Edit tour

Windows Analysis Report
https://we.tl/t-iuRVoP7Lqq

Overview

General Information

Sample URL:	https://we.tl/t-iuRVoP7Lqq
Analysis ID:	859154
Infos:

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Downloads suspicious files via Chrome

Queries the volume information (name, serial number etc) of a device

Queries disk information (often used to detect virtual machines)

HTML page is missing a favicon

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6604 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://we.tl/t-iuRVoP7Lqq MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 2532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1756,i,6453282371661415794,17440721050513241160,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

Video.UI.exe (PID: 3184 cmdline: "C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca MD5: E2420B3D1808467FF0649AD3751939D9)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Software Vulnerabilities
• Networking
• System Summary
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

Source: https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p7/wp3-hor1/1_yJhQTK/index.html?cacheId=v6hoi_1_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon
Source: https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p7/wp3-hor1/1_yJhQTK/index.html?cacheId=v6hoi_1_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon
Source: https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p7/wp3-hor1/1_yJhQTK/index.html?cacheId=v6hoi_1_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon
Source: https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p7/wp3-hor1/1_yJhQTK/index.html?cacheId=v6hoi_1_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon
Source: https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p7/wp3-hor1/1_yJhQTK/index.html?cacheId=v6hoi_1_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon
Source: https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p7/wp3-hor1/1_yJhQTK/index.html?cacheId=v6hoi_1_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon
Source: https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p5/wp1_fs/1_8qcAGh/index.html?cacheId=jhndd9_2_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon
Source: https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p5/wp1_fs/1_8qcAGh/index.html?cacheId=jhndd9_2_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon
Source: https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p5/wp1_fs/1_8qcAGh/index.html?cacheId=jhndd9_2_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon
Source: https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p5/wp1_fs/1_8qcAGh/index.html?cacheId=jhndd9_2_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon
Source: https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p5/wp1_fs/1_8qcAGh/index.html?cacheId=jhndd9_2_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon
Source: https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p5/wp1_fs/1_8qcAGh/index.html?cacheId=jhndd9_2_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon
Source: https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p5/wp1_fs/1_8qcAGh/index.html?cacheId=jhndd9_2_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon
Source: https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p5/wp1_fs/1_8qcAGh/index.html?cacheId=jhndd9_2_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon
Source: https://backgrounds.wetransfer.net/creator/wepresent-2303/2303-p3/wp1-ver3/1_xzpyqw/index.html?cacheId=kee14p_3_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon
Source: https://backgrounds.wetransfer.net/creator/wepresent-2303/2303-p3/wp1-ver3/1_xzpyqw/index.html?cacheId=kee14p_3_315860471&_origin=https://wetransfer.com	HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 28MB

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

System Summary

Downloads suspicious files via Chrome

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File dump: C:\Users\user\Downloads\wetransfer_foto-per-autogru_2023-05-04_1228.zip (copy)

Jump to dropped file

Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: classification engine

Classification label: sus21.win@29/252@66/393

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://we.tl/t-iuRVoP7Lqq
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://we.tl/t-iuRVoP7Lqq
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1756,i,6453282371661415794,17440721050513241160,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1756,i,6453282371661415794,17440721050513241160,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe "C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\Feedback

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe

File opened: PhysicalDrive2337211200

Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	3 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	21 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

No bigger version

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://we.tl/t-iuRVoP7Lqq	0%	Avira URL Cloud	safe
https://we.tl/t-iuRVoP7Lqq	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
sp-20200324121949090600000008-54648268.eu-west-1.elb.amazonaws.com	54.72.9.226	true	false	high
eu01.in.treasuredata.com	52.57.15.29	true	false	high
beacons-handoff.gcp.gvt2.com	142.251.143.35	true	false	unknown
backgrounds.wetransfer.net	65.9.66.98	true	false	high
adservice.google.com	142.250.186.130	true	false	high
platform.twitter.map.fastly.net	146.75.116.157	true	false	unknown
stats.g.doubleclick.net	173.194.76.155	true	false	high
assets.wetransfer.net	13.32.27.120	true	false	high
scontent.xx.fbcdn.net	157.240.20.19	true	false	high
t.co	104.244.42.197	true	false	high
cdnjs.cloudflare.com	104.17.24.14	true	false	high
www.google.com	142.250.184.196	true	false	high
amplitude.map.fastly.net	151.101.130.132	true	false	unknown
cdn.brandmetrics.com	104.26.12.18	true	false	unknown
rum.browser-intake-datadoghq.eu	34.149.169.145	true	false	unknown
star-mini.c10r.facebook.com	157.240.9.35	true	false	high
lebowski.wetransfer.com	34.248.62.113	true	false	high
pagead46.l.doubleclick.net	172.217.23.98	true	false	high
we.tl	18.66.147.20	true	false	unknown
accounts.google.com	142.250.185.141	true	false	high
s.twitter.com	104.244.42.67	true	false	high
ad.doubleclick.net	172.217.16.134	true	false	high
cdn.treasuredata.com	13.227.219.59	true	false	high
tag.wetransfer.com	216.239.36.21	true	false	high
dna8twue3dlxq.cloudfront.net	13.32.121.58	true	false	high
beacons.gvt2.com	142.250.180.67	true	false	unknown
prod-cdn.wetransfer.net	108.138.7.50	true	false	high
download.wetransfer.com	18.66.112.115	true	false	high
dualstack.reddit.map.fastly.net	151.101.65.140	true	false	unknown
wtplus.wetransfer.com	52.212.188.17	true	false	high
prod.pinterest.global.map.fastly.net	151.101.0.84	true	false	unknown
e-prod-alb-s005-01-us-east-1.adzerk.net	44.199.105.175	true	false	unknown
googleads.g.doubleclick.net	142.250.184.226	true	false	high
reddit.map.fastly.net	151.101.1.140	true	false	unknown
api.amplitude.com	35.83.77.58	true	false	high
donny.wetransfer.com	52.18.110.193	true	false	high
dualstack.pinterest.map.fastly.net	146.75.116.84	true	false	unknown
d1ni990a184w7d.cloudfront.net	13.224.189.46	true	false	high
www.google.co.uk	142.250.185.67	true	false	unknown
ekstrom.wetransfer.net	54.171.137.169	true	false	high
wetransfer.com	63.34.85.232	true	false	high
auth-session-caching.wetransfer.net	54.171.137.169	true	false	high
e2cs06.gcp.gvt2.com	34.93.15.64	true	false	unknown
clients.l.google.com	142.250.186.110	true	false	high
nolan.wetransfer.net	13.224.189.11	true	false	high
s3-3-w.amazonaws.com	52.218.98.162	true	false	high
alb.reddit.com	unknown	unknown	false	high
static.ads-twitter.com	unknown	unknown	false	unknown
snowplow.wetransfer.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
cdn.linkedin.oribi.io	unknown	unknown	false	high
wetransferbackgrounds-eu.s3.amazonaws.com	unknown	unknown	false	high
www.redditstatic.com	unknown	unknown	false	high
connect.facebook.net	unknown	unknown	false	high
px.ads.linkedin.com	unknown	unknown	false	high
api.lab.amplitude.com	unknown	unknown	false	high
beacons.gcp.gvt2.com	unknown	unknown	false	unknown
ct.pinterest.com	unknown	unknown	false	high
adservice.google.co.uk	unknown	unknown	false	unknown
www.facebook.com	unknown	unknown	false	high
www.linkedin.com	unknown	unknown	false	high
public.profitwell.com	unknown	unknown	false	high
collector.brandmetrics.com	unknown	unknown	false	unknown
analytics.twitter.com	unknown	unknown	false	high
snap.licdn.com	unknown	unknown	false	high
s.pinimg.com	unknown	unknown	false	high
e-10220.adzerk.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p5/wp1_fs/1_8qcAGh/index.html?cacheId=jhndd9_2_315860471&_origin=https://wetransfer.com	false	high
https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p7/wp3-hor1/1_yJhQTK/index.html?cacheId=v6hoi_1_315860471&_origin=https://wetransfer.com	false	high
https://wetransfer.com/downloads/726506da39d5a7f278be2aabb6def73f20230504122816/8d7031	false	high
https://backgrounds.wetransfer.net/creator/wepresent-2303/2303-p3/wp1-ver3/1_xzpyqw/index.html?cacheId=kee14p_3_315860471&_origin=https://wetransfer.com	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.16.134	ad.doubleclick.net	United States	15169	GOOGLEUS	false
151.101.0.84	prod.pinterest.global.map.fastly.net	United States	54113	FASTLYUS	false
65.9.66.18	unknown	United States	16509	AMAZON-02US	false
173.194.76.155	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
204.79.197.200	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.130.132	amplitude.map.fastly.net	United States	54113	FASTLYUS	false
35.83.77.58	api.amplitude.com	United States	237	MERIT-AS-14US	false
52.18.110.193	donny.wetransfer.com	United States	16509	AMAZON-02US	false
18.66.112.59	unknown	United States	3	MIT-GATEWAYSUS	false
13.224.189.11	nolan.wetransfer.net	United States	16509	AMAZON-02US	false
20.50.2.28	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.141	accounts.google.com	United States	15169	GOOGLEUS	false
151.101.65.140	dualstack.reddit.map.fastly.net	United States	54113	FASTLYUS	false
216.239.36.21	tag.wetransfer.com	United States	15169	GOOGLEUS	false
142.250.186.110	clients.l.google.com	United States	15169	GOOGLEUS	false
142.250.184.226	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false
65.9.66.98	backgrounds.wetransfer.net	United States	16509	AMAZON-02US	false
146.75.116.84	dualstack.pinterest.map.fastly.net	Sweden	30051	SCCGOVUS	false
52.109.52.148	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.67	www.google.co.uk	United States	15169	GOOGLEUS	false
13.32.27.84	unknown	United States	7018	ATT-INTERNET4US	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
13.224.189.46	d1ni990a184w7d.cloudfront.net	United States	16509	AMAZON-02US	false
52.218.106.154	unknown	United States	16509	AMAZON-02US	false
104.26.12.18	cdn.brandmetrics.com	United States	13335	CLOUDFLARENETUS	false
13.107.42.14	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
157.240.20.19	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
52.109.8.44	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	unknown	United States	15169	GOOGLEUS	false
142.250.180.67	beacons.gvt2.com	United States	15169	GOOGLEUS	false
172.217.16.195	unknown	United States	15169	GOOGLEUS	false
142.250.186.104	unknown	United States	15169	GOOGLEUS	false
34.149.169.145	rum.browser-intake-datadoghq.eu	United States	2686	ATGS-MMD-ASUS	false
108.128.95.242	unknown	United States	16509	AMAZON-02US	false
142.250.185.78	unknown	United States	15169	GOOGLEUS	false
146.75.116.157	platform.twitter.map.fastly.net	Sweden	30051	SCCGOVUS	false
54.72.9.226	sp-20200324121949090600000008-54648268.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
18.66.147.20	we.tl	United States	3	MIT-GATEWAYSUS	false
157.240.9.35	star-mini.c10r.facebook.com	United States	32934	FACEBOOKUS	false
142.250.186.130	adservice.google.com	United States	15169	GOOGLEUS	false
63.34.85.232	wetransfer.com	United States	16509	AMAZON-02US	false
172.217.23.98	pagead46.l.doubleclick.net	United States	15169	GOOGLEUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
34.248.62.113	lebowski.wetransfer.com	United States	16509	AMAZON-02US	false
104.244.42.67	s.twitter.com	United States	13414	TWITTERUS	false
52.57.15.29	eu01.in.treasuredata.com	United States	16509	AMAZON-02US	false
104.244.42.197	t.co	United States	13414	TWITTERUS	false
54.171.137.169	ekstrom.wetransfer.net	United States	16509	AMAZON-02US	false
151.101.1.140	reddit.map.fastly.net	United States	54113	FASTLYUS	false
2.19.126.135	unknown	European Union	16625	AKAMAI-ASUS	false
44.199.105.175	e-prod-alb-s005-01-us-east-1.adzerk.net	United States	14618	AMAZON-AESUS	false
34.93.15.64	e2cs06.gcp.gvt2.com	United States	15169	GOOGLEUS	false
142.250.181.227	unknown	United States	15169	GOOGLEUS	false
52.16.160.138	unknown	United States	16509	AMAZON-02US	false
13.32.121.58	dna8twue3dlxq.cloudfront.net	United States	16509	AMAZON-02US	false
142.251.143.35	beacons-handoff.gcp.gvt2.com	United States	15169	GOOGLEUS	false
108.138.7.50	prod-cdn.wetransfer.net	United States	16509	AMAZON-02US	false
192.229.221.95	unknown	United States	15133	EDGECASTUS	false
3.248.140.51	unknown	United States	16509	AMAZON-02US	false
13.227.219.59	cdn.treasuredata.com	United States	16509	AMAZON-02US	false
142.250.185.98	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
192.168.2.5
127.0.0.1

General Information

Joe Sandbox Version:	37.1.0 Beryl
Analysis ID:	859154
Start date and time:	2023-05-04 15:42:09 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://we.tl/t-iuRVoP7Lqq
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	1
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus21.win@29/252@66/393

Warnings

Exclude process from analysis (whitelisted): rundll32.exe
Excluded IPs from analysis (whitelisted): 20.114.59.183, 172.217.16.195, 34.104.35.123, 142.250.186.104, 142.250.185.78
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, login.live.com, slscr.update.microsoft.com, www.googletagmanager.com, sls.update.microsoft.com, clientservices.googleapis.com, glb.sls.prod.dcat.dsp.trafficmanager.net, www.google-analytics.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Created / dropped Files

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x2a7ffc07, page size 8192, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	3670016
Entropy (8bit):	0.14614297112684116
Encrypted:	false
SSDEEP:
MD5:	155A23A360E0DB812F79CEED90484E66
SHA1:	82F3EAAA2D849957A2C01C2F9D946642C3537E3A
SHA-256:	CA435ACB85A79BD3C104357557B6A932C94FA5A0E66EB45817A7E58D41C20690
SHA-512:	1D3C50D3D8449F5E2E217D0F80A98E4B2B77EFB819872291A8558FFB67036076CA64DC264FAB94B9AB52A4FC8CEA2EC1DCD612B7BD6F58AAA53A6ACC6F593B50
Malicious:	false
Reputation:	low
Preview:	...... .................5+...{g.....................................5+...{..h............................<.t5+...{I..........................................................................................................G........... ...................................................................................................... .......5+...{I........................................................................................................................................................................................................................................6+...{...................,.6+...{a.........................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.09280392523056812
Encrypted:	false
SSDEEP:
MD5:	EDCE69900B12CF32EA616AB0288D28B6
SHA1:	5DEC44D62E9D760E0ED4337E99960CB1222D25A8
SHA-256:	4A2FD101262A7C2FC442F058813FD1EA6267BB0A17C763793307FC7D5118371A
SHA-512:	044B511371695E86E9263997B991E44A9759FF03A5024DADF5BDD25673B2CE8B0AE61F25197D30EA51117FA5CA50B1084AD0EFD2E1B3682879033BA4614E4CD5
Malicious:	false
Reputation:	low
Preview:	..5.....................................5+...{g.5+...{g.................6+...{a..........r.5+...{....................,.6+...{a.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.6280114202048004
Encrypted:	false
SSDEEP:
MD5:	B75E7E84B3320A933B44616EBDBCE477
SHA1:	C59B41C78F11F249F1BC00F7E75E75230BF74DDE
SHA-256:	DCC7193473CCDE58766615D8E747AEF7632CD55DF6E05477AAEF4488257103C5
SHA-512:	DD2EC6862C3244752C38CB8BE46FB8D50B018E56871737C18888ACE1039DA9E3ED17544B69CDCB47DAEDAEEC26B8FBD561D412A57F9456D952C21AE6DD54D256
Malicious:	false
Reputation:	low
Preview:	.J..................<.t5+...{I.................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\.............................................................................................................................................................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\..............................................................................................................................................................0u..,.....................5w.................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	data
Category:	dropped
Size (bytes):	2097152
Entropy (8bit):	0.6771214745782658
Encrypted:	false
SSDEEP:
MD5:	698569BED0CFB042D6B32DCB8F97ED51
SHA1:	5A07C013DA68C237609339B60C374693C2CB31DF
SHA-256:	1BDDCE0597838FD9C56D98BCAADB9C3BFE29AC8A7B3C9B898C4B14EDCAA6FB4C
SHA-512:	D036851B48FC6DC6E715E7F0EA60EE04C49562FB178DC290052EA1A78EE6803B64D7A4D291CC89BF5F1CB656A79F167B8F1A3237454A995C0EAC40CC307D57F5
Malicious:	false
Reputation:	low
Preview:	`D-............ 5+...{I......................<.t5+...{I.................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\.............................................................................................................................................................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\..............................................................................................................................................................0u..,.....................5w.......................................#.................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	data
Category:	dropped
Size (bytes):	2097152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	B2D1236C286A3C0704224FE4105ECA49
SHA1:	7D76D48D64D7AC5411D714A4BB83F37E3E5B8DF6
SHA-256:	5647F05EC18958947D32874EEB788FA396A05D0BAB7C1B71F112CEB7E9B31EEE
SHA-512:	731859029215873FDAC1C9F2F8BD25A334ABF0F3A9E1B057CF2CACC2826D86B0C26A3FA920A936421401C0471F38857CB53BA905489EA46B185209FDFF65B3B6
Malicious:	false
Reputation:	low
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0xb1ea449c, page size 8192, JustCreated, Windows version 0.0
Category:	dropped
Size (bytes):	262144
Entropy (8bit):	0.024020396336419985
Encrypted:	false
SSDEEP:
MD5:	F7F50B5EB8E216B94C5AA28CCDC766E1
SHA1:	959D5823959F39AADB15DF5C67C12E43EFBB2C5E
SHA-256:	6AD39F15B2B4092901753DE3B2100D699D978B3B862D81F2F28E3DDEF0515010
SHA-512:	DDB9F96ACAEC2C125CCE5EE8C08C0F2AE91EB755E6FA5870FA7D5F2D9D9E0BA398DB23A99536430EACFCDFE02636B3F2C5C711B4D0F58CA03632604733F93C92
Malicious:	false
Reputation:	low
Preview:	..D.... .......@.........?g6+...{........................................................................................................................................................................................................... ...................................................................................................... ...................................................................................................................................................................................................................................................Y.{.6+...{......................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	1.3805332357965496
Encrypted:	false
SSDEEP:
MD5:	3864736EC97566B63B9FBE9CC30B9B16
SHA1:	5F617B279382652769AE5B85A919BCF6B7B1A66D
SHA-256:	D6E41F163380A57F35B470D1CF853D856F08077197C2622C083A4114679DFCD0
SHA-512:	583A6EA084454C1C769CCCA03B452DCF812C8289D9BA3FD01394D95B269C3CED7E4488CC19B14126D67E67F550F4DE699CFF7A784883E47E9FFEC11A9AB79668
Malicious:	false
Reputation:	low
Preview:	regf........b.Q.7.................. ...........y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtm...w.~...............................................................................................................................................................................................................................................................................................................................................~..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.LOG1

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18111.17311.0_x64__8wekyb3d8bbwe\Video.UI.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	1.4184302470040488
Encrypted:	false
SSDEEP:
MD5:	EA4C0736E5D0D63BAC782993F9524ED4
SHA1:	A8157C96527DBC47318FA33438501159AE7BBFBF
SHA-256:	C31E2211D8AB101F4BC883C87C7F4D6BECFB598C026CE33A535024B77AA29965
SHA-512:	B469AF3DB49CCCDD265D091AE220A99278C22382E6E5C123BB58B8882FB7ADA6E0232CB22F01AC22508E862B73EA46BE41DD7898B26DBE7E3C115B4A51A73A70
Malicious:	false
Reputation:	low
Preview:	regf........b.Q.7.................. ...........y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtm...w.~...............................................................................................................................................................................................................................................................................................................................................~..HvLE.....................@.&.Z...#.N.I..........hbin................b.Q.7..........nk,.T...7..................................x...............................Test....p...sk..h...h.......t.......H...X.............4.........?.......................?....................... ... ...............YQ..fr]%dc;.............nk .eQ7w.~..................................h...............................Configuration...p...sk..x...x.......t.......H...X.............4.........?.......................

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Download File

File Type:	data
Category:	dropped
Size (bytes):	37312
Entropy (8bit):	4.6797316455244395
Encrypted:	false
SSDEEP:
MD5:	36571EE24B8CB32766D45AACB5DF40F9
SHA1:	92585B9F4F885D905709ECD3CDF9DEFFC37F6BB0
SHA-256:	198A31F279FB7E24696D4DBCC9B2256E0A6C701A6E0257375E2534ED6E3C3172
SHA-512:	03D58A6B0B2D9A9BD9D3409083C77D7EFD196B4A996ED590D8229CA70F62C27B3DEE17BC90292DA431D4D0D5FD75145BD6594CF3EC223D061403CE255920E60C
Malicious:	false
Reputation:	low
Preview:	.A...AAAAAAA...AAAAA.5&A&AJA.ALAAAAAAAAAAA.AGA.A.b.A%A.A...6.AqA.^bA...A..bA5..A...A6#tA.!bA.SAA.AbA.S.A.6.AA..A...Ab.&A6.b.!.#A.d.A..A..bAb~.A.n.6.~.A...6!~LA..An~.A..bA.~HA...S.cA.t.A..A.].A,.EA...6..A...6Y.A.bA..A...AAA.AtA.A.......n............A..LAAAAAAA..nA.AAA6#.A&AAA.#.AAAAA..bAAAAAb.bAAAAA...AAAAA.A.AAAe..6.AAA.A.AYApA:A.A.A.A.A.AxA.A.A.A.A,A.A.A.AYApA:A.A.A.A6.AAA6!AAA.AtA.ABA[A.A.................................h..........A...AAAAAAA...AAAAA.5.A.A.A.ALAAAAAAAAAAA.6#.tA.ntA...A...6..LA..bA...A...A6#.A...A.#.A...6L#.A.dbA...A.bbAb..A...A...A6!.A.HA...6e.`A.]bA.w.A..bA.w#A...6~w.A..bA9S.A..tA#ScA.tbA;S.A..A8SqA..A.S&A.^bA.SAA.AbA.S.A.6bA...A...AAA.AtA.A.......u.#.R........+A..LAAAAAAA..nA.AAA6#.A&AAA..bAAAAAb.bAAAAA...AAAAA.A.AJA.A.A.ALA.A.A.A.AbAAA.AtA.A+A..........................V..}m.9*.............AAAAAAA...A&AAA...A.A.A.ALAAAA6AAAAAA.AGA.A.b.A.AMA..A~A(A.?bA...A..bA5..A...A6#tA.!.A.#.A.]bA...A..bA6&.A.1bA.SAA.AbA.S.A.6.AA..A...Ab..A6.b.!.#A.d.A..A..bAf..A

C:\Users\user\Downloads\49206d13-d691-46f1-bae6-074f71bdb66a.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	13654
Entropy (8bit):	7.674751868246122
Encrypted:	false
SSDEEP:
MD5:	287C80A446E2C4593CBECCE06D3F765A
SHA1:	77E965F4BFC0F1A6EFD808A7B3D034B3C1DAAA99
SHA-256:	49A391DEA2CD2B10F0CFB67C60613EF575A7D80519EF1EF277225BEBE00FC01E
SHA-512:	2C0B0AA3B765DCA345B059D2D1551B5AAC5C3D13DC24709DAB7829D0579DD5C1B7758AE0A01A59F8D61F6E5DF8572DA7BA9AC555E807E75076256DD7CA7C9651
Malicious:	false
Reputation:	low
Preview:	PK.........c.VL.9D............Foto per autogru/1.jpgUT.....Sd......JFIF.............C................"...... ."2,441,0/7>OC7:K;/0E^FKRTYYY5Bah`VgOWYU...C.......(..(U909UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU......@....".......................................L........................!.1A."Qaq.2....#BR...b..3r.$CS...4cs....%5D.T...E...............................,......................!.1AQ.."a.2qB#R..C..............?......?.4o'.QK...g....Rn.#o.K.z..F...r.r$Q.J.>.G.O...~B./.....8.!Z.........(.)i)h.(....(.(....(.(....(.(......(....ZJ..)h.(....(.(......(....(.(.....(.(......(...........))i(.CJi..RR.P.QE.E...m..y../7gc#gy[B......6.m.0=..+.....C..L.Z.zg.....ZA#=GJnI....T:........vV.g.w..[(.I.....U..G 0)..-.QE..E.PG..4.....=...W.(?..O.B{...~..c..)=)...Zu.E.P.QK@.R.P.QE.E-..E.P.QE.E.P%.Q@RR.P.QE.E.P%.Q@QE...Q@QE...Q@QE..%-%.E.P.QE@QE-.E.U.-.P.QK@.R.@.R.P...P.....2I.f.......x...J.g.......4.a.B.n-p ....t~o3.[\:.;(.....Q.l....F....U.*...b.".R.I.F.A........M>..d#..

C:\Users\user\Downloads\wetransfer_foto-per-autogru_2023-05-04_1228.zip (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	32599523
Entropy (8bit):	7.9991377711401785
Encrypted:	true
SSDEEP:
MD5:	D4EB85E582B9B9D14F04F1ABCC5EF26F
SHA1:	423F05F3C636457644744D3C7474075B8EEF7D90
SHA-256:	1E70D461EF7E17B2C92BD765F51869F84CF8AF39D1FF280D8F32BB4BED7C19E2
SHA-512:	153354DE09B6A2191FB626225A2881309AF44E14B562A54FAB263181BAEA935D397C771C7E690E14AA597835894EBB1860C22ADA5E8F1E1748FA87EC982864F9
Malicious:	true
Reputation:	low
Preview:	PK.........c.VL.9D............Foto per autogru/1.jpgUT.....Sd......JFIF.............C................"...... ."2,441,0/7>OC7:K;/0E^FKRTYYY5Bah`VgOWYU...C.......(..(U909UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU......@....".......................................L........................!.1A."Qaq.2....#BR...b..3r.$CS...4cs....%5D.T...E...............................,......................!.1AQ.."a.2qB#R..C..............?......?.4o'.QK...g....Rn.#o.K.z..F...r.r$Q.J.>.G.O...~B./.....8.!Z.........(.)i)h.(....(.(....(.(....(.(......(....ZJ..)h.(....(.(......(....(.(.....(.(......(...........))i(.CJi..RR.P.QE.E...m..y../7gc#gy[B......6.m.0=..+.....C..L.Z.zg.....ZA#=GJnI....T:........vV.g.w..[(.I.....U..G 0)..-.QE..E.PG..4.....=...W.(?..O.B{...~..c..)=)...Zu.E.P.QK@.R.P.QE.E-..E.P.QE.E.P%.Q@RR.P.QE.E.P%.Q@QE...Q@QE...Q@QE..%-%.E.P.QE@QE-.E.U.-.P.QK@.R.@.R.P...P.....2I.f.......x...J.g.......4.a.B.n-p ....t~o3.[\:.;(.....Q.l....F....U.*...b.".R.I.F.A........M>..d#..

C:\Users\user\Downloads\wetransfer_foto-per-autogru_2023-05-04_1228.zip.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	32599523
Entropy (8bit):	7.9991377711401785
Encrypted:	true
SSDEEP:
MD5:	D4EB85E582B9B9D14F04F1ABCC5EF26F
SHA1:	423F05F3C636457644744D3C7474075B8EEF7D90
SHA-256:	1E70D461EF7E17B2C92BD765F51869F84CF8AF39D1FF280D8F32BB4BED7C19E2
SHA-512:	153354DE09B6A2191FB626225A2881309AF44E14B562A54FAB263181BAEA935D397C771C7E690E14AA597835894EBB1860C22ADA5E8F1E1748FA87EC982864F9
Malicious:	false
Reputation:	low
Preview:	PK.........c.VL.9D............Foto per autogru/1.jpgUT.....Sd......JFIF.............C................"...... ."2,441,0/7>OC7:K;/0E^FKRTYYY5Bah`VgOWYU...C.......(..(U909UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU......@....".......................................L........................!.1A."Qaq.2....#BR...b..3r.$CS...4cs....%5D.T...E...............................,......................!.1AQ.."a.2qB#R..C..............?......?.4o'.QK...g....Rn.#o.K.z..F...r.r$Q.J.>.G.O...~B./.....8.!Z.........(.)i)h.(....(.(....(.(....(.(......(....ZJ..)h.(....(.(......(....(.(.....(.(......(...........))i(.CJi..RR.P.QE.E...m..y../7gc#gy[B......6.m.0=..+.....C..L.Z.zg.....ZA#=GJnI....T:........vV.g.w..[(.I.....U..G 0)..-.QE..E.PG..4.....=...W.(?..O.B{...~..c..)=)...Zu.E.P.QK@.R.P.QE.E-..E.P.QE.E.P%.Q@RR.P.QE.E.P%.Q@QE...Q@QE...Q@QE..%-%.E.P.QE@QE-.E.U.-.P.QK@.R.@.R.P...P.....2I.f.......x...J.g.......4.a.B.n-p ....t~o3.[\:.;(.....Q.l....F....U.*...b.".R.I.F.A........M>..d#..

Chrome Cache Entry: 206

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 23348
Category:	downloaded
Size (bytes):	7356
Entropy (8bit):	7.9775932975858925
Encrypted:	false
SSDEEP:
MD5:	03D5DB9DFD00A5719BB4C9261E6FA1BB
SHA1:	BE9899225F59B4D3EF6FEFCF0E66B72568353A94
SHA-256:	E90F19642062E4311B58EDE732592E8F29B7799661086A0BBFC68E259FD81398
SHA-512:	3237EA1A80C3683122433BCA90BC624C3BD16CEF30E7F6B9A82288ACCE16B04601CA497FED43ADCD30023EF403F29D63E776928BBA9E2B17383F710DF5A1CCF0
Malicious:	false
Reputation:	low
URL:	https://www.redditstatic.com/ads/pixel.js
Preview:	...........;.s....V..$3...-.M..1/.:...r..,...HD.q...._.\|H#.;...~....t...t..t..... .+.NIHR.).Dz@&.S0.w.`.[....q.s4I.9N....... ..h.p.Z.....8.x.t.n \|%a+.C....J/..X.:n.Fie..~e...9..C..5....Jgq.PqM/.]\uo.{..........w......<...(N..i.i....#.s.s}i.....c.IH.......:66dI..1...j.I"7.X.....5........p..ZA.fDz..nIQ6..e..B..\/DL.M.GQJ&..F.c.;N:...q2....?....G6....Mgd...l@}a...)u....^j.2D.S.H.d...O.'Y.:..O.e......!.....p5.K.f....<mHg<.....}.&.a0.5..R..v..7..O..4._....u/I.UAf...}.......Cx.GK......A...*24...8....vU.H..%+`...\...t...........(..`C0. uG.b.C.a...G.....g.XU..Sd"..!H..!L{9h...-....KwAa.B.7..V.....T......F.e.Z...8...djJ../.A...QX.P^........m6.s...8v....}.cI.TT....].........~..~...a@I...#..d.n.." m.\[>%.1.f.R...3..0.F.L......[..-...R}.......L\|F.a.d .PX.....q..'...........!.ODd....BX7E...x......4...4w.....V..;u..'^;......$.2..yB+(.Vq.......k.n(5RsT.L.....r`({U.pE....Nv..U..8n...m.....7.$..w...k..9.G...i....;...7.k.3...9.,......u......h....N...{.

Chrome Cache Entry: 207

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6347), with no line terminators
Category:	downloaded
Size (bytes):	6347
Entropy (8bit):	5.423848132285298
Encrypted:	false
SSDEEP:
MD5:	5F60A876D7EA3518932515DC1A1FBE4B
SHA1:	8DA68072E65180364AC7B5A049FDC69BD80755F6
SHA-256:	521CF4E4F673C39B359233B99396B9DCD8231D63AF940E75DF219FB91598E5EF
SHA-512:	0EEE298A7FDEC629CA0C0DF9805EAB102FD0381DA753A789D227FF2463A76BB44507B52159B366082867D3959655ECBE716AA417D422B90F354DB5ADF31773D7
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/esm/runtime~application-89c12731ffa2fd29b3e7.es6.js
Preview:	!function(e){function t(t){for(var a,n,d=t[0],f=t[1],s=t[2],i=0,p=[];i<d.length;i++)n=d[i],Object.prototype.hasOwnProperty.call(o,n)&&o[n]&&p.push(o[n][0]),o[n]=0;for(a in f)Object.prototype.hasOwnProperty.call(f,a)&&(e[a]=f[a]);for(u&&u(t);p.length;)p.shift()();return c.push.apply(c,s\|\|[]),r()}function r(){for(var e,t=0;t<c.length;t++){for(var r=c[t],a=!0,n=1;n<r.length;n++){var f=r[n];0!==o[f]&&(a=!1)}a&&(c.splice(t--,1),e=d(d.s=r[0]))}return e}var a={},n={37:0},o={37:0},c=[];function d(t){if(a[t])return a[t].exports;var r=a[t]={i:t,l:!1,exports:{}};return e[t].call(r.exports,r,r.exports,d),r.l=!0,r.exports}d.e=function(e){var t=[];n[e]?t.push(n[e]):0!==n[e]&&{1:1,2:1,3:1,4:1,5:1,6:1,7:1,8:1,9:1,15:1,28:1,29:1,31:1,34:1,35:1,36:1,54:1,55:1,56:1,57:1,58:1,60:1}[e]&&t.push(n[e]=new Promise((function(t,r){for(var a="css/"+({1:"complete-order~payment-methods~payment-update~sign-up~upgrade",2:"transfer-detail~transfer-list~transfer-progress-upsell",3:"payment-methods",4:"profile",5:"sign-

Chrome Cache Entry: 209

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (397), with no line terminators
Category:	downloaded
Size (bytes):	397
Entropy (8bit):	4.5619940819192015
Encrypted:	false
SSDEEP:
MD5:	9C9108D9564ED9341A5819377A9BD363
SHA1:	B5DFA35170CB7F40DD649B84C0654FEA8FB9EE11
SHA-256:	11E7B184DFC24ACF9D5C4B763E5B49E95E81E159B34FA30CD6F5EB9C5A037EF5
SHA-512:	55ACCD6F6E59AF5A3FACDA82CC43F29B7C57D724FEFDECE8A7518A6122DC35E6ABF47988D8179288093A2AD6EE18097E3C2DC8D6A71B44889E37EAC2246E613A
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/esm/62-2470b4c3dbb9a4069e73.es6.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[62],{1270:function(n,o){},1272:function(n,o){},1273:function(n,o){},1689:function(n,o){},1690:function(n,o){},1691:function(n,o){},1692:function(n,o){},1693:function(n,o){},1694:function(n,o){},1695:function(n,o){},1696:function(n,o){},1697:function(n,o){},1698:function(n,o){},1699:function(n,o){},1700:function(n,o){},1701:function(n,o){}}]);

Chrome Cache Entry: 211

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (633)
Category:	downloaded
Size (bytes):	1498
Entropy (8bit):	5.649309189210727
Encrypted:	false
SSDEEP:
MD5:	0CB85134D3A614071D6D9A260178E892
SHA1:	AB5D7ED3F399FCC2E22702E344AB623CDF61274A
SHA-256:	79540A12388B698EE52B77B799343828914AEFCDEE20B824C311E094246FF359
SHA-512:	E454ECB934AB275044BEA8ED76D5551C58AEE390E70D70B309A175D999A90908694A1B2C7F45DFFE2F30ABC7D32E448AEC4EFB95DFDFDE9C84D72BA4754CF1AB
Malicious:	false
Reputation:	low
URL:	https://tag.wetransfer.com/g/collect?v=2&tid=G-0M019DTWVR&gtm=45he3510&_p=30917150&cid=1675133885.1683207791&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Chromium%3B104.0.5112.102%7C%2520Not%2520A%253BBrand%3B99.0.0.0%7CGoogle%2520Chrome%3B104.0.5112.102&uamb=0&uam=&uap=Windows&uapv=8.0.0&uaw=0&_geo=1&_rdi=1&sst.uc=&_s=1&sid=1683207791&sct=1&seg=1&dl=https%3A%2F%2Fwetransfer.com%2Fdownloads%2F726506da39d5a7f278be2aabb6def73f20230504122816%2F8d7031&dr=https%3A%2F%2Fwetransfer.com%2F&dt=WeTransfer%20-%20Send%20Large%20Files%20%26%20Share%20Photos%20Online%20-%20Up%20to%202GB%20Free&en=page_view&ep.gtm_info=GTM-NS54WBW%7Cversion%3A67%7Cenvironment%3ALive%7Cdebug%3Afalse&ep.consent_analytics=true&ep.consent_marketing=true&ep.hit_timestamp_local=2023-05-04T15%3A43%3A17.400%2B02%3A00&epn.hit_timestamp_unix=1683207797400&ep.tag_name=GA4%20-%20page_view&ep.event_id=1683207796479-1-24b7f467b97f&ep.wt_data=%7B%22navigator_language%22%3A%22en-US%22%2C%22event_id%22%3A%221683207796479-1-24b7f467b97f%22%2C%22action_source%22%3A%22web%22%7D&_et=8&up._npa=1&richsstsse
Preview:	event: message.data: {"send_pixel":["https://ad.doubleclick.net/activity;src=12370788;type=pagev0;cat=wetra0;ord=2029732994;gtm=45h91e3511;dc_pre=1;u1=%2Fdownloads%2F726506da39d5a7f278be2aabb6def73f20230504122816%2F8d7031;u4=1675133885.1683207791;u8=en-US;u11=https%3A%2F%2Fwetransfer.com%2Fdownloads%2F726506da39d5a7f278be2aabb6def73f20230504122816%2F8d7031;auiddc=1542868512.1683207799;s3p=1;~oref=https%3A%2F%2Fwetransfer.com%2Fdownloads%2F726506da39d5a7f278be2aabb6def73f20230504122816%2F8d7031?"]}..event: message.data: {"send_pixel":["https://googleads.g.doubleclick.net/pagead/viewthroughconversion/778938880/?random=1683207799456&cv=10&fst=1683207799456&fmt=3&bg=ffffff&guid=ON&u_w=1280&u_h=1024&gtm=45h91e3511&url=https%3A%2F%2Fwetransfer.com%2Fdownloads%2F726506da39d5a7f278be2aabb6def73f20230504122816%2F8d7031&ref=https%3A%2F%2Fwetransfer.com%2F&tiba=WeTransfer%20-%20Send%20Large%20Files%20%26%20Share%20Photos%20Online%20-%20Up%20to%202GB%20Free&auid=1542868512.1683207799&uaa=x86&uab=6

Chrome Cache Entry: 212

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	65
Entropy (8bit):	4.314128390879881
Encrypted:	false
SSDEEP:
MD5:	83A02FE42F8C2198E7C608AFF363AA49
SHA1:	7B20AE1014450492CC708E3C9DC7522B05C2EFFD
SHA-256:	E64954DC34E12C7190CC2338A54B07644FF0F102AA71CC7209BCBB49C3009F7C
SHA-512:	CD381A8C725C892E9A68D713254A31EA9ED25A39B212A5DC52D4BA2655F38AFDDB32519F03360F32A59D8E7701AF6C2AD0030A6AA760C3DE87C75063F5B65F54
Malicious:	false
Reputation:	low
URL:	https://tag.wetransfer.com/g/collect?v=2&tid=G-0M019DTWVR&gtm=45he3510&_p=1972249567&cid=1675133885.1683207791&ul=en-us&sr=1280x1024&_fplc=0&uaa=x86&uab=64&uafvl=Chromium%3B104.0.5112.102%7C%2520Not%2520A%253BBrand%3B99.0.0.0%7CGoogle%2520Chrome%3B104.0.5112.102&uamb=0&uam=&uap=Windows&uapv=8.0.0&uaw=0&_geo=1&_rdi=1&sst.uc=&_s=1&sid=1683207791&sct=1&seg=0&dl=https%3A%2F%2Fwetransfer.com%2Fdownloads%2F726506da39d5a7f278be2aabb6def73f20230504122816%2F8d7031&dt=WeTransfer%20-%20Send%20Large%20Files%20%26%20Share%20Photos%20Online%20-%20Up%20to%202GB%20Free&en=page_view&_fv=1&_nsi=1&_ss=1&ep.gtm_info=GTM-NS54WBW%7Cversion%3A67%7Cenvironment%3ALive%7Cdebug%3Afalse&ep.consent_analytics=false&ep.consent_marketing=false&ep.hit_timestamp_local=2023-05-04T15%3A43%3A09.594%2B02%3A00&epn.hit_timestamp_unix=1683207789595&ep.tag_name=GA4%20-%20page_view&ep.event_id=1683207787177-1-24b7f467b97f&ep.wt_data=%7B%22navigator_language%22%3A%22en-US%22%2C%22event_id%22%3A%221683207787177-1-24b7f467b97f%22%2C%22action_source%22%3A%22web%22%7D&up._npa=1&richsstsse
Preview:	event: message.data: {"response":{"status_code":200,"body":""}}..

Chrome Cache Entry: 213

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65450)
Category:	downloaded
Size (bytes):	280797
Entropy (8bit):	5.428437165659885
Encrypted:	false
SSDEEP:
MD5:	39D84D46B1D56BDC0827B2E1539F1E07
SHA1:	06A34229713FC457038BA11AF68AB92DA407384F
SHA-256:	C8A0691D06CF6D723B31D7DEEB294CC278D935F512E477C64F04331E009D1BBE
SHA-512:	5D68C1343B71DE73109BBEA58D0D901807133CE79353A98B8D6E6292B73F933E61659AB652D467802F35B6B2144089866366D57F091528587B927DFF3A26FAAA
Malicious:	false
Reputation:	low
URL:	https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p5/wp1_fs/1_8qcAGh/bundle.25da436af24a2ee4ed2d.js
Preview:	/! For license information please see bundle.25da436af24a2ee4ed2d.js.LICENSE.txt /.!function(){var e,t,n={418:function(e){e.exports={platform:"desktop",deployPathOverride:!1,variants:[]}},4627:function(e,t,n){var r=n(7373),i=n(6927),a=TypeError;e.exports=function(e){if(r(e))return e;throw a(i(e)+" is not a function")}},2297:function(e,t,n){var r=n(3862).has;e.exports=function(e){return r(e),e}},7261:function(e,t,n){var r=n(2409).has;e.exports=function(e){return r(e),e}},7713:function(e,t,n){var r=n(2712),i=n(2091),a=n(3567).f,o=r("unscopables"),s=Array.prototype;null==s[o]&&a(s,o,{configurable:!0,value:i(null)}),e.exports=function(e){s[o][e]=!0}},9223:function(e,t,n){var r=n(1218),i=String,a=TypeError;e.exports=function(e){if(r(e))return e;throw a(i(e)+" is not an object")}},6148:function(e,t,n){var r=n(6867),i=n(6912),a=n(6702),o=function(e){return function(t,n,o){var s,c=r(t),u=a(c),f=i(o,u);if(e&&n!=n){for(;u>f;)if((s=c[f++])!=s)return!0}else for(;u>f;f++)if((e\|\|f in c)&&c[f]===n)

Chrome Cache Entry: 214

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (40990), with no line terminators
Category:	downloaded
Size (bytes):	40991
Entropy (8bit):	5.310266875348325
Encrypted:	false
SSDEEP:
MD5:	D76D14D4BCEC8D5995246E7AF6F0B8DB
SHA1:	EC4F4298BB3B18FA8BFE9A34A082CAFFB25E9C1B
SHA-256:	EEC5C0B7F3736C064A5C93FB61F419FE7D3F7C1815C81004312FD349FD43BE2C
SHA-512:	B269E9E0AEBC9BD28812D33FDDC3D977FB673F90B3DDD72778C07DAA2384F58AAA5FC65F4A0560EFC82EB4BCDEC8C2EC14BACD4C65A32109EB12650D170DE78A
Malicious:	false
Reputation:	low
URL:	https://bat.bing.com/bat.js
Preview:	function UET(o){this.stringExists=function(n){return n&&n.length>0};this.domain="bat.bing.com";this.URLLENGTHLIMIT=4096;this.pageLoadEvt="pageLoad";this.customEvt="custom";this.pageViewEvt="page_view";o.Ver=o.Ver!==undefined&&(o.Ver==="1"\|\|o.Ver===1)?1:2;this.uetConfig={};this.uetConfig.consent={enabled:!1,adStorageAllowed:!0,adStorageUpdated:!1,hasWaited:!1,waitForUpdate:0};this.beaconParams={};this.supportsCORS=this.supportsXDR=!1;this.paramValidations={string_currency:{type:"regex",regex:/^[a-zA-Z]{3}$/,error:"{p} value must be ISO standard currency code"},number:{type:"num",digits:3,max:999999999999},integer:{type:"num",digits:0,max:999999999999},hct_los:{type:"num",digits:0,max:30},date:{type:"regex",regex:/^\d{4}-\d{2}-\d{2}$/,error:"{p} value must be in YYYY-MM-DD date format"},pid:{type:"pid"},"enum":{type:"enum",error:"{p} value must be one of the allowed values"},array:{type:"array",error:"{p} must be an array with 1+ elements"},object:{type:"object",error:"{p} must be an obj

Chrome Cache Entry: 215

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 31120, version 1.6554
Category:	downloaded
Size (bytes):	31120
Entropy (8bit):	7.985418175929638
Encrypted:	false
SSDEEP:
MD5:	57CBBFDAFC43E0DEECC75A309DD042C6
SHA1:	B9CC2FF331B8520706DE175F5B3FDBA6731A9BFC
SHA-256:	A9117F16BDAA64C953B303BEF951DFCA6316EF59F1B7CA72D5B946B1D815F6A6
SHA-512:	C997D44853DBC86C4A75E123306E504AB88FFDD7449B196AB200018ADF355183A474EF71F31E61F949BE3CB7BAC888D3F3A22AEC4226F9D50BD8B3FBDE1EF13C
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Regular-1f437876.woff
Preview:	wOFF......y........<........................GDEF..i..........o.]GPOS..i4......3....GSUB..t........8-.jQOS/2.......Z...`..`.cmap............;.<.cvt ...L........T...fpgm.............0.6gasp..i.............glyf......T.....1.head.......6...6.VC.hhea....... ...$...Uhmtx...T.......b..j.loca...........:q.L.maxp....... ... .c..name..g....&....E.j.post..h........ .~.Dprep...........;............1H=S_.<..........#.........P..................x.c`d``>............l@...$.....\|.......e...e......./.a..........x.c`a2c..............B3.c.a..........,....;0(T..(0.....#.........;...\|...(1.$...t.....'..^..x....$I....Z......,...9.m...m.m.F..5.=.../.B.{.._/...P..A..j7sTmSZ.*..Uf.R..T.....m.V!..C.\7{...<.....B......P.~.......V..V..X.v_%..j.O..C+<...J.o..R.=..........=.}.#..5\.A{.r.K.c.&.V.3Td...f...>.&t.]S!.{m..5.B...]C-\..#........`#.&`=..AhvF.Te6.w-.b...4..A.lr..\|S.<}.At4..`.=.......`.B.-. ...k.L..F..]/..avU.g;..!...Sp<......I...a........a.T..c...N...\..?..........\|.T...\.6..[+.6.

Chrome Cache Entry: 217

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=Maria de la Croix], baseline, precision 8, 1500x2100, components 3
Category:	downloaded
Size (bytes):	699332
Entropy (8bit):	7.961949480848794
Encrypted:	false
SSDEEP:
MD5:	9C07EEB5EFC48FBE705A794DD4BE211F
SHA1:	DB4710526EC939F3EEA13C606124B2EF35EF5D9A
SHA-256:	023167D01F9EEDBD5CB7C84728E2DD5D13AEF0D6B3D0621D0968F21038D97260
SHA-512:	2D6A54F951C8842E884E79FA308363DDA93D4055A87AB24D341DD87E2AD77871A5AF29DD83760CB60E99084C0A7F437500CDBCC14B368558959D25C4E9C409B0
Malicious:	false
Reputation:	low
URL:	https://backgrounds.wetransfer.net/creator/wepresent-2303/2303-p3/wp1-ver3/1_xzpyqw/img.78716bf58fd2c8af8d13.jpg
Preview:	.....6Exif..II*.......................Maria de la Croix.......Ducky.......P.....nhttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c000 79.171c27fab, 2022/08/16-22:35:41 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmpMM:OriginalDocumentID="1FC0FD9546F66F6AF55B49C81F53D1D2" xmpMM:DocumentID="xmp.did:B75EB506B73611EDA5E792D3621B2194" xmpMM:InstanceID="xmp.iid:B75EB505B73611EDA5E792D3621B2194" xmp:CreatorTool="Adobe Photoshop Lightroom Classic 12.0.1 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:bcd93f0d-b0f3-4dec-8648-9c6310557720" stRef:documentID="xmp.did:bcd93f0d-b0f3-4dec-8648-9c6310557720"/> <dc:rights> <rdf:Alt> <rdf:li xml:

Chrome Cache Entry: 218

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 47828, version 1.0
Category:	downloaded
Size (bytes):	47828
Entropy (8bit):	7.995688471432011
Encrypted:	true
SSDEEP:
MD5:	6DBAB1C1C6F168DB27CBE727E3AD7FE8
SHA1:	E943DE16537A3FB2BDF66E204EE35DEF9D0ED817
SHA-256:	C63EDA1F9ED0DF863719C3F5E229BFC00557354CD4A0CA9C61C57EC50AE97D71
SHA-512:	0B0128954C4C08CCB423544784ED0DCF3D529647FE4ABBADA963D03836B3A4612F88543B4281991ABFA22A2C8DA4C0D25F07F1C2C389B6981191732E57401483
Malicious:	false
Reputation:	low
URL:	https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p5/wp1_fs/1_8qcAGh/FaktPro-Normal.b13a72e7c98c850685bd.woff2
Preview:	wOF2..............S....k........................?FFTM..0...^....`..&...s.....D.......6.$.... ..p..r...[."...q.e.&>...6..2u...{A.c;.Z:.&..........1nG8..;z........J....=...^...D}.o..1.#..H9.JuU.&.ZW.Z..g..2.......n..T8.q..W.Saq..r.{s...8_.Y....e.o.......b .M...F..F.>....).b......F....L.bW....E.}.....X..1.....F...H......7.....b.:...C.... .s....x]/..#.%{.O.].p"O..#.;.q\|.].d....&......-..Z.L-~.....A.0...Ol...7..";..Z.Z...6.y~#.?.T.D...3d..Z..ad...3..\y.q..w...{......7....O.>3........+.d..9L..S.{.&...8.!.J.L.S...`..N...f.B...^$^HL...e.lo...D%."..v....^8.. ....a....#i...m.\|....1A%j..(.....(C.wt.J.....Pbh..b.#.x".~.?...sg.....,U.X.J..N.....C.n......< .."RE....%a&...Z......6..s......F.K.r ....c....9...J)_&.!.KD4..t.."I}.....C.A6.q......{......{..q..@......a.iy.u~5.,,--..#5.~..V......f.@5....W.YL.`)..[.A.Q..7..~...Nl.N....Z..c.>}.).X.UZ.h...1.F...T.jA.&QA.Z..S.C<e...{...9.:.........0...8%..v..9.\.x.!U[-8..Z&S*v.\|....G.+.H..nD...{..D....$......)..=

Chrome Cache Entry: 220

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 32124, version 1.6554
Category:	downloaded
Size (bytes):	32124
Entropy (8bit):	7.98651557872162
Encrypted:	false
SSDEEP:
MD5:	868AEDEEFE7669E8A4F7196F7DF5D058
SHA1:	45BD20EF2C6B717A2526EFD98A01207979B2A623
SHA-256:	D8700B022EF56752CD12FF224B3F409E84AEB8A43AC68BA052167096BAF46555
SHA-512:	45557B3F328F014FCBF09A848B2F22E66C41968B03523976F66F9381B0408461766F1B837CAAA67A26C4B707EA81EF32CF59776244D19BF0D569C63753B5C0B6
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/media/actiefgrotesque/ActiefGrotesque_W_Medium-293e86f0.woff
Preview:	wOFF......}\|................................GDEF..m..........o.]GPOS..m4......3....5GSUB..x........8-.jQOS/2.......Z...`.5`.cmap............;.<.cvt ...d........K.1.fpgm.............0.6gasp..m.............glyf......X.....Z![.head.......6...6.qC.hhea....... ...$.8.khmtx...T.......b.8d.loca...........:#..Omaxp....... ... .q..name..k....&....E.j.post..l........ .~.Dprep...........J.-...........o._.<..........#.........I...(..............x.c`d``>.............@...$.............g...g......./.a..........x.c`ard..............B3.f.a..........,....;0(T..(0.....#.........;...\|...(1.$...t.....M.....x....%9...$.m.=.....m.m.m..n....V...AW}...9.Ob~.........Fh.+..4...h.F#.D.Y.q.eND%...S..C....Hg[....n.@&....wk.`y..Hf.?..^d.5..!a.C.B].L#..$.....QcO.NE.A}.........v...m..3...v.p..i.D........Y..~....9...1..d......?..`<~.n.mc...3..~.A......l.<.}.m.o.'...{~..3.....j.o!.xO>.>4....O...B..wJ].F.d&.=..1..'}..E:.....3.-..(..8..=.~...;A.&S..)$sI..c......t....d..~..\|....fVG..o.B.....,

Chrome Cache Entry: 221

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2560x1600, components 3
Category:	downloaded
Size (bytes):	521659
Entropy (8bit):	7.965361011740628
Encrypted:	false
SSDEEP:
MD5:	5DD551D541F9C72BFA4ED8621D46908D
SHA1:	6DD027881F710F35F85B4899D8AA8BEE3E4759D6
SHA-256:	67836B0DB963CAED2064F4829EFCC4D0D73369DBE4A71F4CDFC85C04835744A5
SHA-512:	B52AFC649E1EBA46613BAF27DEEAE16DD94AA63B7AB2A6F2CAC75D3D1FA3E92F94FB746295BEF2EDA63E3CC8B38E109A3E0075BC1074F27FA455EB557050B4AF
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/media/images/cookie-wall-trees-5134ae83.png
Preview:	......JFIF...................................................!........'.."#%%%..),($+!$%$...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$......@...."................................................+.m..%.E.9H.Og6.I[./?^.jXy.F6I0.[&..w....a.A.#f.=jj2Pd...........P.}........c...s.k..\|... .T2....G.Tl^...J<.B.N..N..T9x......y.....-..9pIJd..;ig.....V..q..G..>....~...Hd......M.^.....J...S...@r.\.I`.~#...8(H....-;..(.7......B;=..QoQ.G+u..N.C...I..B...NX..U...G.CW6.q.#...E...A.Qj.RQfv.;&I.!..'.6.D....]...[..+.F..4w...\.^o8V.C.......L.I.E.5...K?4......5+.........SyIL....iZ..m.....7..B....6<{/...h.s..H#Z...zvThu..\|j.....2....e..Y.G^"a.).].e!...Xlm.......x..l"^.M.R-...4Hr...lM3..O>..W.....a[3,N.m.8..1......2.&x$..I@i.&O'....z.........L...n.X....r$.r...-.8...B....Q.v.4.N..#...O3B...1.Z.BD..r.O=....;...;.......N...?@l._....'%.].....3...=r.........w..Z.8.F.....q&. .Y..`...M.......G..w...ik...*R!.SEI.S...D5k.u...I&..cU.U..xF...PR.!.e..2.'.PI4d.'...

Chrome Cache Entry: 222

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 2844x1600, components 3
Category:	dropped
Size (bytes):	1020750
Entropy (8bit):	7.956259175573456
Encrypted:	false
SSDEEP:
MD5:	C21B280419A6F5A338545F1E0B8BD30B
SHA1:	D14DED7F92FD9E1376637C939296B28D4771AE4B
SHA-256:	A2D534795702099A6DC77A0511841AC8D1DF5EBF9859FBA20FF98E2A071460B8
SHA-512:	3F1F6AA06DE952D5C48AFF4BDD987DE8E48DA155C312639D70D85CD4990E2B2446710FF1769B50A4A4BD9C7A7F27EF68FA73192F4B12FF4D20B65BA601AE61F6
Malicious:	false
Reputation:	low
Preview:	......Exif..II*.................Ducky.......K......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be90, 2021/12/15-21:25:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:682c97d2-b4c8-40e0-92fa-da670feb47d1" xmpMM:DocumentID="xmp.did:52D4A7F09B0A11ED87A68E603F82CAD8" xmpMM:InstanceID="xmp.iid:52D4A7EF9B0A11ED87A68E603F82CAD8" xmp:CreatorTool="Adobe Photoshop 24.0 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:c460d185-e554-459f-a367-fd8a07b91ca6" stRef:documentID="adobe:docid:photoshop:6885f20b-6e9f-c143-a5a9-be8b74309c1e"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...XICC_PROFILE......HLino....mntrRGB XYZ

Chrome Cache Entry: 223

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (28213)
Category:	downloaded
Size (bytes):	195337
Entropy (8bit):	5.557782943622968
Encrypted:	false
SSDEEP:
MD5:	C707FEF22B15DA5F3C469F07171590F5
SHA1:	17A00B71955628A90E7EB77421790ED1D7110412
SHA-256:	4A603BDF992F9D2CE747963535870252275B4182758A93D43FA6A5708B35020F
SHA-512:	7F1626AA12A1D0B441EAFBD3B1D7F0AB23E94680C95658A2D18549C87E9048FCD307FADAE4B1F7133AC9F0CD6EB1048AE94E70667E880B987936CF23CB8E7471
Malicious:	false
Reputation:	low
URL:	https://www.googletagmanager.com/gtm.js?id=GTM-K878LCS&l=dataLayer
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. . (function(w,g){w[g]=w[g]\|\|{};. w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');. .(function(){..var data = {."resource": {. "version":"124",. . "macros":[{"function":"__e"},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":false,"vtp_name":"action"},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":false,"vtp_name":"label"},{"function":"__smm","vtp_setDefaultValue":false,"vtp_input":["macro",2],"vtp_map":["list",["map","key","Closed Panel","value","true"],["map","key","Navigated Away From Channel","value","true"],["map","key","New Transfer Created","value","true"]]},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":false,"vtp_name":"category"},{"function":"__k","vtp_decodeCookie":false,"vtp_name":"wt_downloaded"},{"function":"__k","vtp_decodeCookie":false,"vtp_name":"wt_sent"},{"function":"__k","vtp_decodeCookie":false,"vtp_name":"wt_tandc"},{"function":"__jsm","co

Chrome Cache Entry: 224

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	485
Entropy (8bit):	4.573995652063813
Encrypted:	false
SSDEEP:
MD5:	9C5640120E49AFFC48FE61CDA0B5B08D
SHA1:	D4E21E33439F9CC61687AAB71E0DCB1583DCDB99
SHA-256:	A41CAB3374674FB912CC0E0B9A02DB73B57D22F72D0FA09F7608AD6104991D5A
SHA-512:	963261B5D1060DEBE28436B8B3D0B23FB415F7873D03BB787080D97DE6DA0D1D846CA4E015AF3093A575A85EA5D58F123247277061F1001F3292C76715750926
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/media/transfer_window/core-shape-d22f0e47.svg
Preview:	<svg width="42" height="42" viewBox="0 0 42 42" fill="none" xmlns="http://www.w3.org/2000/svg">.<path d="M41.4378 14.574C39.9229 4.62593 32.6407 -0.079378 21 0.00101253C9.3593 -0.079378 2.07875 4.62593 0.562169 14.574C0.196099 16.9721 0 19.004 0 21C0 22.9853 0.196099 25.0258 0.562169 27.426C2.07711 37.3741 9.3593 42.0794 21 41.999C32.6407 42.0794 39.9213 37.3741 41.4378 27.426C41.8039 25.0279 42 22.996 42 21C42 19.0125 41.8039 16.9721 41.4378 14.574Z" fill="currentColor"/>.</svg>.

Chrome Cache Entry: 226

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	2215513
Entropy (8bit):	5.457428557581716
Encrypted:	false
SSDEEP:
MD5:	438E20163B51BCCE2F43D44D56092E59
SHA1:	4B66211FFCEA20FBFA2FACD5408D42D7DD0D4659
SHA-256:	B70D8B245EB540B77A1B4D2B8264DE20A0885CABBCD471D548519697462D64CE
SHA-512:	3A7BB398BE1C6F68F3A44746E149E511A94C93A3F478441AEB5ECD4D5EC9926E244FE3060D345B83AD19BF3AFE45A17F42B9DDFF5B921F3BDEC6E6ADBA5A79B1
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/esm/vendor-2e4ebafdff187f59fa96.es6.js
Preview:	/! For license information please see vendor-2e4ebafdff187f59fa96.es6.js.LICENSE.txt /.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[0],[function(e,t,n){"use strict";e.exports=n(1339)},,function(e,t){e.exports=function(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e},e.exports.default=e.exports,e.exports.__esModule=!0},,,,function(e,t,n){"use strict";n.r(t),n.d(t,"__extends",(function(){return i})),n.d(t,"__assign",(function(){return o})),n.d(t,"__rest",(function(){return a})),n.d(t,"__decorate",(function(){return s})),n.d(t,"__param",(function(){return u})),n.d(t,"__metadata",(function(){return c})),n.d(t,"__awaiter",(function(){return l})),n.d(t,"__generator",(function(){return f})),n.d(t,"__createBinding",(function(){return d})),n.d(t,"__exportStar",(function(){return h})),n.d(t,"__values",(function(){return p})),n.d(t,"__read",(function(){return v})),n.d(t,"__spread",(function(){return g})),n.d(t,"__spreadArrays"

Chrome Cache Entry: 227

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1573)
Category:	downloaded
Size (bytes):	52082
Entropy (8bit):	5.515813845174423
Encrypted:	false
SSDEEP:
MD5:	4507839525A19180914799B08FB5FA5B
SHA1:	738D7E47E47A102E67D09EFA63408D21AAF02245
SHA-256:	E7B90D32907F89C49E9E2A2CCCA95133277F756F13A14187936D9B948FF67B44
SHA-512:	124BB24B26EDE426AC7EF14DB40FF894DDEA6EB9C7A5BF408FD83B116BD55EC86B51B6839D5EEC7EC0F481AAB940795006005B4534DFF6CC0F3A6560F7CF9BEA
Malicious:	false
Reputation:	low
URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var aa=this\|\|self,n=function(a,b){a=a.split(".");var c=aa;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function p(){for(var a=q,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function r(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var q,u;.function ba(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=u[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}q=q\|\|r();u=u\|\|p();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2\|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240\|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192\|g)))}};var v={},w=function(a){v.TAGGING=v.TAGGING\|\|[];v.TAGGING[a]=!0};var y=function(a,b){

Chrome Cache Entry: 228

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	466899
Entropy (8bit):	5.178992898723689
Encrypted:	false
SSDEEP:
MD5:	E4A2E0EA77A29A89621C3FE878697F3F
SHA1:	49067ED94A7B889EF8D4818EE391CD3B5A30DBB6
SHA-256:	6CF6B2B7867B14710067A433D18C566E004C195D16ECC4AD572E3AFAD042533A
SHA-512:	FAC94D08514DDE3B1A6E47FD47A4D423B84432CAAC87C912B9570EF7FE6DC512C12B3129052E7CB7BCEA3270D65F65BA3F321EF32EF6F4B46E6D9D96E1F6EA3A
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/css/application-845cac6b.chunk.css
Preview:	.Switch{align-items:center;display:flex}.Switch--size-default .Switch__Element{border-radius:2.8125em;height:1.6875em;padding:.125em;width:2.8125em}.Switch--size-default .Switch__Element:after{border-radius:2.8125em}.Switch--size-small .Switch__Element{border-radius:1.875em;height:1.125em;padding:.1875rem;width:1.875em}.Switch--size-small .Switch__Element:after{border-radius:1.875em}.Switch--free .Switch__Element--on,.Switch--pro .Switch__Element--on{background:#5268ff}.Switch__Element{background:#e5e5e5;border-color:transparent;border-width:.5px;box-sizing:content-box;box-sizing:initial;cursor:pointer;display:inline-block;outline:0;position:relative;transition:all .4s ease;-webkit-user-select:none;-moz-user-select:none;user-select:none}.Switch__Element:after{background:#fff;content:"";display:block;height:100%;left:0;position:relative;transition:all .3s ease,margin .3s ease;width:60%}.Switch__Element:focus{outline:2px solid highlight}.Switch__Element:focus:not(.focus-visible){outline:

Chrome Cache Entry: 229

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (57596), with no line terminators
Category:	downloaded
Size (bytes):	57596
Entropy (8bit):	5.405573199272715
Encrypted:	false
SSDEEP:
MD5:	32AD004436155EC972BC50E6238B5B67
SHA1:	9B2CDB645C2FA5B98A9D05DCDCA521FED4A17B7B
SHA-256:	CF7FCC9F75C8717897BFAEF72F303FAB423CE1B70C98512AEB3677E4AF988DEE
SHA-512:	7F3165DD7D6E3136448504918F92B91FC18FAFC5F83F7FEC9D07C8089953D920BF5EA908E4BFCFCAB0824D9BDCC5C9026A6763F3658E5D714A4B2E794F4380CF
Malicious:	false
Reputation:	low
URL:	https://static.ads-twitter.com/uwt.js
Preview:	!function(){var t={6173:function(t,e,n){var r;t.exports=(r=r\|\|function(t,e){var r;if("undefined"!=typeof window&&window.crypto&&(r=window.crypto),"undefined"!=typeof self&&self.crypto&&(r=self.crypto),"undefined"!=typeof globalThis&&globalThis.crypto&&(r=globalThis.crypto),!r&&"undefined"!=typeof window&&window.msCrypto&&(r=window.msCrypto),!r&&void 0!==n.g&&n.g.crypto&&(r=n.g.crypto),!r)try{r=n(2480)}catch(t){}var i=function(){if(r){if("function"==typeof r.getRandomValues)try{return r.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof r.randomBytes)try{return r.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")},o=Object.create\|\|function(){function t(){}return function(e){var n;return t.prototype=e,n=new t,t.prototype=null,n}}(),a={},c=a.lib={},u=c.Base={extend:function(t){var e=o(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init\|\|(e.init=function(){e.$super.init.apply

Chrome Cache Entry: 230

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1500x791, components 3
Category:	downloaded
Size (bytes):	218833
Entropy (8bit):	7.911004445562874
Encrypted:	false
SSDEEP:
MD5:	F88AF97371D148D19198B9CA0C701866
SHA1:	6899AAE69EEAD8AC63DB48CAA65E8FCFB62AA0E8
SHA-256:	9C1C818297E6CCE7D25154AA00912C3A0BDD3C66CC77AD7B3E8143A4393727A4
SHA-512:	6D1103879A38F05D145A0CD9E0C950B1EEB09CB62526AB52B70ED05CEF6269F6FF44832E071270F6AD09703CC7458A319AD31FE72A2C23FCE6A99688D1A22D51
Malicious:	false
Reputation:	low
URL:	https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p7/wp3-hor1/1_yJhQTK/img.372d6968a26f48160c42.jpg
Preview:	......Exif..II*.................Ducky.......P......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c000 79.171c27fab, 2022/08/16-22:35:41 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:73debdea-a835-4a03-b20a-0aab1d454a25" xmpMM:DocumentID="xmp.did:FD43650FA90811EDA4F4C299A6D17A84" xmpMM:InstanceID="xmp.iid:FD43650EA90811EDA4F4C299A6D17A84" xmp:CreatorTool="Adobe Photoshop 21.2 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:359c86b7-b4d9-4cfc-9e03-9f9b4ea47ba3" stRef:documentID="adobe:docid:photoshop:6c51ca7d-e559-d546-88f5-d9cfb1ab5163"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................

Chrome Cache Entry: 231

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	36
Entropy (8bit):	4.215354779870081
Encrypted:	false
SSDEEP:
MD5:	2DDF287D0D7556C838B335AE5C88A09D
SHA1:	D52113B5FA2E61F152F5E1CAD6EBD7353C9BDFA0
SHA-256:	7B1EAAAF180A13C29B6DDDC3B0AE23333B4397E0F3C065B4C86DA2F2530A5F89
SHA-512:	24502D05D68B4C6A2FCF9366E19E3D0372DE0027829860C3F7E8D8178F11C1768D3B6C4679CC354EB68227873B334859CA6C3D2807F13F8529262A141E0FAED3
Malicious:	false
Reputation:	low
URL:	https://cdn.linkedin.oribi.io/partner/1207732/domain/wetransfer.com/token
Preview:	{"allowed":false,"scriptToken":null}

Chrome Cache Entry: 232

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1013492
Entropy (8bit):	5.484777159494199
Encrypted:	false
SSDEEP:
MD5:	C99CCDC753E159109432FE47BAFD9E75
SHA1:	E65BE5348AFD95E9DDA0D0732BBF47FB1F9C82A5
SHA-256:	9737825704186E1E7F51163449CD6425E51E30D422BAFB7B07E150CF3D6BEE09
SHA-512:	70767FCE1D7D848320E101D72D55EDD2CC865EAE400DAF8313E083E34CF041A28F187C6A70A5099FBF1D905B895FBA9ACD200B75E9C918AB48BC4A4B2A4C7B35
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/esm/application-69db56bdcdbfc90f4d16.es6.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[10],[,function(e,t,a){"use strict";a.d(t,"a",(function(){return l}));var n=a(86);var r=a(37),i=a(94),o=a(75),s=a(40);class l{static get locale(){return n.a.locale}static t(e,t){let a;try{a=n.a.lookup(e)}catch(i){return r.a.track(`I18n Error: ${i}. TranslationKey: ${e}`),e\|\|""}return t&&"undefined"!==typeof t.count&&(a=function(e,t){var a=function(e){switch(e){case 0:return["zero","none","other"];case 1:return["one"]}return["other"]}(t);if("string"===typeof e)return e;for(const n of a)if("undefined"!==typeof e[n])return e[n];return e}(a,t.count)),t?("string"!==typeof a&&(a=""),a.replace(/%{(\w+)}/g,((e,a)=>t[a]))):a}static megabytes(e){return this.number(e/1048576,{precision:1,delimiter:""})+" "+l.t("number.human.storage_units.units.mb")}static gigabytes(e){return this.number(e/1073741824,{precision:1,delimiter:""})+" "+l.t("number.human.storage_units.units.gb")}static size(e,t={}){if("number"!==typeof e)return t.allowNull&&e===o.f\|\|r

Chrome Cache Entry: 233

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, was "main.da2a1c8f.js", last modified: Mon Apr 3 19:09:57 2023, from Unix, original size modulo 2^32 58506
Category:	downloaded
Size (bytes):	20340
Entropy (8bit):	7.989627887513948
Encrypted:	false
SSDEEP:
MD5:	7EA5C003539A4EF6890EE62573173C37
SHA1:	FB6DD97F53025C26B0456DE725F736A56286CA77
SHA-256:	F6B14568DC92FD4A30F7666ABBF8680C2E51BF668051649BD26B5820AE33F64F
SHA-512:	F57BD2D2725ED085E72C39AF974AB7B16B789DCDBB110288A58380DAEEF81303D8862299747D6584E830E546CD39C5B25DEF766CC59EBC4EA07399133CC11BC0
Malicious:	false
Reputation:	low
URL:	https://s.pinimg.com/ct/lib/main.da2a1c8f.js
Preview:	.....$+d..main.da2a1c8f.js..\.s...2g..!...,;.......M;Izs...CS..V..H...~......H.q..66...........k...q....$...a;......Os.9..8.ll..E..B...._o.\...v.2x4L.......n}...Y.......\|x.37..1...B&.e@..3.$.....T..t.8.-.nh..e.....4O.W4..WT.lK.@/7..k...s. ..74[.>.__f.~_.........\..]#..u.].5.._..zE.-q.^...}.)..F.].......>.;..Y.q_....$.t.O.L.`.z....../.".K(iN.Am.^..R....w.e..-.z%.].....H...B.RN.YnK..1@A`]..u...Ah..K....K.)e..5...R&c.S...AELN.!o..[M..p.J,.+..(YC.WJ....pn.eR.z.5.....H.&.,7....!..g..._(\|..!.`.......e..q3...w...R.$.g.......?.N>}:......../......G..Q.{G............,;P.8..<..qz....+z..f......=...yr.[Q~%.V....."Fb.3..O.=....d..E..l../,v..;.R...2T#..5.T..@~`....%+@.....%0%..H.....\|I.ZX+.6Rq...\..e0M.k.<............%....`y!..W.A\...pwI{I..^..(.'....J.`@o......W..OkgL...**...[..\.....`LL..O......n.3.../...Y..[D.fc.DE.......W..l-z0.e.....R.....G.H).j%U.9.o3.p......k:....<t....B....Y.6...s7#n.5.........CV.%.i%.Y.m.6-....A..E.....j...a...C....x..,

Chrome Cache Entry: 234

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	744944
Entropy (8bit):	5.4782989839436915
Encrypted:	false
SSDEEP:
MD5:	7CB01D5DFF594B2FE61B1FC185D314DD
SHA1:	6EFD382AE3FC4FC36D2C838CE920CD8133E8B144
SHA-256:	D8F53E74EA287C8272EAA5F5EA0F538EA915F1740D10A8B0CA6CD74D4E55F7E2
SHA-512:	76DFA402EC7797A33B461916C3D35B10A3E7A9D3DF312CD98C61F70077383F1CD159C6462F99F7F7C5CB4371F7750646FA89BC7A5BADD8A6261726FEAEF88151
Malicious:	false
Reputation:	low
URL:	https://nolan.wetransfer.net/apps/wallpaper/1.0.24/main.41ef840324b8699b.js
Preview:	(()=>{var e={81260:(e,t,n)=>{var r=n(84582);e.exports=function(e,t,n){return(t=r(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e},e.exports.__esModule=!0,e.exports.default=e.exports},58527:e=>{function t(){return e.exports=t=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)Object.prototype.hasOwnProperty.call(n,r)&&(e[r]=n[r])}return e},e.exports.__esModule=!0,e.exports.default=e.exports,t.apply(this,arguments)}e.exports=t,e.exports.__esModule=!0,e.exports.default=e.exports},14859:e=>{e.exports=function(e){return e&&e.__esModule?e:{default:e}},e.exports.__esModule=!0,e.exports.default=e.exports},93291:(e,t,n)=>{var r=n(58921).default;function o(e){if("function"!=typeof WeakMap)return null;var t=new WeakMap,n=new WeakMap;return(o=function(e){return e?n:t})(e)}e.exports=function(e,t){if(!t&&e&&e.__esModule)return e;if(null===e\|\|"object"!==r(e)&&"function"!=typeof e)return{d

Chrome Cache Entry: 235

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (25404)
Category:	downloaded
Size (bytes):	58921
Entropy (8bit):	5.256475194244875
Encrypted:	false
SSDEEP:
MD5:	4B9ABB36767431F05495228EB82EDF01
SHA1:	CFE3AFC5D23EAF2F9DB85EFEAB696F57DB948658
SHA-256:	262F87D47643975A4633B675FC224C7A178D99E579E5D767F4A43CA7CC0BB9DE
SHA-512:	3257741AAFA0D0FC4C99185A3B55FACDF5E5F25B7D61DCBB9C0365E41D074E462837731F747725F493B3D2039D068B8D31AB8D7E09DBE18A69B16A94A65EBE3F
Malicious:	false
Reputation:	low
URL:	https://cdn.treasuredata.com/sdk/3.0/td.min.js
Preview:	!function(t){var e={};function n(r){if(e[r])return e[r].exports;var o=e[r]={i:r,l:!1,exports:{}};return t[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)\|\|Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var o in t)n.d(r,o,function(e){return t[e]}.bind(null,o));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s=32)}([function(t,e,n){t.exports={forEach:n(35),isNumber:n(44),isObject:n(1),isString:n(8),isA

Chrome Cache Entry: 237

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 43188, version 0.0
Category:	downloaded
Size (bytes):	43188
Entropy (8bit):	7.98710296602658
Encrypted:	false
SSDEEP:
MD5:	55576599A2D772F9297C5036D355B1FB
SHA1:	C52E4F9A59137105DEB12A3DE25EE7D5A15FD286
SHA-256:	1E3D5D86432B9BFCDF25CE0E35FD23667CEA86F6FA71FA920CD84ABB70258F73
SHA-512:	8270B97F43FFBE59405D81A988A5C194B15DCB3159D49FF7C37560C90069F1EEF67BAB8E15C2DCCE69FB5CF51810D4D4834AF69DB6B6571BC3D0464C5D6B6514
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/media/gt-super-wt/GT-Super-WT-Super-1b214df1.woff
Preview:	wOFF..............v.........................DSIG................GDEF.............\!.GPOS... ......4.A.d.GSUB...........^._..OS/2...p...N...`j{..cmap...........h=j.ccvt ...,...)...4.M.zfpgm...X.........6..gasp...$............glyf......s(.....fc.head.......6...6.G..hhea...8... ...$.S.Fhmtx...X.........."!loca...8........w.^maxp....... ... .>.Mname.......]...6R5..post...T.......b.))aprep............hF.x.%..A.a...p.....p.....p...L........$..5....3.)...f..d.+..R.t.m..{.\|..}6.u.hd....f.1.Xd.eV.EF..C_.1..Z..P....'.....W?L.4..C...c.......x.,..l.`............m.6....FXD./^\|.b-.b-.'_.{....x-n[.[ye};/.vV.y??..H=v.?.T....X.K.#xk....X.YyL....].[.Ai.........F0..T..nc}y...M......Epo.l<!.8..yJ..s..P.L..9a$.....I2...D.l:...$.t^^.E.....h.H.[^[.D.x..e.,...^..n9(..&V.-.rU.J.<...Z.J.. ?.......,......N.\..D.+Ke.....W..Y.w.O..cy-o._.e...6b.[....a.2333333333ch.L........?s.t.....<.=..Oyw._Y..$;y..!.._....VV.VK..DvX.........z...a7..`.b/8.Wa.g^.Q.T.5n...:..6..%..H..8.1s...2\...Z.\.9.

Chrome Cache Entry: 238

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	42
Entropy (8bit):	2.9881439641616536
Encrypted:	false
SSDEEP:
MD5:	D89746888DA2D9510B64A9F031EAECD5
SHA1:	D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
SHA-256:	EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
SHA-512:	D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
Malicious:	false
Reputation:	low
URL:	https://adservice.google.co.uk/ddm/fls/p/src=12370788;type=pagev0;cat=wetra0;ord=2029732994;gtm=45h91e3511;dc_pre=1;u1=%2Fdownloads%2F726506da39d5a7f278be2aabb6def73f20230504122816%2F8d7031;u4=1675133885.1683207791;u8=en-US;u11=https%3A%2F%2Fwetransfer.com%2Fdownloads%2F726506da39d5a7f278be2aabb6def73f20230504122816%2F8d7031;auiddc=1542868512.1683207799;s3p=1;~oref=https%3A%2F%2Fwetransfer.com%2Fdownloads%2F726506da39d5a7f278be2aabb6def73f20230504122816%2F8d7031
Preview:	GIF89a.............!.......,...........D.;

Chrome Cache Entry: 239

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (41305)
Category:	downloaded
Size (bytes):	399644
Entropy (8bit):	5.517708027438331
Encrypted:	false
SSDEEP:
MD5:	2BFE595D6F9A91903A993D3A9263B251
SHA1:	0946EAF9673BCA142AAF916514B46B6F721B6C8E
SHA-256:	BB12633DDA74B745E529C65895FD49E375F1A6C10EC3F9DCC53F04C6E21560EC
SHA-512:	72C729E3EE3ED01773524647AAE17AF15C6E25428560E79372FA2FC183ED0E55C30B88AF272BE86B5BC90AB049FBDE26A3E7536E33D0BD24EAD62C7744B29A9C
Malicious:	false
Reputation:	low
URL:	https://tag.wetransfer.com/gtm.js?id=GTM-NS54WBW
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. . (function(w,g){w[g]=w[g]\|\|{};. w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');. .(function(){..var data = {."resource": {. "version":"67",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":"https:\/\/tag.wetransfer.com"},{"function":"__dbg"},{"function":"__jsm","vtp_javascript":["template","(function(){return ",["escape",["macro",2],8,16],"?!0:void 0})();"]},{"function":"__cid"},{"function":"__ctv"},{"function":"__c","vtp_value":""},{"function":"__jsm","vtp_javascript":["template","(function(){return ",["escape",["macro",6],8,16],"?",["escape",["macro",6],8,16],":\"Live\"})();"]},{"function":"__k","vtp_decodeCookie":true,"vtp_name":"wt_privacy"},{"function":"__remm","vtp_setDefaultValue":true,"vtp_input":["macro",8],"vtp_fullMatch":false,"vtp_replaceAfterMatch":false,"vtp_defaultValue":"false","vtp_ignoreCase":true,"vtp_map":["list",["map","key","(.*)\\:1\\}$","value","true"]]},{"function":"__v",

Chrome Cache Entry: 240

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2689), with no line terminators
Category:	downloaded
Size (bytes):	2689
Entropy (8bit):	5.115398724517765
Encrypted:	false
SSDEEP:
MD5:	4222E7A48878ED0764D05D9BD864520B
SHA1:	4492DC1E7C21CCFDFA301963D5142E343D2A361D
SHA-256:	480E40E62C4C0A82DBB952BE3E5CDBCE2787E393617B447EDC3A276BE4E234AC
SHA-512:	1176BDA0694D300ADE7C0D872B676D8966A9F6FB1B3BA8665A8574E448BF8A0571D0AF3005B0D93D90CF5AC839E50DF1F22ACBB5538E62B46CC64E110AC05094
Malicious:	false
Reputation:	low
URL:	https://backgrounds.wetransfer.net/polyfills/creatives-cache-polyfill.js
Preview:	!function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="/packs/",n(n.s=401)}({160:function(e,t){e.exports=function(e,t,n){return t in e?Object.defineProperty

Chrome Cache Entry: 241

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 28464, version 1.0
Category:	downloaded
Size (bytes):	28464
Entropy (8bit):	7.992106511690401
Encrypted:	true
SSDEEP:
MD5:	FF4429FEBA146D5A8E608DB1B13CD9B2
SHA1:	D459521F7418A066C06D1FBFFD02F86101CEA571
SHA-256:	234796A01DD3B44E82E1868F1DDD7C8A2EA603C29D7DD36E97F849CB058C13DC
SHA-512:	CB13406328F7BD8C382F8A6DDEECAF6BE43922535231FA8C30CD07BED58238F160E37F924DC709F635DADD7C8BB3138ACFA2A99D38E1247AD8C3B23388CD7469
Malicious:	false
Reputation:	low
URL:	https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p5/wp1_fs/1_8qcAGh/ClearfaceITCPro-Heavy.7dbd1ec85403f9f3931c.woff2
Preview:	wOF2......o0......Y...n.........................?FFTM..l..H..<.`..f.....8..6.....6.$..6. ../...[..q..m.Bt'..Zm.]..6...y.J.y.e.w~p...=..&......k.l...i..\.,<..&..L..u................5.]..._OsVU..ww..{.2U.<....ye..r.X...I..\.$..t....LT..m......!:!.....Y...r...`..B...F4.").......W.u.....s..\|.2?"#..\|i-Y..4.Zl.`.n..,r.sx~n.....b.....#J...q.,.`0..Uw.....)F..X.Q\.zQ.M...YX...,%$.."....w....z....g.hlT.H.U,.4@..q.B-....pR..'...}.M.....x...$.``.hn.....c.,..X.X$.$F.&)#Z.PPL...T\|..+^1.+..S.......5....mg....gE...x..6.:U.S....X?!..5}w".....a./..%.i...K.-.V.,..)>.........y.....g....Q.I.A.Z..`.L.,Z.b2./f.u.....?.../CT..rV%v.....o..W...../@......xKO_...p.z...9.o.~&B..P.MO.gw"W(.O91..O....+....D..Xvg".\......09g#....e.E.(T.y'.l........J2.`...S..=K,qH..!..U..wqdAZ...t7...mo.K@.9....W.....g.d..`,,....T.=..]...T.PJ~]..jj.........z....E;..a....n..a{.~.A.T....!...{.....N.1a.@...SN.v...<...N[......K....dVf.R.Ig.`v.$.h.....)}...XirW.....23..*U)...YhX........._.(.y.

Chrome Cache Entry: 242

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (44821), with no line terminators
Category:	downloaded
Size (bytes):	44823
Entropy (8bit):	5.186333287208213
Encrypted:	false
SSDEEP:
MD5:	DEB9F74FC528C7647234DE43CC67E5E1
SHA1:	1E0B333832A4C5306145DB835FED96796548175D
SHA-256:	F264CFC2B3EB184CBD7901BD5D4562C321795C3C3C6DA1917BB296CE7E3A321D
SHA-512:	D2CF9A952130ECAED058E44B88CFB4B5438FC0977794319033AA9893246B1A92768E5D12E097A3CDA43057A11BF78496050DC5A733C85D41A50A6F723D300ECC
Malicious:	false
Reputation:	low
URL:	https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=7f2d78d4-f913-42d1-8d60-7c59cb6b6daf&toploc=wetransfer.com&&slang=CH
Preview:	"use strict";!function(){var m,f,u,y,w,a,c,b=!1,r={},v=function(){function e(e,t,r,o,i){if(f=e,a=o,w=r,m=t,u=i)y=u.storage;else if("ls"===e.storage)try{y=new(brandmetrics.getModule(5))(f,m,!1)}catch(e){y=void 0}}return e.prototype.isReady=function(){return c&&c.isInitiated},e.prototype.hasConsent=function(){return!0},e.prototype.addEventListener=function(e){"ready"===e.event&&this.isReady()?e.handler({api:this}):m.on(e)},e.prototype.triggerSurvey=function(o){var a,n=this,s=!1;void 0!==(null==o?void 0:o.timeout)&&0<o.timeout&&(a=setTimeout(function(){d(!(s=!(b=!1))),m.emit("surveyloaded",{available:!1,showed:!1})},o.timeout));var d=function(e,t,r){o&&o.callback&&o.callback(e,t,r)},u={mid:(o=o\|\|{}).mid,bid:o.bid,callback:o.callback,autoRender:void 0===o.autoRender\|\|o.autoRender,force:void 0!==o.force&&o.force,isTest:void 0!==o.isTest&&o.isTest,dtName:o.dtName},e=!1,t=[];if("none"!==f.storage&&y){var r=y.state(),i=0,c=0;for(var v in r)if(r.hasOwnProperty(v)){var l=r[v];if(!0!==u.isTest&&u

Chrome Cache Entry: 244

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	466988
Entropy (8bit):	5.178916788676701
Encrypted:	false
SSDEEP:
MD5:	C79D499AA70DAE0A93AB9462DAB587A3
SHA1:	DC7B30E36C27CF663DF259BF8F780A1BC346E142
SHA-256:	8CE6D94B8F58B73FAD2B09275014718F86D9D88D598DA3EECF15D50F020274E6
SHA-512:	11683FB3CCB8F7F7069CA1495D73C470D62D4B2260FC5B278340761BD7CA67448E3E2B3BF4D982BDE3F6E7912B945CB6F79EFBBDCBACCEFC77785FE98A5CA190
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/css/application-9757806d.chunk.css
Preview:	.Switch{align-items:center;display:flex}.Switch--size-default .Switch__Element{border-radius:2.8125em;height:1.6875em;padding:.125em;width:2.8125em}.Switch--size-default .Switch__Element:after{border-radius:2.8125em}.Switch--size-small .Switch__Element{border-radius:1.875em;height:1.125em;padding:.1875rem;width:1.875em}.Switch--size-small .Switch__Element:after{border-radius:1.875em}.Switch--free .Switch__Element--on,.Switch--pro .Switch__Element--on{background:#5268ff}.Switch__Element{background:#e5e5e5;border-color:transparent;border-width:.5px;box-sizing:content-box;box-sizing:initial;cursor:pointer;display:inline-block;outline:0;position:relative;transition:all .4s ease;-webkit-user-select:none;-moz-user-select:none;user-select:none}.Switch__Element:after{background:#fff;content:"";display:block;height:100%;left:0;position:relative;transition:all .3s ease,margin .3s ease;width:60%}.Switch__Element:focus{outline:2px solid highlight}.Switch__Element:focus:not(.focus-visible){outline:

Chrome Cache Entry: 245

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (34516)
Category:	downloaded
Size (bytes):	35654
Entropy (8bit):	5.22667565341447
Encrypted:	false
SSDEEP:
MD5:	F3710CF44008E9509CF9D74FDE8CFF1F
SHA1:	E351F7543B4A715231C742C0A4110B5D905AC60F
SHA-256:	94793E651D33131640F21098C7A9EE7155892C1A0BE754C80E8E38C3EC5A81D2
SHA-512:	BFABD5085FCFB7D0CFF3F91421C6542227A2DF9517B58AD5218C98606196660AF7471BE597070569912B0BBFA9F0557BA637EDB0D336EDD6DC03236937985044
Malicious:	false
Reputation:	low
URL:	https://public.profitwell.com/js/profitwell.js?auth=1a33eb12b20b92f6b89c398e023e2ca1
Preview:	!function(){"use strict";var t=function(){function t(){}return t.prototype.trackAnonymousCustomer=function(){},t.prototype.getAnonymousId=function(){return null},t}(),e=function(t,r){return(e=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])})(t,r)};./! ****************************************************************************. Copyright (c) Microsoft Corporation... Permission to use, copy, modify, and/or distribute this software for any. purpose with or without fee is hereby granted... THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH. REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY. AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,. INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM. LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

Chrome Cache Entry: 246

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	136370
Entropy (8bit):	4.917749311826559
Encrypted:	false
SSDEEP:
MD5:	DC5764FEA866077DBFD6FE75E4010EDE
SHA1:	C146AF5C5BA400DC277EB69DCF253E3C44BFE0C4
SHA-256:	44B71711EEFB1C27B91D1592FA8CD19D0C2A3C7970B6E8AB3B53195EB012407F
SHA-512:	4523D553561EB84F6D91806F0B35E6B672C0331BBC3F882E0CA17C4E55E8C419B07C0901B93444C1EC7DEE645C47E662AA5E9950D71B90400BD5D94E73814A7A
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/esm/locale/en-59250ff31338241bfe5b.es6.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[18],{1565:function(e,t){window._i18n_={date:{formats:{default:"%d-%m-%Y",short:"%-d %B",long:"%-d %B, %Y",with_day:"%A, %-d %B",without_day:"%-d %B %Y"},day_names:["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],abbr_day_names:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],month_names:[null,"January","February","March","April","May","June","July","August","September","October","November","December"],abbr_month_names:[null,"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],order:["year","month","day"]},number:{format:{separator:".",delimiter:",",precision:3,round_mode:"default",significant:!1,strip_insignificant_zeros:!1},currency:{format:{format:"%u%n",unit:"$",separator:".",delimiter:",",precision:2,significant:!1,strip_insignificant_zeros:!1},EUR:"\u20ac",USD:"US$",CAD:"cad",AUD:"aud",GBP:"\xa3",DKK:"kr",NOK:"kr",SEK:"kr"},percentage:{format:{delimiter:"",format:"%n%"}},precision:{format:{

Chrome Cache Entry: 247

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (44015)
Category:	downloaded
Size (bytes):	151128
Entropy (8bit):	5.420103063596485
Encrypted:	false
SSDEEP:
MD5:	532637601AA92BEA7F38175498F86388
SHA1:	D49EC846D0C1FAA1835F3325BBAA5759DC82E623
SHA-256:	BCB96A3AF46CC324BE5D9E2C382C671B52EA188A6C041F7C312698A010046BDB
SHA-512:	96BB6CF9F80AF934A0176F217D23468DD848AB481AD520A336D8419C13A39687271030CAEA77925581453EB3919F366F285A73FEE857DB1FFF45F9522BF14BED
Malicious:	false
Reputation:	low
URL:	https://www.googletagmanager.com/gtm.js?id=GTM-5WF5RH4
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"45",. . "macros":[{"function":"__e"},{"function":"__k","vtp_decodeCookie":true,"vtp_name":"wt_privacy"},{"function":"__remm","vtp_setDefaultValue":true,"vtp_input":["macro",1],"vtp_fullMatch":true,"vtp_replaceAfterMatch":true,"vtp_defaultValue":"false","vtp_ignoreCase":true,"vtp_map":["list",["map","key","(.*)\\:1\\}$","value","true"]]},{"function":"__u","vtp_component":"HOST","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"PATH","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"URL","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":true,"vtp_defaultValue":"false","vtp_name":"trackingConsent"},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":true,"vtp_defau

Chrome Cache Entry: 250

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	2878
Entropy (8bit):	4.239876761698501
Encrypted:	false
SSDEEP:
MD5:	BF2243BA7DBC677DBD78AE67F30B1814
SHA1:	D3B5B0EDC4BF63146860D04CD4F3FB4131A2C8B2
SHA-256:	E7FF60AA231D4FD640C01C3F75E253F130C87C941496B5127C90F22C7170D762
SHA-512:	491FBC951494C38A7FE4A74532B6A1F7F41C236A37D72E836DB8EC365F6E2E299EAF7C81ECD251AF6D169613D5352CFB8FE1B712B136AA7DE01B7B8AF6BFE8F9
Malicious:	false
Reputation:	low
URL:	https://backgrounds.wetransfer.net/creator/wepresent-2303/2303-p3/wp1-ver3/1_xzpyqw/index.html?cacheId=kee14p_3_315860471&_origin=https://wetransfer.com
Preview:	<!doctype html><html><head><meta charset="utf8"/><meta name="viewport" content="viewport-fit=cover,width=device-width,initial-scale=1,minimum-scale=1,user-scalable=no"/><meta name="robots" content="nofollow, noindex"/><title>Wallpaper</title><style>html {. box-sizing: border-box;. }.. body {. margin: 0;. height: 100%;. overflow: hidden;. box-sizing: border-box;. text-rendering: optimizeLegibility;. -webkit-font-smoothing: antialiased;. -moz-osx-font-smoothing: grayscale;. cursor: pointer;. -webkit-user-drag: none;. -webkit-user-select: none;. -moz-user-select: none;. -ms-user-select: none;. user-select: none;. font-family: -apple-system, BlinkMacSystemFont, Segoe UI, Helvetica,. Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji;. }.. ,. :before,. *:after {. box-sizing: inherit;. }.. html,. body,. div,. span,

Chrome Cache Entry: 251

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:
MD5:	E0AA021E21DDDBD6D8CECEC71E9CF564
SHA1:	9CE3BD4224C8C1780DB56B4125ECF3F24BF748B7
SHA-256:	565339BC4D33D72817B583024112EB7F5CDF3E5EEF0252D6EC1B9C9A94E12BB3
SHA-512:	900110C951560EFF857B440E89CC29F529416E0E3B3D7F0AD51651BFDBD8025B91768C5ED7DB5352D1A5523354CE06CED2C42047E33A3E958A1BBA5F742DB874
Malicious:	false
Reputation:	low
URL:	https://donny.wetransfer.com/i.gif?e=eyJ2IjoiMS4xMSIsImF2Ijo4MDgxNzUsImF0Ijo5NTksImJ0IjowLCJjbSI6MTEzNTAyOTY2LCJjaCI6MzQ5MDIsImNrIjp7fSwiY3IiOjE4NjYwODE1MSwiZGkiOiJhY2E1MjQ4MGQyMDc0YTU2YWJlNTVhZjkyYTk1MmIwNyIsImRqIjowLCJpaSI6IjhhZTBhMzMzNTlhMTQ0YTM5OWMyZDM0YjMyYzliZjk4IiwiZG0iOjMsImZjIjozNjY2NzI0NTgsImZsIjozMTU4NjA0NzEsImlwIjoiMTAyLjEyOS4xNDMuMTQiLCJudyI6MTAyMjAsInBjIjowLCJvcCI6MCwiZWMiOjAsImdtIjowLCJlcCI6bnVsbCwicHIiOjE1NjEzMSwicnQiOjEsInJzIjo1MDAsInNhIjoiMzQiLCJzYiI6ImktMDg5NzZiODJmNWJjN2VkNWYiLCJzcCI6MTMwODg3NCwic3QiOjEwNTU5MjIsInVrIjoic3AtMjRjOTAyMjUtZThiMS00OGEwLWJlNjItYWIyZmU2OWRlYmVhIiwiem4iOjE5OTA3MSwidHMiOjE2ODMyMDc4MDAzOTIsInBuIjoiaWZyYW1lIiwiZ3IiOnRydWUsImdjIjp0cnVlLCJnQyI6dHJ1ZSwiZ2kiOnRydWUsImdzIjoicmVxIiwidHoiOiJVVEMiLCJiYSI6MSwiZnEiOjB9&s=Entwf2SP4YGgfDyjAOJKs39ffKw
Preview:	OK

Chrome Cache Entry: 252

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (590)
Category:	downloaded
Size (bytes):	79263
Entropy (8bit):	5.528174800553038
Encrypted:	false
SSDEEP:
MD5:	1400970874ADD8A03A76148D9FD2F43D
SHA1:	603C1220C2A3F5F684872FC89C2D6098408D8AD5
SHA-256:	7169B20FF9116852953E326AD3776AC06C0F14A5A21A3E07F3FB8B5C46418A61
SHA-512:	450171C50E4107AB426F33526FF2A5DA07DB87CA761976A329B2A77947E598D7460A09DC93966497E4D3CA2E5B84C0CEFBDF8104575903B16E0D0DCD956CCF9E
Malicious:	false
Reputation:	low
URL:	https://cdnjs.cloudflare.com/ajax/libs/snowplow/2.17.3/sp.js
Preview:	/*. @description JavaScript tracker for Snowplow. * @version 2.17.3. * @copyright Anthon Pang, Snowplow Analytics Ltd. * @license Simplified BSD. * . * Documentation: http://bit.ly/sp-js. */..'use strict';(function(){function D(a){"@babel/helpers - typeof";D="function"===typeof Symbol&&"symbol"===typeof Symbol.iterator?function(a){return typeof a}:function(a){return a&&"function"===typeof Symbol&&a.constructor===Symbol&&a!==Symbol.prototype?"symbol":typeof a};return D(a)}function Sb(a,b){var c=Object.keys(a);if(Object.getOwnPropertySymbols){var e=Object.getOwnPropertySymbols(a);b&&(e=e.filter(function(b){return Object.getOwnPropertyDescriptor(a,b).enumerable}));c.push.apply(c,e)}return c}.function nd(a){for(var b=1;b<arguments.length;b++){var c=null!=arguments[b]?arguments[b]:{};b%2?Sb(Object(c),!0).forEach(function(b){var d=c[b];b in a?Object.defineProperty(a,b,{value:d,enumerable:!0,configurable:!0,writable:!0}):a[b]=d}):Object.getOwnPropertyDescriptors?Object.defineProp

Chrome Cache Entry: 253

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	48
Entropy (8bit):	3.1994764927035653
Encrypted:	false
SSDEEP:
MD5:	52CAA374F9D8E80A43D843453A09451E
SHA1:	F20B4B2FC00180AD9895BED85B931F038BDCDF18
SHA-256:	4F8F48B18463DD38185B16DEEE997ADF27F88ED4036BEA70AFA90A9CE8DAD648
SHA-512:	FCBFDDCB33739EAF3E2E95086599D04E4FE7B07A3905E3710BD303C005EE2DEF632F2F59817895ABA8C0A1B14C77941FFCFE232E74E8401CB873AC3663E71E08
Malicious:	false
Reputation:	low
Preview:	R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=

Chrome Cache Entry: 254

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	1165
Entropy (8bit):	4.488709481071467
Encrypted:	false
SSDEEP:
MD5:	A228716754F7D89F50979B4082F4D63D
SHA1:	18AAF810034736A239F60EAEB324C3F431C18EFC
SHA-256:	569152236F6A3F372894472887E07A7D1587651211426D7AF19B74C03A067B25
SHA-512:	3E901099DB860C7430696F3D52FB8ED6F774BA4FBD66A58B58FA94BCBF75376D9852503FC4D3BD733C1955EE2DA317B2BD0626E910918B724656FCBAE8E261A6
Malicious:	false
Reputation:	low
URL:	https://api.lab.amplitude.com/sdk/vardata
Preview:	{"account-state-field":{"key":"on"},"bundle-splashpage-experiment":{"key":"on"},"cookie-wall-variations":{"key":"trees-long"},"coupon-management-discount-experiment":{"expKey":"exp-1","key":"show-coupon-management-discount-experiment"},"data-opt-in":{"key":"on"},"direct-storm-upload":{"expKey":"exp-1","key":"on"},"discovery-portals":{"key":"on"},"enable-cad-aud-currencies":{"key":"control"},"enable-nordic-currencies":{"key":"control"},"ensemble":{"key":"on"},"exp-ad-blocking-library-release":{"expKey":"exp-1","key":"target"},"exp-mobile-web-receiver":{"expKey":"exp-1","key":"show-new-mobile-web-receiver"},"marketing-pixel-tracking":{"key":"on"},"mweb-app-install-banner":{"expKey":"exp-1","key":"receiver-info-view"},"navigation-features":{"key":"on"},"pro-account-onboarding":{"key":"on"},"proxy-ads-provider":{"key":"on"},"send-install-banner-mweb":{"key":"send-view"},"set-proxy-requests-withcredentials":{"key":"on"},"show-unpaid-invoices":{"key":"on"},"sign-up-sync-to-portal":{"key":"on

Chrome Cache Entry: 256

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (565), with no line terminators
Category:	downloaded
Size (bytes):	565
Entropy (8bit):	5.013395369899308
Encrypted:	false
SSDEEP:
MD5:	433CBAC690542626F503B4269A8DA12A
SHA1:	3E810BC4ABACCF42AC5E4B0B939D63C03711BBD9
SHA-256:	F83B1A3EA61AD62E47FAD82DE5495A2547E2F12E591AD8108050538C566AE1E3
SHA-512:	569B3D704F2A979D16624064ABD3B97F38EEA3C9A5F3F09D31C9B83D62C360717F6F66EE44A6B53686760421A57D7EB4ABD54904556B105B05AA81D5850F34B9
Malicious:	false
Reputation:	low
URL:	https://ct.pinterest.com/ct.html
Preview:	<!DOCTYPE html><html lang="en"><head><title>Pinterest ct</title></head><body><div id="root"></div><script>window.addEventListener("message", (event) => {if (event.origin != "https://www.pinterest.com") {return;}try {if (event.data.key == "_epik_localstore") {window.localStorage.setItem(event.data.key, event.data.value);}} catch (error) {}}, false);window.addEventListener("load", (event) => {try {window.parent.postMessage({ key: "_epik_localstore", value: window.localStorage.getItem("_epik_localstore") }, "*")} catch (error) {}}, false);</script></body></html>

Chrome Cache Entry: 257

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (64347)
Category:	downloaded
Size (bytes):	107896
Entropy (8bit):	5.4027449553774565
Encrypted:	false
SSDEEP:
MD5:	53C40BF221F12E2E748F7690CD2E6498
SHA1:	6D8C290E28414D8B6E2D7AE17020BF60BF6FA72B
SHA-256:	9F7B103418C76D3C630FA9AC6128249BEBAB1E97454948C2FCFC22FC88F4EA3A
SHA-512:	C954AA8C1643513EFF4D0E4DB867CA8785184BD474B32FFB7927AC07F4D154D9EDCDE57C9BAAB7028D022FFB2B588594FF91E1D1ABFD9C03AE7013F661AF51F4
Malicious:	false
Reputation:	low
URL:	https://connect.facebook.net/en_US/fbevents.js
Preview:	/*. Copyright (c) 2017-present, Facebook, Inc. All rights reserved... You are hereby granted a non-exclusive, worldwide, royalty-free license to use,.* copy, modify, and distribute this software in source code or binary form for use.* in connection with the web services and APIs provided by Facebook... As with any software that integrates with the Facebook platform, your use of.* this software is subject to the Facebook Platform Policy.* [http://developers.facebook.com/policy/]. This copyright notice shall be.* included in all copies or substantial portions of the software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.* CONNECTION WI

Chrome Cache Entry: 258

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5059)
Category:	downloaded
Size (bytes):	207537
Entropy (8bit):	5.571867411514183
Encrypted:	false
SSDEEP:
MD5:	1A4DC61E80BF76722BCA8D42FC1B0977
SHA1:	C8B71445505690ED16ED6C98FB4DE84965BCF8A7
SHA-256:	90ED78CDA01743EF63979AA8FA0830B991707EE0DA851B4CDA7C37A19FD3516E
SHA-512:	7253E8FB693B49C9AC33B33B41B79DE50C155F7395850D403C050D3C831089042691AFA56DD5BC5C57713B902CA5E3D2C61D7AC3CBB4E729AED8821A83313C61
Malicious:	false
Reputation:	low
URL:	https://tag.wetransfer.com/gtag/js?id=G-0M019DTWVR&l=dataLayer&cx=c&sign=25abb49441e5f7ec9f4935427d7393c73f86f95b56fc33a55b5b0919d8c15685_20230504
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"7",. . "macros":[{"function":"__e"},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":"google.be"},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_auto_events","priority":17,"vtp_enableScroll":false,"vtp_enableOutboundClick":false,"vtp_enableDownload":false,"vtp_enableHistoryEvents":false,"vtp_enableForm":false,"vtp_enableVideo":false,"vtp_enablePageView":true,"tag_id":10},{"function":"__ogt_cross_domain","priority":17,"tag_id":12},{"function":"__ogt_referral_exclusion","priority":7,"vtp_includeConditions":["list","accounts\\.google\\.","appleid\\.apple\\.com","accounts\\\\\\.youtube\\\\\\."],"tag_id":13},{"function":"__ogt_1p_data_v2","priority":7,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_isAutoEnabled":true,"vtp_autoCollect

Chrome Cache Entry: 259

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10327), with no line terminators
Category:	downloaded
Size (bytes):	10327
Entropy (8bit):	5.113381938908243
Encrypted:	false
SSDEEP:
MD5:	4B0B7D731B18D770C7C8E83CCBB777F8
SHA1:	964049D22CDCA011868EB2C04BC0CCB00A618B1C
SHA-256:	D9D514698510CE26A6EE97639D1E85562B24F6D2DECBCB0671C4B8BBC0D60FB8
SHA-512:	1F2884DCCE819FB86527978BBAB1658D75BC4D116E6B949A73A048D4F680399D0314E9BE5B92F24E0C4B8DB7F2ECC9C09583CFD17E45078BE4792DB71DD69197
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/js/wallpaper-api-v2.js
Preview:	!function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="/packs/",n(n.s=150)}({150:function(e,t,n){"use strict";n.r(t),function(e){n.d(t,"WallpaperApi",(funct

Chrome Cache Entry: 260

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (13351)
Category:	downloaded
Size (bytes):	13352
Entropy (8bit):	5.417016481578538
Encrypted:	false
SSDEEP:
MD5:	B846C9D158853DD4AA95D3D7407ED8BB
SHA1:	2CF0EB02A22E8BD80D19A50A84593420D777D5DB
SHA-256:	F56CCB2DB87AACEDD9415232E40F80BFF9939703DF2F9C3F9EC8A092E545349F
SHA-512:	62E95EED5842D2C4E263B3CD0668AF061FD14309DB168837BC17D11666D900DD029913B4D774134508E91A6B337A4F28E820DA19DCCC125262F205596793DBDF
Malicious:	false
Reputation:	low
URL:	https://snap.licdn.com/li.lms-analytics/insight.min.js
Preview:	!function(){"use strict";function n(n,e,t){e in n?Object.defineProperty(n,e,{value:t,enumerable:!0,configurable:!0,writable:!0}):n[e]=t}var a,c,u,d={ADVERTISING:"ADVERTISING",ANALYTICS_AND_RESEARCH:"ANALYTICS_AND_RESEARCH",FUNCTIONAL:"FUNCTIONAL"},o="GUEST",r="MEMBER",l=0,s=1,i=2,f=(n(e={},o,"li_gc"),n(e,r,"li_mc"),e),p=function p(){var n,e=0<arguments.length&&arguments[0]!==undefined?arguments[0]:null,t=1<arguments.length&&arguments[1]!==undefined?arguments[1]:null,o=2<arguments.length&&arguments[2]!==undefined?arguments[2]:null,r=3<arguments.length&&arguments[3]!==undefined?arguments[3]:null,i=this,a=p;if(!(i instanceof a))throw new TypeError("Cannot call a class as a function");for(n in e=e\|\|{},this.consentAvailable=!1,this.issuedAt=t,this.userMode=o,this.optedInConsentMap={},d)e[n]=e[n]\|\|l,e[n]!==l&&(this.consentAvailable=!0),this.optedInConsentMap[n]=e[n]===s\|\|e[n]===l&&r===s},P=(a=[d.ADVERTISING,d.ANALYTICS_AND_RESEARCH,d.FUNCTIONAL],c=[l,s,i,l],u=new RegExp(["^(\\d+)","(\\d+)","

Chrome Cache Entry: 261

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1095), with no line terminators
Category:	downloaded
Size (bytes):	1095
Entropy (8bit):	5.042635804326071
Encrypted:	false
SSDEEP:
MD5:	15EF9D74513ADDEF9AA7AA6352E33C0E
SHA1:	0CB5556DD96036DD09608355D176435DD91F7C93
SHA-256:	2DFA655A4DBAE3F8BB3335D14A977A99A2AFE4B148BFFF2B2BE230F9A6DB94D6
SHA-512:	2A91FC9034E7AB4EAEA9350364ED8C3DFDC2CC0AB66F5ABCAE9E3343663E096204B9E896831DFECD479E67567AE76A70E15DAFB20AD6545BBEB0EB7C53FFD8DC
Malicious:	false
Reputation:	low
URL:	https://s.pinimg.com/ct/core.js
Preview:	!function(e){var u={};function r(n){var t;return(u[n]\|\|(t=u[n]={i:n,l:!1,exports:{}},e[n].call(t.exports,t,t.exports,r),t.l=!0,t)).exports}r.m=e,r.c=u,r.d=function(n,t,e){r.o(n,t)\|\|Object.defineProperty(n,t,{enumerable:!0,get:e})},r.r=function(n){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(n,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(n,"u",{value:!0})},r.t=function(t,n){if(1&n&&(t=r(t)),8&n)return t;if(4&n&&"object"==typeof t&&t&&t.u)return t;var e=Object.create(null);if(r.r(e),Object.defineProperty(e,"default",{enumerable:!0,value:t}),2&n&&"string"!=typeof t)for(var u in t)r.d(e,u,function(n){return t[n]}.bind(null,u));return e},r.n=function(n){var t=n&&n.u?function(){return n.default}:function(){return n};return r.d(t,"a",t),t},r.o=function(n,t){return Object.prototype.hasOwnProperty.call(n,t)},r.p="",r(r.s=0)}([function(n,t,e){var u,r;u=document,(r=u.createElement("script")).async=!0,window.pintrk.mh="da2a1c8f",r.src="https://s.pinimg.com/ct

Chrome Cache Entry: 263

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (64471)
Category:	downloaded
Size (bytes):	385278
Entropy (8bit):	5.461821389549879
Encrypted:	false
SSDEEP:
MD5:	19DA3C99C4DC3270F7B5FEEBD7860EAB
SHA1:	CA4883BD3D62BC2D684FF3BBF3BB34EDB42A45E9
SHA-256:	751FA56AEC336633BFABF44ADB5145E820542ECE4AF7F07B05B8D7FC1163E129
SHA-512:	CBC5741CB44DA5305E83DA3D92BF12965D36FD21FA5903FA5D9E1E9959C07266CD8680EE408889017EA4754B0F411FC96B5989F4A39B6B8BC12B9030D80FDBBA
Malicious:	false
Reputation:	low
URL:	https://connect.facebook.net/signals/config/1904796869803472?v=2.9.103&r=stable
Preview:	/*. Copyright (c) 2017-present, Facebook, Inc. All rights reserved... You are hereby granted a non-exclusive, worldwide, royalty-free license to use,.* copy, modify, and distribute this software in source code or binary form for use.* in connection with the web services and APIs provided by Facebook... As with any software that integrates with the Facebook platform, your use of.* this software is subject to the Facebook Platform Policy.* [http://developers.facebook.com/policy/]. This copyright notice shall be.* included in all copies or substantial portions of the software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.* CONNECTION WI

Chrome Cache Entry: 266

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4556), with no line terminators
Category:	downloaded
Size (bytes):	4556
Entropy (8bit):	5.210979136621132
Encrypted:	false
SSDEEP:
MD5:	0B292C65C4F9FF264316F9BFE1BC1B3D
SHA1:	300B0952A55A8F695A025011F88DAB5ADCF98B60
SHA-256:	CA306C3935CDB6586BAEEF60871E7ACC2644FA73A20C08AA023F8FBA347F60CD
SHA-512:	082837555E00D5E14849FAD589CEB7F76B3EC90D43023086780CABDF11F7776146C0B24CF82AEC9EE23F033BAF2FAE747C29EFA0A4F4A6E545BD9A5484DCF36B
Malicious:	false
Reputation:	low
URL:	https://cdn.brandmetrics.com/tag/a79d0565d5244a0f813e40f2c4832d09/wetransfer.js?slang=CH
Preview:	"use strict";var brandmetrics,__assign=this&&this.__assign\|\|function(){return(__assign=Object.assign\|\|function(e){for(var t,n=1,o=arguments.length;n<o;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e}).apply(this,arguments)};!function(l){if(void 0===l.api){l.api=null;var n,r="unknown";l.bootstrap=function(e,t,n){void 0===n&&(n=!1);var o=function(){window._brandmetrics_initiated&&window._brandmetrics_initiated(window.brandmetrics.api),t&&t(window.brandmetrics.api)};"unknown"===r\|\|n?(r="strapping",i(e,function(e,t){if(e)u(t,function(e){window.brandmetrics.api=e,o()});else{window.brandmetrics.api={hasConsent:function(){return!1},isReady:function(){return!0}},o()}})):o()},l.register=function(e){o[e.id]=e.ctor,n&&n(e)},l.getModule=function(e){return o[e],o[e]},l.defaultOptions=function(e){var t={siteId:"",baseUrl:location.protocol+"//"+location.host,consentMode:{type:"iab"},consentRetryCount:2,isTest:!1,logConfiguration:{errors:!1,bundle:!1,lev

Chrome Cache Entry: 267

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	2878
Entropy (8bit):	4.238816333799945
Encrypted:	false
SSDEEP:
MD5:	63E65DF060D6C365D80EFA2A3D626DF2
SHA1:	FBD10C5D0F5B6BE351D3FFA8F2E18CF7CD3BA91A
SHA-256:	660E33DB6FFAD57EB8F6E652E56840D61F32C43BA7E0183FA675E3F2247EA6D7
SHA-512:	11108A508B1139A6B4F86F5DBB21A7494C415223CC0C10D361D38FBCBF2007CFC24C6929B6322D3A182569708FCD5A35043C9A4117474B5B723D1848EC77690B
Malicious:	false
Reputation:	low
URL:	https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p7/wp3-hor1/1_yJhQTK/index.html?cacheId=v6hoi_1_315860471&_origin=https://wetransfer.com
Preview:	<!doctype html><html><head><meta charset="utf8"/><meta name="viewport" content="viewport-fit=cover,width=device-width,initial-scale=1,minimum-scale=1,user-scalable=no"/><meta name="robots" content="nofollow, noindex"/><title>Wallpaper</title><style>html {. box-sizing: border-box;. }.. body {. margin: 0;. height: 100%;. overflow: hidden;. box-sizing: border-box;. text-rendering: optimizeLegibility;. -webkit-font-smoothing: antialiased;. -moz-osx-font-smoothing: grayscale;. cursor: pointer;. -webkit-user-drag: none;. -webkit-user-select: none;. -moz-user-select: none;. -ms-user-select: none;. user-select: none;. font-family: -apple-system, BlinkMacSystemFont, Segoe UI, Helvetica,. Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji;. }.. ,. :before,. *:after {. box-sizing: inherit;. }.. html,. body,. div,. span,

Chrome Cache Entry: 269

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 43796, version 0.0
Category:	downloaded
Size (bytes):	43796
Entropy (8bit):	7.986945551187073
Encrypted:	false
SSDEEP:
MD5:	5321545E6FD1CEC2EB1EE4B745F450A1
SHA1:	3CA6BFFA09BB812466BA0CD5196D38B57AC51252
SHA-256:	F95DC7465B90788F8D5CB452B298BB4E6639CEC58821888DA9BE25F353035A8C
SHA-512:	B5D0EAE16E6FE120A128D7D48D44830C2EB5E10F7D0B4F2E324B693F85D4A4FB614C0CBBA09875A456F34EC937FE15CB254DE577B31FE75B92731DE321CB3AFD
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/media/gt-super-wt/GT-Super-WT-Regular-4aad923e.woff
Preview:	wOFF..............t.........................DSIG................GDEF................GPOS... ...!..6...1.GSUB...D.......^._..OS/2.......N...`hy..cmap...P.......h=j.ccvt .......)...4....fpgm.............6..gasp................glyf..!h..s........head...<...6...6...hhea...t... ...$....hmtx.............\-.loca............_$.emaxp...8... ... .;.Gname...X...Y........post...........b.))aprep...\|........hF.x.-..AC....p.....p....w.-.{......%......>`..-..F....r...!...x..z.#-.M....Z..M:.b..f.g.iC'..e..:.A.........g......;.}...C.X..M.^....x...3..Y..../.m...Zc.]M.41...tA5].}l......7...<.......El?..WF`..H..}.c..a.XZ..$.D....bW..#x.F.52x.N2_..].O.\|.....JVl..X....b.)..1..%..../+.#....6\|. ....%.Tk...(.....I.F...C.5r%.X2...A.e...&.lk.A....:4:$.j...~..S7.?.yj.Z.6.m..#....3.]..V..........<.+W..}...~U.T..h5].Z.^-....55j....3.]..V.....@.o. ..0....8.'....?.n...Y.f~....@(.......6..awu.../.~.?-A.h.......j&l.) ..q..\|.$.....JK..\|.L...\.>O.S"%[.C.d....rYn.[yo\|M..`.7Uf..D.-].C.

Chrome Cache Entry: 270

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	405
Entropy (8bit):	4.653733235247637
Encrypted:	false
SSDEEP:
MD5:	E70DD85B31F372034B6C5AFADCD88F36
SHA1:	7FF82CC1C4FDBE6F41CE0A81615034B6341E6F6F
SHA-256:	87C84AB6301A18274AF33B4094EDB23916B5DC9A0220C5410AAB54C41851A369
SHA-512:	DE2EAB5AFEEC9F4C1AD57FC76C55DE2061692705B8127906B3F5294F608F779C7614C648727A949A0CB14C667712D22720E4DAA516755ACD515CF0C1EA249C1C
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/assets/adtrack-87c84ab6301a18274af33b4094edb23916b5dc9a0220c5410aab54c41851a369.js
Preview:	// TODO: remove when ad-block-library is rolled at 100%./*. WARNING: don't try to be smart removing this file, make it part of an .erb template or webpack build process.. * We need this file to be loaded by the browser or blocked by ad blocker. It is the check that tells us if. * we can load advertisement wallpapers or not.. */..window.__ads_enabled__ = true; // eslint-disable-line no-unused-vars.;.

Chrome Cache Entry: 271

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	23
Entropy (8bit):	3.82790978214397
Encrypted:	false
SSDEEP:
MD5:	A2783B6DB93FC82A9998806F97207470
SHA1:	E8A7C5137DB6509F2810238D258CDAF6507D7803
SHA-256:	858B8A6408A3C9A457C831CE91D3DCC273E12AE41991523890F87E58CE4FC5F1
SHA-512:	F73581E3662E599E9F498A9EA0ECDF45A3ACD6F449EB0B397A547EA06A634B5A02B5F016D77285A2C7F69A57D17EC7AB95C07E95126F4CF9754EE4827C1B794E
Malicious:	false
Reputation:	low
URL:	https://auth-session-caching.wetransfer.net/v1/login-status
Preview:	{"status":"LOGGED_OUT"}

Chrome Cache Entry: 272

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4437
Entropy (8bit):	7.697381961093944
Encrypted:	false
SSDEEP:
MD5:	C407E5C94D409AF6326A76C402092673
SHA1:	45BC3AEF6B0F69DE5931A8652A17364B44C14C49
SHA-256:	6886429A95865606DC473A15AD4F1D44257E038A8C3713D8EEFCA71E5F129314
SHA-512:	87B302DC23DED5F891D59311E853F945BB4ACE9D9DD5274FE1C3A8C60F905680454CFB5E3E628119D48F86B34E65B258F823B7489891BE3223FD104B766656C8
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/media/images/favicon.dark-0208df94.png
Preview:	.PNG........IHDR.............\r.f....sRGB...,.....pHYs.................IDATx.....U..I.C.HE..>\..$.G!J....+!.V.....i."..">.F.B.3.%(..K..X[...O..-PBPD(Z.I...k........83.../.e...}.5gf..e...........................................................................................................................................022...3'...(.......~..\|.Iy...D_........~...........fts...\|.#..7........+\|lr..\|.<U.$........r.=v9.`\|..g...o.j..r.<A.)/P'Y.v..q..Mr[...t..... .. ....{.....U~......Ce;.C....6x....O...5;....\|..7j..U.<k%.......g.......?...hmpK:.3mp.z.....,..vwS..^eu.....w..0../.....V..Jf_....d.S>m.s`rTzP.U..........=b..:....Gy.U...._..K.~..O_..i..e5.t.../..e......K....u`.......Cw..B...+.b...PA.#.Ur..B.j\|L^..t........9.~`}(..Q.C..9=.....O...&...y.i..I..WE}\|I._[..S...$........$Z..../..[i..._..@...\|.....Dq..M......ZekF..+.$.v..Q.4..(..\..v..._.}[....~.@bh.M.xQ.....6..^PU&....t:....^DO.MzE.~\.5.#\r.].V]..*d......%.iF...<........-.N.....H....6?`..J

Chrome Cache Entry: 274

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1013375
Entropy (8bit):	5.485019191627989
Encrypted:	false
SSDEEP:
MD5:	96C810BCDD1FB6960BB26C0EDA2007C9
SHA1:	E9BC73BEB69796F8CFD4057DF9C4019356A822B4
SHA-256:	E0E0F9B85D6DCD78CDEE0A748665510B49AC629C09A2F4252A62C789DDD2D4A6
SHA-512:	7440FA78386C4C2306C942961A319C3F88F18F447A17C3C1045DEA890F279A592932C4652F8887174BD71A91790BA5D9BFC4ECD3FAB6F35B07C374A4BDE9A35B
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/esm/application-6d7ddf641b23efdbe8a6.es6.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[10],[,function(e,t,a){"use strict";a.d(t,"a",(function(){return l}));var n=a(86);var r=a(37),i=a(94),o=a(75),s=a(40);class l{static get locale(){return n.a.locale}static t(e,t){let a;try{a=n.a.lookup(e)}catch(i){return r.a.track(`I18n Error: ${i}. TranslationKey: ${e}`),e\|\|""}return t&&"undefined"!==typeof t.count&&(a=function(e,t){var a=function(e){switch(e){case 0:return["zero","none","other"];case 1:return["one"]}return["other"]}(t);if("string"===typeof e)return e;for(const n of a)if("undefined"!==typeof e[n])return e[n];return e}(a,t.count)),t?("string"!==typeof a&&(a=""),a.replace(/%{(\w+)}/g,((e,a)=>t[a]))):a}static megabytes(e){return this.number(e/1048576,{precision:1,delimiter:""})+" "+l.t("number.human.storage_units.units.mb")}static gigabytes(e){return this.number(e/1073741824,{precision:1,delimiter:""})+" "+l.t("number.human.storage_units.units.gb")}static size(e,t={}){if("number"!==typeof e)return t.allowNull&&e===o.f\|\|r

Chrome Cache Entry: 275

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65450)
Category:	downloaded
Size (bytes):	280755
Entropy (8bit):	5.429198846570772
Encrypted:	false
SSDEEP:
MD5:	916C2C51447770CF347111AF1E022DA8
SHA1:	2A1C39F3E074D522B943331D58716A1858FF98B2
SHA-256:	4E7A53C56B961C4A3C259F0F837596AAC4E7BC922C2417DE581EC6A73B56E6B8
SHA-512:	6332D2B4F3AEF73E53150FD8E67C1D0149C523BD0BCECF87FE90E50614D7393B31E5833046B87B23B0B266A233133A559CE944F4BE1CA92C8F1FAD67366E03A5
Malicious:	false
Reputation:	low
URL:	https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p7/wp3-hor1/1_yJhQTK/bundle.e74d07f4bef01fe36901.js
Preview:	/! For license information please see bundle.e74d07f4bef01fe36901.js.LICENSE.txt /.!function(){var e,t,n={418:function(e){e.exports={platform:"desktop",deployPathOverride:!1,variants:[]}},4627:function(e,t,n){var r=n(7373),i=n(6927),a=TypeError;e.exports=function(e){if(r(e))return e;throw a(i(e)+" is not a function")}},2297:function(e,t,n){var r=n(3862).has;e.exports=function(e){return r(e),e}},7261:function(e,t,n){var r=n(2409).has;e.exports=function(e){return r(e),e}},7713:function(e,t,n){var r=n(2712),i=n(2091),a=n(3567).f,o=r("unscopables"),s=Array.prototype;null==s[o]&&a(s,o,{configurable:!0,value:i(null)}),e.exports=function(e){s[o][e]=!0}},9223:function(e,t,n){var r=n(1218),i=String,a=TypeError;e.exports=function(e){if(r(e))return e;throw a(i(e)+" is not an object")}},6148:function(e,t,n){var r=n(6867),i=n(6912),a=n(6702),o=function(e){return function(t,n,o){var s,c=r(t),u=a(c),f=i(o,u);if(e&&n!=n){for(;u>f;)if((s=c[f++])!=s)return!0}else for(;u>f;f++)if((e\|\|f in c)&&c[f]===n)

Chrome Cache Entry: 276

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65450)
Category:	downloaded
Size (bytes):	280951
Entropy (8bit):	5.429814392300213
Encrypted:	false
SSDEEP:
MD5:	28C3CBC087EDBF91191952D9D0CB9477
SHA1:	F8528BD9A62AFF9E331E29394628C2EF1C74D406
SHA-256:	B0DDC47A5CAD481FE74042A147098F1D8730C77B838B24EEF30B9CF3485EED39
SHA-512:	AD1006F43BD8D721FD3FCBA6B89F4D54C2AC34A4ADCEE6706468FB555EEE1182E13C1C99EFC7242EF1C9C29D3738545F4F997F8E2DE9BF61BEA118DAB1E382A3
Malicious:	false
Reputation:	low
URL:	https://backgrounds.wetransfer.net/creator/wepresent-2303/2303-p3/wp1-ver3/1_xzpyqw/bundle.4cfdf4b651b348fd2818.js
Preview:	/! For license information please see bundle.4cfdf4b651b348fd2818.js.LICENSE.txt /.!function(){var e,t,n={418:function(e){e.exports={platform:"desktop",deployPathOverride:!1,variants:[]}},4627:function(e,t,n){var r=n(7373),i=n(6927),a=TypeError;e.exports=function(e){if(r(e))return e;throw a(i(e)+" is not a function")}},2297:function(e,t,n){var r=n(3862).has;e.exports=function(e){return r(e),e}},7261:function(e,t,n){var r=n(2409).has;e.exports=function(e){return r(e),e}},7713:function(e,t,n){var r=n(2712),i=n(2091),a=n(3567).f,o=r("unscopables"),s=Array.prototype;null==s[o]&&a(s,o,{configurable:!0,value:i(null)}),e.exports=function(e){s[o][e]=!0}},9223:function(e,t,n){var r=n(1218),i=String,a=TypeError;e.exports=function(e){if(r(e))return e;throw a(i(e)+" is not an object")}},6148:function(e,t,n){var r=n(6867),i=n(6912),a=n(6702),o=function(e){return function(t,n,o){var s,c=r(t),u=a(c),f=i(o,u);if(e&&n!=n){for(;u>f;)if((s=c[f++])!=s)return!0}else for(;u>f;f++)if((e\|\|f in c)&&c[f]===n)

Chrome Cache Entry: 279

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6347), with no line terminators
Category:	downloaded
Size (bytes):	6347
Entropy (8bit):	5.416180141880784
Encrypted:	false
SSDEEP:
MD5:	A95F426B5EA74FB969DA3572CE2DF54A
SHA1:	786D46040C401C0B5354F94C797EF21B638D8A23
SHA-256:	FFD64DAFD92C3F95081AC90F2B714CD3A8BFDE9FDB9A20BB0C59BE83097CDB1E
SHA-512:	3C66D64EE5498E4594A96EF81FC628EC9DCC8FE8D2109E9BC4E22C5877FE890F25F6397A1C55F9B338E84DC1FD0C64E2AF54FA8900F0B75AFC5F3103B63C064B
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/esm/runtime~application-64c2549e7ca196c27873.es6.js
Preview:	!function(e){function t(t){for(var a,n,d=t[0],f=t[1],s=t[2],i=0,p=[];i<d.length;i++)n=d[i],Object.prototype.hasOwnProperty.call(o,n)&&o[n]&&p.push(o[n][0]),o[n]=0;for(a in f)Object.prototype.hasOwnProperty.call(f,a)&&(e[a]=f[a]);for(u&&u(t);p.length;)p.shift()();return c.push.apply(c,s\|\|[]),r()}function r(){for(var e,t=0;t<c.length;t++){for(var r=c[t],a=!0,n=1;n<r.length;n++){var f=r[n];0!==o[f]&&(a=!1)}a&&(c.splice(t--,1),e=d(d.s=r[0]))}return e}var a={},n={37:0},o={37:0},c=[];function d(t){if(a[t])return a[t].exports;var r=a[t]={i:t,l:!1,exports:{}};return e[t].call(r.exports,r,r.exports,d),r.l=!0,r.exports}d.e=function(e){var t=[];n[e]?t.push(n[e]):0!==n[e]&&{1:1,2:1,3:1,4:1,5:1,6:1,7:1,8:1,9:1,15:1,28:1,29:1,31:1,34:1,35:1,36:1,54:1,55:1,56:1,57:1,58:1,60:1}[e]&&t.push(n[e]=new Promise((function(t,r){for(var a="css/"+({1:"complete-order~payment-methods~payment-update~sign-up~upgrade",2:"transfer-detail~transfer-list~transfer-progress-upsell",3:"payment-methods",4:"profile",5:"sign-

Chrome Cache Entry: 280

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1502), with no line terminators
Category:	downloaded
Size (bytes):	1502
Entropy (8bit):	5.159456969929594
Encrypted:	false
SSDEEP:
MD5:	41A092D20474B7835FBDC84D81A1E3B8
SHA1:	9B7B65EC221E43922234FFF9E4FB667FA4BB2B7E
SHA-256:	9E7F6E9E56D239A539CD2194BB9BFDFAB9B7373DD68D99F4C9CA4B5FFA314E06
SHA-512:	F5A4AAA1E6F995096C5CB1C7E4D2A5E5A14298D1E2FB82EDD92C3AE7F080BAFE9D47CD76000E5C396CFFEFA95B5D39961208B855E5246F01E1E230C97E133C5D
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/esm/runtime~locale/en-0d9b367bb228e28541eb.es6.js
Preview:	!function(e){function r(r){for(var n,l,a=r[0],f=r[1],i=r[2],c=0,s=[];c<a.length;c++)l=a[c],Object.prototype.hasOwnProperty.call(o,l)&&o[l]&&s.push(o[l][0]),o[l]=0;for(n in f)Object.prototype.hasOwnProperty.call(f,n)&&(e[n]=f[n]);for(p&&p(r);s.length;)s.shift()();return u.push.apply(u,i\|\|[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,a=1;a<t.length;a++){var f=t[a];0!==o[f]&&(n=!1)}n&&(u.splice(r--,1),e=l(l.s=t[0]))}return e}var n={},o={40:0},u=[];function l(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,l),t.l=!0,t.exports}l.m=e,l.c=n,l.d=function(e,r,t){l.o(e,r)\|\|Object.defineProperty(e,r,{enumerable:!0,get:t})},l.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},l.t=function(e,r){if(1&r&&(e=l(e)),8&r)return e;if(4&r&&"object"===typeof e&&e&&e.__esModule)return e;var t=Object.create(nu

Chrome Cache Entry: 281

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	405
Entropy (8bit):	4.9389267406733985
Encrypted:	false
SSDEEP:
MD5:	C936517005F2C907719D9BFF61A3DE8E
SHA1:	E6BCBBFBFD28AC8A6D641B723321C856D71B5C28
SHA-256:	AA46BEF05856269FABB4608A93347D14333726BA83B420B34013AB102B8B94F6
SHA-512:	9AF1EC70BA58C28085A6E94F500E3EDED60941E09A8F5884A0DF04373A1DEF83E73D1E5F344A73E602F95F643C69774DD7732D2F2E368E60F3CE1B55D732B1E2
Malicious:	false
Reputation:	low
URL:	https://nolan.wetransfer.net/apps/wallpaper/asset-manifest.json?cache-bust=0.5658177541011316
Preview:	{. "files": {. "main.js": "1.0.24/main.41ef840324b8699b.js",. "3rdpartylicenses.txt": "1.0.24/3rdpartylicenses.txt",. "loading_background.png": "1.0.24/loading_background.d49aa05ca03a22c54803.png",. "index.html": "1.0.24/index.html",. "package.json": "1.0.24/package.json",. "assets/.gitkeep": "1.0.24/assets/.gitkeep". },. "entrypoints": [. "1.0.24/main.41ef840324b8699b.js". ].}

Chrome Cache Entry: 282

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	2878
Entropy (8bit):	4.234134107044018
Encrypted:	false
SSDEEP:
MD5:	1B76A3A4BB92EE1DB3B16AF6B81EB13F
SHA1:	2BA31CC1C04590F014CF3E4E7DC370FDC4EE1735
SHA-256:	D6D13070FC25868AC336E60C6467292B0E43E0E699000D99EDE1D1EDD150A53C
SHA-512:	BDD9718332C85078E7C69035D5E6FCADF6BDC597D2C858C419CAAF25AB08B1C6421BA807DA6C9DE490B36CCFF140F9182E25DC48617C357EFAA06018787F1077
Malicious:	false
Reputation:	low
URL:	https://backgrounds.wetransfer.net/creator/wepresent-2301/2302-p5/wp1_fs/1_8qcAGh/index.html?cacheId=jhndd9_2_315860471&_origin=https://wetransfer.com
Preview:	<!doctype html><html><head><meta charset="utf8"/><meta name="viewport" content="viewport-fit=cover,width=device-width,initial-scale=1,minimum-scale=1,user-scalable=no"/><meta name="robots" content="nofollow, noindex"/><title>Wallpaper</title><style>html {. box-sizing: border-box;. }.. body {. margin: 0;. height: 100%;. overflow: hidden;. box-sizing: border-box;. text-rendering: optimizeLegibility;. -webkit-font-smoothing: antialiased;. -moz-osx-font-smoothing: grayscale;. cursor: pointer;. -webkit-user-drag: none;. -webkit-user-select: none;. -moz-user-select: none;. -ms-user-select: none;. user-select: none;. font-family: -apple-system, BlinkMacSystemFont, Segoe UI, Helvetica,. Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji;. }.. ,. :before,. *:after {. box-sizing: inherit;. }.. html,. body,. div,. span,

Chrome Cache Entry: 283

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	136282
Entropy (8bit):	4.917451185518743
Encrypted:	false
SSDEEP:
MD5:	05149C773176488DB5BEE9B184B2EFC4
SHA1:	5AC367331220DDCF6098A5EE4A34913E4B35EAAF
SHA-256:	A4DA697C1F5111E491660F1192BBE0F0CC5199DE3B8FE0CF38572F7AAB0AA65D
SHA-512:	D3E3F06EF8CAA8A53BDFB854E945ECB765C6B312407E6B38708F974A4209AB9B6D99721435F21D9C50A05C5248F2ADADCA5314876D159C2DBC710C7A75D73BD1
Malicious:	false
Reputation:	low
URL:	https://prod-cdn.wetransfer.net/packs/esm/locale/en-9a2ff746e7f832ef16b2.es6.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[18],{1565:function(e,t){window._i18n_={date:{formats:{default:"%d-%m-%Y",short:"%-d %B",long:"%-d %B, %Y",with_day:"%A, %-d %B",without_day:"%-d %B %Y"},day_names:["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],abbr_day_names:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],month_names:[null,"January","February","March","April","May","June","July","August","September","October","November","December"],abbr_month_names:[null,"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],order:["year","month","day"]},number:{format:{separator:".",delimiter:",",precision:3,round_mode:"default",significant:!1,strip_insignificant_zeros:!1},currency:{format:{format:"%u%n",unit:"$",separator:".",delimiter:",",precision:2,significant:!1,strip_insignificant_zeros:!1},EUR:"\u20ac",USD:"US$",CAD:"cad",AUD:"aud",GBP:"\xa3",DKK:"kr",NOK:"kr",SEK:"kr"},percentage:{format:{delimiter:"",format:"%n%"}},precision:{format:{

Static File Info

⊘No static file info

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://we.tl/t-iuRVoP7Lqq

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.LOG1

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

C:\Users\user\Downloads\49206d13-d691-46f1-bae6-074f71bdb66a.tmp

C:\Users\user\Downloads\wetransfer_foto-per-autogru_2023-05-04_1228.zip (copy)

C:\Users\user\Downloads\wetransfer_foto-per-autogru_2023-05-04_1228.zip.crdownload

Chrome Cache Entry: 206

Chrome Cache Entry: 207

Chrome Cache Entry: 209

Chrome Cache Entry: 211

Chrome Cache Entry: 212

Chrome Cache Entry: 213

Chrome Cache Entry: 214

Chrome Cache Entry: 215

Chrome Cache Entry: 217

Chrome Cache Entry: 218

Chrome Cache Entry: 220

Chrome Cache Entry: 221

Chrome Cache Entry: 222

Chrome Cache Entry: 223

Chrome Cache Entry: 224

Chrome Cache Entry: 226

Chrome Cache Entry: 227

Chrome Cache Entry: 228

Chrome Cache Entry: 229

Chrome Cache Entry: 230

Chrome Cache Entry: 231

Chrome Cache Entry: 232

Chrome Cache Entry: 233

Chrome Cache Entry: 234

Windows Analysis Report
https://we.tl/t-iuRVoP7Lqq