Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://t.ly/wqzp5

Overview

General Information

Sample URL:https://t.ly/wqzp5
Analysis ID:1559719

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

HTML page contains hidden javascript code
Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 7068 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1940,i,4720547712685160958,24870865371285245,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 5988 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.ly/wqzp5" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://t.ly/expired?url=https://t.ly/wqzp5&__cf_chl_rt_tk=b2.rBs8femE.ohniW1IwdlBrMZOBD83nbU4DCDn.DU8-1732133523-1.0.1.1-vCMAUYpFnbpkNk0R786uCIRLA709aYasQlLiGhAvIrYHTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....
Source: https://t.ly/expired?url=https://t.ly/wqzp5&__cf_chl_rt_tk=b2.rBs8femE.ohniW1IwdlBrMZOBD83nbU4DCDn.DU8-1732133523-1.0.1.1-vCMAUYpFnbpkNk0R786uCIRLA709aYasQlLiGhAvIrYHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 20.190.147.5:443 -> 192.168.2.16:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.68.201
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.68.201
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.68.201
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.68.201
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: global trafficDNS traffic detected: DNS query: t.ly
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: static.cloudflareinsights.com
Source: global trafficDNS traffic detected: DNS query: chrome-devtools-frontend.appspot.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownHTTPS traffic detected: 20.190.147.5:443 -> 192.168.2.16:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: classification engineClassification label: clean1.win@22/8@12/130
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1940,i,4720547712685160958,24870865371285245,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.ly/wqzp5"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1940,i,4720547712685160958,24870865371285245,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://t.ly/wqzp50%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
t.ly
104.20.7.133
truefalse
    high
    static.cloudflareinsights.com
    104.16.79.73
    truefalse
      high
      chrome-devtools-frontend.appspot.com
      172.217.17.84
      truefalse
        high
        www.google.com
        142.250.181.100
        truefalse
          high
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          1.1.1.1
          unknownAustralia
          13335CLOUDFLARENETUSfalse
          172.217.17.35
          unknownUnited States
          15169GOOGLEUSfalse
          172.217.17.46
          unknownUnited States
          15169GOOGLEUSfalse
          104.20.6.133
          unknownUnited States
          13335CLOUDFLARENETUSfalse
          142.250.181.100
          www.google.comUnited States
          15169GOOGLEUSfalse
          64.233.165.84
          unknownUnited States
          15169GOOGLEUSfalse
          239.255.255.250
          unknownReserved
          unknownunknownfalse
          104.20.7.133
          t.lyUnited States
          13335CLOUDFLARENETUSfalse
          172.217.21.35
          unknownUnited States
          15169GOOGLEUSfalse
          172.217.17.84
          chrome-devtools-frontend.appspot.comUnited States
          15169GOOGLEUSfalse
          104.16.79.73
          static.cloudflareinsights.comUnited States
          13335CLOUDFLARENETUSfalse
          IP
          192.168.2.16
          127.0.0.1
          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1559719
          Start date and time:2024-11-20 21:11:24 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Sample URL:https://t.ly/wqzp5
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:13
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Detection:CLEAN
          Classification:clean1.win@22/8@12/130
          • Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.17.46, 64.233.165.84, 34.104.35.123
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
          • Not all processes where analyzed, report is missing behavior information
          • VT rate limit hit for: https://t.ly/wqzp5
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:11:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2673
          Entropy (8bit):3.982547017000627
          Encrypted:false
          SSDEEP:
          MD5:553BBB4187A37AB96A20D4D25F80CF49
          SHA1:188B05A6B1471BC88B8FBEE3A2BE647E933CEC23
          SHA-256:94B17B4864D106AEED25B7A72CD43101D225C24F997AEA97582ABDE19A61871B
          SHA-512:01D7369B584F241803A5E146EC649901E31D7C8BEC0628B1B2F027F871C90CF8FFAC5BB654CE6AC175D48C73BFD764A9E8462AB916CE923C5AE590233C0CF6C3
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....O4.s.;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItYr.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY|.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY|.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY|............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Lk......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:11:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2675
          Entropy (8bit):4.000868749408365
          Encrypted:false
          SSDEEP:
          MD5:509DC26D7CFE33C7E8D38F249CFA62CC
          SHA1:723CC6BBBC4A869398F7E42EDA89B3C740D44BC3
          SHA-256:6140A66FE07448A3805E6501ADAD545359A4DA638C95EDCEC997FED94128C9AF
          SHA-512:6DED2BDCF8322CBFF6B4BACD7D4A8930D5C7658CEB7086B54E2607FFFE2113D6050BD1773077D037D8A42BD4D5769F60DD2D60E557F8C536B4D2D2876710047F
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.......s.;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItYr.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY|.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY|.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY|............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Lk......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2689
          Entropy (8bit):4.0083375980896045
          Encrypted:false
          SSDEEP:
          MD5:C6C78D65BE22A0FD5CCF898E5FDAF9AA
          SHA1:FEED3B4DB11A9181A7D909ECD709AFB315B2DF3C
          SHA-256:8537DB8F02135462F32BBB102B7E9E88AF039FDE30E746AEC7B439C6D546BA7C
          SHA-512:74D4E474321AF837CC2CEC9FD7A85C8BB78E023F4EF72E326946AD4BF4A45E1DA43F7138213F55960F9A7D0BD8C3ED40089867FC9279675526DCF4A6865F33B3
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItYr.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY|.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY|.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY|............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Lk......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:11:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.9965481963854685
          Encrypted:false
          SSDEEP:
          MD5:341EAC6BFAD2A0F612F039EA890C3AF4
          SHA1:5E62511533211E185474DA89CCF1C21F20BC8606
          SHA-256:D14F574897957C0A6673A918573B2C3F82312008B5E9196E9694420952EAB4A6
          SHA-512:771A5E0553AFF8257883C052707DFA3CC7B0AD1DEB147299A0BE2D3878969FE984B845E8C10AB54E7DFC52C95E49E582D191960E9F5E4C580C43EF04134D5C34
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....uk.s.;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItYr.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY|.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY|.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY|............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Lk......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:11:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.9872053586377136
          Encrypted:false
          SSDEEP:
          MD5:18780F09D609015F4C0ADB8EC68ED40F
          SHA1:7880121810DCEF06A06B571E34740EBFC9D3FD6B
          SHA-256:BD37816BFA89D9D330D2D550D0FBBCDA3558AC1F7D66EDA3520B4B15F6B207B2
          SHA-512:D13D011809E673A6B04F015955C2490FAAB38A5E1A5F9F977A1FC7BDD3B21CF61158D1DB47DA93D90984D66DB2275D55D149CBAA239DDA25616D231E2B1B7B4E
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....@.s.;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItYr.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY|.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY|.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY|............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Lk......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:11:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2679
          Entropy (8bit):3.998121084280299
          Encrypted:false
          SSDEEP:
          MD5:AED807F88FC8F105E5FDAAC8B57B3DC1
          SHA1:9AC628BE3F99DD1DA4B8354144E86D8DACADABFE
          SHA-256:5C3F6CD99A03939F4C0AFE00B09E2D3366244280736684C0CE207250C90534A7
          SHA-512:8AB8ABAFC0BCE80013FD1F88D68FA75A7DF46E0EEB17BF752724EE772A823CB3460E8C6CB933EE0D158E98303119F3655DDDCBDC6689A94C0B260A7B815F5ED9
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,......s.;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItYr.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY|.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY|.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY|............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Lk......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:downloaded
          Size (bytes):520666
          Entropy (8bit):4.9111509293709394
          Encrypted:false
          SSDEEP:
          MD5:F04B951DBBD5C84B795C21ACD895D722
          SHA1:5D21EE054DA453B3040EA80B107E0C407D843068
          SHA-256:5B91C19B3B5AB6F40FD8FDE2194B985C066C11E9E972E8C3F444008B4A7D9440
          SHA-512:6AA0F3F1861B0A33BFB5B2D651E9402AE6747247741ABCB12A6AE8DCDF01B02FC539D203B68E01F6F144AF0D08F37BABF9FAAD9A25BD453C6571D2EB2524A41A
          Malicious:false
          Reputation:unknown
          URL:https://chrome-devtools-frontend.appspot.com/serve_file/@fa569fb226df361d676b60404623b17b16dddc8a/third_party/vscode.web-custom-data/browsers.css-data.json
          Preview:{"version":1.1,"properties":[{"name":"additive-symbols","browsers":["FF33"],"syntax":"[ <integer> && <symbol> ]#","relevance":50,"description":"@counter-style descriptor. Specifies the symbols used by the marker-construction algorithm specified by the system descriptor. Needs to be specified if the counter system is 'additive'.","restrictions":["integer","string","image","identifier"]},{"name":"align-content","browsers":["E12","FF28","S9","C29","IE11","O16"],"values":[{"name":"center","description":"Lines are packed toward the center of the flex container."},{"name":"flex-end","description":"Lines are packed toward the end of the flex container."},{"name":"flex-start","description":"Lines are packed toward the start of the flex container."},{"name":"space-around","description":"Lines are evenly distributed in the flex container, with half-size spaces on either end."},{"name":"space-between","description":"Lines are evenly distributed in the flex container."},{"name":"stretch","descript
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (19948), with no line terminators
          Category:dropped
          Size (bytes):19948
          Entropy (8bit):5.261902742187293
          Encrypted:false
          SSDEEP:
          MD5:EC18AF6D41F6F278B6AED3BDABFFA7BC
          SHA1:62C9E2CAB76B888829F3C5335E91C320B22329AE
          SHA-256:8A18D13015336BC184819A5A768447462202EF3105EC511BF42ED8304A7ED94F
          SHA-512:669B0E9A545057ACBDD3B4C8D1D2811EAF4C776F679DA1083E591FF38AE7684467ABACEF5AF3D4AABD9FB7C335692DBCA0DEF63DDAC2CD28D8E14E95680C3511
          Malicious:false
          Reputation:unknown
          Preview:!function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n||0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]]].join("")}},944:function(e){"use strict";var t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto)||"undefined"!=typeof msCrypto&&"function"==typeof window.msCrypto.getRandomValues&&msCrypto.getRandomValues.bind(msCrypto);if(t){var n=new Uint8Array(16);e.exports=function(){return t(n),n}}else{var r=new Array(16);e.exports=function(){for(var e,t=0;t<16;t++)0==(3&t)&&(e=4294967296*Math.random()),r[t]=e>>>((3&t)<<3)&255;return r}}},508:function(e,t,n){"use strict";var r=n(944),i=n(343);e.exports=function(e,t,n){var o=t&&n||0;"string"==typeof e&&(t="binary"===e?new Array(16):null,e=null);var a=(e=e||{}).random||(e.rng||r)();if(
          No static file info