Edit tour

Windows Analysis Report
https://yhp1b2pb.r.us-east-1.awstrack.me/L0/https:%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu=https-3A__clicks.aweber.com_y_ct_-3Fl-3D20T4b-26m-3Di5KdL66hTnHZVC9-26b-3D70UUZrQPSuEJP3o-5FsRFMWw%26d=DwMFAw%26c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r=5B1_R__KW843kwBcy22_MQ%26m=iWFlITfTdqAlHl

Overview

General Information

Sample URL:https://yhp1b2pb.r.us-east-1.awstrack.me/L0/https:%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu=https-3A__clicks.aweber.com_y_ct_-3Fl-3D20T4b-26m-3Di5KdL66hTnHZVC9-26b-3D70UUZrQPSuEJP3o-5FsRFMWw%26d=
Analysis ID:1672158
Infos:

Detection

Score:0
Range:0 - 100
Confidence:100%

Signatures

Detected suspicious crossdomain redirect

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 6936 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7160 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,8868318970729611976,3378947645651781648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 5884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://yhp1b2pb.r.us-east-1.awstrack.me/L0/https:%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu=https-3A__clicks.aweber.com_y_ct_-3Fl-3D20T4b-26m-3Di5KdL66hTnHZVC9-26b-3D70UUZrQPSuEJP3o-5FsRFMWw%26d=DwMFAw%26c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r=5B1_R__KW843kwBcy22_MQ%26m=iWFlITfTdqAlHlfy582cvlK7YKhUhnUXugBqmivlvehJJGLthS87aN--t3MkxomM%26s=fJKM5uLhQ8UU_E3zYENggf9UT_yn0JPSThh9XTIoxJE%26e=/1/010001965ee0fd07-52725c71-8e12-46f5-95d1-eeae8dd89ea9-000000/c3IwZT6L-ZyuTWqXQ08M-7hJCWQ=423" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 54.82.149.77:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.82.149.77:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.213.143.44:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.36.205:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 154.0.167.140:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.69.10:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.178.49.206:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.69.10:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.68.238:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.68.238:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 37MB
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: yhp1b2pb.r.us-east-1.awstrack.me to https://urldefense.proofpoint.com/v2/url?u=https-3a__clicks.aweber.com_y_ct_-3fl-3d20t4b-26m-3di5kdl66htnhzvc9-26b-3d70uuzrqpsuejp3o-5fsrfmww&d=dwmfaw&c=eugzstcatdllvimen8b7jxrwqof-v5a_cdpgnvfiimm&r=5b1_r__kw843kwbcy22_mq&m=iwflitftdqalhlfy582cvlk7ykhuhnuxugbqmivlvehjjglths87an--t3mkxomm&s=fjkm5ulhq8uu_e3zyenggf9ut_yn0jpsthh9xtioxje&e=
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: urldefense.proofpoint.com to https://clicks.aweber.com/y/ct/?l=20t4b&m=i5kdl66htnhzvc9&b=70uuzrqpsuejp3o_srfmww
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: clicks.aweber.com to https://cremationauthority.co.za
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknownTCP traffic detected without corresponding DNS query: 84.201.221.40
Source: unknownTCP traffic detected without corresponding DNS query: 84.201.221.40
Source: unknownTCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /L0/https:%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu=https-3A__clicks.aweber.com_y_ct_-3Fl-3D20T4b-26m-3Di5KdL66hTnHZVC9-26b-3D70UUZrQPSuEJP3o-5FsRFMWw%26d=DwMFAw%26c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r=5B1_R__KW843kwBcy22_MQ%26m=iWFlITfTdqAlHlfy582cvlK7YKhUhnUXugBqmivlvehJJGLthS87aN--t3MkxomM%26s=fJKM5uLhQ8UU_E3zYENggf9UT_yn0JPSThh9XTIoxJE%26e=/1/010001965ee0fd07-52725c71-8e12-46f5-95d1-eeae8dd89ea9-000000/c3IwZT6L-ZyuTWqXQ08M-7hJCWQ=423 HTTP/1.1Host: yhp1b2pb.r.us-east-1.awstrack.meConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v2/url?u=https-3A__clicks.aweber.com_y_ct_-3Fl-3D20T4b-26m-3Di5KdL66hTnHZVC9-26b-3D70UUZrQPSuEJP3o-5FsRFMWw&d=DwMFAw&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=5B1_R__KW843kwBcy22_MQ&m=iWFlITfTdqAlHlfy582cvlK7YKhUhnUXugBqmivlvehJJGLthS87aN--t3MkxomM&s=fJKM5uLhQ8UU_E3zYENggf9UT_yn0JPSThh9XTIoxJE&e= HTTP/1.1Host: urldefense.proofpoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /y/ct/?l=20T4b&m=i5KdL66hTnHZVC9&b=70UUZrQPSuEJP3o_sRFMWw HTTP/1.1Host: clicks.aweber.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: cremationauthority.co.zaConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.BY48SQoc80o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-GDP1D38zSeS8hy4T0Ij3IgC1Nkw/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: yhp1b2pb.r.us-east-1.awstrack.me
Source: global trafficDNS traffic detected: DNS query: urldefense.proofpoint.com
Source: global trafficDNS traffic detected: DNS query: clicks.aweber.com
Source: global trafficDNS traffic detected: DNS query: cremationauthority.co.za
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: ogads-pa.clients6.google.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: unknownHTTP traffic detected: POST /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/1.1Host: ogads-pa.clients6.google.comConnection: keep-aliveContent-Length: 67X-Goog-Api-Key: AIzaSyCbsbvGCe7C9mCtdaTycZB2eUFuzsYKG_Esec-ch-ua-platform: "Windows"X-User-Agent: grpc-web-javascript/0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/json+protobufsec-ch-ua-mobile: ?0Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 54.82.149.77:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.82.149.77:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.213.143.44:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.36.205:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 154.0.167.140:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.69.10:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.178.49.206:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.69.10:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.68.238:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.68.238:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: classification engineClassification label: clean0.win@25/8@18/133
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,8868318970729611976,3378947645651781648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://yhp1b2pb.r.us-east-1.awstrack.me/L0/https:%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu=https-3A__clicks.aweber.com_y_ct_-3Fl-3D20T4b-26m-3Di5KdL66hTnHZVC9-26b-3D70UUZrQPSuEJP3o-5FsRFMWw%26d=DwMFAw%26c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r=5B1_R__KW843kwBcy22_MQ%26m=iWFlITfTdqAlHlfy582cvlK7YKhUhnUXugBqmivlvehJJGLthS87aN--t3MkxomM%26s=fJKM5uLhQ8UU_E3zYENggf9UT_yn0JPSThh9XTIoxJE%26e=/1/010001965ee0fd07-52725c71-8e12-46f5-95d1-eeae8dd89ea9-000000/c3IwZT6L-ZyuTWqXQ08M-7hJCWQ=423"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,8868318970729611976,3378947645651781648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection
1
Extra Window Memory Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://yhp1b2pb.r.us-east-1.awstrack.me/L0/https:%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu=https-3A__clicks.aweber.com_y_ct_-3Fl-3D20T4b-26m-3Di5KdL66hTnHZVC9-26b-3D70UUZrQPSuEJP3o-5FsRFMWw%26d=DwMFAw%26c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r=5B1_R__KW843kwBcy22_MQ%26m=iWFlITfTdqAlHlfy582cvlK7YKhUhnUXugBqmivlvehJJGLthS87aN--t3MkxomM%26s=fJKM5uLhQ8UU_E3zYENggf9UT_yn0JPSThh9XTIoxJE%26e=/1/010001965ee0fd07-52725c71-8e12-46f5-95d1-eeae8dd89ea9-000000/c3IwZT6L-ZyuTWqXQ08M-7hJCWQ=4230%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://urldefense.proofpoint.com/v2/url?u=https-3A__clicks.aweber.com_y_ct_-3Fl-3D20T4b-26m-3Di5KdL66hTnHZVC9-26b-3D70UUZrQPSuEJP3o-5FsRFMWw&d=DwMFAw&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=5B1_R__KW843kwBcy22_MQ&m=iWFlITfTdqAlHlfy582cvlK7YKhUhnUXugBqmivlvehJJGLthS87aN--t3MkxomM&s=fJKM5uLhQ8UU_E3zYENggf9UT_yn0JPSThh9XTIoxJE&e=0%Avira URL Cloudsafe
https://clicks.aweber.com/y/ct/?l=20T4b&m=i5KdL66hTnHZVC9&b=70UUZrQPSuEJP3o_sRFMWw0%Avira URL Cloudsafe
https://cremationauthority.co.za/0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
ogads-pa.clients6.google.com
142.250.69.10
truefalse
    high
    plus.l.google.com
    192.178.49.206
    truefalse
      high
      play.google.com
      142.250.68.238
      truefalse
        high
        urldefense.com
        54.213.143.44
        truefalse
          high
          www.google.com
          192.178.49.196
          truefalse
            high
            clicks.aweber.com
            104.18.36.205
            truefalse
              unknown
              baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com
              54.82.149.77
              truefalse
                high
                cremationauthority.co.za
                154.0.167.140
                truefalse
                  unknown
                  yhp1b2pb.r.us-east-1.awstrack.me
                  unknown
                  unknownfalse
                    high
                    urldefense.proofpoint.com
                    unknown
                    unknownfalse
                      high
                      apis.google.com
                      unknown
                      unknownfalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        https://cremationauthority.co.za/false
                        • Avira URL Cloud: safe
                        unknown
                        https://www.google.com/async/ddljson?async=ntp:2false
                          high
                          https://yhp1b2pb.r.us-east-1.awstrack.me/L0/https:%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu=https-3A__clicks.aweber.com_y_ct_-3Fl-3D20T4b-26m-3Di5KdL66hTnHZVC9-26b-3D70UUZrQPSuEJP3o-5FsRFMWw%26d=DwMFAw%26c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r=5B1_R__KW843kwBcy22_MQ%26m=iWFlITfTdqAlHlfy582cvlK7YKhUhnUXugBqmivlvehJJGLthS87aN--t3MkxomM%26s=fJKM5uLhQ8UU_E3zYENggf9UT_yn0JPSThh9XTIoxJE%26e=/1/010001965ee0fd07-52725c71-8e12-46f5-95d1-eeae8dd89ea9-000000/c3IwZT6L-ZyuTWqXQ08M-7hJCWQ=423false
                            unknown
                            https://play.google.com/log?format=json&hasfast=truefalse
                              high
                              https://www.google.com/async/newtab_promosfalse
                                high
                                https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                                  high
                                  https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                                    high
                                    https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncDatafalse
                                      high
                                      https://urldefense.proofpoint.com/v2/url?u=https-3A__clicks.aweber.com_y_ct_-3Fl-3D20T4b-26m-3Di5KdL66hTnHZVC9-26b-3D70UUZrQPSuEJP3o-5FsRFMWw&d=DwMFAw&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=5B1_R__KW843kwBcy22_MQ&m=iWFlITfTdqAlHlfy582cvlK7YKhUhnUXugBqmivlvehJJGLthS87aN--t3MkxomM&s=fJKM5uLhQ8UU_E3zYENggf9UT_yn0JPSThh9XTIoxJE&e=false
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.BY48SQoc80o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-GDP1D38zSeS8hy4T0Ij3IgC1Nkw/cb=gapi.loaded_0false
                                        high
                                        https://clicks.aweber.com/y/ct/?l=20T4b&m=i5KdL66hTnHZVC9&b=70UUZrQPSuEJP3o_sRFMWwfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs
                                        IPDomainCountryFlagASNASN NameMalicious
                                        142.250.69.3
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        104.18.36.205
                                        clicks.aweber.comUnited States
                                        13335CLOUDFLARENETUSfalse
                                        192.178.49.195
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        192.178.49.196
                                        www.google.comUnited States
                                        15169GOOGLEUSfalse
                                        192.178.49.174
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        54.82.149.77
                                        baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.comUnited States
                                        14618AMAZON-AESUSfalse
                                        142.250.69.10
                                        ogads-pa.clients6.google.comUnited States
                                        15169GOOGLEUSfalse
                                        54.213.143.44
                                        urldefense.comUnited States
                                        16509AMAZON-02USfalse
                                        192.178.49.206
                                        plus.l.google.comUnited States
                                        15169GOOGLEUSfalse
                                        142.250.68.238
                                        play.google.comUnited States
                                        15169GOOGLEUSfalse
                                        154.0.167.140
                                        cremationauthority.co.zaSouth Africa
                                        37611AfrihostZAfalse
                                        142.250.101.84
                                        unknownUnited States
                                        15169GOOGLEUSfalse
                                        IP
                                        192.168.2.16
                                        Joe Sandbox version:42.0.0 Malachite
                                        Analysis ID:1672158
                                        Start date and time:2025-04-23 16:30:34 +02:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                        Sample URL:https://yhp1b2pb.r.us-east-1.awstrack.me/L0/https:%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu=https-3A__clicks.aweber.com_y_ct_-3Fl-3D20T4b-26m-3Di5KdL66hTnHZVC9-26b-3D70UUZrQPSuEJP3o-5FsRFMWw%26d=DwMFAw%26c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r=5B1_R__KW843kwBcy22_MQ%26m=iWFlITfTdqAlHlfy582cvlK7YKhUhnUXugBqmivlvehJJGLthS87aN--t3MkxomM%26s=fJKM5uLhQ8UU_E3zYENggf9UT_yn0JPSThh9XTIoxJE%26e=/1/010001965ee0fd07-52725c71-8e12-46f5-95d1-eeae8dd89ea9-000000/c3IwZT6L-ZyuTWqXQ08M-7hJCWQ=423
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:14
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • EGA enabled
                                        Analysis Mode:stream
                                        Analysis stop reason:Timeout
                                        Detection:CLEAN
                                        Classification:clean0.win@25/8@18/133
                                        • Exclude process from analysis (whitelisted): svchost.exe
                                        • Excluded IPs from analysis (whitelisted): 192.178.49.174, 142.250.69.3, 74.125.137.84, 142.250.69.14
                                        • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size getting too big, too many NtOpenFile calls found.
                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                        • VT rate limit hit for: https://yhp1b2pb.r.us-east-1.awstrack.me/L0/https:%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu=https-3A__clicks.aweber.com_y_ct_-3Fl-3D20T4b-26m-3Di5KdL66hTnHZVC9-26b-3D70UUZrQPSuEJP3o-5FsRFMWw%26d=DwMFAw%26c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM%26r=5B1_R__KW843kwBcy22_MQ%26m=iWFlITfTdqAlHlfy582cvlK7YKhUhnUXugBqmivlvehJJGLthS87aN--t3MkxomM%26s=fJKM5uLhQ8UU_E3zYENggf9UT_yn0JPSThh9XTIoxJE%26e=/1/010001965ee0fd07-52725c71-8e12-46f5-95d1-eeae8dd89ea9-000000/c3IwZT6L-ZyuTWqXQ08M-7hJCWQ=423
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (5162), with no line terminators
                                        Category:downloaded
                                        Size (bytes):5162
                                        Entropy (8bit):5.349865760247148
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:70A8F21806E7F1B739937970EBE49A0C
                                        SHA1:6BE9EEBCE438DE91FEB20E6A5458774B327AA9B4
                                        SHA-256:C8B531CFD6E9BE13762E289820F67406331303CD5111A885DE959BF83DD0F5AC
                                        SHA-512:3C055567D0ED53BD30773C0BE475DC7499E44AFB92FB05021029D9A0C1299A470CDD3A8CACCCF798D5345ED627C5836E9DF5955A120FE56BA3624EC76A673270
                                        Malicious:false
                                        Reputation:unknown
                                        URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.otySg2BGXI0.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTukY5mQ0GlhPPn5fPc8KmI2ykL4mw"
                                        Preview:.gb_Q{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ka{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_La{fill:#f9ab00}.gb_H .gb_La{fill:#fdd663}.gb_Ma>.gb_La{fill:#d93025}.gb_H .gb_Ma>.gb_La{fill:#f28b82}.gb_Ma>.gb_Na{fill:white}.gb_Na,.gb_H .gb_Ma>.gb_Na{fill:#202124}.gb_Oa{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text
                                        Category:downloaded
                                        Size (bytes):29
                                        Entropy (8bit):3.9353986674667634
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6FED308183D5DFC421602548615204AF
                                        SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                        SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                        SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://www.google.com/async/newtab_promos
                                        Preview:)]}'.{"update":{"promos":{}}}
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (65531)
                                        Category:downloaded
                                        Size (bytes):130873
                                        Entropy (8bit):5.4369852022498915
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B53ACC651B47FE6709C5D86DFCAF4110
                                        SHA1:1152BA5ECFAA7EA307FE40BCA86504B4E32603FE
                                        SHA-256:40228186D31CB5ACEEAF9244ACFAF2B8B47214864D323528B3A1F3CD2D940BDE
                                        SHA-512:14B98AF344AB7EF0EBB9973EABE6597F01F5BFFF84915AD9EFA891DD4FBC01D2ACC0C65018A016139D16616B1F3A88101AF4C1057E165B1F38F808C95152C9D2
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                        Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_2d gb_Pe gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Qd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Kc gb_Nc gb_R\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (1393)
                                        Category:downloaded
                                        Size (bytes):117306
                                        Entropy (8bit):5.488283024902719
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7E9920E2A23BEFCCFF1FD3120CC50107
                                        SHA1:8DD55D7313E303037335919E4846A634A460B0E1
                                        SHA-256:0DBBF37C2F1DB94948802779B01FA871A7439B06B1BD2D1D80D188C355174426
                                        SHA-512:06544237AAA8679516AECFC039A778441EAB1F5D353729F75E86E68A8E123FD6F672821B6971887FF9D8F8E0EDFF9B0C32E16936BDBBE10461BAB7E855BF8908
                                        Malicious:false
                                        Reputation:unknown
                                        URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.BY48SQoc80o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-GDP1D38zSeS8hy4T0Ij3IgC1Nkw/cb=gapi.loaded_0"
                                        Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var da,ia,la,pa,ta,va,Da,Ea;da=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ia=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.la=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.na=la(this);pa=function(a,b){if(b)a:{var c=_.na;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ia(c,a,{configurable:!0,writable:!0,value:b})}};.pa("Symbol",function(a){if(a)return a;va
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:SVG Scalable Vector Graphics image
                                        Category:downloaded
                                        Size (bytes):1660
                                        Entropy (8bit):4.301517070642596
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:554640F465EB3ED903B543DAE0A1BCAC
                                        SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                        SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                        SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (7533)
                                        Category:downloaded
                                        Size (bytes):7538
                                        Entropy (8bit):5.814234102646949
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2A6A32FC3C9F77954DD9440324B91E1D
                                        SHA1:915C5C66FE60B46AF80B837308E1EEEEA45783E1
                                        SHA-256:D4FCB2EF666CCFC0943C3E7FFBA0D6A67B46618CCF712C0C70028C13A22AD952
                                        SHA-512:D0F39A0A4E85C0311834B6573A0B8FAAFBEDF189162B548B3CB8280221DFBED20C72F730BF5D6D42A5559EEB6E8FBE964E6DBB00A1F71EAAFB5FDCB57904822E
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                                        Preview:)]}'.["",["pga tour zurich classic","bourbon whiskey","aries daily horoscopes","elder scrolls iv oblivion remastered","northern lights aurora borealis forecast","mtg commander banned cards","dow jones stock markets futures","nih grants"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"google:entityinfo":"CgkvbS8wZDg1cWoSHVp1cmljaCBDbGFzc2ljIG9mIE5ldyBPcmxlYW5zMtYNZGF0YTppbWFnZS9wbmc7YmFzZTY0LGlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFEOEFBQUJBQ0FNQUFBQ2E5Vi81QUFBQXdGQk1WRVgvLy8vLy8vNEhOcGlibXJMcTZ1OEFBRmtBQUZVQUFGY0FBRThBQUZQOC9mOEFLNVVBQUZIdTd2TmZYNHZDdzlFd0wyL2UzZWNBQUYxQ1EzNEFBRXdBTTVjQUhvNEFNSmFJa2NIUjBkeTB0TWNBQUdIMTlmZ0FKcE1BSEpBQUk1T2xzTkFBQm90TFM0QTdQSFlBQUVpTWpLdFpXWWpGemVHeXV0VFIxK2xRWjZ0eGhMaGdkcThBRVkyYXBza3JUSjFDV0tGZWNMQU5PNWVKbU1KNWpMc2tSSnF4c01wemM1MVdWWXFBZ0tJTURHVVhGMlloSW1nQUFFS21xTHgwZEpkaDhjZU5BQUFFQ2tsRVFWUklpZTJYVzNlcU9CU0FFN2xwbE1ZZ2x3R0NXaWpXWG1
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text
                                        Category:downloaded
                                        Size (bytes):19
                                        Entropy (8bit):3.6818808028034042
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9FAE2B6737B98261777262B14B586F28
                                        SHA1:79C894898B2CED39335EB0003C18B27AA8C6DDCD
                                        SHA-256:F55F6B26E77DF6647E544AE5B45892DCEA380B7A6D2BFAA1E023EA112CE81E73
                                        SHA-512:29CB8E5462B15488B0C6D5FC1673E273FB47841E9C76A4AA5415CA93CEA31B87052BBA511680F2BC9E6543A29F1BBFBA9D06FCC08F5C65BEB115EE7A9E5EFF36
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://www.google.com/async/ddljson?async=ntp:2
                                        Preview:)]}'.{"ddljson":{}}
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (2482)
                                        Category:downloaded
                                        Size (bytes):176327
                                        Entropy (8bit):5.5565969707006095
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AEBEE30C403AF29456AF831264C68890
                                        SHA1:E74A48808392E661DE0100D352DFADDA32ABF74B
                                        SHA-256:7B01E6BB907E7C889808C3DB0E4A209EDBC4B5F8A5BAC50397E052FBD8D6C3DA
                                        SHA-512:E0DD1F464D9E9AA7454E5835E7F576C4F4D004C897A9DDF287D1ACA92F7432CBBE56A1ADE61487EA6AC3914A13B3C56996B0D76E8EC355B4FD455D06A6723EAE
                                        Malicious:false
                                        Reputation:unknown
                                        URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.d6sk5lZTUDo.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu94ySbRJkyGx4WTPcUc7l7WgmV5g"
                                        Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Pi=function(a){if(4&a)return 2048&a?2048:4096&a?4096:0};_.Qi=class extends _.N{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Ui,Vi,Xi,Yi,aj;_.Ri=function(){return typeof BigInt==="function"};Ui=function(a){const b=a>>>0;_.Si=b;_.Ti=(a-b)/4294967296>>>0};Vi=function(a,b){b=~b;a?a=~a+1:b+=1;return[a,b]};_.Wi=function(a){if(a<0){Ui(-a);const [b,c]=Vi(_.Si,_.Ti);_.Si=b>>>0;_.Ti=c>>>0}else Ui(a)};Xi=function(a){a=String(a);return"0000000".slice(a.length)+a};.Yi=function(a,b){b>>>=0;a>>>=0;if(b<=2097151)var c=""+(4294967296*b+a);else _.Ri()?c=""+(BigInt(b)<<BigInt(32)|BigInt(a)):(c=(a>>>24|b<<8)&16777215,b=b>>16&65535,a=(a&16777215)+c*6777216+b*6710656,c+=b*8147497,b*=2,a>=1E7&&(c+=a/1E7>>>0,a%=1E7),c>=1E7&&(b+=c/1E7>>>0,c%=1E7),c=b+Xi(c)+Xi(a));return c};_.Zi=function(a,b){if(b&2147483648)if(_.Ri())a=""+(BigInt(b|0)<<BigInt(32)|BigInt(a>>>0));else{const [c,d]=Vi(a,b);a="-"+Yi(c,d)}else a=Yi(a,b);return a};._
                                        No static file info