Edit tour

Windows Analysis Report
https://login.office365-formsubmit.click

Overview

General Information

Sample URL:https://login.office365-formsubmit.click
Analysis ID:1636567
Infos:

Detection

Score:56
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
AI detected suspicious Javascript
AI detected suspicious URL
Creates files inside the system directory
Deletes files inside the Windows folder
HTML page contains hidden javascript code

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 3064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1880,i,11456889003280596503,10662315094689125387,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6248 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login.office365-formsubmit.click" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://login.office365-formsubmit.clickAvira URL Cloud: detection malicious, Label: malware

Phishing

barindex
Source: 0.0..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://login.office365-formsubmit.click/... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be a malicious phishing attempt, redirecting users to a fake login page and collecting sensitive user credentials. The combination of these behaviors and the suspicious intent warrants a high-risk score.
Source: 1.5..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: blob:https://login.office365-formsubmit.click/2874... This script demonstrates high-risk behavior by using the `eval()` function to execute dynamic code received from an untrusted source. The use of `eval()` allows for the execution of arbitrary JavaScript, which poses a significant security risk. Additionally, the lack of origin verification and the absence of a message source indicate that this script is vulnerable to cross-origin attacks and could be used to execute malicious code on the client-side.
Source: 2.123..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://login.office365-formsubmit.click/... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be a malicious phishing attempt, redirecting users to a fake login page and collecting sensitive user credentials. The combination of these behaviors and the suspicious intent warrants a high-risk score.
Source: 1.167.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. It appears to be collecting sensitive information (user agent, platform, and error message) and sending it to an unknown domain. The script also attempts to clear the interval, which could be a tactic to hide its activities. Overall, the combination of these behaviors suggests this is a highly suspicious and potentially malicious script.
Source: https://login.office365-formsubmit.clickJoe Sandbox AI: The URL 'https://login.office365-formsubmit.click' appears to be attempting to mimic a legitimate Microsoft Office 365 login page. The use of 'login' and 'office365' in the subdomain suggests an attempt to create a visual and contextual similarity to the legitimate Microsoft Office 365 login URL, which is 'https://login.microsoftonline.com'. The domain extension '.click' is unusual for a legitimate Microsoft service, which typically uses '.com'. The addition of '-formsubmit' in the domain name could be an attempt to mislead users into thinking it is related to form submissions, which is a common action on login pages. The structural similarity and the use of well-known brand terms increase the likelihood of user confusion, suggesting a high probability of typosquatting.
Source: https://login.office365-formsubmit.click/HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....
Source: https://login.office365-formsubmit.click/HTTP Parser: No favicon
Source: https://login.office365-formsubmit.click/HTTP Parser: No favicon
Source: https://login.office365-formsubmit.click/HTTP Parser: No favicon
Source: https://login.office365-formsubmit.click/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.86.251.25:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 11MB later: 38MB
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js?onload=EFpGI0&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveOrigin: https://login.office365-formsubmit.clicksec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/s2jvb/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91f649119c27e7b3&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/s2jvb/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/s2jvb/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/clr18/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91f64aae4c69eac5&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/clr18/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1973105412:1741812285:WSVjWoW1Ia18VeCdj-vNMh02F7N8PYveYtAJ5ZlgN9k/91f64aae4c69eac5/BJX7xHHTBbpgBmjq5TjLoz8FIeRePopeEMf06tzxGas-1741813967-1.1.1.1-RZrH3fjvyf5wfgzMdbSZigb36QTvfNgZSfGpzfFDkBSCtzU8Op0V_ngEfzZDmO0k HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/91f64aae4c69eac5/1741813973831/pOLKPQa_TPh_u2J HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/clr18/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/91f64aae4c69eac5/1741813973831/pOLKPQa_TPh_u2J HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/91f64aae4c69eac5/1741813973839/c2566b88d60a4a0a3c4e3e92fe715c11cc948017b75269c07f072cc3f036605a/lZ8bGworKhEcjRA HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/clr18/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1973105412:1741812285:WSVjWoW1Ia18VeCdj-vNMh02F7N8PYveYtAJ5ZlgN9k/91f64aae4c69eac5/BJX7xHHTBbpgBmjq5TjLoz8FIeRePopeEMf06tzxGas-1741813967-1.1.1.1-RZrH3fjvyf5wfgzMdbSZigb36QTvfNgZSfGpzfFDkBSCtzU8Op0V_ngEfzZDmO0k HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1973105412:1741812285:WSVjWoW1Ia18VeCdj-vNMh02F7N8PYveYtAJ5ZlgN9k/91f64aae4c69eac5/BJX7xHHTBbpgBmjq5TjLoz8FIeRePopeEMf06tzxGas-1741813967-1.1.1.1-RZrH3fjvyf5wfgzMdbSZigb36QTvfNgZSfGpzfFDkBSCtzU8Op0V_ngEfzZDmO0k HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /watch?v=dQw4w9WgXcQ HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /s/player/b21600d5/player_ias.vflset/en_US/base.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-form-factors: "Desktop"sec-ch-ua-wow64: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: */*X-Client-Data: CLf3ygE=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/watch?v=dQw4w9WgXcQAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: GPS=1; YSC=LN92KdkBuM4; __Secure-ROLLOUT_TOKEN=COP3wqumss6sEBDh9bzjuoWMAxjh9bzjuoWMAw%3D%3D; VISITOR_INFO1_LIVE=FarooappXpY; VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgKA%3D%3D
Source: global trafficDNS traffic detected: DNS query: login.office365-formsubmit.click
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: i.ytimg.com
Source: global trafficDNS traffic detected: DNS query: rr2---sn-8xgp1vo-p5ie.googlevideo.com
Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: yt3.ggpht.com
Source: global trafficDNS traffic detected: DNS query: youtube.com
Source: unknownHTTP traffic detected: POST /report/v4?s=jIDwTCD5H%2BeUTnO7hYGQ427xwrEVrzY21KNxlt213OgxQekfjS4enVG%2BrjI0eNyn7OsqnaE%2Bh11vesA36lXEsv2WvHhWR%2BGWZl5Ddwdfe%2BEi%2BWPAl9CvcVw5dhEoqrxpxC%2BbFXLwcYTTJlWkwmDlB8ldaQ%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 395Content-Type: application/reports+jsonOrigin: https://login.office365-formsubmit.clickUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.86.251.25:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir392_366707809
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir392_366707809
Source: classification engineClassification label: mal56.win@29/21@36/144
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1880,i,11456889003280596503,10662315094689125387,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login.office365-formsubmit.click"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1880,i,11456889003280596503,10662315094689125387,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Extra Window Memory Injection
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://login.office365-formsubmit.click100%Avira URL Cloudmalware
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/s2jvb/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/0%Avira URL Cloudsafe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91f649119c27e7b3&lang=auto0%Avira URL Cloudsafe
https://a.nel.cloudflare.com/report/v4?s=PLvNSru3wDFdepXcdKbdcAjWERgoRe2jVyeJDZqHbgrAxZADiK4PBIQ3qBC9Bc%2FVBDn0M5ep9IlwypIdzG1fu86mIUNN74zpM%2BPNyYLNTym8cTcA1ElmCQwID9W8BV2PDkRWk%2FohMWvGBB4Sv9AkQF289Q%3D%3D0%Avira URL Cloudsafe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91f64aae4c69eac5&lang=auto0%Avira URL Cloudsafe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/clr18/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/0%Avira URL Cloudsafe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/91f64aae4c69eac5/1741813973831/pOLKPQa_TPh_u2J0%Avira URL Cloudsafe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1973105412:1741812285:WSVjWoW1Ia18VeCdj-vNMh02F7N8PYveYtAJ5ZlgN9k/91f64aae4c69eac5/BJX7xHHTBbpgBmjq5TjLoz8FIeRePopeEMf06tzxGas-1741813967-1.1.1.1-RZrH3fjvyf5wfgzMdbSZigb36QTvfNgZSfGpzfFDkBSCtzU8Op0V_ngEfzZDmO0k0%Avira URL Cloudsafe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/91f64aae4c69eac5/1741813973839/c2566b88d60a4a0a3c4e3e92fe715c11cc948017b75269c07f072cc3f036605a/lZ8bGworKhEcjRA0%Avira URL Cloudsafe
https://www.youtube.com/watch?v=dQw4w9WgXcQ0%Avira URL Cloudsafe
https://www.youtube.com/s/player/b21600d5/player_ias.vflset/en_US/base.js0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
a.nel.cloudflare.com
35.190.80.1
truefalse
    high
    youtube-ui.l.google.com
    216.58.212.174
    truefalse
      high
      googleads.g.doubleclick.net
      216.58.212.130
      truefalse
        high
        i.ytimg.com
        142.250.185.214
        truefalse
          high
          challenges.cloudflare.com
          104.18.94.41
          truefalse
            high
            photos-ugc.l.googleusercontent.com
            216.58.206.65
            truefalse
              high
              rr2.sn-8xgp1vo-p5ie.googlevideo.com
              208.194.63.13
              truefalse
                unknown
                www.google.com
                142.250.185.100
                truefalse
                  high
                  login.office365-formsubmit.click
                  104.21.32.1
                  truefalse
                    high
                    youtube.com
                    172.217.16.206
                    truefalse
                      high
                      yt3.ggpht.com
                      unknown
                      unknownfalse
                        high
                        rr2---sn-8xgp1vo-p5ie.googlevideo.com
                        unknown
                        unknowntrue
                          unknown
                          www.youtube.com
                          unknown
                          unknownfalse
                            high
                            NameMaliciousAntivirus DetectionReputation
                            https://login.office365-formsubmit.click/true
                              unknown
                              https://www.youtube.com/s/player/b21600d5/player_ias.vflset/en_US/base.jsfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://a.nel.cloudflare.com/report/v4?s=PLvNSru3wDFdepXcdKbdcAjWERgoRe2jVyeJDZqHbgrAxZADiK4PBIQ3qBC9Bc%2FVBDn0M5ep9IlwypIdzG1fu86mIUNN74zpM%2BPNyYLNTym8cTcA1ElmCQwID9W8BV2PDkRWk%2FohMWvGBB4Sv9AkQF289Q%3D%3Dfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/91f64aae4c69eac5/1741813973831/pOLKPQa_TPh_u2Jfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1973105412:1741812285:WSVjWoW1Ia18VeCdj-vNMh02F7N8PYveYtAJ5ZlgN9k/91f64aae4c69eac5/BJX7xHHTBbpgBmjq5TjLoz8FIeRePopeEMf06tzxGas-1741813967-1.1.1.1-RZrH3fjvyf5wfgzMdbSZigb36QTvfNgZSfGpzfFDkBSCtzU8Op0V_ngEfzZDmO0kfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1false
                                high
                                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91f649119c27e7b3&lang=autofalse
                                • Avira URL Cloud: safe
                                unknown
                                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91f64aae4c69eac5&lang=autofalse
                                • Avira URL Cloud: safe
                                unknown
                                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/s2jvb/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/false
                                • Avira URL Cloud: safe
                                unknown
                                https://www.youtube.com/watch?v=dQw4w9WgXcQfalse
                                • Avira URL Cloud: safe
                                unknown
                                https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                                  high
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/clr18/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/false
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/91f64aae4c69eac5/1741813973839/c2566b88d60a4a0a3c4e3e92fe715c11cc948017b75269c07f072cc3f036605a/lZ8bGworKhEcjRAfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs
                                  IPDomainCountryFlagASNASN NameMalicious
                                  142.250.185.99
                                  unknownUnited States
                                  15169GOOGLEUSfalse
                                  142.250.185.206
                                  unknownUnited States
                                  15169GOOGLEUSfalse
                                  142.250.186.182
                                  unknownUnited States
                                  15169GOOGLEUSfalse
                                  104.21.32.1
                                  login.office365-formsubmit.clickUnited States
                                  13335CLOUDFLARENETUSfalse
                                  142.250.74.206
                                  unknownUnited States
                                  15169GOOGLEUSfalse
                                  104.18.94.41
                                  challenges.cloudflare.comUnited States
                                  13335CLOUDFLARENETUSfalse
                                  74.125.71.84
                                  unknownUnited States
                                  15169GOOGLEUSfalse
                                  142.250.185.100
                                  www.google.comUnited States
                                  15169GOOGLEUSfalse
                                  104.18.95.41
                                  unknownUnited States
                                  13335CLOUDFLARENETUSfalse
                                  142.250.185.214
                                  i.ytimg.comUnited States
                                  15169GOOGLEUSfalse
                                  142.250.186.106
                                  unknownUnited States
                                  15169GOOGLEUSfalse
                                  208.194.63.13
                                  rr2.sn-8xgp1vo-p5ie.googlevideo.comUnited States
                                  701UUNETUSfalse
                                  142.250.185.163
                                  unknownUnited States
                                  15169GOOGLEUSfalse
                                  172.217.23.99
                                  unknownUnited States
                                  15169GOOGLEUSfalse
                                  104.21.96.1
                                  unknownUnited States
                                  13335CLOUDFLARENETUSfalse
                                  142.250.184.238
                                  unknownUnited States
                                  15169GOOGLEUSfalse
                                  35.190.80.1
                                  a.nel.cloudflare.comUnited States
                                  15169GOOGLEUSfalse
                                  216.58.212.174
                                  youtube-ui.l.google.comUnited States
                                  15169GOOGLEUSfalse
                                  142.250.186.99
                                  unknownUnited States
                                  15169GOOGLEUSfalse
                                  IP
                                  192.168.2.17
                                  192.168.2.18
                                  Joe Sandbox version:42.0.0 Malachite
                                  Analysis ID:1636567
                                  Start date and time:2025-03-12 22:10:53 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                  Sample URL:https://login.office365-formsubmit.click
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:14
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • EGA enabled
                                  Analysis Mode:stream
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal56.win@29/21@36/144
                                  • Exclude process from analysis (whitelisted): svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 142.250.185.206, 142.250.185.163, 74.125.71.84, 142.250.184.238, 216.58.206.78
                                  • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size getting too big, too many NtOpenFile calls found.
                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: https://login.office365-formsubmit.click
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:data
                                  Category:downloaded
                                  Size (bytes):15162
                                  Entropy (8bit):7.986937683610401
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:0F81C5B31A53AEC3B43B1439F297F2D2
                                  SHA1:A28BB0432D157B7D12F7D5890E3CFB570C186662
                                  SHA-256:4B8CC53DE8961221AC10A6F16082AEA81283F154A51ED0563DF0680873509104
                                  SHA-512:CA454CC3D037B181C9630C80E6E506677610C3F991FCE9392A800545CF69F3D97A910505A5B43078E33A1CBD2860DB8D398274F46ACA2A197E0BF7876BABA31E
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.youtube.com/s/desktop/c7dc2eb1/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js
                                  Preview:.x5fF......8..:......??_.w..6....(.,..i:.yIz'B....2..8.6.....%O....t.2.K.PY..^....j........@V..4..U.....f.....X........36.e..b.<E...L.z.f..E)"".....?.l.2.#"..mM.T...<w.)~...G.6....<b......a.W`...._M.W..+[..b...a.z.%M..Ke.jEZ....-.2.].@..~:.a.....n.4zeo."4.Sa>..G.mU...k.'s..$..13..U..g..KL1..iu@..A,....@..~..{x.[\..a..t/.&..3.....T...l:S.....#..f!.J.......u.SL.l....h.).IV...31...g0...|........i..r..l.|27?.../.?.........o..[0..%P@.r......hg.YZ!.P...z..)e_.BK..8\k..U..._....q.....(..2.......r....a.(...O.)-...'.....MYYUHn.....rP.Q.P;.Xg-..o.....m%NZ....O..,8Tu..E..w.D_..IUj%...sSVP.jf..&Nn.oU.T.JRr.-.......=.2.w....wM...w].t....._d(...R....%`y....m...N.%V.....m..D...5.+.-..i].0~+.Mf.....[&.T...,l-.....g...n7W..~.n%..'7..z.27k.;.......h..c.......i..\E.....F$.M..KH..-......4...mu.B.ZG\..?$b.5.%!}b..?.}.....kj7.e.J...-.(.{...._\...^.%mh..l.(k.......[......r.V.wV{.MS.......P....EOV.t[.x....x\..u...'...W..4.^..W?.......
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:data
                                  Category:downloaded
                                  Size (bytes):13096
                                  Entropy (8bit):7.984685620829595
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:3A3BB8CAC234ADBE7149F2BE6C6D46ED
                                  SHA1:6672915E01FE1138637BFB3BC64C33C50D5343CC
                                  SHA-256:23CC63758DC89B4E6EF04C5CE4A36A71E7965415A8C74A485B629014033B5D0A
                                  SHA-512:3116632EDD0B83BC793817C1802A1C880B08D229B9AB98069339B188661281540A249BC5DA41D0A3107599EA5772EA67242916A9DF65D2BE611542582A1A3A67
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.youtube.com/s/desktop/c7dc2eb1/jsbin/spf.vflset/spf.js
                                  Preview:.$......a..~.....K..1]...$3.^:...%^..ar... @....<.{.........d.).BE....]....5.a...........@..{.A....u....Hm..`8.gd)e..1..h..6..D..5R.Qt.-..A_....KQ-8.I7`I.K]n....,.^vf.A..i./2..]........[b%wG.. H.(......ig.j....0.n.}!....DU..8..K....F..2.L..u..B..82Q.&"...e.N...]..I.C`....'Nh.j<....L.....Z=.C...K.`.S.....m...T...B.{S.....Pg.&Uf.....x(....~Vf...}..u].Iq.....f..(.....a3.....s.C..-...~.e......h.=oo./....9.`_.I7+......b..I\:1q.._.*K&.Ti....Y....>.3|_.4.%.t.a.7...GG.3N~.....X...Z.+..$q..e.W@!...xic.$...N.f..`..ufe?..........o@./..6..8...........r}2...U...)=.)..[t...E_.r..@....8..#....|R.x....^.ga.|.....zy....>,:4..M.z...t_X..c.. .42g.P.Q.U[. ..Y3.......+...&.X....O.5..7Q...U./_...X.xc.&4.P.&.. .......".)K....Qb4.L8...j.I..^...V.I.:L.L.MRt.].Vb...'....IQ.2qK.g..=C.S..G[{T..S.#.../9 !..?...-yKt-.m...b}........ hc.%..e..d).x.6M.<t....._mig..m+....n:|......9,...w..&.."P..wvf"..?i.|.f...;..../s5..1?....t]4.[.)..M..y....(....?../-.#*....>....Ac3S1.{..
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:PNG image data, 63 x 10, 8-bit/color RGB, non-interlaced
                                  Category:dropped
                                  Size (bytes):61
                                  Entropy (8bit):4.022997040570905
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:AD2F4CC52697664370BA398FD870F615
                                  SHA1:10747B2982A40CA5CFC7580205C7E4D17099DF48
                                  SHA-256:B211CA1C9ACA31F68CDD1B16949CFBD8E8DEF77D41C9EF63875329D979BC0842
                                  SHA-512:9A3E9AB4F8E1944762FA96AB706AB9AF102039155200038A785BD0141FEB1DB8E1BC0EBD156E70E8F8EBC3D5C5676BD47B48D95AB6ED59A73429924F3F11393D
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:.PNG........IHDR...?.................IDAT.....$.....IEND.B`.
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (568)
                                  Category:downloaded
                                  Size (bytes):2551073
                                  Entropy (8bit):5.648424140982604
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:6FAD886E6F2DBE5CCD796C7FDEC8B9B6
                                  SHA1:B9946C4CF7F0E4F8D9FE3CA3E04C512D08178DD1
                                  SHA-256:007F13CBDECA464C9BCD11717261C09F4603BF39DAC3108E36D41F13174402B4
                                  SHA-512:33192CE4C2294E5B77E4505362FDB9DA847336C31C1EE7B9C5F5C6748F0CF7EB4B587D26FDF79AAC3BDD55109A1965B1181F745C97641027234C0550BA028156
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.youtube.com/s/player/b21600d5/player_ias.vflset/en_US/base.js
                                  Preview:var _yt_player={};(function(g){var window=this;/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC All Rights Reserved... Use of this source code is governed by an MIT-style license that can be. found in the LICENSE file at https://angular.dev/license.*/./*.. (The MIT License).. Copyright (C) 2014 by Vitaly Puzrin.. Permission is hereby granted, free of charge, to any person obtaining a copy. of this software and associated documentation files (the "Software"), to deal. in the Software without restriction, including without limitation the rights. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. copies of the Software, and to permit persons to whom the Software is. furnished to do so, subject to the following conditions:.. The above copyright notice and this permission notice shall be included in. all copies or substantial portions of the
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:data
                                  Category:downloaded
                                  Size (bytes):1628
                                  Entropy (8bit):7.8872209937207876
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:C8055D7F0FA09480229B2C92F5928900
                                  SHA1:41D5089FDB244F1BC8BC78F356B1BBB8C02CB916
                                  SHA-256:833E540FB832A74A565C6555A18132A441065E47E7A05A6DF06893A1B1E59E38
                                  SHA-512:56A684AF0486B7768D8C528FA3EF2751BF604199DDA60CE8DA3249FF2127722C6EEC256DC8EADAE682B51A8FE8086B76DB3B8AF253637CDF04D81B9747926DCF
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.youtube.com/s/desktop/c7dc2eb1/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js
                                  Preview:... ..Z...W..%.1...*..x-...o..A.....h...>...S..F.K._&9FU .L..$.%r$..C.u.Q..rX..:..HT+..;>..W._.:FuS...>.Q....Lb4;..vCd.a.T..m3.d+. oc<.e.K.WQ.7.!.+...`...d..L....ML.^..]o...a.....~'.#....v.b..{a=...Q.[...y.....s......4B...5.}..l...z...T..o...J..f.@.pPt.O>..Yp.oM.B.8....J.}.r..Z.~...r..;..eY..D(.....J.4.}...iEQ...Q2&..:.0V[......e.E.q......Lf...#R.LN.BWt.M..\Y..ql.....&4............v...g.O/,\..W....n.............{(.g~...m.6.....:..x.Ga=...^s..8.>..bOr..c.:._.A...k..~.%.......<F..<v...I^#...T.....u.._.!.%..... .....c.M9.o.Q..<.:d.Og.6...8..2i+;<.R.....2>..S........H xw[...Al.=.|.s...h...[.J.n....`........a.Q.ju.T.....y.3.j..&Ye....h<......6..s..,k.b.....o2.&].;,r,".4....q...7..&P.J.6./A.....pV......W.'....w@..)do-l...B....'...?.Jg>7.3.1.3;..g..l4=.N.7g..j......-..B...!{3.Gdi>..cc.vJ.S..`..o...m...).+>.?....h..\..`.T...u.2.}...#c.[(..(.3=0(..r..7;..Y.+..w.=..^...Y..3...sM....@...q.....N*..=[w.i..9.s..0.\=...}..7.{A{..0.B.-.....)..xU.
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:data
                                  Category:downloaded
                                  Size (bytes):240
                                  Entropy (8bit):7.085649970428245
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:009D56A036462CD77FBB802695185A98
                                  SHA1:F4420879DFB1A5A0E87687261057A6E6DD6F4700
                                  SHA-256:B49F29737D36BEFCBF27957CAA9CF57AAFB4CFC448C6B75862430D0F009C4B13
                                  SHA-512:E1BF045AC7C851B07FAED0BC89AAB84BDFCEF7E559CB5F5ADD09D6D2DDD08A928203BB24F8CA7ED958F1193F58E4DA0AB93086DB716A84382DD9BEF5C71186FD
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.youtube.com/s/desktop/c7dc2eb1/cssbin/www-onepick.css
                                  Preview:.... ..J.8.f..t.f/..}.o..O.J;F....\."..0Pi...E..aW;r.)..I...N......lZ.lD.W0o...ZVO.nP...i..~#k.S......).<.g..g.*.....&...B...&.8E..L.A.c}@u\.BP.}.....3.H....q9..B.Z..U.........*9E........%...'..T=$.d.$Z....+...Q....e......f..j...
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:data
                                  Category:downloaded
                                  Size (bytes):22928
                                  Entropy (8bit):7.990826530446525
                                  Encrypted:true
                                  SSDEEP:
                                  MD5:778CA3ED38E51E5D4967CD21EFBDD007
                                  SHA1:06E62821512A5B73931E237E35501F7722F0DBF4
                                  SHA-256:B7E1BFADB8D9C061F17A7234DF012DF7842AB1AA8FB6F9579FA3F0A3B4A75BC0
                                  SHA-512:5F6F02099CA8079305FB7E7F43AE4344D522271FE30379C0854D6A81B7D8ADF408A50A4B799B5F52E6ED162BA6CE7FE97E24A2B9719DF780E75683D3AA103D09
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.youtube.com/s/desktop/c7dc2eb1/jsbin/webcomponents-sd.vflset/webcomponents-sd.js
                                  Preview:*j&....z.4...X.}......./+.Q..3{.)....+.B.Ya... K........_.AJc.]c...M...fv}.I..A.c....t.`..@..X........9...n@z.H..I.).3...7[c...{..5.D.wa........n.u{!...$....a.....~...M7..........1...mWk]....!...X."f...........yGU#./..K........%G......}......2+.*.f.d.7.,'..=Ch....{D....qb......}..i...F.O...#Jt..CT.=......-^..K..o...|d.....,.....s+.U.Pr..T........._....G.b..I5a-.V.Q4.?..b.{'.U......!....wY.../CW.kV.l...e..P.[......6sim...}!..#.+..b...T.\#Ivz\.).....3-.y.P.f....S!.Z."L.1#Z..J........@P..B....=u... x..zR....-.D...C.....h... 0....)..A.S..J..ozp...@..c.5.....K+...4.]...V..`...u..o3a(tb.b.ZbR......q#.....M.Y....!..W.k...>.7...6....i..n.&@quu6.;......sX..[.<.<X..v..+.+.Z.........Dv..5.N....%|.oM.w.......k.. -..........{..H....D....;k..r...+.:..0A.K....F.....Ck....~O.........O....q5.:..,I'..........`..z.~.|zj.......c..=K.I.......L...Q&../PR9....\...Fy...>..<..q..|z....uc]...uwM....8.x..;7....B.......4+N&....M...P...}.;..G2jGk?..y.z...C..]....
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:data
                                  Category:downloaded
                                  Size (bytes):3387
                                  Entropy (8bit):7.942426473360069
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:AFC2FAC606CF58DFA08CD20197CFF1F3
                                  SHA1:7996FEAF0E05EDD446A726FFE058E5D442E506F4
                                  SHA-256:90FB0F63E2CED7E8D73EADB71FBFB680DC7C57D93B070C005E47E44BA6151B54
                                  SHA-512:170D5E9965C7E41973526A4FF1B33E864DEA55ECA1628D6E999D1B66403F3EBCE000651698057A3E2A186EF43D0EAFC3D4BFE0322E9D8309A822004CA535382A
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.youtube.com/s/desktop/c7dc2eb1/jsbin/scheduler.vflset/scheduler.js
                                  Preview:.x.. ..V..r...1f@{...ym..Q.......bo..t......s........<.e.....1..g%]l..wW.#u!..U.X.(cC\e.3k....].....#..6k...0.....*1.L.2.H...4..."..a. .c....S..f>..".838..W.. ..sS.Sdy].5..j[2,W.NH.>(.0.)r.....o...E.6x..I.F....Hz..S.hD&.!......G..s.$(.?.@Q.^9C..c. hJ?..=.^..........S....T.3C...XO..b..W............."....]7..>x..zM\2...iHsL:..+...C.pzw...^.l.....o.2....p..."@e......V....`R...,W:.K...|I....(...J-.$..w.>...{.Y0r......*..!.4..........fb..._..@.)?.=?(..[.0...CeE0...W.......%c.u.......b......jF.....U...<.....4....-..h5v.x%..`...M.X...8c.._.............`.'..U.0.#..#T..hHUY.....tY..m.Xl+..X9[4.ool...e=.g.....K.n........."e.j-..\...y.S.eJ..,.Z..,c2.M1..%g.D..:..=dS...s.p.|.N.f!yJ.z.)...d..o...V.a.^.L,.cn7..]....,..T.q..R.uD..kW.T...=1_B....k7i....q...:.1..4^..w.O....x.....IT(E.....+.c...p]J..[......... v...(]...........t...l..k. ..r...~...J.x.J....VViip>gh@...({...H..%`L.Wk.bM.!.`..A......%s/..pMt~....U.v...q.!&....rQ/LqRBH.t.P....
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3
                                  Category:downloaded
                                  Size (bytes):17560
                                  Entropy (8bit):7.954865714632017
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:074E969BB4B56ACD26091B19784DF7E2
                                  SHA1:0B8F66FD70F29859EA25EE481FF33F93BB84D512
                                  SHA-256:405893B0BF0B3E87141E7048E1CB6665CA5593FEA1B159CA0CE90E77D049C51A
                                  SHA-512:0E7286126446B64EFB16D8891AE2A649E4CCCE337510EBA812294E78B78D3D2680F4504BFCAC7A8347E809C2E3FD905215ED711F60894B25A5BEEFF252372C8F
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://i.ytimg.com/vi/dQw4w9WgXcQ/hqdefault.jpg
                                  Preview:......JFIF......................................................................................................................................................h...."........................................T.........................!.1A..Qaq.."2RS.....#Bs.......3b......Cr...$45Tt..%...cd.................................1........................!1..AQaq."#23R....B................?....B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ..B... ...6..*/i..ag.4.\^......,{.d+W.Y..........q{O.h...8..U...........~.....?......SB........Y..Q...?.....C.QB..Oj<.}......G.....v.Z....r..p<.Typ.O.k?.....i...._.....r...uQ...?...j<.}...r.~P..LB.~-.|.=.=............r..wo&u>\...g.cS...I..T.E...^G&.>\...g._U. ...H.|..S.QP.G...9..'.G..A.I..T...>........{R{.~+*..?.'.K...9.}."..rYU.)..=....S.R{.r.;....!_..5^r...,.**..?.'.G/S.s4.dP.
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:data
                                  Category:downloaded
                                  Size (bytes):2083
                                  Entropy (8bit):7.895813374547828
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:FD78116EE42E8ABA099A3E1900881946
                                  SHA1:DC38E0D9099B428042D852305C56E5535349A8FD
                                  SHA-256:87016B87CC9C74E0B53B804D92420F29CC968D2C0D6E44B4B483FB1178CF7428
                                  SHA-512:34E047A9CA139D0071C0FBA7050BC4A884D44AFE589C8F4EDF0C97E391C31DB866C07C13CF0327C23E92B16F3D15C36A96F04BCDCBC019CD5C05AC7C561131B2
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.youtube.com/s/desktop/c7dc2eb1/jsbin/intersection-observer.min.vflset/intersection-observer.min.js
                                  Preview:.P.. .-.?...v(u,dH~...Ng.8.oUK.c....*._s.Sw...I...{.........6..@.....:U!kc.4..5.QT...}...q....O...-j.^.-..R.=....p&......_..o...c..>....o..fq..?...xX........O|..{X..@f..... x.p!..m..{..f.n....79..2..dQ@M.d...Wq.....GrQ.......P...HA....+.f3x.>...v.d=R.&`}.US..i......3.Wk'....=l.O..=....M...{>.aM..B....|F.D....6.B..J.$f..y6.T.)..h.....l.P0*T_..pwf.3r.K.;...k....{}\..q.#...H%....%.Vgq1".),BA..{.t*.U......l...h.G..U.r5UW..~.....<0....#%,}..i......}....a..z..mW6..L........&..p....B.8..}......ka..r..`/.".I..LB.L..v3...F..!'...I.HN.1...t...t...8.....{m........A.M;S\..s..*.~...`...>E!...Etp..l..........O..z9..h-W8..6Vrh......a-.cA.I....J.b<... a/..~.&..P-....8V.....tX...MH>.v....`..'*.q.7#R.?..+...Qn......f./..mf@.|......`cL.Mx...6.JS.s.U..........a.......['..Q......U.J.....y..>.8.LQ.c.X.!..$.5.....i......DV...-Fa..6......td1F.TR'P...&.vc .NU3P..B...]'YK...z.G.....~UZxz,f0&q....6o....45.f...g4...sI...Y.V..;.......h..z.&.+&.k.....{2*.P
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:data
                                  Category:downloaded
                                  Size (bytes):789
                                  Entropy (8bit):7.720399231333122
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:738CB14C87B5E26C1A6CC58B927D21AF
                                  SHA1:307BD6B870D03D0935156E6E3A65FA7A3C25A8C5
                                  SHA-256:991C0285730143A31740AE751888A3F38C33DF3C55670623117CAC3F51BB6283
                                  SHA-512:83F703DCA2F9175C8E857FC662F075F6715CED6E7B966F3F91AAF5905E497E04D52FBA79B381435A2D80B272DDDDBFAC7985AAF9381401DF82FB8626968C629C
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.youtube.com/s/desktop/c7dc2eb1/jsbin/custom-elements-es5-adapter.vflset/custom-elements-es5-adapter.js
                                  Preview:..@. ......L1p![l..w.Q....M....u.0....[....,.......wq;i.a.~_[.`...`!..3z..U...;.8..pWY.r.so=...=.j.&...+.@\#.....?...,.`,.*.....q.......'.U]..U...?(...........}IO.ImA=.I..@.>-.....;...5en........9.../.5I...9.g8t..,`..=G`.L.D7..........3._9....@2&]m.._...R.c\o.3 .{.N..GC..*......E.GQ.....k.%...>.9..k.....Q..C./.. .P+..uK....E..p.....a.).&.....gD .....".D.Y....;_`...{.3@.M...K.T.,T....D.Q..O.Q..O>..?..b1.n..pfy...)..S;Ca@.M...6j.D....B2..P.60>.;....,].W\..Q........A.......L.3~.*..a.{.Y......7eH.E...~I>...Ps.\..Q.2...)...mn..\&.8..b...:{.3.e^....Si......3...`..,.]......X.5...O{...%_`...@.@....(.:U..@e.)`.T1U........\....l].o.@_+..QGhN.(F..c.Er.M..P.L2...p..|.....(2V..D...?...GJ...&..s..z(.o.....D...v#)S.......H..ZSJ......O....CU.......1.
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max compression, original size modulo 2^32 74370
                                  Category:downloaded
                                  Size (bytes):14567
                                  Entropy (8bit):7.981345426654464
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:B7560FB8056580799E44A9FF8624DBAF
                                  SHA1:66CCDF55E0099A2E984F8134F224A92EFF50B6AB
                                  SHA-256:A32BE7E9EA96DB18E1AAE952C69AEF13EF526A976F1CCF1DBB5B20564D5880D4
                                  SHA-512:D5AD849CB706BEA72D5A5EE65BC8A451B77C8CE297314EA3042596A960CE5AC50D2CEEB5E6FAC985DAD4D12E2385D6D47573DA2772D0881AC3DABBA86B623340
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://fonts.googleapis.com/css2?family=Roboto_old:wght@300;400;500;700&family=YouTube+Sans:wght@300..900&display=swap
                                  Preview:...........\]w$.q}...lEC..c.b~:.l..j..>9:......H$............t..~.:5]]..-....s..{...<.....ww..>;:...w../..W..m_.]].~}..O7......I.<z.......m..w...K...y...........n........W.....U....}.|............">n./..............o...e........?Ys...gW.......F.....~>.........l~...m................\...}./...Q.\|(.>Mj#.c(F...<;W.sv..8.Nm.C.)...|#.._...v.S....f..p.}J.....d(.gN.....u`'....?.dp-.%}!../..~..O.O~x.......C.!b..e.0........{lE......uy.o.S..7.8..F.v..ZK/j=.E.$..C.P..c.....('jt%...H.......e8..R.t}....E.Y...H\._?.....!]gNF...3QN.PN#.S*...l..9........[.!%.......y.ra.....b...#.P9..T1..P3.2..=..)....~.. {jp.H.]...V...-...H.....{...".g...b......t..1CfNpy.!'(.(..m..p.7U.#.$.....O.y....|...c..v........q.jy..3..G}f..7..'PP=n..A...,...._...k!...d$..E......=...Q....`..?..N....]e..?`V..-.be...\+K......w/.......(..?.......]-..?`...-.b-...\.x..G...+"....u...............;i.V..........?....7.3.*.}..w...7.....u...u..~............m.....fS?:......}
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:data
                                  Category:downloaded
                                  Size (bytes):633
                                  Entropy (8bit):7.639452716912523
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:FB377ACF12BA34BFED87FF5F8978995B
                                  SHA1:74E890106C4AF019F59A21D167C546BD92FC890E
                                  SHA-256:0D8B22C9EB36E715CDF83B871E0F66EF0D3EEA5CC63E8D913505535DAA1CAEBE
                                  SHA-512:5E11D546652D49547331E686D79FB914F689FD041D1D8569CBB3190971C72CAD1A917BA1B4C0C07FB7F214E6CAAB23DC6953B72F6F3944C88A4010A1881F66C0
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.youtube.com/s/desktop/c7dc2eb1/cssbin/www-main-desktop-player-skeleton.css
                                  Preview:..U. ...V.....4..7..8...|..D........a...Y...c.ac4.iq..0>.....\...}w.....=o.u...5M.P}........$..R...v.....V.....Y.AG....Io..s...m..i0...I.o.E..0dI........s.VT..n....BL.....W......2..2g..UJ../.(.vH..D.L*..f..D.l.B..9.y(...1.}ds............G.O8z}.......OG. %..K.Ra.V.<t%OBp<x...".i....}&B.G..L.&}U....OF..f..<D..._.S...q..Z}}..sF.Jd.s...L.8kb.....<.$.APm... 1..8.p.2..'.9^{.Y#`.0.:..{..I....IR.p....0...B..V!.%..Og.ZJm../...........|D...&.R.img..~.7......G.wV..........e..k.-G.A.Hxhj.i.....Z.6.0.h[&.....\.V....w4.f!..Y.y@%.J..dIEi\*..8........dj...By.^I.N...e!.*w..%B$hC.:..... .OM..".......:19h3...).ler.l...ls9
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:data
                                  Category:downloaded
                                  Size (bytes):1509
                                  Entropy (8bit):7.8779146888952045
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:1F98D3349C4E7FD81F835A1B1FD2E705
                                  SHA1:385F3930CDCCF1E15A2535E54F79FDAA16341CEC
                                  SHA-256:9766F43A3499977D1E5D6D05576A45C1CC68AC029DE490BEFC3FDE294D1D1982
                                  SHA-512:CFD29D8A17B3014AF4852E673E7CE74400811F221AFCDA3D3866699123EDFB24C9A4A313D28587CE73CC7C5A3466DC8A331B9FA7D3D06DC6DAF59A3D13672BCD
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.youtube.com/s/desktop/c7dc2eb1/cssbin/www-main-desktop-watch-page-skeleton.css
                                  Preview:.P.. .r...;/.*.,.B.o...H.*..e.o..e.H%5.J$ufvf.7.~.#..F..h..x.cc...T......'0.u..m......@......C.c..'23..e.....~:i2.. <.x.....vH..3.I*Qs....U.|......,.J.k....7Pc.....U.]1.u9.....~\.59#..~....'-.m......&....O)q..C.......?.....n..i....h.....?>. 7.RP/.*..Q.d..W$WX..t..:=..4...1}[..x...Y.....k>%.....2.>Sd7.X.Dq.r..V&.....F1..V........u..-.U.0os^M...d]...K.x/V.........6r..............3..a.M.q.2...R..oc..(.....K3....,j.....1.........q.r.bls....#.S...C....t..1D.....].&Z......*..!`....Z.6&;h.~b..=0'....&.^Wz|...UX6...q.......=..s...+..\.R.K.N..i....4#s6l..R}.yPG...F)?>.].[..x.....G...$..-k.....'.C.zRJ.?/..xI7..].0...1..H..p..h.3...6.1.6z....).._..)ri.*. r..^........t..:W..r=..L..,.m.q..8....2>......G...!K,A........ NN.@!V...^q[.v..H....p...Q.......9.O.$.G.Dj=..|C..Cw......Q....[.u.W@.....^..T7..?N.Z)..t............-......s._...Uae].X.X(....^....m.E*s...Vi^c...Zt.. .)...N.-te..,..$...wbU=....S.B)...P..F............X.3...<k..z...N].!.-..V
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:data
                                  Category:downloaded
                                  Size (bytes):52169
                                  Entropy (8bit):7.996181202030181
                                  Encrypted:true
                                  SSDEEP:
                                  MD5:270FF1226CD523B9C61970F3C850583F
                                  SHA1:CDE9B014D6D245ED1F5B3B565769999EE95FBFE7
                                  SHA-256:3E681C8A4A7B8BD01CB02DF2C8BBA8B6BC9CC2A532653B839280ED6579DBC4C3
                                  SHA-512:4E915492D1F3F3955D4F955E5A9E67FBE094B6B03EAD3C220A97826CFEFAC006FCAEFA0A05B693A7E6A15368CA5F6CEA88E4863B0E52249325CE6971707A3017
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.youtube.com/s/player/b21600d5/www-player.css
                                  Preview:.....w<8..4......?.C.a/w......@......^.g1........X.....e.......ga*.G.....~....K...y..,..|.}...m.Z..5b.,...e."s*.ljI......@.k.... 'q3/..X#.r.]..L....:..f.U......?.....z.H.@'3....sP!.>.b...a.h\]tH..C.:...z..$._.]..6....dt?.V...{......1j. .aN..j-P...........B....._.......x[.....~ZfZ..f....c#Y.[...$.L&....N..J](.k.`.a7f...q..9..{......h...YJR.\.s.rE...2h....J.B).<.,..t..Sja....P..d.I.w..:W)...;..V.k.....2..$V-.2.w..*.......~.Cq.....SH...4.l.Lm..|3jK.<..=D..o.w...!....p._F..}.?2.+9..b,!..c..6.#.:.......(K.W;.~I......'1.......0-yqp..liU......A... vk.U..\U.N*..~,.....,..DN..z.J/b...%Nt...X.S.V..p.......O.......z#i-....qW..W.i.q.c4....4s.....Q{J.>E.$..5(.V...}....&.;.p..}@....ZC.'.....Z......`.%....X..?5..X,....>UP*.0.O.s1.u.0.y....';O.{...O.|...2.h.....a.y..%.....s_...Uelv.......y.--~2hi.N..v<w..\....s,.u..[D./A..O.o.}.+2=...Y..,..}..1..Li..A..q=.........$>..A7.c]..O......U...o....{..]|.G.. .....Hn.]h.....j\...k.^.&b....k,.!k..@...kb."-..
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:data
                                  Category:downloaded
                                  Size (bytes):5422
                                  Entropy (8bit):7.965006230481503
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:7ACDE82EC648557B9FF9BE0D557C6B43
                                  SHA1:F9EA94D3B56CC1752D076221718CB1898A7EC67B
                                  SHA-256:B3D116E80377EE1C0F3F5385E4964CAB7DD74BCBEE37206DD990E9CDE279D306
                                  SHA-512:8629D52B7E0043E1E7EBC76BB48F9FD9C4EC77C1106D21DBA8988419C09BC5079F3D3FE087C419B0202F312E18EC6A417725496E0B281886BD1121DE6CA3C71D
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.youtube.com/s/desktop/c7dc2eb1/jsbin/network.vflset/network.js
                                  Preview:.... ..R......}..+..R2o.S..m....>...I....H......R.9.B;....l|............H.P.t+.....](.....T*.....-.?E-.c..{c......K...2.0+...9...ih.d.......t....sa....h>MS...^XS.b.#G....,d.....iE.LW..-.1.........y..1{<2Q.<BA..f.-......d.AZ.4....%A.'....H..62....P.r=%.....+%~.V.4...`..n...v.O2MTNJ...X.....'7.u.=&.}..J\.y."A...:5.....d...`.!z`.a.....mJ.hn._.w.-..k6..wIUH.6q.....6.\......4.\...d..cS.R.^yt..k..@.z.#~-O.....M......W..~c..@,2.>.*v. ..?.O.n4......1.i.NR^.4C..e../.T.....~.S>S.x..2q/..e.a.;."..pj.5E.n.F.t..R.{...i .......1..0..<D..\....5.E.!.z.......y.z0..i_..a..1...8...X`...@.....u;..V...y..5o..'.Y..m_.._<.b..;>..?....3...hn.KK..C...-l.....2O,.$e.1..,.L...U.c..)..p..t.a.`bj&%+...<.r....?..?..I........B...).g$...>...)]`.....v/.c.....\.U..d|...E,.g..i." ..@j>t.O&.36..^..\.z%&..E..Lf?+-y<..32]g....s...$.|?...uH..<I.~..{&....k...M...|....z~..T....a.a.@a..R.......D..0...........J..2......Vzj......o..z..l.....w..A?r.*q....D.+.l.o..!2....#...m3
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, original size modulo 2^32 8887010
                                  Category:downloaded
                                  Size (bytes):1999366
                                  Entropy (8bit):7.999690488365396
                                  Encrypted:true
                                  SSDEEP:
                                  MD5:A365946857D94FEB7B75B3CACF330C5B
                                  SHA1:248DF879A579BD5CF36DCF9583627EEADE1A3EA0
                                  SHA-256:178B9A6DA0DF369CC39D7912C9BB0FD67E8B57D804E9737D7C10C91F56DB8B2C
                                  SHA-512:378C7E6DD9D59DD64B85DC12BB9E752D3D99D84D8346E7648C9C7BCD7B54BC6338C2D751F3A80698A00CCE7B8E4E391F1B4A8A39DFB385DCCEAE4B30E7227A30
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.youtube.com/s/_/ytmainappweb/_/js/k=ytmainappweb.kevlar_base.en_US.xuLNDrzW5X0.es5.O/d=0/rs=AGKMywE1tJoUIkuT-sJfDQIZgLRVYpDJPg
                                  Preview:...........Zms.G..>..O_,......[.`%m....eU*....6^v.}..v.....c........v%..)..;3=..O7.e..$.}/.;N'~R.........d|=..zu....~=..e...Q..}..F.4..a4..E./>.....u...J...O}.....<....f*..8..2..._^...B\.j.......D..;...K..`..W...~..X.?......O?....7BP=.-b.<I.7QT..$..5.A,..YY:..*..i.9l....u..U..#_./.Io....O.7..4..wS.Y..2.}..>....}.....z...T:..w.....$..8..$.!yQ.....b....k1..".....Vq.+..}../.Ae..2....QJ.M.}...Q...,%?..Y...S..t.o.i@.W9.h.Jl..>...6.. ~M.t..V...U...F...]I....V...~.+'...d~.....30........8VXK#ft..#.q.Xgs.+AC?1.Z.Q..d]..-....9.=:..N."....=..\.j...Km...V..9..>.....9.F..4.[.Y..E.....sJ.\?..;.Ly...B..L.........f*...[0a.......T?X..........\........6...DY.C{.P..0.k?...w......C:.)yX.@....%4K....m...,#r.R.Ma..\#:....N.....@f%...{....+tx...u...e.....u....bW.....fW.4.e.g.....j.&2.#..2\.A..0...6.#.,`.W..L...%{.0.)$..ZM...'...-C%.QX.X..e)..T...`..dC.X.u/}\+...d..f.B.h.....A.'..R0!..a.. I......@...y.(......i.....'.tU....2.H21.?..6}./.K....EA..Y:d..c.%..
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                  Category:downloaded
                                  Size (bytes):61
                                  Entropy (8bit):3.990210155325004
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                  SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                  SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                  SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1
                                  Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (48238)
                                  Category:downloaded
                                  Size (bytes):48239
                                  Entropy (8bit):5.343270713163753
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:184E29DE57C67BC329C650F294847C16
                                  SHA1:961208535893142386BA3EFE1444B4F8A90282C3
                                  SHA-256:DD03BA1DD6D73643A8ED55F4CEBC059D673046975D106D26D245326178C2EB9D
                                  SHA-512:AF3D62053148D139837CA895457BEEF7620AA52614B9A08FD0D5BEF8163F4C3B9E8D7B2A74D29079DB3DACC51D98AE4A5DC19C788928E5A854D7803EBB9DED9C
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js?onload=EFpGI0&render=explicit
                                  Preview:"use strict";(function(){function Ht(e,t,a,o,c,l,v){try{var h=e[l](v),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function qt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);function v(s){Ht(l,o,c,v,h,"next",s)}function h(s){Ht(l,o,c,v,h,"throw",s)}v(void 0)})}}function V(e,t){return t!=null&&typeof Symbol!="undefined"&&t[Symbol.hasInstance]?!!t[Symbol.hasInstance](e):V(e,t)}function De(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function Ve(e){for(var t=1;t<arguments.length;t++){var a=arguments[t]!=null?arguments[t]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){De(e,c,a[c])})}return e}function Ir(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, original size modulo 2^32 2600182
                                  Category:downloaded
                                  Size (bytes):305911
                                  Entropy (8bit):7.998631383547043
                                  Encrypted:true
                                  SSDEEP:
                                  MD5:60CB776B80EB79ED7E616CDCF005BFEE
                                  SHA1:95A8C82B7CCEEB8405A5FD138CF9A981E30C0980
                                  SHA-256:B0E8EF8C91ACCADDBD4E845FDB359D776960EB3F7729A7C30474ECA44F084D12
                                  SHA-512:0941FF260A586BA20C652D01C8E7E96281576DCD3A46637C99201F45233931F5FEDAF5A7455E51C252C49B229F473B04E6E72FA0A77717B52D2D90D5A2D60C0C
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.youtube.com/s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.ySJCljePUk4.L.B1.O/am=AAAECQ/d=0/rs=AGKMywHy908boUKnG7d6H87wr_xchxCvaQ
                                  Preview:...........O.....J.OO......}z..;.iO{.a.'lc..w......;....f:..*......p.d..Y.(%.Q!Q............ f.....^.....=...S."..w...J...<.....?.....@.e.J..GH...I...q.cH.......R..4..Kt_T.J..&2.$.n.`!..."...E.X..&.........2l..X_.<.M.+.J...3.%f4....;w....CB.d..J.I......[.lG(Q.F..l...M....azD.K.y.h......UW[..........".... yAc(.eu.e.*=)a......P'......X" r........jK.P..|.@E..PG.h.M.....`.".D...Ab..r]......D..N....hQ./O.W......).....)F.}.F.<)....i.UO.....4H.*.....}..D..;fU..Otv...f=.....8.*(h..J..R.{.V.cp.......H.9+.G.=.K..C.qC.b..i......r.LT....7V...@...h.@0...rm..D1..T.D.l..Vc......I .H....'..&*....*.Po...;........_(.RFe...j.xDPS...Ka..9x..EL.../.......R...8..~.....=GY..pD.b...N5i..iz.Q...<..=..z....v.........a....[..a.i.u.....'.>.T.@.LP.V=...d...9.j.0.....*..W....Y.7.%..z.J..t.].$.W]j.h0.pKE..j.1.R......C..t..4JR,..yLW(.K.....NR.......V'}....[.)..@.s.%.$.T..g...o`.!..&%F..,g.Q..&zprGh%>.CA.F.p.J...W.VXSc..(...a.Q...k.......B.......%...(...3.......o-'..-..
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:Unicode text, UTF-8 text, with very long lines (8599)
                                  Category:downloaded
                                  Size (bytes):8605
                                  Entropy (8bit):5.793664521727658
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:BE7C5B4F3F5FCE3D5E284DFCE8FA80EF
                                  SHA1:6107FCC1CADC1446D9093F744F5BC5CE0A66A3A3
                                  SHA-256:3600B1D141270E2AC6BA4D614E8A4CC722BE2F541F9A904FCED8B83B7DB74033
                                  SHA-512:540471BD2BF86065066108F916B2A21D0696786F7F93ED62C131EF8EC0D4BC9DB4EA9D821899C7488803E73278ECACE7840F8922593C2AA48B00C5022E53700E
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                                  Preview:)]}'.["",["baltimore ravens","amd radeon rx 9070 xt graphics cards","princess mononoke 4k tickets","atlantic hurricane season","cincinnati bengals","immigration visa bulletin","allegiant flight bird strike","niantic pok.mon go"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"google:entityinfo":"CggvbS8wMWN0NhINRm9vdGJhbGwgdGVhbTKuDGRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBRUFBQUFBZkNBTUFBQUJnYnp2T0FBQUJKbEJNVkVYLy8vOEFBQUFrRWw4QUFGU1ViUUNWYndBbEVtS05aUUFBQUJ3QUFETUFBRkNUYXdDUlp3QW1FMldiY3dBaEVGZno3K2tBQUVFSkFGb0FBRGtBQUN3QUFFY1BCeWNOQmlLWmRRa1BBQUJ5YlkvQXZzdjI5dlliRlFERnhjWGJ6N2ZuMzlQSnRaQzhvM0N5bEZXcmkwR3BoemZXeUszUndhT0NYZ0JwVEFCVFBBQStMQUFxSGdBTUJnQnlVZ0FBQUNZaUZ3QmRRd0JGTXdBektHOS9lNkN0ck1UTXpOdlkxZG5lMmRXVGtiQVdDVVEwSndCbllvL1d6OGE0bm1TbGdTakdzSC9LdjdERXZMYTJzTFdhbHFwV1VZSVRDaktkZ1VKemRuWkdRSGdXQ2ozbDV1NndxWm1yVmw3Y2U0T0pCUmlmaGxPU2x
                                  No static file info