Edit tour

Windows Analysis Report
https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0

Overview

General Information

Sample URL:	https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0
Analysis ID:	1523416
Infos:

Detection

Phisher

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Phisher

Performs DNS queries to domains with low reputation

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 4216 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1980,i,3125285047739233221,18165284228548967673,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6560 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_63	JoeSecurity_Phisher_2	Yara detected Phisher	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected Phisher

Source: Yara match

File source: dropped/chromecache_63, type: DROPPED

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49758 version: TLS 1.2

Networking

Performs DNS queries to domains with low reputation

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: iamcosless.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: iamcosless.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: iamcosless.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: iamcosless.xyz

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:15 GMTServer: Apache/2.4.52 (Ubuntu)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 2819Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 5b 7b 6f db 38 12 ff 7f 81 fb 0e 5c f7 b0 69 6f 23 cb 4e 9a 66 37 75 72 e8 23 7b 0d ae 6d 16 4d 8a 45 81 02 02 25 8d 25 26 94 a8 92 94 1d ed a7 bf 21 25 39 b2 e3 87 ec 24 6d 6e b7 06 9a 5a 34 39 43 ce e3 c7 e1 70 34 50 81 64 99 3e 62 c3 c7 63 96 86 62 dc e5 22 a0 9a 89 b4 1b 4b 18 76 59 1a f0 3c 04 f5 b8 f3 a8 f3 e4 09 99 d7 87 1c ce 6d ee 4a c8 38 0d e0 b1 fb d9 fd fc e8 b3 eb 46 db 5b 8f b6 9e 4c 37 df 6c b4 4d ee d6 93 e7 03 b7 9a da 0f 83 1f 5f 9f be 3a ff f4 fb 31 89 75 c2 8f fe f1 c3 c0 fc 4f 38 4d a3 c3 0e a4 1d 6c 21 f8 19 c4 40 c3 ea bb 7d 4e 40 53 12 c4 54 2a d0 87 9d 5c 0f 9d 5f 3a cd df 35 d3 1c 8e 4e 5e bc 7b 75 7a f6 f6 f8 ec 6c e0 96 2d b3 24 52 9a c0 61 07 85 60 e7 83 eb eb 90 40 a4 1a 52 a4 da 59 d0 9b e6 3a 16 b2 45 c7 11 83 71 26 a4 6e 74 1d b3 50 c7 87 21 8c 58 00 8e 7d d8 26 2c 65 9a 51 ee a8 80 72 38 ec 6f 93 84 5e b1 24 4f ea 86 29 f2 9c a5 97 44 02 3f ec 28 5d 70 50 31 00 d2 37 4a 69 b6 28 d7 a7 0a ba 81 52 1b 0d 56 97 c0 41 a3 b2 37 25 80 fa 0b 59 1a a9 5b 10 28 44 ae bd fe c6 04 7c 71 b5 f1 d8 84 b2 cd 97 9e b1 2b 16 2c 17 1d 5a 8f 0e 72 4d 4c bf 9a 04 4b 68 04 ca 1d d2 91 1d 8d 7f 16 8c a6 59 c6 c1 d1 22 0f 62 67 0e 81 d9 9f bb 59 1a b5 a6 a4 d8 9f a0 0e 3b fb 3b 57 fb 3b 2b e8 3a b6 d3 26 d4 fb fd a7 57 f8 6f 15 fd aa 5b 93 c3 c0 6d c0 c0 c0 17 61 d1 64 1d b2 11 09 38 55 c8 02 75 30 44 19 7b a9 90 09 e5 de 94 07 cd f6 35 24 41 7a 56 85 b3 fd 66 fb 1a 37 46 db 00 39 af e3 6c 67 c5 ae 34 40 8a be cf f3 24 55 8b 86 d8 61 2c 89 88 9d 41 85 10 07 64 b7 97 5d 3d 47 99 c9 60 22 a2 7e b5 1e 57 69 2a ad 5c 08 e5 33 f0 73 83 b2 ca 68 5a 93 4e a8 8c 58 8a 42 ce 0e 88 d3 7f 8a 0c 42 a6 10 9c 8b 03 c4 20 d4 1c 38 3e c2 fc e5 f3 18 58 14 eb 03 b2 8f 3d 86 b8 64 c7 68 ee 80 ec d8 29 4d 81 aa a1 be 8c 3b ad 94 fc a8 33 91 0a 17 63 6f 88 22 27 85 f6 fc 5c 23 ca 74 8e 06 2e dd 94 8a 1e 33 ad 51 7f 77 40 6a 88 bb 94 2f c4 65 5b 5a 4d 23 d2 70 a5 6b 1b 3a d3 b4 30 88 9f 42 a0 21 1c b8 d8 6f 91 b9 2c f8 6d 5e fb 6c db 8d e7 0d ed 3f 43 db ba 7f eb 2f 77 c0 6b 19 b5 13 ab dd b3 57 0f 31 9f 6b ab 24 27 67 e4 cd f1 87 e3 25 2c 96 a8 e4 c6 3a 72 7f 8d 59 bc 13 12 4d 32 46 97 eb f7 48 9e b2 2f 39 90 37 e7 ef de 12 0d 09 3a 9a 06 85 9e 46 44 0a c4 cf d3 90 03 61 2a dd d2 66 84 26 74 0c 4a 24 80 01 97 8e 09 25 5c 68 22 86 64 08 54 e7 12 c7 e1 8e 4a 22 89 4f 04 a3 15 16 a5 c4 97 22 47 37 25 5a 10 dc 2b 89 5f 34 64 d0 bd 9b c5 03 ee 84 dc 43 11 98 f0 c8 5f b9 fa 01 1a 5d 42 58 58 99 4a a0 3d d3 d0 21 68 8e 0e b6 0c 99 4c d0 55 58 18 42 ea 61 1b da 65 cd c8 f4 43 6b f5 32 1a 9a b8 61 15 23 cb 8c a5 19 ee a1 ba c8 a0 9a 68 a7 0a bb aa 07 33 8f ea eb b5 5b 78 c6 08 71 46 26 22 8d 05 47 e4 3f ec 1c a3 65 4a f2 49 e4 92 1c 97 fd 25 7c c9 99 84 b0 cd 34 4a b0 a8 e6
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "241e-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 2570Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 1a 6b 73 db b8 f1 b3 f4 2b 50 67 ee 12 27 12 4d 52 92 ed 48 93 69 93 cc 65 9a e9 a5 d7 69 32 ed 87 de 4d 06 22 41 09 67 92 a0 09 d0 b6 92 c9 7f ef 2e 00 52 7c 5a b2 c7 b6 f9 c2 2e 76 17 fb c2 02 f0 d9 cb f1 4b f2 e1 d7 b7 5f fe f5 f6 fd 3f c8 7f e6 8e 07 df b7 b7 b7 4e c6 ef 22 91 2b 27 10 09 b4 f8 af cf dc cb 33 df f5 16 e3 97 67 e3 f1 f8 ec 25 f9 42 d7 31 23 22 22 ef 45 aa 58 aa c6 6f 1e fc 33 1e 3d fb 37 93 4c 91 9f c9 3b 2a 79 20 a1 41 bf 90 cf 6a 17 33 fc fc cc 15 db 7f 7d d9 65 62 93 d3 6c bb 83 8f 5f 79 7a 25 f5 53 2a 7c 7e 4c e8 46 63 bd 2b 94 12 29 be 7d 10 79 82 cf 4f 5c 06 a4 14 bc c5 93 bc f8 98 ca 8c e7 2c 24 eb 1d f9 c5 21 9f d8 8e e5 f2 f4 11 e3 41 16 a3 bf f1 24 03 c5 91 93 ad 52 d9 f2 ec 2c 02 f5 48 67 23 c4 26 66 34 e3 12 35 7a 16 48 f9 d7 88 26 3c de bd f9 2d 63 e9 ab cf 34 95 cb b9 eb 4e 16 ae cb 15 8d 79 30 b9 80 2f 68 39 59 8d 47 5b 95 c4 13 b2 16 e1 6e 42 42 7e 33 21 32 a3 e9 84 d0 2c 8b 99 9a 10 b1 fe 93 05 f0 e4 51 4e 13 36 21 5b 0f 2e 1f ae 19 5c 73 b8 16 70 9d 4f 48 06 34 62 11 5c 5d 17 42 01 5a 96 c3 8d c2 df 7a 9d c3 3d c8 45 ba 4b e0 25 0c 73 26 25 e0 f2 cd 84 04 1c 51 03 11 c2 3d 64 20 45 18 01 67 06 78 3c 01 30 4f 01 f1 6a 1d 4e c8 35 48 05 7f 34 01 2e 32 a1 31 a0 4a 95 f3 2b a6 9f 22 05 64 59 ac f1 06 08 0a a4 bd a1 c0 15 1a 0a a0 02 1c c0 83 18 34 84 c8 02 a0 21 90 14 f0 5e c0 15 03 3c e2 2c 0e 25 8e 16 bc 12 b8 c7 74 8d d2 c4 6c c3 52 40 55 e8 8c 40 85 66 8a 0b 10 50 19 65 a9 48 08 e8 a2 b6 8c 22 52 8e af 70 c1 3b cd 15 0f b0 0b f8 40 a8 7b a6 37 54 e2 18 15 e5 b1 c4 21 ae 59 88 7c 37 05 ea 09 9e 15 71 24 8a b2 22 55 fd dc e4 02 47 95 b0 14 06 93 52 30 90 28 54 56 00 e7 bc 58 83 18 12 cc a3 7b ca 22 49 68 8e 82 71 34 14 bc 5f 81 04 45 c8 05 e8 03 e4 10 e4 fb 78 34 82 e6 0d 4f 97 c4 05 d3 8f 32 b0 07 4f 37 f6 6b 2d 72 60 69 3f d0 b3 a6 92 7f 63 4b e2 b9 ee 4f 65 d3 12 ac b2 65 39 57 d8 70 c3 70 a0 34 9e 82 4f 6d 80 e6 9a 4a 16 f3 94 ad c8 8f f1 a8 ad 84 6a f0 8d d1 96 1a 38 3c 6a 3b 4e 3d 88 90 cb 2c a6 bb a5 71 39 cd 0e 6d a2 61 28 c0 74 cb f8 66 0b c2 7a 1a 66 6c 6d a1 12 86 85 21 bf 24 a9 b0 a2 d6 1d f7 5a a3 e9 0f d9 8b b2 5c 33 f0 12 56 77 f7 25 8d 50 fa f1 e8 ba 02 5e 9b 36 4d 2c 30 39 6c 49 9e 3f 5f d5 3f 2b e2 da c1 34 aa 31 c1 34 10 71 4c 33 09 32 96 6f 7b fb 4c 21 3e 03 6b 34 e8 6c b2 4e 23 b1 3d 32 b7 a0 06 b5 0c 34 b8 42 f5 a7 e1 92 3c 8b a2 a8 ed 0d e7 d9 dd aa a1 64 7f 0e 2d 25 92 49 3c 30 56 4c 3d 04 53 cf f3 89 84 fb 54 82 d7 44 e4 2f 26 81 d1 54 19 55 c4 02 1c ee d9 7c 3e c7 cf e9 2d 5b 5f 71 a0 a1 b9 25 e0 13 5b 3d 50 c0 e6 e0 62 e0 5d e1 8a c0 70 3f f0 3b 8c 54 62 d0 49 0e 51 0a c4 d3 8d 1e 46 45 45 b1 3b 23 f3 94 86 7f 16
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "885c-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 7132Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 3d 6b 73 e3 36 92 9f 9d aa f9 0f b8 9d 4a ed 78 ca 92 f8 d4 b3 ee ea 72 93 cd a3 2a c9 e5 92 d4 d6 dd 27 16 45 51 12 d7 14 a9 25 29 db 93 29 ff f7 c3 1b 8d 07 29 d9 e3 d9 4c e2 d8 23 81 40 77 a3 d1 68 74 37 80 e6 e4 ed ab 2f de a2 6f ca b4 fb 39 cd 6e d1 77 bf fd f8 03 fa 7b 34 f6 49 e9 bb fa f8 be 29 76 fb 0e 05 9e 1f a3 9f 8b 87 6f ea a6 23 4f ee ef ef c7 c7 e2 61 8b bf 8e b3 fa 40 8a 82 c5 c4 9b 4f 48 45 fc 6d f2 ea 0b f6 33 79 3b 1a 8d d0 cf 69 d3 21 6f 89 d0 eb 1f 8b 36 43 f4 3f 5c 4e aa 8d 37 79 7b 9b 30 2c 1f 50 97 3f 74 a3 b4 2c 76 d5 12 d1 b2 15 7a 14 75 ca 7c 6b 56 21 45 b4 06 43 85 09 44 3e 01 7a 25 88 4b f0 bf 89 8f c6 5d de 16 49 db bd 2f 73 0c 61 8d 3b ba 6b ea 53 b5 59 a2 d7 71 96 46 db 6c 75 4c 37 9b a2 da 2d 51 e4 1d 1f 90 b7 82 58 b2 bc ea f2 86 e2 b1 00 ff 73 54 64 75 85 81 72 00 a3 75 dd 75 f5 61 89 42 0c 87 36 41 93 b7 e8 b7 bc ed 0e 75 55 a4 25 fa 35 cf ba 02 b7 78 57 a6 6d 8b fa 88 ed 0a 56 bd d5 fb 0b 29 c1 ff 63 c8 ff 73 aa bb 1c c3 7f e8 dc b0 fe 49 9e 8f 08 8c 0f f8 e9 55 56 97 75 b3 7c bd dd 6e 57 e4 eb b6 ae ba 51 5b fc 9e 2f 83 39 26 57 16 dd 13 d6 2f d7 75 b9 a1 65 65 51 e5 a3 7d 4e 0b 51 18 b3 9a 26 0d 5f d7 5d 4f 7f 18 0d 1b fc 1c d0 d0 ec d6 e9 9b 20 8e 6f c4 af 37 9e 5d bf 38 51 bf 15 1d 1e 72 2a 67 6e c6 90 e7 c3 9c f1 2f 27 c2 a3 35 19 0d 92 84 1f 8a ea 76 80 02 0c e1 16 10 80 1c 7c 99 9b 7c f1 23 17 a2 ef 89 20 7e 7f 48 77 ce 0e bf 2e 8f a3 63 7d 18 15 a4 c2 68 1e 7d 40 f5 31 cd 8a ee fd d2 1b c7 72 0e 89 59 14 58 10 02 34 de e7 e9 26 6f 12 df 3d 91 08 e7 d6 f5 c3 a8 dd a7 9b fa 7e 89 3c 34 0a c9 54 c2 3f b4 4f de 0d fd 19 fb d7 a8 a8 da 5c cc 5b 2a ed 88 a0 4a ee 8a 4d 5e 27 9b e2 8e f2 e3 58 b7 05 99 29 4b b4 2d 1e 72 c6 ee df 47 45 b5 c9 1f 96 68 14 78 1e fa b7 e2 70 c4 e4 a5 15 86 85 c8 e3 ae 3e 62 bc 2b a6 39 e8 27 31 1b f1 47 a2 2b c8 07 52 b1 be cb 9b 6d 49 a8 dc 17 9b 4d 5e 31 66 32 52 28 15 b8 73 3a 0d e9 ba ad cb 53 97 af 00 1e f2 51 a2 22 5f 14 36 2a 1b 00 e1 a1 a8 b0 e8 6c ba fd 12 f9 9e f7 a5 2c 13 a2 23 0b 79 a5 f4 d4 d5 f4 bb a8 20 0b 7a 59 40 09 00 03 72 6a ca 37 7f 9d 4c 36 f9 a1 6e bb 7d 5e e5 ed b8 a8 b6 f5 04 ab 9d bc 6b 27 54 0e da c9 b1 c6 02 98 8e ff 71 dc fd f5 1a 55 f5 a8 c9 8f 79 6a 02 1b a5 5d 97 66 fb 03 d6 3e 4b d4 66 4d 5d 96 26 e6 7a fd 0f ac d8 46 db 02 d7 c8 08 7b 69 e9 e8 3e 5f df 16 dd 08 80 a2 02 0c ab 1c ea df 07 9f d7 43 4f 07 1e b9 c7 98 fd 5c 31 49 47 af ff 4e 07 9b eb e4 57 5f fc fb 93 ff 63 1a ef 6a bc 4f db 91 90 1c 29 35 4d 8e 97 d5 e2 2e 5f 21 49 0c a7 85 6a 70 aa 28 93 ed a9 2c 13 cc d4 3c c7 cb 88 29 13 90 cd 8f 06 a2 71 cb c8 4e 2c bc 4a 5a 91 98 12 42 18 91 25 75 c8 94 4d 64 71 0e 21 29 75
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "5e5f-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4024Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 85 5c c1 72 e3 36 12 3d 8f bf c2 9b 1c 26 49 45 33 a2 64 81 d2 a4 b6 b2 bb 55 49 d5 5e f7 bc 17 10 04 25 44 24 c1 01 41 cb f2 56 fe 7d 01 52 b6 e3 47 3e 4c 2e 53 b1 5e 83 60 77 a3 d1 78 dd e0 3f 2a db fa 55 25 95 be ff df dd 87 db ff 34 a6 be 7e b9 ff 58 d5 d2 77 52 9d 3f fe 72 f7 a1 77 ea cb e0 ea 1f 3e 7e fa f4 39 a2 fa cf 2f bf 7e d2 d6 ff ea 9f af b9 72 1f 7f fc 36 f2 7b a3 2b f3 f4 82 bf af ac 6b a4 ff e1 a3 6e 0a 5d 96 ba 5c d9 4e b7 fe da e9 8f 3f fe 7c f7 e1 03 19 e8 62 ab ea d7 d9 18 f1 af 49 31 ef 17 a4 bc 1b f4 37 1f d8 3f 1e 6f 92 df bf 6a e5 6d 88 f0 eb f8 ea a3 fa 2e da 1c 4f fe cb 7d 1b 7f ac 5f fe da fb 6b ad df fe f8 e7 dd dd a7 ce fc 7c 6f 12 5a bf ff 9b 69 3a eb bc 6c 7d 54 6b a7 e5 39 0e d0 6a 32 66 ea f1 8f d2 99 30 ce 5f fe ec f5 93 5f 79 27 db 3e be c5 eb c0 b5 69 f5 ea 74 1b 23 fb e5 ee ee c3 e7 9f ee ff a5 bd d7 ee fe f7 30 d2 fd 7f 74 5b 6a 67 da e3 fd df df fe bb ff e9 f3 dd 87 f0 e8 e2 6c c2 9b 8c 73 6b ac f5 a7 00 fb 72 1f 9e 6b 64 6d 64 af cb f0 80 55 63 9f 57 b6 7f 9a c1 8e 4e 5e 7b 25 6b fd a2 9d 27 a3 6c bb d2 57 fd a5 d0 61 8e a3 83 86 bf 78 1d df e3 bb ff ea f5 7a fd 5d c4 be 42 3b d9 69 b7 52 b5 e9 a8 44 f6 5e a2 91 a6 a6 d8 cd 7b ac b7 c7 63 cd e7 b2 7d 8f ae e5 d5 0e 9e a2 1f 00 6d da 33 c5 ee de 63 0b 5d f3 39 0b 18 d7 2a 3e 6e fe 1e 3b b4 49 f4 fe 3d da 99 a2 b0 2d 45 1f de a3 4d 23 8f 54 75 19 98 b1 37 c7 56 d2 57 cc c0 84 5e ba a3 a6 8a ce c0 88 d1 39 0a 2b 5d 49 05 b6 28 90 50 4a 06 66 bc 48 af 4e 14 0c 76 94 c6 ad ba e0 26 14 0f b6 54 b2 d1 4e 52 34 58 f3 d1 94 da 52 30 18 b3 34 bd a2 58 30 65 17 d6 7e 08 06 0c be 01 63 36 b6 35 de 72 38 58 b3 d7 ee 31 31 38 5a d3 1e 29 14 ec 78 d2 d2 51 2f d9 3c 60 20 71 32 84 a3 8e da 72 83 b6 ac 83 cf ae fe 18 7a 6f 2a 6a d0 8d 58 12 aa 75 c5 e7 95 2f 49 28 9d 34 c0 7e 49 c6 8d 01 9d 89 80 89 0b 6b a9 cb 6f d7 b3 38 a7 5d 4f d1 68 5e 2f f9 6a da 6e 16 c0 ab 0d 85 6f d1 68 1d d7 ca 76 66 e1 b8 55 a4 a7 b3 43 d7 94 8e af ee 2d 18 f7 d9 da 66 65 68 80 dc e6 0b f0 c4 86 b1 c5 f0 ab bb 9a 3a da 16 ec a9 8c 53 b5 0e c1 66 a0 86 7a 58 2f 8a 34 a6 4d c8 64 8b 32 ea a4 b9 52 1f 70 05 df 64 9c ed f9 73 c0 d0 fd d7 41 ba 6f bc ce c3 a2 48 fa 75 d0 de 93 4c fa 75 c4 b2 4c f2 75 c0 f4 8d 09 f0 ee 14 d2 2f 2a 31 33 be b2 7c 07 7b 00 eb f7 67 d3 ad 8a 84 a3 ef d6 38 fc c5 b4 74 f8 1d 58 3d b5 85 ed 36 b8 ea 86 9e be e5 0e cd ec 2d cd e3 76 60 df 4a f6 31 ef 74 97 c4 ce be 43 fb 46 bd 7c 4b 06 ed 7b 1a aa 8a 27 81 bb 7c b6 4a b5 a4 6b 7a 07 66 ad 6c 5d f2 08 b6 03 b3 0e 4d e1 42 26 48 13 02 31 db 88 79 ba 26 30 a7 3a 69 d7 d8 46 27 b6 19 01 a6 2d 1d b7 96 40 cb 0e 7c 26 60 d8 90 7e 0d d4 3a 62 b7 00 5e 0d 5d 6d 25
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "2673-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1584Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 5a db 8e db 36 10 7d f7 57 10 db 87 24 8b 5d 5f 64 59 be 35 41 d1 04 59 14 68 da 02 49 0b 14 e8 0b 6d d1 36 11 59 14 24 da de ed 62 ff bd 43 5d a9 0b 2f ca 36 05 0a c4 d8 87 f5 70 74 38 3c 1c 0d cf c8 1a 5d 0f ae d1 c7 cf 24 20 9c 85 e8 8f c9 d0 81 ef 6f 59 f4 10 d3 fd 81 23 67 3c 99 dc a0 77 f8 4c d0 1d 3e e2 ed 81 c0 f0 e5 72 19 ee 09 4f f2 ab 86 5b 76 04 eb fb 98 10 c4 19 3a 25 04 9d 42 9f c4 88 1f 08 fa f0 d3 27 14 d0 2d 09 13 32 04 a7 03 e7 d1 6a 34 12 08 2c 02 23 3b c5 5b 32 64 f1 7e 94 3b 25 a3 23 e5 b7 c5 15 d1 21 82 8b bc 91 33 86 bf 09 84 36 1a 0c 06 a3 6b f4 09 6f 02 82 d8 0e 22 0d 39 09 79 32 78 dd fb 33 40 f0 f9 ee 47 0c e1 2e bd 31 ba 8b a9 9f 99 52 70 8e 5e fe c6 62 1e 63 ca 5f 65 e6 0f 6c 43 61 52 95 f9 67 1c fa c9 16 47 24 b7 bf 0d 08 8e 69 b8 47 69 cc 22 e8 c6 5c fd 23 4e a1 04 38 30 1e 72 4c 43 e0 d8 f8 79 44 11 4b 28 a7 2c 5c a1 98 04 98 d3 33 59 a3 0b f5 f9 61 25 82 89 ee d7 e8 88 e3 3d 85 f1 31 c2 27 ce d6 28 c2 be 0f a1 83 61 8d 9e 9a 33 c2 bf c1 e9 18 de 28 ec 89 26 92 5d c0 30 5f a1 80 ec f8 1a f9 34 89 02 fc b0 42 34 0c 00 a0 88 e2 56 8c ae d0 44 0a ec 36 cd c5 c2 96 07 14 b3 8b 79 f1 c5 c4 39 ce 86 71 ce 8e 2b c8 ea 0c 28 45 82 9d f9 85 24 9c f8 90 4c 62 01 e8 6d 80 13 48 44 c1 76 be 44 61 1e e2 20 3a e0 9b 72 99 d9 77 d5 4c d9 22 64 fa 52 0c 76 24 7b 19 23 fd ae c2 c8 57 3d 96 23 4d 53 48 a4 8f 14 5d b9 01 2c 24 ca cd a9 c6 ba 37 e8 b1 48 09 37 e5 a6 63 db f9 85 d9 21 4c c6 f2 3e c9 08 07 28 11 1a 8c 0a c1 53 20 ec a0 5e e8 82 28 11 1c 47 85 00 e9 6f 87 b0 50 20 24 f4 de 8e 87 a9 ab 42 20 67 12 da f0 e0 aa 98 24 22 35 ac 10 54 4c 86 54 9f 10 25 c2 4c c5 24 d7 ae 41 46 50 31 09 c7 87 96 88 12 c1 53 31 c9 2f 24 d0 ed 67 89 30 57 e7 24 8d 39 51 47 51 21 e8 72 d2 0a 61 a1 ce c9 9d 0e 40 42 d0 e4 a4 1d c2 d2 95 4b 5f a3 40 dc 0a 32 fc 1c 44 09 31 55 52 79 61 19 42 d2 0d 51 6d 67 b3 fe fe ba db 25 a0 27 3a 6b 5a 3a 74 bb 79 b8 85 00 db 1b 2c 8e b7 ec b0 ca 4b ae a7 2a 5f 15 10 c4 69 01 34 51 ed 96 04 24 ea 99 19 48 b5 69 15 90 48 21 73 44 8e ea 2e 90 80 a0 ba 99 81 94 3b 58 01 41 42 59 70 34 55 dd 13 12 90 b8 c5 8d 40 ae 99 ec b4 e4 99 81 cc 64 8b ca 67 5e da cc 4c 36 ef 58 58 57 42 9a 97 16 74 91 d4 02 32 93 9d 95 43 13 d0 dc 26 b3 b3 aa 68 00 b2 cb 6c 33 d0 c2 26 b3 77 6d 9c 16 d0 b2 20 3b 57 dc 6d 29 ff 0c d5 2d 84 22 e3 64 85 de 91 84 ee 43 b4 63 31 c2 59 4d 13 ad c8 dc 5b 44 f7 a5 f3 0f 47 e2 53 8c 58 18 3c a0 64 1b 8b d0 a1 41 40 2f 8f 20 ec ca 13 05 2e 78 95 9b f1 7d 61 5e ce 96 c2 fc 38 28 16 d9 4f ed cb e0 05 a5 4d 5a 65 91 d8 3d a6 53 f1 96 3a bd 3e f7 33 24 b4 ba 09 90 b1 bf 50 5a 77 2c 46 c2 4e 03 ec 84 32 f1 d2 8a bb 92 f1 4d c6 9b b2 5d 3d
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "18c8-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1795Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 58 5b 6f db 36 14 7e 5e 80 fc 07 6e c5 80 a6 8b 6c 59 b6 93 d8 41 1f dc d4 49 83 6e 4d 9b 36 45 bb 37 da a2 6d 2e b4 a8 51 74 9c 0b fa df 77 48 4a 32 29 51 76 b6 a7 39 40 6c de ce e5 3b 57 72 7f 6f 7f af fd 0a 05 be 0f 22 49 8c 2e 3f 5f 7d b9 fa 38 6e d8 f1 aa ad 8f cb c5 6a 39 41 74 89 e7 44 4f b5 cc c4 13 4a 79 46 25 e5 c9 10 09 c2 b0 a4 77 e4 14 2d b1 98 d3 24 98 70 29 f9 72 88 a2 30 bd 3f 45 fc 8e 88 19 e3 eb 21 5a d0 38 26 c9 29 fa 51 92 c1 87 a8 f8 05 3c e6 40 36 a6 59 ca f0 c3 10 4d 18 9f de 9e a2 09 17 31 11 81 c0 31 5d 65 43 4d 30 9f 92 3c 0d 18 99 c9 62 0d 75 61 d1 5a 13 74 be 70 17 2d be 39 b7 35 8d e5 62 88 3a 61 f8 ab 2d 56 8b 26 33 ee e8 88 27 19 67 2b 09 3a 2a 96 43 14 9e 22 e0 a1 bf 0b 6d e1 a7 43 8e a7 78 4a e5 83 5e 98 51 26 89 00 32 2c 5d e0 97 f9 ca eb f0 e0 14 05 6b 32 b9 a5 32 90 02 27 25 33 c6 50 2b ea 67 88 d1 84 60 01 9b 96 fc 71 c7 0e be 8b 42 b6 7d c3 d6 c5 12 99 e1 42 59 b3 c4 a7 54 b1 b3 51 31 e1 09 71 b0 4c b1 84 85 04 b6 2b 87 9a e0 e9 ed 5c f0 55 12 0f d1 4a b0 97 60 87 76 be a3 95 26 f3 83 53 e5 64 68 b3 2b 98 72 c6 81 ac 98 4f f0 cb f0 50 ff b5 7a 00 5c ca 69 02 a7 02 72 47 12 99 79 f8 4a 72 2f 6d 87 32 1b b6 9a b4 c9 94 b6 d0 2f a2 28 72 67 1c d1 8e fb 20 5b 2e f3 8b d9 6c 06 1c 71 1c d3 64 ae 68 a5 f7 8a 74 0d cd aa a4 b9 eb 57 75 c9 a4 e0 c9 bc 8c 18 33 49 96 9e 93 ca 6e c1 82 a8 00 00 b6 7d 15 34 a5 14 a1 96 a3 89 3a 10 9b f1 44 06 19 7d 24 70 34 b2 8e 96 61 ad e9 a9 33 c6 a3 66 5c c0 e4 2a 4d 89 98 e2 cc 63 03 2d a2 4d b5 a3 08 b8 32 1e 7b 45 4a 71 62 6b 47 13 7d a8 c8 0c 1e 4f ca 52 41 25 d1 8e 04 f6 0e 04 49 09 96 3e 89 5a 31 96 a4 60 50 d8 ba a7 84 70 45 b2 1c 71 e3 39 41 1f 34 40 41 67 a0 76 e4 39 4f 98 53 06 6b 4f 6a d4 d9 a2 eb d3 12 b7 40 ab db 8a 59 71 6b b6 62 4c e1 d5 90 86 0a 63 18 63 16 1a 1c 6f d3 60 07 4c 28 18 0c 06 15 0f 75 44 04 49 72 2d bb fd 2d d8 f4 9b 68 58 1a e5 74 8c f0 5e 3a 21 e0 9b 83 e9 c6 39 5e 49 ee 50 9f ac 00 89 24 28 a8 6f 80 cc 17 72 d1 7d 20 6a a3 f4 55 84 9b 14 a0 7f 56 83 29 c7 f6 a8 6b 63 6b 46 ff 02 db a3 9e 72 99 13 ed fa 65 da 84 6c d1 54 1b 74 1e f1 eb 6e 3c 0e a0 ee 46 0a 6a 05 55 37 f2 41 55 4b 89 15 a8 00 95 26 ec 8d a0 70 b4 38 1c 95 89 fc b0 98 40 4f fb 7b 3f b9 f5 19 a9 10 da df 2b 59 46 6a 4b a5 2b d0 46 d7 7b a0 bd 98 e1 64 fa 30 e1 f7 a6 b7 28 46 c1 5a e0 14 0c 59 8e b3 5b 9a d8 63 0e e6 13 f6 04 4d 92 ca 84 ea 58 ec 09 45 12 d1 99 c0 cb fa 34 9f fc 45 a6 d2 9e 4e f0 5d 65 a8 93 85 3d 27 97 a9 02 50 eb af 4b 06 08 a5 f2 53 81 3b a4 76 49 a7 98 05 98 d1 39 a0 0a ce b6 b1 5d 68 67 e4 d3 0a 88 ca ac 3f d3 65 ca 85 c4 49 9e be 5c 81 b7 b8 73 68 d5 b3 47 c0 25 26 f7 43 74 12 46 61 61 4e 07 d4
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 148Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 6d ce b1 0a c2 30 10 80 e1 dd a7 38 d3 a1 0d 48 6e d7 b4 4f d2 a5 24 57 0d 1c b9 70 49 29 be bd 22 2e 62 d7 8f 7f f8 7d 0d 9a 4a 9b d2 3a ec 29 47 d9 1d 4b 58 5a 92 ec 1e 4a ab 4b 39 f0 16 a9 0e a6 33 d6 c2 51 03 e3 21 3b a5 c2 4b a0 01 67 9c bb 19 f1 7e e9 bb de fe f2 3f 7e 08 7b 7b f3 f8 5d 3b f9 a2 04 b5 3d 99 46 13 84 45 af 4a d1 4c 41 36 8e 90 a5 41 59 b4 12 6c ca 70 f6 f8 8e a7 17 14 27 db 9a d6 00 00 00 Data Ascii: m08HnO$WpI)".b}J:)GKXZJK93Q!;Kg~?~{{];=FEJLA6AYlp'
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 01 Oct 2024 13:39:16 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 29 Dec 2017 17:11:42 GMTETag: "2bcc5-5617db9f1ef80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 16949Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d fb 93 e3 36 92 e6 ef 8e f0 ff c0 dd 0e 6f b8 fb 4a 5d e2 4b 8f ea b8 8b 9d f1 4e 8f 2f ce 3b 3b 37 ed db fd 51 41 49 54 95 6c 49 54 48 aa 7e d8 b1 ff fb 11 7c e2 91 99 00 48 4a a2 da d5 b5 3b ee 66 49 04 90 00 12 89 cc ef cb fc f6 9b 6f bf b9 7f f3 ed 37 6f 9c f7 9b e8 f4 f7 68 f1 ab f3 e3 cf ff fe 93 f3 9f 01 7b f6 43 b2 ff 72 58 3f 3e 9d 1c 6f e8 86 ce df d7 9f df 27 87 13 fb cd a7 4f 9f de ee d7 9f 57 e9 3f df 2e 92 2d 7b e4 8e ef 87 93 7b f6 c1 6f bf c9 7f 5c 67 e0 fc 2d 39 6c a3 cd b7 df fc 1c cd 37 b1 93 ac d2 77 ee 4e f1 2e 7d c9 ff b4 fe f3 ed 37 4e fa e7 ef d1 e1 e4 0c 1f 1c e7 d5 bf af 8f 0b ee 99 cb 9e fd 18 47 cb f8 c0 3d f5 d8 53 d6 68 b4 38 71 8f 7d f6 f8 7d 1c 9d 9e 0f f1 91 7b 1e b0 e7 1f e2 c3 c7 f5 42 78 1e 66 af d9 ac d3 ae f3 8f 47 ec f1 cf f1 f1 b4 de 26 bb 75 b4 e1 7f 37 86 5b 9e 64 2d 27 c9 89 75 b3 99 18 de dc b3 59 1b 0c 06 92 30 9c ec 4f fa 9c 7d 60 bd 3a 44 db f8 ed c2 75 7e cf 5b 9f 27 87 54 34 0f bb 64 17 bf cb 9f 24 1f e3 c3 6a 93 7c 7a 78 5a 2f 97 f1 ae 78 fa 14 b3 29 7f f0 86 fb cf c5 93 4f eb e5 e9 e9 21 4c 1f 7c fb cd 7f b3 4e bf fd b8 5e c6 c9 7f 1d a2 fd 3e 3e 94 ef df 27 c7 f5 69 9d ec 1e 9c 43 9c 2e a6 f5 c7 b2 99 7d b4 5c ae 77 8f 83 79 72 3a 25 db 07 27 1c bd f5 c2 ef de 39 f7 e9 a2 19 3d 4c 1d d6 5b fe 73 a7 64 ff e0 78 61 d5 7c d1 21 67 f8 0e 6c fe 7f 39 f9 50 d5 7e 44 f3 63 b2 79 3e 95 fd c8 de 3b 2c fe b1 89 57 a7 fa 5f f9 08 1d 77 38 fc ce f9 a7 f5 76 9f ae eb 68 77 92 da 57 7f 0b f6 e6 6d d6 9b 1f 98 70 b5 5d 2a 7a 51 0d 35 ef a2 24 f8 ac 61 a0 2f c5 a3 79 ba 6b 1f 0f c9 f3 6e f9 e0 14 93 9b f7 eb 18 2f 58 a3 b3 7d b2 4e f7 5c da 19 67 b9 3e ee 37 d1 97 e2 73 4e f1 b1 64 91 ae dc d9 fc 39 9d 9d 5d d9 e3 c1 a7 78 fe eb fa 34 38 1d a2 5d d1 f7 68 b3 71 de 7a 47 67 b3 de c5 d1 a1 68 7c b0 4d 7e 33 f8 d0 51 ff 99 44 fb 91 74 a9 46 a7 87 4c 21 15 4f b6 d1 e1 71 bd 1b 64 52 1c d7 ab 53 18 d1 c3 13 3f 13 c9 3e 5a ac 4f 5f 1e de 8e 8b 0f 73 fb 88 53 20 c2 4e 2a 35 dd 6c 97 29 b3 99 eb bc 7d ca 3e 35 3b 9e be 6c aa 75 57 cf c3 60 91 6c 92 c3 c3 ab d5 6a f5 4e 5d da 9e 57 cd af b4 33 dc 7a cd cf 93 cf 83 e3 53 b4 4c 37 e7 d0 19 f8 fb cf ce e1 71 1e 7d 3f bc cb 7e de ba e1 6b 67 bd 3b c6 a7 72 c8 6a 17 57 b9 e6 fe 5d 91 1d fe 95 a7 53 fc f9 24 0e aa 18 49 34 65 3f e5 3c a4 3a 6d 70 5c ff 16 3f b8 41 d5 61 74 72 b2 47 fc d0 78 59 84 f5 a4 a9 dd 39 a6 aa 69 b6 4a 05 dd cb 45 49 f4 fb ab db 50 9a 31 6a b6 18 f0 f5 2f 27 49 3c 6a 57 0a 4d e7 7b 92 36 e4 1e 70 9a ef f9 b0 f9 fe 9f df be bd 5f 6f a3 c7 f8 78 5f 74 6f bd 48 76 c7 fb 2f a7 b7 fb dd e3 3f bf b6 1d 63 d5 49 71 7c 6a 57 4d fb 91 3c 9f 9e e7 f1 20 7b 5b de 25 bc f1 d3 a7 f5 29 55

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/base.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/skeleton.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/landings.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/layout_1.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/box.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/main.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stylesheets/pixicon.css HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /un/1256_md/15/697/31/0/0 HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/star.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/1.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/2.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/3.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/1.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/star.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/machine.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/domains-that-never-sleep.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/3.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/2.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/website-builder.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/1_normal/logo_2.png HTTP/1.1Host: iamcosless.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iamcosless.xyz/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: iamcosless.xyz
Source: global traffic	DNS traffic detected: DNS query: copperswing.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: cooperswing.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49758 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.troj.win@30/37@39/70

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1980,i,3125285047739233221,18165284228548967673,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1980,i,3125285047739233221,18165284228548967673,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
iamcosless.xyz	185.80.128.253	true	true	unknown
google.com	216.58.206.46	true	false	unknown
plus.l.google.com	172.217.18.110	true	false	unknown
play.google.com	142.250.186.78	true	false	unknown
www.google.com	142.250.184.196	true	false	unknown
copperswing.com	unknown	unknown	false	unknown
apis.google.com	unknown	unknown	false	unknown
cooperswing.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
http://iamcosless.xyz/stylesheets/skeleton.css	false	unknown
http://iamcosless.xyz/un/1256_md/15/697/31/0/0	false	unknown
http://iamcosless.xyz/images/1_normal/logo_2.png	false	unknown
http://iamcosless.xyz/images/1_normal/3.png	false	unknown
http://iamcosless.xyz/stylesheets/pixicon.css	false	unknown
http://iamcosless.xyz/stylesheets/box.css	false	unknown
http://iamcosless.xyz/images/1_normal/domains-that-never-sleep.png	false	unknown
http://iamcosless.xyz/images/1_normal/website-builder.png	false	unknown
http://iamcosless.xyz/images/1_normal/1.png	false	unknown
http://iamcosless.xyz/	false	unknown
http://iamcosless.xyz/images/1_normal/machine.png	false	unknown
http://iamcosless.xyz/stylesheets/main.css	false	unknown
http://iamcosless.xyz/stylesheets/landings.css	false	unknown
http://iamcosless.xyz/stylesheets/base.css	false	unknown
http://iamcosless.xyz/images/1_normal/2.png	false	unknown
http://iamcosless.xyz/stylesheets/layout_1.css	false	unknown
http://iamcosless.xyz/images/1_normal/star.png	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.35	unknown	United States	15169	GOOGLEUS	false
142.250.110.84	unknown	United States	15169	GOOGLEUS	false
142.250.185.78	unknown	United States	15169	GOOGLEUS	false
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
142.250.186.78	play.google.com	United States	15169	GOOGLEUS	false
172.217.16.202	unknown	United States	15169	GOOGLEUS	false
185.80.128.253	iamcosless.xyz	Lithuania	61053	VPSNET-ASLT	true
172.217.16.219	unknown	United States	15169	GOOGLEUS	false
216.58.206.78	unknown	United States	15169	GOOGLEUS	false
172.217.18.3	unknown	United States	15169	GOOGLEUS	false
8.8.8.8	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.18.110	plus.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523416
Start date and time:	2024-10-01 15:38:52 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.troj.win@30/37@39/70

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.35, 142.250.185.78, 142.250.110.84, 172.217.16.219, 216.58.212.187, 172.217.23.123, 142.250.185.219, 216.58.206.91, 142.250.185.91, 142.250.185.123, 142.250.186.187, 142.250.186.123, 142.250.186.155, 142.250.186.59, 142.250.185.187, 172.217.16.155, 142.250.186.91, 142.250.185.155, 172.217.18.27, 34.104.35.123
Not all processes where analyzed, report is missing behavior information
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:39:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.979037671778097
Encrypted:	false
SSDEEP:
MD5:	216B832418D0089F2D5919E40FEE1A0F
SHA1:	A9E86DE3EA678DC8F58B91A73C2F2A8436F4307C
SHA-256:	7A92B5B04295924552DD7ACA51C6180E1C90FD6EF9BF279F613AA53E301D7BB1
SHA-512:	F8CD136B3F4A6076F4CB24EC21E14A737E10AC2A8D3B84E93E0337EF441CC6CC6390D67D670BD948455D8B89C433C2AF2E0B6B12A46CF5A2CB51A3E4E1217126
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......<U....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.l....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY.l....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY.l....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY.l..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY.l...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........h.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:39:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9923668098898606
Encrypted:	false
SSDEEP:
MD5:	1254AFA43E1510280813FAE06B774248
SHA1:	8749ACCC3BD4769AE8F14FC5F27BE93A39A8470D
SHA-256:	49CB5A0B43352511D03835084FD9BABD5B0FD8EA33A657E1DAF237119FBCA4F4
SHA-512:	430CF78A104B0B62D43B0184DDDD5BF19CA73A3C5EEFB22E1B39B27F136D2CBFF133438D4DDB5D952578A5C3CA183017FFB6002513F15104CF31DE86753927BF
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......0U....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.l....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY.l....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY.l....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY.l..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY.l...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........h.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.002105807001411
Encrypted:	false
SSDEEP:
MD5:	5BC4453F3C6A87BBF0853046D2A8E19C
SHA1:	0086B3B36F742AE541F722F53F5B6A8D5EC28B27
SHA-256:	98F56F934BCACC8CB408FBC5D10F9D30F956661A92E2F2E836508830CEC29EBA
SHA-512:	EEA4C3EA475AFF007D9A6A8303240D2B3AF791596095C330C2BC9402ED068F489D87AC3088C07CCDD5115C06CEB2B664DA30D36808C785FBD80410CFD9D13143
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.l....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY.l....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY.l....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY.l..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........h.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:39:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.989176794127996
Encrypted:	false
SSDEEP:
MD5:	902E513EAEC91324C26F92B6EC080E08
SHA1:	89F61A487C796BD80BFCBA41301AD40B4E2825E2
SHA-256:	7F82A665CA69F28C674179CDBA36F05099A01B23B95ECEA26BC23C94B7A09FAF
SHA-512:	A54AB8DDF918C7106DE92FF470DD47E10F81C5F774905A2A5062A5774FDF3B2D292CCD5DFAF64BDE41B48328F2437353C162B53DDA93FDB3D2C845B0F8C0B9F5
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......U....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.l....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY.l....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY.l....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY.l..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY.l...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........h.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:39:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9765173235840603
Encrypted:	false
SSDEEP:
MD5:	E58A9F30B4AE3D3EA2894DF9632B5F61
SHA1:	AE7128CEEC6FA7B8A7524567FD90AEF4A3385E46
SHA-256:	8CBBF40F6ACFFD809264EEC82AAB59E7667075871F83011643D1B7F6FC805DDE
SHA-512:	C8D0355063CC18B99596E4FF77000BCC24C62F82A90E6A22391472C64F5ABBE410A51EA2A825C05B85D2DF0ECA48228BC810A66DE4769739D3F6A2ACE948357F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....x6U....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.l....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY.l....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY.l....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY.l..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY.l...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........h.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:39:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9853687092291694
Encrypted:	false
SSDEEP:
MD5:	E790BE7F765BC47E4C0158FC2B0EB8EF
SHA1:	092326571FFBE59802A27FAA743CB64B1BC66A82
SHA-256:	E5A1EDAA74EBDAAA159BB5064789CBD0BA9E52387991EA6782FE2BDDB243D977
SHA-512:	7BB01B044CC8C14106628F4BEF38DF46E542A3810EEC02F80B9187118C0C315D889F120CC9C884FA5E90F096B868583AFAF6349E9207F23FE2B8EA881F4DC319
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....r.U....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.l....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY.l....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY.l....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY.l..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY.l...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........h.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 34908
Category:	downloaded
Size (bytes):	7132
Entropy (8bit):	7.971392244934882
Encrypted:	false
SSDEEP:
MD5:	4320C4407CE7F7B67D3B0FCDDD1406B8
SHA1:	3773169CCC1D033057F1328C155A8A639EA3ADEF
SHA-256:	6AFD673226CAC1939D07657DED79AB022783080E026B6C8843AB2E7643ADCF17
SHA-512:	A0529D869863C7BC94CB6E7246A500B160C6F645890E20D52C2CEFBA46E5F8721FBC5DAFB2EBEF43A6CF597E5C8A84D6511D4D2AD8C7DBC34B3182C34FE124F0
Malicious:	false
Reputation:	unknown
URL:	http://iamcosless.xyz/stylesheets/main.css
Preview:	...........=ks.6........J.x.....r.......'.EQ....%).)......)...L..#.@w..ht7..../.o..9.n.w.....{4.I....)v.........o.#O......a.....@....OHE.m....3y;....i.!o.....6C.?\N..7y{.0,.P.?t..,v....z.u.\|kV!E..C..D>.z%.K...]..I./s.a.;.k.S.Y..q.F.luL7...-Q......X.......sTdu..r..u.u.a.B..6A.....uU.%.5...xW.m.....V....)..c..s........I.......UV.u.\|..nW...Q[../.9&W..../.u..eeQ.}N.Q...&._.]O........... .o.7.].8Q....rgn..../'.5.......v........\|..\|.#... ~.Hw......c}....h.}@.1......r..Y.X..4...&o..=.........~.<4..T.?.O........\.[.J.M^'....X...)K.-.r...GE....h.x....p.......>b.+.9.'1..G.+..R...mI....M^1f2R(..s:...S.....Q."_.6.....l.......,..#.y....... .zY@...rj.7..L6..n.}^........k'T........q....U...yj...].f...>K.fM].&.z....F.....{i..>_...............CO.....\1IG..N....W_....c..j.O...)5M....._!I...jp.(..,...<..).....q..N,.JZ...B..%u.Mdq.!)u>.Tp..9..3..S7>...4".@.8II..B.}<.RMq...c..FL.......&=...=../a...x..].V}...=.Y.r.(..=..c.3...S.\|=...C.)RTW.{.:

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 24159
Category:	downloaded
Size (bytes):	4024
Entropy (8bit):	7.938652806584416
Encrypted:	false
SSDEEP:
MD5:	77689B41EF61ADB6B3A3D45AF81A24BC
SHA1:	885BE0F5567C0E08457F4EB1308D90D6636066F3
SHA-256:	9109F4E31B4F3AC689FD2026EB06DE29FE6FA6F137CEF05E194E26E3D232FBCE
SHA-512:	FA7CBD5D709C0F6A59CA1681DF395EB817CEC08AF5BF174A2E4C2FB33E45C55213207F12A7661B2EF4EB0079E26B5C613EF769149BDC866494C59DB44CF93F3F
Malicious:	false
Reputation:	unknown
URL:	http://iamcosless.xyz/stylesheets/pixicon.css
Preview:	...........\.r.6.=....&IE3.d.....UI.^.....%D$..A..V.}.R..G>L.S.^.`w..x..?..U%.......4..~..X..wR.?.r..w.....>~..9.../.~.....r...6.{.+....k...n.]..\.N....?.\|.....b......I1......7..?.o..j.m.........O..}..._...k.........\|o.Z...i:.l}Tk..9..j2f...0._...._y'.>.....i..t.#..............0...t[jg..............l..sk.....r..kdmd....Uc.W.....N^{%k...'.l..W...a.....x......z.].B;.i.R..D.^......{...c..}.........m.3...c.].9...>n..;.I..=...-E..M#.Tu...7.V.W...^........9.+]I..(.PJ.f.H.N..v....&...T..NR4X...R0..4..X0e..~.....c6.5.r8X...118Z..)..x..Q/.<` q2....r.......zoj.X..u../I(.4.~I.......k..o.8.]O.h^/.j.n.....o.h...vf.U...C....-....feh..........:...S...f..zX/.4.M.d.2.R.p..d...s....A.o...H.u..L.u.L.u......./13..\|.{...g......8..t..X=...6.......-..v`.J.1.t...C.F.\|K..{...'..\|.J..kz.f.l]......M.B&H..1.y.&0.:i..F'....-...@..\|&`.~..:b..^.]m%...j.).MJa..~..W...L.RN..7W.{.....\|v.......g?...y.E.3.....JI..r\....*....0.4.U'...`.cm.>4...O.z.P..=..Na....1..

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	102
Entropy (8bit):	4.800349759613153
Encrypted:	false
SSDEEP:
MD5:	2DADD3CB72B089372A47E77366D810D6
SHA1:	48FDF5434963A0A410899D45EABB50254677866B
SHA-256:	F3BAA6109C5F2F72E6AC870B416B53C5324E3FECDF0D90FE4D46D2EEDE31CAEA
SHA-512:	C1DB5B79BFCAB17BB7F8135D74D3ED9DC7FC6B88DDF4B0C21E11FCB2B1884992F95AD599B5EB64D896A59F9E7E4F2189EA0F7C5F8F3E1000CFFDCE9F113A5DE8
Malicious:	false
Reputation:	unknown
URL:	https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec
Preview:	<script>window.location.href = 'http://iamcosless.xyz#' + window.location.href.split('#')[1];</script>

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (796)
Category:	downloaded
Size (bytes):	801
Entropy (8bit):	5.11495716606833
Encrypted:	false
SSDEEP:
MD5:	74E782E7B2C591B06A75BCB16633ED2A
SHA1:	7FC3C3E4714029144DDB99A9AAE8168F5B006B81
SHA-256:	433EEA599622E1648CE37BB224E0465CBFD7701424AC51B9636FA3BA2E0692AE
SHA-512:	A10FD2AA8F6125BF3F0AFB2197125D1818245D4A52DB164B3EBC96828E4A2DCA36B832ECE4CCCC9352C28CF8928EB01E21F456BA7AD19F3466F705E221FB2006
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["interest rates mortgage rates","starfield shattered space dlc","brittnee dancho missing maryland","menendez brothers","slovan bratislava vs manchester city","npr stress less course","earth mini moon asteroid nasa","gmail app password rules"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1797
Entropy (8bit):	7.3012990296895754
Encrypted:	false
SSDEEP:
MD5:	814611B9F26D4F4E63A24BBE5A5C2852
SHA1:	792CBF6B784D74F6B83E5FE34C0605DF45C23347
SHA-256:	6DBDEA804FCE3407D4A9F36F99D6CCEF79888533D0DF5F016361ED9651A79699
SHA-512:	A730C28071DA30A126E918DC2495F4DC70B59E8A932D165A7EB4463D341F3F1CB892145E65F824510F2C45A5113E450A8A3E7EF7369B2B3CEC9E1F19BEBDE8A2
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...2...2......?......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:83BFBE9E2BFC11E4971EA8B6CA6554F6" xmpMM:DocumentID="xmp.did:83BFBE9F2BFC11E4971EA8B6CA6554F6"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:83BFBE9C2BFC11E4971EA8B6CA6554F6" stRef:documentID="xmp.did:83BFBE9D2BFC11E4971EA8B6CA6554F6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>h..z...yIDATx..mhNa.....L.2S......h....eM(/K>x[.5!I,b.....}.>....Eh..[.....%...6......9.s.}..s..t..9..\.u_.u.P4.Un,

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 6344
Category:	downloaded
Size (bytes):	1795
Entropy (8bit):	7.876473616842277
Encrypted:	false
SSDEEP:
MD5:	4C74BB118DABD92AF268075E27F9CAF7
SHA1:	7C637C97CEB8188CEE2494282A0997C6B513E7A4
SHA-256:	2E52DD46D09095564259539493533D5BB836C2CD8BE4FCB3601A39D2A46D98DC
SHA-512:	28E3962C30B256CF307229DDF7B49F4C484888593978500EC800112E326D4EE0CB45318A4BCB1135E114359DC0F02750A7406FC38ECEB7172DB963DF9FB7BCF2
Malicious:	false
Reputation:	unknown
URL:	http://iamcosless.xyz/stylesheets/box.css
Preview:	...........X[o.6.~^...n...lY...A...I.nM.6E.7.m...Qt....wHJ2)Qv..9@l...;Wr.o......."I..?_}..8n.....j9At..DO....JyF%......w..-...$.p).r..0.?E......!Z.8&.).Q......<.@6.Y....M......1...1]eCM0..<....b.ua.Z.t.p.-.9.5..b.:a..-V.&3..'.g+.:.C.."..m.C..xJ.^.Q&..2,].........k2..2..'%3.P+.g..`....q....B.}......BY..T..Q1..q.L.....+.....\.U...J..`.v...&.S.dh.+.r...O...P..z.\.i...rG..y.Jr/m.2......./.(rg... [...l..q..d.h...t.....Wu.....3I....n......}.4......:...D..}$p4...a..3.f\..M....c.-.M....2.{EJqbkG.}....O.RA%.....I..>.Z1..`P...pE..q.9A.4@Ag.v.9O.S.kOj......@..Yqk.bL....c.c...o.`.L(.....uD.Ir-..-...hX..t..^:!.....9^I.P....$(.o...r.} j..U.....V.)...kckF....r....e.l.T.t...n<...F.j.U7.AUK.....&.p.8......@O.{?.......+YFjK.+.F.{....d.0....(F.Z...Y..[..c.....M...X..E.....4..E..N.]e...='...P.K....S.;.vI.....9....]hg.....?.e..I..\...sh.G.%&.Ct.FaaN..F.)x....T.^....l.c.....V......-x.6..8l...C.qu...04/.%..m~.>..<%...C..n..T....N..[.&....N.+..T.cP.'oL78.s...il..!

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 179397
Category:	downloaded
Size (bytes):	16949
Entropy (8bit):	7.985680320459995
Encrypted:	false
SSDEEP:
MD5:	5E2EC0A85D573B5CF6D3941AA45C5E32
SHA1:	EEDC3FAE00656B2789787CCE2171ABEA38BCC1F1
SHA-256:	0377C8336D00B6B4BDCA27E51B3511E6175ED33C49B0C5673412AD7C3208DFAC
SHA-512:	4B999091DE1AAA3710E5556CCECB945EAF74395051657B3CD5326636B68D42082D37701B4306F17BA17FEF79AC2DDE11CD4D65DF9B405B7BEC3D16EA5752A10B
Malicious:	false
Reputation:	unknown
URL:	http://iamcosless.xyz/stylesheets/landings.css
Preview:	...........}...6........o..J].K....N./.;;7...QAIT.lITH.~....\|..HJ...;.fI...........o.....7o......h.........{.C..rX?>..o.....'....O....W.?...-{..{..o...\g..-9l......7....w.N..}......7N..................G...=..S.h.8q.}..}.....{........Bx.f....G......&.u...7.[.d-'.u.....Y....0..O..}`.:D....u~.[.'.T4..d...$...j.\|zxZ/..x...)......O....!L.\|....N...^......>>...'..i....C......}.\.w..yr:%..'......9...=L..[.s.d..xa.\|.!g..l..9.P.~D.c.y>....;,...W.._...w8.....v...hw..W....m...p.]zQ.5.$..a./.y.k....n......../X..}.N.\..g.>.7..sN.d.....9..]....x...48..]..h.q.zGg....h\|.M~3..Q..D..t.F..L!.O...q..dR..S....?..>Z.O_....s..S .N5.l.)...}.>5;..l.uW..`.l....j.N].W..3.z....S.L7........q.}?..~..kg.;.r.j.W...].....S..$...I4e?.<.:mp\..?.A.atr.G..xY.....9..i.J...EI....P.1j..../'I<jW.M.{.6..p........._o...x_to.Hv../.....?...c.Iq\|jWM..<.... {[.%....)U...S.b3Y...H`.K......<I~....&Q...M.pG2+....;.U\....n.6..t..>.<..%...?%N~....;..<.z7\|.....z..q....w.8}...n....;w8.s

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1696
Entropy (8bit):	7.273389645401219
Encrypted:	false
SSDEEP:
MD5:	B3AC347DBADD87CCA3F2FAE2B0A33D68
SHA1:	FF2304FB427AE6D0411C7D2C229BF06397674293
SHA-256:	3E01BF2E5DBAA6EF53A54298D5D6EABC1C7FDFC5121B44B92102E531D54B670A
SHA-512:	3D5D8ADFDB845C4D2E8086D6ABA2D5073C2517757887DEEA160AD187A4D3DE745DA0FF5B69D7D74758AD43BEDE6D464AFCE8E46D56B9DAC579C06269CFBA6F44
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...2...2......?......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:ACAFC6722BFC11E4AF99C0B173F26C04" xmpMM:DocumentID="xmp.did:ACAFC6732BFC11E4AF99C0B173F26C04"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:ACAFC6702BFC11E4AF99C0B173F26C04" stRef:documentID="xmp.did:ACAFC6712BFC11E4AF99C0B173F26C04"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>?+.R....IDATx..]..a......(r.E.Bq.....QH....M.\|.....Di.w..U;K.H\..u....D...]..m..?=..k.....S...}.s..9.}..?.X,&..

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1885)
Category:	downloaded
Size (bytes):	126135
Entropy (8bit):	5.498654960721984
Encrypted:	false
SSDEEP:
MD5:	C299A572DF117831926BC3A0A25BA255
SHA1:	673F2AC4C7A41AB95FB14E2687666E81BC731E95
SHA-256:	F847294692483E4B7666C0F98CBE2BD03B86AE27B721CAE332FEB26223DDE9FC
SHA-512:	B418A87A350DBC0DEF9FAF3BE4B910CB21AE6FFFC6749EECEA486E3EB603F5AF92F70B936C3D440009482EDE572EE9736422CF89DCDD2B758DFA829216049179
Malicious:	false
Reputation:	unknown
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);.var ba,fa,ha,na,oa,sa,ua,wa;ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};fa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.ma=ha(this);na=function(a,b){if(b)a:{var c=_.ma;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&fa(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3
Category:	downloaded
Size (bytes):	1390
Entropy (8bit):	7.580664272235384
Encrypted:	false
SSDEEP:
MD5:	FC75CCD472B2FB888D109518563F30D9
SHA1:	83DDE8978C289E380E3744FA9DCABE752857152A
SHA-256:	8208B6F6D8F4434669EB2681B8D32186C08B37514F9B608D16B59D70AB9088F5
SHA-512:	1664CC055B63CE67845D67274827A3978E5CE5F09AAA5577757324F238B25615FD100E43976EA635BA9B45B2F9DED9B4303AC8CCE895371C4F856D59AB4F9DC4
Malicious:	false
Reputation:	unknown
URL:	https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSLMubwjN3chhX_0bFi6pYHFQGu8UIzm-i4TUKDJcf1TvJPSmigb0VRUco&s=10
Preview:	......JFIF......................................... ."" ...$(4,$&1'..-=-157:::#+?D?8C49:7...........7%.%77777777777777777777777777777777777777777777777777......@.@.."......................................1.........................!.1Q."2Aa..B....q..#3............................... .......................!1.Q.2A............?.q....(.]l.T..l.9I.K.F.E...l.,.M.......L.U....T.u..............8..s......Si=.......`a....,....r.....1.T;t.....P...b..s.v..]..m..o.R.tZ..Z....3.m.?..._.q.^G..'-54......b..[s.......d..\|F.B..cZ.....FKx.....u_..4.......T......._;aE.W6..O.8....9.....k.d..q..x..<....YlQj..<....0p....x.`.&..2...E..mlg..m.Sr`..#...%4f..6..UR..,.RpEvo.....c..E.....6cU....e(..S....87...!.j)...RYA6..Ha._.M'...tsS3.#.4.#...Av.l..\>.T.K....@...a....K.jJP...$&C.y..\.f...P.,.]dR.2h`.".I..MtU.G...x.:E.=.8\|...?..Ze.......m.nG.N..3..-...S-.X]q..jeq..z..W...N....g.......T..]2..~...CeEpe...[).....f...b%@...*..(Q...V.L..c..4=..?lh.o...S.H<K.0>]-.)....'.......k.i

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	134050
Entropy (8bit):	5.434746260268821
Encrypted:	false
SSDEEP:
MD5:	B6EC6E381A7CD92D36527C7E73E573BA
SHA1:	8502C1E0A5E65964A2906C87E2E397093BC35772
SHA-256:	BC93D983D7B3B40F20E9CB858699C9B75E44A9CEAC03B00B2ADB25E27B0192DF
SHA-512:	61845900203332F7765805F83F1AB0C3E12515F46DB743E9A331C5893AB5478846DDFA89F84F4AF165E6BB02044D6BB1A8631ED1AB670067415DF512E0EDE1F6
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_3d gb_Re gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Qd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Kc gb_Nc gb_R\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	135
Entropy (8bit):	4.64350732912527
Encrypted:	false
SSDEEP:
MD5:	C6851349C0CC4E93E05C8D66A0326380
SHA1:	AA6B08B1EED8ECF94903592A517B1914F67AB576
SHA-256:	8475DC5DB140A947EAB89434596BDFF82A3C5E7561E4C5E6594CA7F7E674407B
SHA-512:	D66C55C3258A33AB4A30DAF6FE58DD1B0B29AA87FF23CAE988D778B2A51A7D4A643B80808262911DDCE98C921B004B0B16E4AD64FB200C6E2994D6F4AB4C5F9D
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=cooperswing.com&oit=3&cp=15&pgcl=7&gs_rn=42&psi=hw2_bZuy9iN3Rnjb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["cooperswing.com",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3
Category:	downloaded
Size (bytes):	1563
Entropy (8bit):	7.630526620739459
Encrypted:	false
SSDEEP:
MD5:	231A46FEE91EF8C3DEBCE32F7604720D
SHA1:	29ABD6294CB51631D5F1009853505FB80266A92E
SHA-256:	F0CD26BE3D7EF29D072528E2493D53B985A813D2BB2E9F8B5CE2D22E1E3CC1B6
SHA-512:	FB29877493A39311755F6A61A7EFBF96D352C28BDE7F78CD5BF5EEAE9CDB7A0EE830348C6DC4085F5CC4814005FDCCEDCA96DB688007B6306DD0E70AEF53F56A
Malicious:	false
Reputation:	unknown
URL:	https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRKLE8LRw4oAauKJIojm6gMO0_T5CuGod9b56Oy-mnzJ2Z_L1CayWasEeRn&s=10
Preview:	......JFIF......................................... ."" ...$(4,$&1'..-=-157:::#+?D?8C49:7...........7%.%77777777777777777777777777777777777777777777777777......@.@..".....................................1.........................!..1AQ"a.2..q....3B..#....................................................!QA............?......$...J(.....TI...h.....nz8.....S)).g..O..N_Rk)#.}.M .<.~..G.'&......<.L.2.....i.5.H5......o.....z.u^.k_..p.T.....+..hK..K...#x....uRmG...1..E<...5...}...>.h.A.0..Nj...^.~q.$.-N#j.##..}..;wK....S......A.L..g...bu..aCF..q.C.~&U<.B..$.-.j....e1-5)...h......u\...U.... .Q.b....,.P....t..w..r....)2.%j)..k\|a...T....fu.QV...Oa...E@.S1..]...y$.lm.q'....&aO.L..VF......8X.@rz.......M..F......c`E...\n.....&eJ5..Y..}...$..+...G.$t.]..4[..~1.h.....d.@.......CQW.C."._.s...3....l.k..D..{...q.y.cY..N!..Qq.....u..xXD..].M.....x......X...tI..ZV..@.......T%.g..1x.=j...X.V$..._..M.53..qD........[_C...;..{o.Y.J\.VuX.4l.B....4im.........!dFE]"...9.

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3
Category:	downloaded
Size (bytes):	1785
Entropy (8bit):	7.685553419339041
Encrypted:	false
SSDEEP:
MD5:	28BCC6BCD610E874872A0B170F82442B
SHA1:	0C973A805634F1BA09A05A67C1D4DE9AC13E8584
SHA-256:	AD3E504EBCF71912F8DBB4760151A22EB63AF8BADA7A6A60B1EB0E15D793792D
SHA-512:	B3D222F490375E24DF5AF344D599F05A3BC2B535BE0B13E2D0123622F94B8568F40FD76186014745A549FD10FA7F3185EA3F8F1C16B28E202B84597EC17F26AF
Malicious:	false
Reputation:	unknown
URL:	https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQlIrzCjACP7JP48I6n7744Mu9lj1pveO1QSx7NslQtmKdP6fEmjTMLKto&s=10
Preview:	......JFIF......................................... ."" ...$(4,$&1'..-=-157:::#+?D?8C49:7...........7%.%77777777777777777777777777777777777777777777777777......@.@..".......................................3.........................!..1A."Qa..q.#2.B..$R................................&......................!1.."2AQaq................?.....GC.KO.O\....!M[.w[....I.c.g..=U....6...1.MIU$@Q.I?.3.>.-..\a%,m...Y...! .MK...;.........r...gt..Nz.........B$.Q...."d.2...:Ok.U.}V...i'.0L....V.I>..e...E...<.%.I.?l..."..@#.#.cl.".r.CM...cm.rK.ROS.._..S...fcL{....o.a...N..:W5H[..=..[....?.i.:.WT.:^.F.......\|q..jx..+...x..8.g:..5...s.~.?.....y..Jj.:.Y..G"...t..`........R.....'.l...p.m.W,.&....T/.......$...IIm,...GC..'..........A.a.Q.....44.....Y.....^..2...7..why.f4u.4q.O...0a..z...OI.2.=g..]@).@w....J<....&.......0..T.b......{.s..;..2v.f..?Q\|..D4.a.../......q.d.*.f..'.-.%.a.67....I->..SC..E..ck......d.J.....h.t.F........ ...E.\.Q.M.D^Ng../....zv.....P.S...........

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3
Category:	downloaded
Size (bytes):	1240
Entropy (8bit):	7.517218956026818
Encrypted:	false
SSDEEP:
MD5:	095394A5F7D171AB5A4D7EB5251D39EE
SHA1:	D33F27AFCB5BB72C85F3F44F0B806508C70EDA8D
SHA-256:	29066DF86F65F174B0EFFA68CB4001B4DB3F9A9AFA803007A4D3E91C5234C8AE
SHA-512:	0CA64958A59FE364079D7B07F9947ABC1271761DF14BB9CB3B08A0CC42842B23B3BA473B13EC63014B7DCB25AF0362CE7D8F8CB91CD3578A8B171188DB8F4A8E
Malicious:	false
Reputation:	unknown
URL:	https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSTJgOdgMg1SbVctzAHqM6CNqTOWc2c2vvnGG4BZ74&s=10
Preview:	......JFIF......................................... ."" ...$(4,$&1'..-=-157:::#+?D?8C49:7...........7%.%77777777777777777777777777777777777777777777777777......@.@.."........................................3...........................!1AQ..aq"2...3...BRr................................$......................."..!1.Qaq..............?...E.B..H...<..d.]...8..6.m..o.y$Tg.].77.o.%HK...kQ...H....V......+.../..z...{2. ImneC.3.\.G.-..~..]V...u!.'.s.U.$s.\.\4....(..1.(..I..L.Y.#-.qN.g.T.v...hgy.....G.....i...fB...r8..W.i.6.OPJV......{..5.....l^%2...Z.FBu.G.V_..'#hv.b.D.44.?.?...U...r.l.N.)O!K..m+:...yV..%`]..<.x-#...$...}(...z..*.$(..y...8..2...x..Y...F...BF..R}..<[mo.Ke.,...XS...FG.....I.Z.t..-pu..g. ....._.>..q..B..S...<.{.{.I..g2..e...W.6..g...y4.l...F;.I......qdM+q...ZPN...p.'.0W.d-...$HA...%@.`@..k].R.&.#..9CC...R-.".c...yA..e._..N=S..Z...m(....G.+.n!...KJ...$.(.D..]d.....J.......;..\...-...j=i.o.t..W.G...4...D..}...N...C.5s....8....()9.2.ES-....!.....

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 16160
Category:	downloaded
Size (bytes):	2819
Entropy (8bit):	7.928058832951685
Encrypted:	false
SSDEEP:
MD5:	26DE018FC41DF8482712D1D96938B637
SHA1:	F676979C1DB8CBE438BDBD305E6A235AFD8C94B9
SHA-256:	DAA9E13DC10B842B06513F9C56FB28D0BFE6B429E62F26658B268876DD26A8C0
SHA-512:	A93312A16F39A2DC2FA18EF7B604684CF88B8718899F12F49A3C79C02FB5A05A7723D12D97BFDAD0F76D9A8199AA7FDAB5CDA45A8428A24528C0E6814F757F61
Malicious:	false
Reputation:	unknown
URL:	http://iamcosless.xyz/
Preview:	...........[{o.8......\..io#.N.f7ur.#{..m.M.E...%.%&......!%9...$mn...Z49C....p4P.d.>b..c..b..".....K.vY..<...........m.J.8........F.[...L7.l.M.........._..:...1.u......O8M.....l!...@..}N@S..T..\.._:..5...N^.{uz....l..-.$R..a..`...@..R..Y..:..E...q&.nt..P.!.X..}.&,e.Q.r8.o..^.$O.)..D.?.(]pP1..7Ji.(....R..V..A..7%...Y..[.(D.....\|q.......+.,..Z..rML...Kh..........Y...".bg....Y.......;.;W.;+.:..&....W.o...[...m....a.d....8U..u0D.{........5$AzV...f..7F..9..lg.4@....$U...a,...A...d..]=G..`".~..Wi.\..3.s...hZ.N..X.B.......B...... ..8>.....X.....=..d.h...)M.....;....3...co."'...\#.t......3.Q.w@j.../.e[ZM#.p.k.:.0..B.!...o..,.m^.l....?C.../w.k.....W.1.k.$'g....%,....:r..Y...M2F...H../9.7......:....FD.....a*..f.&t.J$.....%\h".d.T....J".O......"G7%Z..+._4d......C...._....]BXX.J.=..!h.....L.UX.B.a..e...Ck.2...a.#......h.....3...[x..qF&"..G.?...eJ.I....%\|....4J...J..4......\.7S.....g...O...2.D.............+.yB.-.....3u4.k...M..ot.....Th..

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3
Category:	downloaded
Size (bytes):	1323
Entropy (8bit):	7.539072197286798
Encrypted:	false
SSDEEP:
MD5:	09043EC89F9B5B8BC59D420DC3545E85
SHA1:	88F1AC7E0A0519933F1903FB21726C85C44DB777
SHA-256:	820BF549A2F6376104BC619E00B7E58EEF4234885A69A53F329912EF4D5E5091
SHA-512:	6D459FFF48C1B34AE9CC679FC00A2801D15798D590ED67BB266D8D56C43B8A3F963B00114DF0FFF5E832E7B15AF58A48393ACCBCD5DCB57688913AAFFE28FE32
Malicious:	false
Reputation:	unknown
URL:	https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTmTyie5b6a6JUOONfktGoU3W9z0nxkScjJrMk_oiOgAwM6dERLzJbslzQ&s=10
Preview:	......JFIF......................................... ."" ...$(4,$&1'..-=-157:::#+?D?8C49:7...........7%.%77777777777777777777777777777777777777777777777777......@.@..".......................................7........................!..1.AQ.."aq....#2Rb...&Bs................................ ........................!3Qa12............?.B..b.......a...#..F....h..............4..B....l3V.]...!.$.9]W.K.B..s.'...qx=Us./D..R......s.......VR.y.Y...K..{{:.z....P%Q.....UB.xK..T...Y2.//\....;S.^.N\|jf.l...eq..wb..O.&...wW......O...[cp{@..T.....g..).E....h.x.....Y._....w.;..w,.HJ..K(;........6...+0,....Zu..mACrf.\.ZD....w...\.Zw.I(.z.m....a..<(.dmU..n...F..$...X.x-.6.D...P.2w;t.o.....^..&.0....=.....u........3.%...v<.1u.(..*..........s...\|kW.....9!WE.).n....+L.>'....G...o".-.s...3..O_.5WE....i<c".a...[~.Uwb7'.Y..a..[,fHW..\|.r2......u.7..d.g..R?v.9.\|_.....2......Y..$.MsLZzu...(t7Q..w..1I.V .....J....&vP..RGq.J.<........4.E.eN\|I.9..B;...U.......>..M.6].....I..T..

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 9843
Category:	downloaded
Size (bytes):	1584
Entropy (8bit):	7.844869642856602
Encrypted:	false
SSDEEP:
MD5:	72A33CD04BFA1377E187C487CA363F43
SHA1:	0F39F9D30AFDE4447183F1B0173F2C8952EB9D6B
SHA-256:	A634A35C45CE40C4D5B7CEEF5722E61D8D400F6FF638266181E16DD12006D9EC
SHA-512:	118C7C717DFA977B88412043CEA7F8673B6BBAEDBC34CFE4A044AE058AB41915EA67E83DC6632A0C927E3AD6A090B210E50972369B563004F94055EC89720900
Malicious:	false
Reputation:	unknown
URL:	http://iamcosless.xyz/stylesheets/skeleton.css
Preview:	...........Z..6.}.W..$.]_dY.5A..Y.h..I....m.6.Y.$...b..C]../.6.....pt8<.....].....$ ......oY.....#g<..w.L..>.....r...O.[v.......:%..B.......'..-..2.....j4..,.#;.[2d.~.;%.#....!....3....6....k..o....".9.y2x..3@...G....1.....Rp.^..b.c._e..lCaR..g....G$.....i.Gi."..\.#N..80.rLC...yD.K(.,\.....3Y....a%......=..1.'..(....a...3.....(.&.].0_......4....B4.....V...D..6.......y...9.q.+...(E....$...Lb..m..HD.v.Da.. :..r..w.L."d.R.v${.#....W=.#MSH...]..,$...7.H.7.c....!L..>...(.....S .^.(..G...o..P $.....B g....$"5..TL.T..%.L.$.AFP1......S1./$..g.0W.$.9QGQ!.r..a....@B.....K_.@..2..D.1URya.B..Qmg.....%.':kZ:t.y.....,....K..*_...i.4Q..$..H.i..H!sD..........;X.ABYp4U......@.....d..g^..L6.XXWB...t...2...C...&...h...l3..&.wm... ;W.m)...-.".d....C.c1.YM....[D....G.S.X.<.d...A@/. .....x...}a^...8(..O.....MZe..=.S.:.>.3$......PZw,F.N..2.....M..]=n.Z.f.....X.x.U.X.....X.y..1........t.a.Z.O=.....h......."[.?.kS.R..f.......v(3m.Z..Z..D...sw!..&...w.:zm.

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1293
Entropy (8bit):	6.696211940938709
Encrypted:	false
SSDEEP:
MD5:	86B24A4AB1229A93AA8C9F8BF984FC15
SHA1:	3D76578C06FA99C3FAC818D732587EB707BF0041
SHA-256:	40CD6605441A70EE70288F67DA0B2CEA693A70F33F1868D6F9FE1B79F0529E4B
SHA-512:	D288A0AFDAA023DBFDC68DB846975A694077C0A1A62F197AB1B067B2FDDF0C4FD740C067E4AC535E8924B74D555A54753F866FD6F3A44FC7EF7FC3692DD17734
Malicious:	false
Reputation:	unknown
URL:	http://iamcosless.xyz/images/1_normal/1.png
Preview:	.PNG........IHDR...2...2......?......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:783C30352BFC11E49F73B9F6FEFC679B" xmpMM:DocumentID="xmp.did:783C30362BFC11E49F73B9F6FEFC679B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:783C30332BFC11E49F73B9F6FEFC679B" stRef:documentID="xmp.did:783C30342BFC11E49F73B9F6FEFC679B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...>....IDATx.b...?.p.L.......0..0.#.*F...p...\..SC..f@l.... ....i.y.[.q..P..I..I.........2i!.o@\|..~.$..I..g@R...Px.$

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	9952
Entropy (8bit):	7.665831313763128
Encrypted:	false
SSDEEP:
MD5:	D00247DC3EDAF691912B25E87FA7992A
SHA1:	447A83F3369B3A3DCC355A61A9F1760D15F8AFDA
SHA-256:	6B9B8C1A720EE221A4F9F67CE320749AC17317741D0CD5E74F4D4528E59DB5E5
SHA-512:	496F081C95C35F213DF26B1A187CF7CAE6BED3FC9E38EBBC9DC06C5F62D3AE48D9C26DC071562EAA73B6D2BDFB2310E81D84A76391EC24E1809C32856EDF3603
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............$.....sBIT.....O.....pHYs.........B(.x....tEXtSoftware.www.inkscape.org..<.....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................#......tRNS................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3
Category:	downloaded
Size (bytes):	1414
Entropy (8bit):	7.577687922017627
Encrypted:	false
SSDEEP:
MD5:	5AE5A048E6F37F3AD26DD9972B18E3D0
SHA1:	043E8AF0CD010A8AFBC86F9CBF0EC01B8A878141
SHA-256:	D6FD1ADD84C343CAEFE2F63B4AC4E8F3F5C7EBC1D038EF8203B48EAAB9FBA9A6
SHA-512:	3732BE81B30941F982E0B1E433B3E5A7BB6809C3313B67DD2427D9928F6256CFA770BB4611000D8A7440569BC2E9019C82E47B59667011DEE9DEA5C4C5369D23
Malicious:	false
Reputation:	unknown
URL:	https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRgnwXaIhBWVADaQS7AqEATSe3Uewj4Jl3D31uNJJsVDJV_OMJ2TbmShmk&s=10
Preview:	......JFIF......................................... ."" ...$(4,$&1'..-=-157:::#+?D?8C49:7...........7%.%77777777777777777777777777777777777777777777777777......@.@..".......................................5.........................1.!A."Qaq.......2BR.%3Sb.#.............................!......................1..!A"..a............?.........Py.C..3..Jx..TY....0..."..1..U{._=F.J.... }..KQQT...............-...y..r4...Dt.s..v./-.......B1..<....LsJCG.Q..".?.o.2....K}qHQ..D...K}.d1n`f..0....p...1...3eU.....$8v.z..f....}.X.#.......u(..E...vh...~Y .b.."H.......p..q.f...jk.BW.._..$/....7.K..b....n.,....l.:X!b....8,...;.x.....Lj..#2-..J...8...>.....8......./.4.Z.TL... +..l{...;_.......66.....GL@..=.c.,..T.,(.....-..........N..G..Nw..S....2....{....^.2..;..0.jQ..QlH.;b....8...ft.f......G.O1.O.O.o.......*&..F....O.M!.Y.`.<..)\|q...~ .5..L...c....m..1C-E@.r{(o.v.._..G1..1....`.....\..Ca......Sb...M--t..e.&.y.t........A.0..g..7.X.G[.>c.H..W5...j.\|5...u....I.

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3470)
Category:	downloaded
Size (bytes):	3475
Entropy (8bit):	5.93001451855576
Encrypted:	false
SSDEEP:
MD5:	1E1650D5265FCED6DD8697119E823A15
SHA1:	0025E35E93E0016910F0EEC9382AF1B5D14571C5
SHA-256:	15EE3F2F907F45FF9776B62361BE1D61F632965708FECE02665C9E323FB9F932
SHA-512:	C5A2D6275FEB768E0A883D532EAC7E228A543779693E60E96BADFF6FAC452EF071BF46D46FA3535D52619D66F5FC24CA8897131743D672EC63CB609D54AFE2BA
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=cooper&oit=1&cp=6&pgcl=7&gs_rn=42&psi=hw2_bZuy9iN3Rnjb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["cooper",["cooper","cooper koch","cooper koch","cooper kupp","cooper\u0027s hawk","cooper\u0027s hawk","cooperstown","cooper flagg","cooperative federalism","cooper dejean"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"google:entityinfo":"CgkvbS8wNmM3d3QSFU1hbnVmYWN0dXJpbmcgY29tcGFueTJkaHR0cHM6Ly9lbmNyeXB0ZWQtdGJuMC5nc3RhdGljLmNvbS9pbWFnZXM/cT10Ym46QU5kOUdjUVhMMXN4YWs1TVE2RHFwa09DejNjb1lUaU5FbVFqQktjRlc4SHA4UXcmcz0xMDocQ29vcGVyIFRpcmUgJiBSdWJiZXIgQ29tcGFueUoHIzQwNWQ5ZlIzZ3Nfc3NwPWVKemo0dFRQMVRjd1N6WXZMMUZnTkdCMFlQQmlTODdQTDBndEFnQkZ6d1kwcBc\u003d"},{},{"google:entityinfo":"Cg0vZy8xMXJxM2syMmd3Eg5BbWVyaWNhbiBhY3RvcjJ0aHR0cHM6Ly9lbmNyeXB0ZWQtdGJuMC5nc3RhdGljLmNvbS9pbWFnZXM/cT10Ym46QU5kOUdjU0xNdWJ3ak4zY2hoWF8wYkZpNnBZSEZRR3U4VUl6bS1pNFRVS0RKY2YxVHZKUFNtaWdiMFZSVWNvJnM9MTA6C0Nvb3BlciBLb2NoSgcjNDI0MjQyUjpnc19zc3A9ZUp6ajR0VlAxemMwTENvMHpqWXlTaTgzWVBUaVRzN1BMMGd0VXNqT1Q4NEFBSGhEQ05VcAY\u003d"},{"google:entityinfo":"CgovbS8we

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2287)
Category:	downloaded
Size (bytes):	173897
Entropy (8bit):	5.55533403400538
Encrypted:	false
SSDEEP:
MD5:	7E72E82308A3FBA94B275631316B47EC
SHA1:	30C09510C11E807FA7D9D14246CD24574BC373A4
SHA-256:	EA3EC3E26DDD02EA022418261A6CFC6DBFB5B994DC064BAA8D14C448ED96649C
SHA-512:	7B74D1EF30E8B9D55D52DF82BBE1E9EF88EBF33B1464DF45139FB53E3D205963A82331D508494CCB2B2AF4B82F647FB134F2FD8FD97C35CEE035B3AA0765BD0B
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cUpXqrd4NA0.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTsLF9xo3cxDRYfLOKQnh9oZJqzzrA"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.kj=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var lj,mj,oj,rj,uj,tj,nj,sj;lj=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};mj=function(){_.Ka()};oj=function(){nj===void 0&&(nj=typeof WeakMap==="function"?lj(WeakMap):null);return nj};rj=function(a,b){(_.pj\|\|(_.pj=new nj)).set(a,b);(_.qj\|\|(_.qj=new nj)).set(b,a)};.uj=function(a){if(sj===void 0){const b=new tj([],{});sj=Array.prototype.concat.call([],b).length===1}sj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.vj=function(a,b,c,d){a=_.zb(a,b,c,d);return Array.isArray(a)?a:_.Nc};_.wj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.xj=function(a,b){a===0&&(a=_.wj(a,b));return a\|1};_.yj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.zj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.Dj=function(a,b,c,d,e,f,g){const h=a.ha;var k=!!(2&b);e=k?

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 10, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	572
Entropy (8bit):	7.369717045101877
Encrypted:	false
SSDEEP:
MD5:	6D8EEB32E1E6B7C2A17405D2AF397606
SHA1:	0028BC31FF6F5742BE90761F802BEFB766296E28
SHA-256:	B4B609D361976491914F5B2861F6C72DC805F11BA1FFFC84331CB536D99B7ACB
SHA-512:	86DFF2497555C7ECD86F717C9A0F89DB8E5CA722B1FDA31D395F413C6F9A73C805E24711EFA6ABED5AFBDD381729B62827B157CF200FD13998FDB465AA2F3B06
Malicious:	false
Reputation:	unknown
URL:	https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQXL1sxak5MQ6DqpkOCz3coYTiNEmQjBKcFW8Hp8Qw&s=10
Preview:	.PNG........IHDR...@.........3t......PLTE......Q]...M..P...Yc.MX...S........IZe.......^g......B.....Ww....]mv..._/>s...............bk..$g.)e7Gz..ZBO}....1k..]..`...../q...vIDAT(..Rkw. .M#.......[m.....n].}[.!'!7.<.xI^.... .l+...B4.6Qd\^EQ$iH.h...Z.NN.9..y.".o.y.Z.!..(.JO.o...'lG^...3.W.....\.#..%.V....T7.4.`.....4...X0.6.^....+..Y..9lgi....Za\bm#..Wq..#..X...>....e.....!..............g2...\\...2..PmO#<y.3..8.t.}0./0=......8.\|...^.%@K........I%%......-Td...e..0.~.U.0.T6R...Q:0.. ..\|,.m.....P..JN.M.O...oK5..?Y...b.`]V.i....d^.\|.......JC....IEND.B`.

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 9246
Category:	downloaded
Size (bytes):	2570
Entropy (8bit):	7.920757522847955
Encrypted:	false
SSDEEP:
MD5:	67D1BBA27EAE7F8E7490E0962658371C
SHA1:	A024B0745B36071736CCAC079EAA16C545B93AA1
SHA-256:	752B49880134DF4D5B06FDE3D539766DE24935AF716076DB881631DFC55CD349
SHA-512:	D8F1085A9035014C0EE33E4584928215ADC29E0CC441C61895CD2E921B88888C48E8A47F994C873009B69F515BA14838CB77FC1BAAEE6B7F46C234137A6E466D
Malicious:	false
Reputation:	unknown
URL:	http://iamcosless.xyz/stylesheets/base.css
Preview:	............ks...+Pg..'.MR..H.i..e...i2..M."A.g..........R\|Z.....v........K..._....?.......N..".+'........3....g....%.B.1#"".E.X..o..3.=.7.L...;y .A...j.3......}.eb..l..._yz%.S\|~L.Fc.+..).}.y..O\..........,$....!.......A....$....R...,..Hg#.&f4..5z.H..&<..-c..4...N.....y0../h9Y.G[......nBB~3!2...,..........QN.6![.....\s..p.OH.4b.\].B.Z....z..=.E.K.%.s&%.....Q...=d E..g.x<.0O..j.N.5H..4..2.1.J..+..".dY..................4....!...^...<.,.%......t...l.R@U.@.f...P.e.H..."R..p.;......@.{.7T.....!.Y.\|7.....q$.."U....G.....R0.(TV..X....{."Ih..q4.._..E........x4...O....2..O7.k-r`i?....cK..Oe....e9W.p.p.4..Om..J.....j....8<j;N=...,...q9..m.a(.t..f..z.flm....!.$......Z.....\3..Vw.%.P....^.6M,09lI.?_.?+...4.1.4.qL3.2.o{.L!>.k4.l.N#.=2.....4.B...<.........d..-%.I<0VL=.S...T..D./&..T.U.....\|>...-[_q...%..[=P...b.]..p?.;.Tb.I.Q....FEE.;#...R..LF?.Z.<.n....BL....,P.=.....j=.....J...)d-.kW.z.u.....}...}?'..c..g..B...hk.0...&.E.k.JL@.....o..-:...u#..

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 214
Category:	downloaded
Size (bytes):	148
Entropy (8bit):	6.594192216804885
Encrypted:	false
SSDEEP:
MD5:	B06CE0387CC1C4DD302CB73C267BC626
SHA1:	041AE42DBDF58A63B890C00804A2D5A6983E20B5
SHA-256:	84774A37A66E6579A40C25FECCD4DCCF2C872E3FE40DAFD1536B3FDD5667E76B
SHA-512:	8D8A82472F033F7E528D85C1C3C51263AA5E66D71D90FD04CC55B3D0DD7509E08BAFA8732439C5178691EFA69739AF1AFCEDBC39937D0503D30E18CDD625914D
Malicious:	false
Reputation:	unknown
URL:	http://iamcosless.xyz/stylesheets/layout_1.css
Preview:	..........m...0....8..Hn.O.$W...pI)..".b...}..J..:.)G..KXZ...J.K9.....3..Q..!;..K..g....~....?~.{{..];....=.F..E.J.LA6...AY..l.p......'.....

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3533581296433415
Encrypted:	false
SSDEEP:
MD5:	6776548F23C2A44FBD3C7343F0CB43E1
SHA1:	1E6871D4196BB00F0D161D5DC8872A8D940CEC30
SHA-256:	DDFC74A717ADCA6E6DB1BCF58D64FF7205F52BA4B61617A0137045088622C86E
SHA-512:	947B3AC76BC7B6DF6FD1C4AEA94E79D1E168E3B15BB4DC2A497E3DAFF60DAA58A490C89BA11A10910BB4B21C79A56CEAEDFFAE32A77D39E245422BE874BF7CF1
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.QEmFiQX-ROw.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuqAa7PW703tsRdQnFgFKMOuHOagg"
Preview:	.gb_Q{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ka{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_La{fill:#f9ab00}.gb_F .gb_La{fill:#fdd663}.gb_Ma>.gb_La{fill:#d93025}.gb_F .gb_Ma>.gb_La{fill:#f28b82}.gb_Ma>.gb_Na{fill:white}.gb_Na,.gb_F .gb_Ma>.gb_Na{fill:#202124}.gb_Oa{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3
Category:	downloaded
Size (bytes):	985
Entropy (8bit):	7.316638210233628
Encrypted:	false
SSDEEP:
MD5:	83ED130BFDF0EF58F440FB441E537904
SHA1:	3B95468D2334ED9BD1764C943F9AF86D523CB0C6
SHA-256:	F727EBE253D8002533DA2DDB05A3391A786FC47B85AF320AC54E3718A4C3CD9C
SHA-512:	A73ACCEA61B222A10F8E3CB92CBFCD334D85AC6E5EFB272FE411FD26367A07639677146CB8EB10EEB5245A5E52BB00CF392AC31F237F91B3E7D2FC75EEB01126
Malicious:	false
Reputation:	unknown
URL:	https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQxDHtxQuz1vOnDp07WPtVOPZyYnxOnp_EMMg8w3DU&s=10
Preview:	......JFIF......................................... ."" ...$(4,$&1'..-=-157:::#+?D?8C49:7...........7%.%77777777777777777777777777777777777777777777777777......@.@..".......................................4..........................!1Q...23ASqr.."#Ra.$B.......................................................!"q.............?...6.w.fx.w....x.Y.&..\|..p.........n..U-1X.F...x.Y.&......k[...1..`r5.T>g....bm;...].z..~.y..N.;........)Z&v...,.4....oj....A.b.h..;.lf.....=.3...Kd......I.~-..dN...+K...."..g.F..&Y.f..z9.....fk.5.i..#....5.+e.0Gx.D.m,..I;6.....T.....n_.r....M4...K).9f.=.D..'.K.\..,wL.3.....t....T...2...OP.$.+i...{..iE.'.WC2~.y.....fU........CA`......\..O%.m.q9J....ui\|.../ ..8dwE..u..K.7.{...V)W.A.r~....V[$xK..FI.....1'..9)......4,9U...,.Q..Y.1.i}K....,F..za.O......'=.r..R....1...v..Gp..2..V...5.I..R.....x..}.4....(h....+W.~.y.....G...4..o.O....+.L........;.m.....Y.......4.<....SBU/G....ity..>&.....=B......4Q.6.~.......

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	19
Entropy (8bit):	3.6818808028034042
Encrypted:	false
SSDEEP:
MD5:	9FAE2B6737B98261777262B14B586F28
SHA1:	79C894898B2CED39335EB0003C18B27AA8C6DDCD
SHA-256:	F55F6B26E77DF6647E544AE5B45892DCEA380B7A6D2BFAA1E023EA112CE81E73
SHA-512:	29CB8E5462B15488B0C6D5FC1673E273FB47841E9C76A4AA5415CA93CEA31B87052BBA511680F2BC9E6543A29F1BBFBA9D06FCC08F5C65BEB115EE7A9E5EFF36
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/async/ddljson?async=ntp:2
Preview:	)]}'.{"ddljson":{}}

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Dropped Files

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 60

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Static File Info

Windows Analysis Report
https://storage.googleapis.com/908887c602fc7f6939d1/2f119835ac06df2d7fec#un/1256_md/15/697/31/0/0