Edit tour

Windows Analysis Report
https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/home

Overview

General Information

Sample URL:https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/home
Analysis ID:1637470
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Creates files inside the system directory
Deletes files inside the Windows folder

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 6884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1984,i,7430575880627805828,16973088014715883613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 936 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/home" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/homeAvira URL Cloud: detection malicious, Label: phishing
Source: https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/homeHTTP Parser: No favicon
Source: https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/homeHTTP Parser: No favicon
Source: https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/homeHTTP Parser: No favicon
Source: https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/homeHTTP Parser: No favicon
Source: https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/homeHTTP Parser: No favicon
Source: https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/homeHTTP Parser: No favicon
Source: https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/homeHTTP Parser: No favicon
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.131
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.131
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /auth_warmup HTTP/1.1Host: drive.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://sites.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=yqimIAAMZMHm6VaM_pGQ7vHzKgXyhlz3KxKNlX5QlsWDeNBzkpvFWwxIyQ-_uoygaTaNkzmZR9rzfHJDqCQNCUDwvAuZiNvynOWwUZGAYb72bw7dfL4a4hS0VOsx7oLk6HBUzwdU87zWf_8XmGqSkGdgWNiTr4gpAebB27uAy8En3gr87Mx7vKu_AjQ091aY
Source: global trafficHTTP traffic detected: GET /js/api.js?checkCookie=1 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.gstatic.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=V9yVc5eE2mmgvSV8Zga_2tCGChL_nnrkUOcnGh0zacMu-mtF4z-jsEEKMjDRe4cSrDRMb_mbGWhk4ODLu9p1Jk4mSZrPFIerDS1TTG1h8h_UezqJuB3Nam6cQex64HzTbEKOLADXibTF1jj5zMbB3OMQxAxWgCIeSEXbeNcweP1jtcpiaQBf8z2Xf629tHy0ukq7eSvQ
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.lb.en.z-CF99wuLeU.O/m=gapi_rpc/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8yJLmK2FeQzRT4hxPn9_NEJo9eCg/cb=gapi.loaded_0?le=scs HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.gstatic.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=V9yVc5eE2mmgvSV8Zga_2tCGChL_nnrkUOcnGh0zacMu-mtF4z-jsEEKMjDRe4cSrDRMb_mbGWhk4ODLu9p1Jk4mSZrPFIerDS1TTG1h8h_UezqJuB3Nam6cQex64HzTbEKOLADXibTF1jj5zMbB3OMQxAxWgCIeSEXbeNcweP1jtcpiaQBf8z2Xf629tHy0ukq7eSvQ
Source: global trafficHTTP traffic detected: GET /embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.z-CF99wuLeU.O%2Fd%3D1%2Frs%3DAHpOoo8yJLmK2FeQzRT4hxPn9_NEJo9eCg%2Fm%3D__features__ HTTP/1.1Host: 1219605217-atari-embeds.googleusercontent.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://www.gstatic.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /js/api.js?checkCookie=1 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://1219605217-atari-embeds.googleusercontent.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=V9yVc5eE2mmgvSV8Zga_2tCGChL_nnrkUOcnGh0zacMu-mtF4z-jsEEKMjDRe4cSrDRMb_mbGWhk4ODLu9p1Jk4mSZrPFIerDS1TTG1h8h_UezqJuB3Nam6cQex64HzTbEKOLADXibTF1jj5zMbB3OMQxAxWgCIeSEXbeNcweP1jtcpiaQBf8z2Xf629tHy0ukq7eSvQ
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.lb.en.z-CF99wuLeU.O/m=gapi_rpc/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8yJLmK2FeQzRT4hxPn9_NEJo9eCg/cb=gapi.loaded_0?le=scs HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://1219605217-atari-embeds.googleusercontent.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=V9yVc5eE2mmgvSV8Zga_2tCGChL_nnrkUOcnGh0zacMu-mtF4z-jsEEKMjDRe4cSrDRMb_mbGWhk4ODLu9p1Jk4mSZrPFIerDS1TTG1h8h_UezqJuB3Nam6cQex64HzTbEKOLADXibTF1jj5zMbB3OMQxAxWgCIeSEXbeNcweP1jtcpiaQBf8z2Xf629tHy0ukq7eSvQ
Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://office.territoritorial.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: csp.withgoogle.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: global trafficDNS traffic detected: DNS query: drive.google.com
Source: global trafficDNS traffic detected: DNS query: 1219605217-atari-embeds.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: office.territoritorial.com
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: accounts.levelsthey.com
Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons2.gvt2.com
Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
Source: unknownHTTP traffic detected: POST /csp/proto/6b8ce7c01e3dacd3d2c7a8cd322ff979 HTTP/1.1Host: csp.withgoogle.comConnection: keep-aliveContent-Length: 56sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8sec-ch-ua-mobile: ?0Accept: */*Origin: https://sites.google.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://sites.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6884_1640320791
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6884_1640320791
Source: classification engineClassification label: mal48.win@32/22@50/220
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1984,i,7430575880627805828,16973088014715883613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/home"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1984,i,7430575880627805828,16973088014715883613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/home100%Avira URL Cloudphishing
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://apis.google.com/js/api.js?checkCookie=10%Avira URL Cloudsafe
https://apis.google.com/domainreliability/upload0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
google.com
142.250.184.206
truefalse
    high
    csp.withgoogle.com
    142.250.185.177
    truefalse
      high
      accounts.levelsthey.com
      82.180.136.158
      truefalse
        unknown
        plus.l.google.com
        142.250.185.174
        truefalse
          high
          beacons-handoff.gcp.gvt2.com
          142.251.143.67
          truefalse
            high
            beacons2.gvt2.com
            216.239.32.3
            truefalse
              high
              beacons.gvt2.com
              172.217.18.99
              truefalse
                high
                play.google.com
                216.58.206.78
                truefalse
                  high
                  office.territoritorial.com
                  46.202.88.75
                  truefalse
                    unknown
                    challenges.cloudflare.com
                    104.18.95.41
                    truefalse
                      high
                      www.google.com
                      142.250.185.132
                      truefalse
                        high
                        drive.google.com
                        142.250.185.78
                        truefalse
                          high
                          googlehosted.l.googleusercontent.com
                          172.217.18.1
                          truefalse
                            high
                            beacons.gcp.gvt2.com
                            unknown
                            unknownfalse
                              high
                              apis.google.com
                              unknown
                              unknownfalse
                                high
                                1219605217-atari-embeds.googleusercontent.com
                                unknown
                                unknownfalse
                                  unknown
                                  NameMaliciousAntivirus DetectionReputation
                                  https://apis.google.com/js/api.js?checkCookie=1false
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://apis.google.com/domainreliability/uploadfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://csp.withgoogle.com/csp/proto/6b8ce7c01e3dacd3d2c7a8cd322ff979false
                                    high
                                    https://drive.google.com/auth_warmupfalse
                                      high
                                      https://challenges.cloudflare.com/turnstile/v0/api.jsfalse
                                        high
                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs
                                        IPDomainCountryFlagASNASN NameMalicious
                                        142.250.185.78
                                        drive.google.comUnited States
                                        15169GOOGLEUSfalse
                                        142.250.185.206
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        142.250.186.170
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        142.250.74.206
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        172.217.18.14
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        216.58.206.78
                                        play.google.comUnited States
                                        15169GOOGLEUSfalse
                                        82.180.136.158
                                        accounts.levelsthey.comDenmark
                                        29100BROADCOMDKfalse
                                        142.250.184.206
                                        google.comUnited States
                                        15169GOOGLEUSfalse
                                        142.250.186.99
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        142.250.186.138
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        142.250.186.35
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        142.250.184.195
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        172.217.16.206
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        46.202.88.75
                                        office.territoritorial.comUkraine
                                        6877AS6877UAfalse
                                        142.250.185.132
                                        www.google.comUnited States
                                        15169GOOGLEUSfalse
                                        142.250.185.177
                                        csp.withgoogle.comUnited States
                                        15169GOOGLEUSfalse
                                        172.217.18.1
                                        googlehosted.l.googleusercontent.comUnited States
                                        15169GOOGLEUSfalse
                                        216.58.206.46
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        142.250.185.174
                                        plus.l.google.comUnited States
                                        15169GOOGLEUSfalse
                                        142.250.185.131
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        142.250.185.195
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        64.233.184.84
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        142.250.184.238
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        172.217.16.195
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        IP
                                        192.168.2.16
                                        Joe Sandbox version:42.0.0 Malachite
                                        Analysis ID:1637470
                                        Start date and time:2025-03-13 16:30:01 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                        Sample URL:https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/home
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:16
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • EGA enabled
                                        Analysis Mode:stream
                                        Analysis stop reason:Timeout
                                        Detection:MAL
                                        Classification:mal48.win@32/22@50/220
                                        • Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
                                        • Excluded IPs from analysis (whitelisted): 142.250.74.206, 142.250.186.99, 142.250.185.206, 64.233.184.84, 172.217.16.206, 216.58.212.174, 142.250.186.170, 142.250.185.195, 172.217.18.14, 142.250.186.35, 142.250.186.142, 142.250.186.138, 216.58.206.74, 142.250.185.170, 142.250.186.74, 172.217.18.10, 142.250.185.138, 216.58.206.42, 142.250.184.202, 142.250.184.234, 172.217.16.202, 142.250.185.202, 172.217.16.138, 142.250.186.42, 142.250.186.106, 142.250.74.202, 142.250.185.174, 20.12.23.50
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size getting too big, too many NtOpenFile calls found.
                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                        • VT rate limit hit for: https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/home
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (1437)
                                        Category:downloaded
                                        Size (bytes):321572
                                        Entropy (8bit):5.520106225506556
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C04FC4AC037CB9E24138CD5F13A2D5C2
                                        SHA1:58D914D28664C1EC77B751C6C7607BFCED950388
                                        SHA-256:64C34945C5FC10D0400D2F44350A819E36E61314345879FC1EF9A9DE6A065DA2
                                        SHA-512:313D91D2D2753931D2F226DCA3DA9DF9A9F5B3D1892D87AD6875052B693B20B5D4149187C62F0CE70E125C53C971DB7F4072301A0B1564B5D44102B4ACDDB2CF
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.z-CF99wuLeU.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8yJLmK2FeQzRT4hxPn9_NEJo9eCg/cb=gapi.loaded_0?le=scs
                                        Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var aa,ea,la,oa,ya,Ba,Ca;aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.la=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.na=la(this);oa=function(a,b){if(b)a:{var c=_.na;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.oa("Symbol",function(a){if(a)return a;var b
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, ASCII text, with very long lines (1726)
                                        Category:downloaded
                                        Size (bytes):2021
                                        Entropy (8bit):5.175853528118763
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BB6B878935B0C4C96AE6E6DD83930DAD
                                        SHA1:B726BFF3C3F32A38262EBD3AC4ED82EEA5445316
                                        SHA-256:80E142904C9FEECA9D8C64AF55DABFDA8032B2AC29FC26CA11D59AA1ABDDC6AB
                                        SHA-512:35356A9D406613C501009AD3F60EC84CF42B9DA6435C61AB41D12A0D5C16CC2E8DB1783D2D61FC38042FD2D967D5F695FB85B16907F56548B5BA7AD31D464B1B
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://1219605217-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.z-CF99wuLeU.O%2Fd%3D1%2Frs%3DAHpOoo8yJLmK2FeQzRT4hxPn9_NEJo9eCg%2Fm%3D__features__
                                        Preview:<!DOCTYPE html>.<html>.<head>. <style>body,html,iframe{margin:0;padding:0;height:100%;width:100%;overflow:hidden}.forceIosScrolling{overflow:scroll;-webkit-overflow-scrolling:touch}</style>.</head>..<body>.<iframe id='userHtmlFrame' frameborder='0' scrolling='yes'>.</iframe>..<script>function loadGapi(){var loaderScript=document.createElement('script');loaderScript.setAttribute('src','https://apis.google.com/js/api.js?checkCookie=1');loaderScript.onload=function(){this.onload=function(){};loadGapiClient();};loaderScript.onreadystatechange=function(){if(this.readyState==='complete'){this.onload();}};(document.head||document.body||document.documentElement).appendChild(loaderScript);}function updateUserHtmlFrame(userHtml,enableInteraction,forceIosScrolling){var frame=document.getElementById('userHtmlFrame');if(enableInteraction){if(forceIosScrolling){var iframeParent=frame.parentElement;iframeParent.classList.add('forceIosScrolling');}else{frame.style.overflow='auto';}}else{frame.setAttr
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (5291)
                                        Category:downloaded
                                        Size (bytes):74162
                                        Entropy (8bit):5.615901351129945
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3858072BE131155CCC30C74A95586BBD
                                        SHA1:A6BA2C1FD7431B04153BF3021D32F06990C36F1A
                                        SHA-256:B08BA1348E148008049AC7861CEA4EC58218292D02829FC7F3A45CB03C0D78E5
                                        SHA-512:75E54AC5A87A22978F0210E72B79FE58A95388A23DF43CAFE2034F3322CCF2BBD60B0A984B0695C098F08ECB80B0B60C25EB2BA1A78D7F152DD17E30DD500626
                                        Malicious:false
                                        Reputation:unknown
                                        URL:"https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.hZkiCxWt8d8.O/am=AAYg/d=0/rs=AGEqA5nBJRa0lemACvnigez7EEDHuJdJDw/m=sy4e,NTMZac,RAnnUd,rCcCxc,uu7UOe,sy3i,gJzDyc,sy3p,soHxf,sy3q,uY3Nvd,syz,syy,HYv29e"
                                        Preview:"use strict";this.default_vw=this.default_vw||{};(function(_){var window=this;.try{._.De(_.Kt);.}catch(e){_._DumpException(e)}.try{._.A("NTMZac");.var p9=function(){_.rl.call(this)};_.H(p9,_.Tm);p9.la=_.Tm.la;p9.prototype.B=function(){throw Error("Ei");};p9.prototype.Jb=function(){throw Error("Ei");};_.Cn(_.Awa,p9);._.C();.}catch(e){_._DumpException(e)}.try{._.A("RAnnUd");.._.C();.}catch(e){_._DumpException(e)}.try{._.A("rCcCxc");._.G3=function(){_.rl.call(this);this.B=[]};_.H(_.G3,_.Tm);_.G3.la=_.Tm.la;_.G3.prototype.sz=function(){for(var a=this.B.length-1;a>=0;a--){var c=this.B[a],e=new _.Gm(c.element);if(!c.zY||e.bb("uW2Fw-Sx9Kwc-OWXEXe-uGFO6d")||e.bb("uW2Fw-Sx9Kwc-OWXEXe-FNFY6c")||e.bb("uW2Fw-Sx9Kwc-OWXEXe-FnSee")||e.bb("VfPpkd-Sx9Kwc-OWXEXe-uGFO6d")||e.bb("VfPpkd-Sx9Kwc-OWXEXe-FNFY6c")||e.bb("VfPpkd-Sx9Kwc-OWXEXe-FnSee"))return c.element}return null};_.Cn(_.gxa,_.G3);._.C();.}catch(e){_._DumpException(e)}.try{._.A("uu7UOe");.var SOb;_.w5=function(a){_.Wx.call(this,a.Na);this.H=_.O
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                        Category:dropped
                                        Size (bytes):1150
                                        Entropy (8bit):2.3710475547263856
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:EA69A3F95DD5484853D128186DB7E13D
                                        SHA1:5FDB5FE05108FD6E5386BBDA06778AF4B446DC6A
                                        SHA-256:8179E80BCFEF62154D1FF7371A1C60BD2C6C1E71C3DA2F4A8B1DB518A1900EC2
                                        SHA-512:2169D31065059C3677D025F27A5650C1E35BF83B6D6B3D80842B0809FF67E85388CB00213A4BD3FA76F71909A21298C824B39299A3980BA3B11C0297DB472610
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:............ .h.......(....... ..... .....@....................P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>......................P>..P>..............P>..P>..P>..P>..P>..P>......................P>..P>..............P>..P>..P>..P>..P>..P>......................P>..P>..............P>..P>..P>..P>..P>..P>......................P>..P>..............P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..........................................P>..P>..P>..P>..P>..P>..........................................P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P>..P
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text
                                        Category:downloaded
                                        Size (bytes):261
                                        Entropy (8bit):4.873776122301838
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8091E58D93903637019EC9C504CB370A
                                        SHA1:88561933CB41B699D5B00C8F834CDADABB5626C3
                                        SHA-256:7122D253B02CD5E74B56DD5D5AC8B4EB5500DA438B0ED0BB2A45A60B34C6F251
                                        SHA-512:1EE8D458F1D42817F5B7DE74D595C9CBB8DC70B5A652608544CBB1D032807CC83DE1EB108CBE18D0370A37941989F04F4B396433222E00D87F4471489B79A7F6
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.z-CF99wuLeU.O/m=gapi_rpc/exm=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8yJLmK2FeQzRT4hxPn9_NEJo9eCg/cb=gapi.loaded_1?le=scs
                                        Preview:gapi.loaded_1(function(_){var window=this;._.A("gapi.rpc.setup",_.ol);_.A("gapi.rpc.register",_.cl);_.A("gapi.rpc.call",_.gl);_.A("gapi.rpc.unregister",_.dl);_.A("gapi.rpc.sendHandshake",function(a,b){_.ol(a)();_.Yk.send(a,_.Yk.II(b),"*")});.});.// Google Inc..
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
                                        Category:downloaded
                                        Size (bytes):40128
                                        Entropy (8bit):7.994526034157349
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:9A01B69183A9604AB3A439E388B30501
                                        SHA1:8ED1D59003D0DBE6360481017B44665153665FBE
                                        SHA-256:20B535FA80C8189E3B87D1803038389960203A886D502BC2EF1857AFFC2F38D2
                                        SHA-512:0E6795255B6EEA00B5403FD7E3B904D52776D49AC63A31C2778361262883697943AEDCB29FEEE85694BA6F19EAA34DDDB9A5BFE7118F4A25B4757E92C331FECA
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
                                        Preview:wOF2..............$....F..........................p.....t?HVAR...`?STAT.N'...B..~.../~.....`..i..X.0..j.6.$..,. .... ..N[{.q.v...Lw.Q..o..J...6.Z.g.F.n..g\{t....%.!3)....sS.o...$."c.^<.iZc.I]c....0+. ..I..9.H.3..B.&.....'e....5.p.R(.j~\=..Wt.{..1.[u..Fn..<.-g.3..L..o.....E.-Q.........I..-/.4....{.Uj...3.K...g.Z....0...2)%.{......gN.../f.7....o.K....^V...!j...<...gf....\XjI.<p.PJh.4....*,*.S....&.C...R..,@ba..<..z.|.X.&.(.mf.w[..l.35Mp...A.A.=d........fj...}W6..y....[...i.......!........NLND....n'"...N*k)0<n.P.......w.j..>9.vV...Z.`.$$!.".(.`ATV.,..0.]3.<.d(...-s...2.w....P@.&...-.9x7.'....Sg.N=m.=....(..))-bA<.x.......=@4qs..Ss......K...{.=H.......z...NUS....Y..6.K.......n.....F4.B....=w.....+..F3...fB..........y1...,.(...`,..&vIrP.^.fiQY..5....H.a......q...s."..\..':.xK}...fU.z.j.......$L.......f.g&....R...!.Wmew3.1%2W.'"6u..r.q"F.......~i{..9xN.g.X..NMx.H.s@.8..J.t.SP.C`-GU)G/'..6".+......f..n..Aw....r....l.<r...Cke..D....T/."..c..mj..
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                        Category:downloaded
                                        Size (bytes):1358707
                                        Entropy (8bit):5.680641284746269
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:47637F6A70CF6E89EBAC4037D60C08BD
                                        SHA1:603A5F8307AE19D2F718521C5A28228A4EAD8FAE
                                        SHA-256:7CB5E2115AAC600477C445634517F93090B8FBE3018742091AD51E657148C759
                                        SHA-512:F0F40B678A81D5172174EDFE76DE7FF89F4768A2CF0D79E571E24F5C8F70100454B32A1C6D73E1B0ECF157DB75AEA8F45239EC17D3C3A721C8EA8E9643495ECE
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://www.gstatic.com/_/atari/_/ss/k=atari.vw.J6MDDUzkjSo.L.W.O/am=AAYg/d=1/rs=AGEqA5kElfi3xvzPCZS88WkRFa3Ga2SxvA
                                        Preview:.VIpgJd-TzA9Ye-eEGnhe{position:relative;display:-moz-inline-box;display:inline-block}* html .VIpgJd-TzA9Ye-eEGnhe{display:inline}*:first-child+html .VIpgJd-TzA9Ye-eEGnhe{display:inline}.VIpgJd-TUo6Hb,.XKSfm-Sx9Kwc{-webkit-box-shadow:0 4px 16px rgba(0,0,0,.2);box-shadow:0 4px 16px rgba(0,0,0,.2);background:#fff;background-clip:padding-box;border:1px solid #acacac;border:1px solid rgba(0,0,0,.333);outline:0;position:absolute}.VIpgJd-TUo6Hb-xJ5Hnf,.XKSfm-Sx9Kwc-xJ5Hnf{background:#fff;left:0;position:absolute;top:0}div.VIpgJd-TUo6Hb-xJ5Hnf,div.XKSfm-Sx9Kwc-xJ5Hnf{-webkit-filter:alpha(opacity=75);filter:alpha(opacity=75);opacity:.75}.XKSfm-Sx9Kwc{color:#000;padding:30px 42px}.XKSfm-Sx9Kwc-r4nke{background-color:#fff;color:#000;cursor:default;font-size:16px;font-weight:normal;line-height:24px;margin:0 0 16px}.XKSfm-Sx9Kwc-r4nke-TvD9Pc{height:11px;opacity:.7;padding:17px;position:absolute;right:0;top:0;width:11px}.XKSfm-Sx9Kwc-r4nke-TvD9Pc::after{content:"";background:url(https://ssl.gstatic.
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text
                                        Category:downloaded
                                        Size (bytes):4955
                                        Entropy (8bit):5.3252243011550915
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:684F9458CC57E4E3D10A7371167FDD65
                                        SHA1:A1416D4521EE15728690F1E69C38AC5D3BA0C0D5
                                        SHA-256:809DF0321E4C22FB83008EFCA44B5F5E7AA10B7BB1CA6234A78D0795A7EC6EA8
                                        SHA-512:0636A9500F3B9BB81CD365D75449E3DA36EBC8CAF5E8AAB9BB23F72FB40C8FE783A3DCB1EC12D532196AC4718394A07BAC53D897E98EE1B71D66DC1807BBF1A2
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://fonts.googleapis.com/css?family=Lato%3A300%2C300italic%2C400%2C400italic%2C700%2C700italic&display=swap
                                        Preview:/* latin-ext */.@font-face {. font-family: 'Lato';. font-style: italic;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/lato/v24/S6u_w4BMUTPHjxsI9w2_FQft1dw.woff2) format('woff2');. unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./* latin */.@font-face {. font-family: 'Lato';. font-style: italic;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/lato/v24/S6u_w4BMUTPHjxsI9w2_Gwft.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}./* latin-ext */.@font-face {. font-family: 'Lato';. font-style: italic;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/lato/v24/S6u8w
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (2049)
                                        Category:downloaded
                                        Size (bytes):14456
                                        Entropy (8bit):5.4707085201840036
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:678B03FE0FAF217F72657826DA4434A3
                                        SHA1:8440257C2077AB3B12A986BB42C61E8101555730
                                        SHA-256:554E912AFBA0302DF368EA48ED975A64B8528A70793071194FC7E86E62963730
                                        SHA-512:02C6C996E7FC5DEACF5DB40FCFFCB73D14BFC3898E0438778C7445B0292EAE41165C134ED621E81FB9A3657704325C523CB45D9629FF86280148B371A0416A91
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://apis.google.com/js/api.js?checkCookie=1
                                        Preview:(function(){var aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},ba=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");},ca=ba(this),g=function(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-.1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&aa(c,a,{configurable:!0,writable:!0,value:b})}},h=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regular expression");return a+""};.g("String.prototype.endsWith",function(a){return a?a:function(b,c){var d=h(this
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:downloaded
                                        Size (bytes):16
                                        Entropy (8bit):3.875
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:900914BC560773CAF9E095A8F17F6E37
                                        SHA1:51E0C4C0C0902C50F0D7E7581E0EDB0DCC191D7D
                                        SHA-256:08E437A7674E58F221D4EE6D5742EF2643929FB566511709F988B5EBE4FE4C1E
                                        SHA-512:2B48B170CEEBD6DB978D4DC79710A746903473B7C378FA25D6564AD6F6D2141A080E83C66D79688C35D3146F6DBFE996D3232C7A643F7767B8124C18065DB1C2
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCUMm1IiBWOoFEgUNvYWDDyFSJ1NfyO6QaQ==?alt=proto
                                        Preview:CgkKBw29hYMPGgA=
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (1421)
                                        Category:downloaded
                                        Size (bytes):30521
                                        Entropy (8bit):5.402547433141847
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D67BB76A07A76A29657C7386D09DC1C0
                                        SHA1:A073BFBD8E6218895F1D3F295487AC1AAAA3031B
                                        SHA-256:6A2ED6F2CFB4AACE9DD209707C0A10460550A8919AB94537135F2C127EBAA044
                                        SHA-512:E41DD7B87BA162252766985F1ED0B6DF2066334469DC08C26962B37F4ACDB0B3C16E6BC6EC2E2D4A88077D05E2644B79D98E6A0901D8ABB6EE808F810149EABC
                                        Malicious:false
                                        Reputation:unknown
                                        URL:"https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.hZkiCxWt8d8.O/am=AAYg/d=0/rs=AGEqA5nBJRa0lemACvnigez7EEDHuJdJDw/m=IZT63,vfuNJf,sy45,sy49,sy4b,sy4n,sy4l,sy4m,siKnQd,sy43,sy4a,sy4c,YNjGDd,sy4d,PrPYRd,iFQyKf,hc6Ubd,sy4o,SpsfSb,sy46,sy48,wR5FRb,pXdRYb,dIoSBb,zbML3c"
                                        Preview:"use strict";this.default_vw=this.default_vw||{};(function(_){var window=this;.try{._.A("IZT63");.var c0b=function(){var a=_.Tc("nQyAE",window),c;if((c=_.Tc("TSDtV",window))&&typeof c==="string"){var e=_.Di(_.Fj(c,_.Sja),_.Ej,1,_.xi())[0];if(e){c={};e=_.r(_.Di(e,_.Cj,2,_.xi()));for(var f=e.next();!f.done;f=e.next()){var g=f.value;f=_.K(g,7);switch(_.Ai(g,_.Dj)){case 3:c[f]=_.J(g,_.ti(g,_.Dj,3));break;case 2:c[f]=_.Qi(g,_.ti(g,_.Dj,2));break;case 4:c[f]=_.xja(g,_.ti(g,_.Dj,4));break;case 5:c[f]=_.K(g,_.ti(g,_.Dj,5));break;case 8:switch(g=_.Bi(g,_.Qja,_.ti(g,_.Dj,8)),_.Ai(g,_.Bj)){case 1:c[f]="%.@."+._.K(g,_.ti(g,_.Bj,1)).substring(1)}}}}else c={}}else c={};if(c&&Object.keys(c).length>0)for(e=_.r(Object.keys(c)),f=e.next();!f.done;f=e.next())f=f.value,f in a||(a[f]=c[f]);return a};_.g9=function(){_.rl.call(this)};_.H(_.g9,_.Tm);_.g9.la=_.Tm.la;_.g9.prototype.get=function(a){var c=c0b()[a];return c!==void 0?new _.Gf("nQyAE."+a,c):null};_.g9.prototype.getAll=function(){return(new _.Gf("nQy
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (4578)
                                        Category:downloaded
                                        Size (bytes):119764
                                        Entropy (8bit):5.473408390656179
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:549E8A1CA00FDBF31F4A1B7486B50FE1
                                        SHA1:D6947B9BB835B31092E5898DBC7D3C7B276AB8D9
                                        SHA-256:9B52530624442FDE40F999EB95CFEC42F19433BF12D5CE14017EFBF1FF126009
                                        SHA-512:338B017BB86F6BD72DEB016FAA2E0B8C99C312DDD417051DF4DA77CE0E1DC2C1F5BB5518F7A6E289EC24AE1FEE2AD9097AD783BD0AA1B7C19FA85F9A20F1AE7D
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
                                        Preview:(function(){var m,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");.},u=ca(this),v=function(a,b){if(b)a:{var c=u;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.v("Symbol",function(a){if(a)return a;var b=function(f,g){this.$jscomp$symbol$id_=f;ba(this,"description",{configurable:!0,writable:!0,value:g})};b.prototype.toString=function(){return this.$jscomp$symbol$id_};var c="jscomp_symbol_"+(Math.random
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:Web Open Font Format (Version 2), TrueType, length 36216, version 1.0
                                        Category:downloaded
                                        Size (bytes):36216
                                        Entropy (8bit):7.994185155139824
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:7C702451150C376FF54A34249BCEB819
                                        SHA1:3AB4DC2F57C0FD141456C1CBE24F112ADF3710E2
                                        SHA-256:77D21084014DCB10980C296E583371786B3886F5814D8357127F36F8C6045583
                                        SHA-512:9F1A79E93775DC5BD4AA9749387D5FA8EF55037CCDA425039FE68A5634BB682656A9ED4B6940E15226F370E0111878ECD6EC357D55C4720F97A97E58ECE78D59
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://fonts.gstatic.com/s/googlesans/v62/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
                                        Preview:wOF2.......x......................................\...t...?HVAR...`?STAT..'...B/<.....H..!....0..T.6.$..V. .....:..[.aq.9.zk...R...fpY..5..n5.)$&%x...v..R.....?5A.....0W:55.{..p+\...adD.H.dh......t5..S....T..5.TT.F...lI...h3..T9M0...*c...I...Yu.#.%...o......u....&\.O.zIE..#...)o...5...7.A.@7.Q...Q..i......_5...3............cV.!.|..]6..HLa.a.........s.J...........5..VDC,g..TcY.*....n.....$/.....B..!B.......T...2...."..5..k...........H._)R.Q?.....C.[2.,p. ...[.m..@ri.....[V.U....u.....X.....-......d...YN..a..t...b|3.4.............P.Q......t.....JR.tM.y.......Xf6..5......FV..U#..O....E.A...e@.d............(...q.....Y....Og.w.6..JU...%c.Lw..D....,..|..2...?=.?....I...W.a.'|c.........9.7...@...F.r...". h[.F....Tu...5.V.Z.U..~'......,.~6.#..Pm.%W`.B..1u5..bt...I...t...6.[/....z.D.@.@H..L.E..3......Z*.@./j.D..D..%.....P.....-;kwL6'-.%.!0....VYW.~.......9...93..(..&z%.Q...5.|..`^OJ.i.+.....=..*.h6.....6X8Hm...oi.T5....P....8ehl.l.]U..V...m..IN.K.j..
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (1437)
                                        Category:downloaded
                                        Size (bytes):52004
                                        Entropy (8bit):5.513512299961472
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C5B0E0002B4435C814898C2CCEA60941
                                        SHA1:6F10AEBE95D3AE904363D32DE1EE69A8083489EF
                                        SHA-256:CDB9942DEE9CFB26688D96AE59C1496B6F609407E0894DCBE8471CA0693F6FDD
                                        SHA-512:3E1178789C2FA090D05B6C654F0E78623CF643A9EFF7C3327A881310DF45DF0C7C883E299427E51C54ADAAA725120CFD18BC393EAAE2D9BF122A9E76FBEE7EA9
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.z-CF99wuLeU.O/m=gapi_rpc/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8yJLmK2FeQzRT4hxPn9_NEJo9eCg/cb=gapi.loaded_0?le=scs
                                        Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var aa,ea,la,oa,ya,Ba,Ca;aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.la=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.na=la(this);oa=function(a,b){if(b)a:{var c=_.na;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.oa("Symbol",function(a){if(a)return a;var b
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (1957)
                                        Category:downloaded
                                        Size (bytes):36290
                                        Entropy (8bit):5.6236453260683135
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B15CE369FC8EA01674E20AB092065C99
                                        SHA1:59F499AA3FC30EE236A3BC7442E9592A411FEC60
                                        SHA-256:94EAA97A9912C66BCBAC64B4A3AF9B91CF6422C0173ED1F0B07A21F7829424A4
                                        SHA-512:9E6B8CD7217362EC195AC286D46EB785A82112BE252308DEAC6E3D8C0D7AED29B705D8061ED26F0156583AD241B5B93C07D360529E9EE486909EDE4455182665
                                        Malicious:false
                                        Reputation:unknown
                                        URL:"https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.hZkiCxWt8d8.O/am=AAYg/d=0/rs=AGEqA5nBJRa0lemACvnigez7EEDHuJdJDw/m=sy1m,sy1o,sy1p,sy1n,FoQBg"
                                        Preview:"use strict";this.default_vw=this.default_vw||{};(function(_){var window=this;.try{._.BC=function(){this.blockSize=-1};_.vRa=function(a){for(var c=[],e=0,f=0;f<a.length;f++){var g=a.charCodeAt(f);g<128?c[e++]=g:(g<2048?c[e++]=g>>6|192:((g&64512)==55296&&f+1<a.length&&(a.charCodeAt(f+1)&64512)==56320?(g=65536+((g&1023)<<10)+(a.charCodeAt(++f)&1023),c[e++]=g>>18|240,c[e++]=g>>12&63|128):c[e++]=g>>12|224,c[e++]=g>>6&63|128),c[e++]=g&63|128)}return c};_.CC=function(a,c,e){return _.Un(_.Zn(a,c),c,e)};.}catch(e){_._DumpException(e)}.try{._.DC=function(){};_.DC.prototype.stringify=function(a){return _.p.JSON.stringify(a,void 0)};_.DC.prototype.parse=function(a){return _.p.JSON.parse(a,void 0)};.}catch(e){_._DumpException(e)}.try{.var wRa,EC,FC,xRa,yRa,GC,HC,ERa,FRa,IC,SC;wRa=function(){_.Ig.call(this)};EC=function(a,c){this.F=a;this.H=c;this.B=!0};FC=function(a){var c={};a=a.replace(/\r/g,"").split("\n");for(var e=0;e<a.length;e++){var f=a[e],g=f.indexOf(":");g<0||(c[f.substring(0,g)]=f.subst
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (383)
                                        Category:downloaded
                                        Size (bytes):855
                                        Entropy (8bit):5.401187461325002
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:ECCEDF8DC51EBCD2900A55076782A3FC
                                        SHA1:7F8483473C8936C93F7353DA8619093E902E6008
                                        SHA-256:224367586D2286C9E00ECE435970B7897BA9481F487864EC86D42B3B68342482
                                        SHA-512:9C1039C2B2969A3AA037475877ABD5C298FE6837B5AF062EA8ADEF75A0F658C32F60274CD22CC415C04994A9F6113F19CCB3008FF61450B0C1825AD9009C99DA
                                        Malicious:false
                                        Reputation:unknown
                                        URL:"https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.hZkiCxWt8d8.O/am=AAYg/d=0/rs=AGEqA5nBJRa0lemACvnigez7EEDHuJdJDw/m=sy3l,TRvtze"
                                        Preview:"use strict";this.default_vw=this.default_vw||{};(function(_){var window=this;.try{.var $Mb,ZMb,bNb;$Mb=function(a){return(a=ZMb.exec(a))&&a[1]?a[1]:""};_.aNb=function(a){var c=$Mb(a);return a.substring(c.length)};_.cNb=function(){bNb===void 0&&(bNb=$Mb(location.pathname));return bNb};ZMb=RegExp("^(/prod|/corp|/scary)?/");bNb=void 0;.}catch(e){_._DumpException(e)}.try{._.A("TRvtze");.var q5=function(a){_.rl.call(this);this.B=a.appContext.configuration;this.C=_.Bs()};_.H(q5,_.Tm);q5.la=function(){return{appContext:{configuration:_.Bn},service:{flags:_.tu}}};q5.prototype.F=function(){return _.cNb()};q5.prototype.D=function(){return _.Ds(this.C,"atari-rhpp")?_.Gs(this.C,"atari-rhpp"):_.Hi(this.B.get(),213)?"/_":_.cNb()+"/u/"+this.B.zf().vh()+"/_"};_.Cn(_.XJa,q5);._.C();.}catch(e){_._DumpException(e)}.}).call(this,this.default_vw);.// Google Inc..
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (1572)
                                        Category:downloaded
                                        Size (bytes):49049
                                        Entropy (8bit):5.505538499091125
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C42D2DC991DA600656402AE57030F1E8
                                        SHA1:BC7BC8BD658EB135ACDECAAA1204920F350261D6
                                        SHA-256:0D48785BFA5F2DD9EC652CEE01F068CD7A938A6ACFB15E565ACA05A6E9C3653B
                                        SHA-512:6BBED2DEF3D3AFC9C5B86BE4E4032F9ADC3670346CFC2C2A1464C7479853BD386B7EE2D398470D9F77B1AFED86869DD1CE9E31B95201FA0226FA20F175972645
                                        Malicious:false
                                        Reputation:unknown
                                        URL:"https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:300,400,500,700|Source+Code+Pro:400,700&display=swap"
                                        Preview:/*. * See: https://fonts.google.com/license/googlerestricted. */./* armenian */.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/googlesans/v62/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPiIUvaYr.woff2) format('woff2');. unicode-range: U+0308, U+0530-058F, U+2010, U+2024, U+25CC, U+FB13-FB17;.}./* bengali */.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/googlesans/v62/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPiAUvaYr.woff2) format('woff2');. unicode-range: U+0951-0952, U+0964-0965, U+0980-09FE, U+1CD0, U+1CD2, U+1CD5-1CD6, U+1CD8, U+1CE1, U+1CEA, U+1CED, U+1CF2, U+1CF5-1CF7, U+200C-200D, U+20B9, U+25CC, U+A8F1;.}./* canadian-aboriginal */.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1136)
                                        Category:dropped
                                        Size (bytes):1555
                                        Entropy (8bit):5.249530958699059
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:FBE36EB2EECF1B90451A3A72701E49D2
                                        SHA1:AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D
                                        SHA-256:E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
                                        SHA-512:7B1FD6CF34C26AF2436AF61A1DE16C9DBFB4C43579A9499F4852A7848F873BAC15BEEEA6124CF17F46A9F5DD632162364E0EC120ACA5F65E7C5615FF178A248F
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 400 (Bad Request)!!1</title>. <style>. *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//ww
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, ASCII text, with very long lines (1759)
                                        Category:downloaded
                                        Size (bytes):2223
                                        Entropy (8bit):5.081124136635537
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4FE36A65AF733D58A702E80CDA7A63F7
                                        SHA1:6C4CD770A611B0F5491AF5E1E5FEAD028C3DCB38
                                        SHA-256:3691026B21B883801B6F0F4DF2E35D5C862A4DC92445D48A00FC43147D1C70C8
                                        SHA-512:6B0E04490EDA0A575EC7A518E9272F2F63B32FEF2144F3F3CE891DABF58886FCC8908B59988F34C3F3B327D32B1642D35DB8A8A46868ED11BC4F9DA2AA2BBA2B
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://www.gstatic.com/atari/embeds/83a60601c213b72fb19c1855fb0c5f26/intermediate-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.z-CF99wuLeU.O%2Fd%3D1%2Frs%3DAHpOoo8yJLmK2FeQzRT4hxPn9_NEJo9eCg%2Fm%3D__features__&r=898980013
                                        Preview:<!DOCTYPE html>.<html>.<head>. <style>body,html,iframe{margin:0;padding:0;height:100%;width:100%;overflow:hidden}.forceIosScrolling{overflow:scroll;-webkit-overflow-scrolling:touch}</style>.</head>..<body>.<iframe id='innerFrame' name='innerFrame' sandbox='allow-scripts allow-popups allow-forms allow-same-origin allow-popups-to-escape-sandbox allow-downloads allow-storage-access-by-user-activation' frameborder='0' allowfullscreen>.</iframe>..<script>function loadGapi(){var loaderScript=document.createElement('script');loaderScript.setAttribute('src','https://apis.google.com/js/api.js?checkCookie=1');loaderScript.onload=function(){this.onload=function(){};loadGapiClient();};loaderScript.onreadystatechange=function(){if(this.readyState==='complete'){this.onload();}};(document.head||document.body||document.documentElement).appendChild(loaderScript);}function updateInnerFrame(url,enableInteraction,forceIosScrolling){var urlEl=document.createElement('a');urlEl.setAttribute('href',url);if(u
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (2049)
                                        Category:downloaded
                                        Size (bytes):14461
                                        Entropy (8bit):5.47057198294006
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:460978F5C5481406BDB417F068D24762
                                        SHA1:ECC021BA8D5B5B96103B088869110CFE7B2FA86F
                                        SHA-256:41BB3E3AF671F36E74FB122BB2BB5D316DC650F713893D4F7E92238900CDBA6F
                                        SHA-512:A9367B266B2163FF34C252DF51D20D5976F14A4F130EAFD7AD384DDB7A0B4007A729A1847C4199D99E3522A5A88DDFB838895E13589820F2F1B9693986847BD7
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://apis.google.com/js/client.js?onload=gapiLoaded
                                        Preview:(function(){var aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},ba=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");},ca=ba(this),g=function(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-.1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&aa(c,a,{configurable:!0,writable:!0,value:b})}},h=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regular expression");return a+""};.g("String.prototype.endsWith",function(a){return a?a:function(b,c){var d=h(this
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (570)
                                        Category:downloaded
                                        Size (bytes):717569
                                        Entropy (8bit):5.545964888984937
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9651FA33E60B821BF92EC18D4B773DBC
                                        SHA1:A1D289CEC3F70E3486187EF52BAE27F273F8D7A8
                                        SHA-256:4264498AE90008ECF21A7FFDE6CBF6F01CB6A140D765EF643357F7C7247BF8A4
                                        SHA-512:D3ACF9E7089FCE24AD8ECBC3C8847248BF8F18068585423C4E4ED6BAA87E6D35232C1319FABFA523D71C47634125658FCD11598BE9BEEFAF90F300DBE6725315
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.hZkiCxWt8d8.O/am=AAYg/d=1/rs=AGEqA5nBJRa0lemACvnigez7EEDHuJdJDw/m=view
                                        Preview:"use strict";this.default_vw=this.default_vw||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x200600, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT.*/./*. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC All Rights Reserved... Use of this source code is governed by an MIT-style license that can be. found in the LICENSE file at https://angular.dev/license.*/./*.. Copyright 2019 Google Inc... Permission is hereby granted, free of charge, to any person obtaining a copy. of this software and associated documentation files (the "Software"), to deal. in the Software without restriction, including without limitation the rights. to use, copy, modify, merge,
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (1034)
                                        Category:downloaded
                                        Size (bytes):1485328
                                        Entropy (8bit):5.622596989370258
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0D61C0CB572E636D78CD99C272CCBB5C
                                        SHA1:84D5E8C247C14A0B6C6D79AD905E78173BB38591
                                        SHA-256:2EB35C32E1FDA5A26E92CBE2B791381D1F45A50AB6F3C97261EC396299F7C596
                                        SHA-512:C6BC7193DD18B761ED2761921185F6F209F0C90BC69B924B823D148949245633EF23BF5D1558879840A248BC49A4ADF13DE19493363D3214561ABE46705AF4E4
                                        Malicious:false
                                        Reputation:unknown
                                        URL:"https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.hZkiCxWt8d8.O/am=AAYg/d=0/rs=AGEqA5nBJRa0lemACvnigez7EEDHuJdJDw/m=MpJwZc,n73qwf,A4UTCb,mzzZzc,CHCSlb,qAKInc,sy18,X85Uvc,sy3m,abQiW,W26a5e,hJUyqe,sy1f,sy1a,sy1c,sy1e,sy1h,sy1b,sy1d,sy1g,sy1i,fuVYe,sy14,PVlQOd,NPKaK,sy8,BVgquf,fmklff,TGYpv,KUM7Z,XDKZTc,sy19,qkPXAf,qEW1W,oNFsLb,sy4i,yxTchf,sy4j,sy4k,xQtZb,yf2Bs,sy3,syb,yyxWAc,qddgKe,sy3o,SM1lmd,sya,sy9,sy15,RRzQxe,zZvHmd,sy2,syo,syn,syp,syd,sy2t,sy4,sy1v,sy3a,syc,fNFZH,sy3n,sy24,syq,i16Xfc,sy1r,zJMuOc,RrXLpc,sy1j,sy1q,sy1s,sy1t,tCGzVe,Ej8J2c,odWSx,cgRV2c,sy17,sy2h,o1L5Wb,X4BaPc,vVEdxc,sy27,sy26,sy2b,sy2c,sy22,sy25,sy29,sy2f,sy5,syx,sy1x,sy20,sy2a,syu,sy13,sy23,sy2g,sy2d,sy2l,sye,syt,sy16,sy1k,sy1w,sy21,Ko0sOe,sy2e,UewrFe,sy2j,sy2m,sy2k,sy2n,sy2o,sy2i,sy2q,sy28,sy2p,sy2v,sy34,sys,sy1y,sy2r,sy2u,sy2w,sy2x,sy30,sy31,sy32,sy33,sy36,sy11,sy37,G5ZZUb,sy1z,sy2s,zmwrxd,sy2y,sy2z,sy35,oy3iwb,dBhIIb,sy38,sy39,sy12,Yr1Pcb,LUQjOd,a9i3ec,CmOog,qYIcH,zTt0Rb,ap0X9d,Ik1vNd,NzVYMd,KlZlNb,rj51oe,zAU64c,uUwMBf,zRiL5c,AQnEY,jhxjge,ZV9ZUe,Tc7Qif,heobjb,R4KMEc,KlrXId,l5yG1d,sy3b,sy3c,sy3d,sy3e,sy3f,sy3g,UYjpC,syi,sy1u,Md9ENb,sy1l,CG0Qwb,sy6,VYKRW,RZ9OZ,N0NZx,szRU7e"
                                        Preview:"use strict";this.default_vw=this.default_vw||{};(function(_){var window=this;.try{._.A("MpJwZc");.._.C();.}catch(e){_._DumpException(e)}.try{._.A("n73qwf");.._.C();.}catch(e){_._DumpException(e)}.try{._.A("A4UTCb");.._.C();.}catch(e){_._DumpException(e)}.try{._.A("mzzZzc");.var PNa;_.kB=function(){_.rl.call(this)};_.H(_.kB,_.Tm);_.kB.la=_.Tm.la;PNa=function(a){a=_.je(a,function(c){return _.ie(c)&&(c.id==="yDmH0d"||c.classList.contains("yDmH0d"))});return _.ie(a)?a:null};_.lB=function(a){if(a){var c;return(c=PNa(a))!=null?c:_.ke(a).body}a=document;var e;return(e=a.getElementById("yDmH0d"))!=null?e:a.body};_.Cn(_.io,_.kB);._.C();.}catch(e){_._DumpException(e)}.try{._.A("CHCSlb");._.jB=function(){_.rl.call(this)};_.H(_.jB,_.Tm);_.jB.la=_.Tm.la;_.Cn(_.toa,_.jB);._.C();.}catch(e){_._DumpException(e)}.try{._.A("qAKInc");._.E4=function(a){_.hn.call(this,a.Na);this.B=_.Ug(this.getData("active"),!1);this.C=this.S("vyyg5");this.F=_.bf(_.ef(this).Dc().gb(function(){var c=this.U();this.B?c.Qa("qs
                                        No static file info