....qM....|'uM..?......L.........=4....;..(D2..V...}.u....-+...>..........K....].....Y;8.C$..?~..eG70.xG?..=.d-.(t.~r{....{Y.xJ...GA!%...uL...._....2.Q....e..f...{n..%....o....}.o...9.|.../.a.V..0<...y.bp...,.Y.o...M0...g:..UWsyE.F..%o..s..)..;.x6..^.W.K...$Z.....!.3.k.w......_..FOc._.L.Ie=..u.=.s..Z_.Z.....y.&{.....dC..g'....lp..9._!.....-.l2V.y....O.&..{..WV..hp.....;....#._....X.d4.....ux.k.......kE/...x.=.......G..m........g9.F?HD..G..$..:,t....=.b..@.~yp.s/...g..kg....L|..n.B?n....S.~.l..5\....I.X..}..h......Pi..h$...8.tT.K..&.E[.........i.5M...eq\5.8|..8...P4V.5..Z..

                Static File Info

                General

                File type:HTML document, ASCII text, with very long lines (466), with CRLF line terminators
                Entropy (8bit):5.562569916462169
                TrID:
                • HyperText Markup Language (13003/1) 100.00%
                File name:NW_EmployerNewsletter_11142024_pdf.html
                File size:468 bytes
                MD5:0337eaae9aa6eec5e8d9c654c1600401
                SHA1:929b7e06c4002026c832ac0e89bd2010555df107
                SHA256:f58f8a244dd7263b1ce8604f3332cba45772c1bef872afc89a3047e091a737f0
                SHA512:d5de73ff82b9b491e533cce72edb7dfa44fe92c47725283bdf57b496897b18782b585dc8da47a293e6ea3f1fa922929e84146d6222db8a89fd59c15bee5d547a
                SSDEEP:12:x9xVk6Qclf1cqhifUj1RukZnVL/Uj1RukZxX1:x9HksqqhisZRXLMZRn1
                TLSH:C3F05CF39E280006E363ADE229D53245FA25FE1792CF5DB4E480708C655E545D5E3A73
                File Content Preview:..<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><meta http-equiv="Refresh" content="0; URL=https://kpoj.my.salesforce.com/sfc/p/300000001VhD/a/8Z000001lAmI/NMeMjMjndvw1hAzYyO_hMkbrrlTaSMPwVQUUoHVRKJU"></head><body><di

                File Icon

                Icon Hash:173149cccc490307