Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://passback.free.fr/pub/pp_120x600.html

Overview

General Information

Sample URL:http://passback.free.fr/pub/pp_120x600.html
Analysis ID:1523763
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 3880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1972,i,5060305073691491895,3946397409507975366,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://passback.free.fr/pub/pp_120x600.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://passback.free.fr/pub/pp_120x600.htmlHTTP Parser: No favicon
Source: http://passback.free.fr/pub/pp_120x600.htmlHTTP Parser: No favicon
Source: http://passback.free.fr/pub/pp_120x600.htmlHTTP Parser: No favicon
Source: http://passback.free.fr/pub/pp_120x600.htmlHTTP Parser: No favicon
Source: http://passback.free.fr/pub/pp_120x600.htmlHTTP Parser: No favicon
Source: http://passback.free.fr/pub/pp_120x600.htmlHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 6MB later: 31MB
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: global trafficHTTP traffic detected: GET /pub/pp_120x600.html HTTP/1.1Host: passback.free.frConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: passback.free.frConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://passback.free.fr/pub/pp_120x600.htmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __gads=ID=fac9742ac38abd4b:T=1727824518:RT=1727824518:S=ALNI_MZiSqTSUf10e2gN-_P259ddO3PATg; __gpi=UID=00000f00ca34939c:T=1727824518:RT=1727824518:S=ALNI_MZ0AjOucsSCcIPRdnboCHwerZv__Q; __eoi=ID=d80c6368ea5d1935:T=1727824518:RT=1727824518:S=AA-AfjbnLg2keJ8qjLMuJqLszD66
Source: global trafficDNS traffic detected: DNS query: passback.free.fr
Source: global trafficDNS traffic detected: DNS query: www.googletagservices.com
Source: global trafficDNS traffic detected: DNS query: securepubads.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.2Date: Tue, 01 Oct 2024 23:15:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 62 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 90 b1 0e 02 21 0c 86 77 13 df a1 de 8e 78 e6 46 64 31 9a 38 e8 e2 13 70 47 05 12 8e 1a c4 e8 bd bd a0 67 62 9c 1d 1d fb f7 eb d7 a6 c2 a6 de cb e9 44 58 54 5a 8a e4 92 47 d9 2c 1a 38 50 82 2d 5d 83 16 fc 15 0a fe 44 32 da 92 1e a0 35 1d 79 8a ab ea 66 5d c2 aa 28 3a 0c 09 a3 14 b6 fe 36 e4 44 f0 b1 5d 76 65 68 ac 82 71 e1 ce eb 79 dd cc 97 9f 08 2f 4b 8a 94 bf 0f 9c 31 06 0a ce 4a 6b 17 0c 24 02 ed 2e aa f5 08 fb e3 6e 03 2a 68 58 db 48 3d c2 29 3a 0c da 0f 80 31 52 cc 13 06 81 b1 e2 fa 2b 7e f9 8b 07 32 c5 84 02 3b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: bc!wxFd18pGgbDXTZG,8P-]D25yf](:6D]vehqy/K1Jk$.n*hXH=):1R+~2;0
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: classification engineClassification label: clean0.win@19/20@14/207
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1972,i,5060305073691491895,3946397409507975366,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://passback.free.fr/pub/pp_120x600.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1972,i,5060305073691491895,3946397409507975366,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
Extra Window Memory Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
securepubads.g.doubleclick.net
142.250.185.194
truefalse
    		unknown
    pagead-googlehosted.l.google.com
    		142.250.185.65
    		truefalse
      		unknown
      www.googletagservices.com
      		142.250.74.194
      		truefalse
        		unknown
        www.google.com
        		142.250.184.196
        		truefalse
          		unknown
          passback.free.fr
          		212.27.48.10
          		truefalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://passback.free.fr/favicon.icofalse
              		unknown
              http://passback.free.fr/pub/pp_120x600.htmlfalse
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                142.250.184.196
                		www.google.comUnited States
                		15169GOOGLEUSfalse
                1.1.1.1
                		unknownAustralia
                		13335CLOUDFLARENETUSfalse
                142.250.186.161
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.184.193
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.186.163
                		unknownUnited States
                		15169GOOGLEUSfalse
                172.217.18.1
                		unknownUnited States
                		15169GOOGLEUSfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                142.250.185.130
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.185.194
                		securepubads.g.doubleclick.netUnited States
                		15169GOOGLEUSfalse
                212.27.48.10
                		passback.free.frFrance
                		12322PROXADFRfalse
                142.250.74.194
                		www.googletagservices.comUnited States
                		15169GOOGLEUSfalse
                64.233.184.84
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.186.110
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.184.238
                		unknownUnited States
                		15169GOOGLEUSfalse
                216.58.212.130
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.186.99
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.185.65
                		pagead-googlehosted.l.google.comUnited States
                		15169GOOGLEUSfalse
                142.250.185.98
                		unknownUnited States
                		15169GOOGLEUSfalse

                Private

                IP
                192.168.2.16
                192.168.2.6
                192.168.2.5

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1523763
                Start date and time:2024-10-02 01:14:44 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                Sample URL:http://passback.free.fr/pub/pp_120x600.html
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:13
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • EGA enabled
                Analysis Mode:stream
                Analysis stop reason:Timeout
                Detection:CLEAN
                Classification:clean0.win@19/20@14/207

                Warnings

                • Exclude process from analysis (whitelisted): svchost.exe
                • Excluded IPs from analysis (whitelisted): 142.250.186.99, 142.250.184.238, 64.233.184.84, 34.104.35.123, 199.232.210.172, 142.250.185.130
                • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, pagead2.googlesyndication.com, 694cee689938c0cd433987a04dadb15e.safeframe.googlesyndication.com
                • Not all processes where analyzed, report is missing behavior information
                • VT rate limit hit for: http://passback.free.fr/pub/pp_120x600.html

                Created / dropped Files

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 22:15:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2673
                Entropy (8bit):3.9833953597127065
                Encrypted:false
                SSDEEP:
                MD5:DC8C5D8960F5B1B1860F8490059B45DB
                SHA1:7E7C10163B0F9BE3AC0C0159B4EED0275332D25C
                SHA-256:058F5C63495E7AF32CF3D55F0B2797C9A152F25AAC550EC237D78EAE94664DBF
                SHA-512:2A6DA2A5A243F639CBE1E00FB4234624B316798E3907722F3FB7F79EBA9E7CC22BA660526E9B0B07B01C6F5BF873C42415E34F34A6977E57D52157606388C023
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....>.&.W...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........@..f.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 22:15:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2675
                Entropy (8bit):3.9999091381511382
                Encrypted:false
                SSDEEP:
                MD5:C19F8512042DB71816C4EFE3F451DB7C
                SHA1:8FE45059C6B8E25A82C3B12485093608A5DE3399
                SHA-256:D6E8587D5B7E7A031D5EE9A747EB6836F1EF0F59A539FF20C5BA43890DCE27E5
                SHA-512:58E7C7021A8E2234FED28D8F4AA1FD20B5740D3058782B0D311A3FDABFE56630327E4894D1DCFEDAC6A721E63DD3883D905ACAB7767F8245F5591BAB86EFB0D3
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....z`..W...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........@..f.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2689
                Entropy (8bit):4.006533240965983
                Encrypted:false
                SSDEEP:
                MD5:0A1CE27C34972682A66E15051EF1CF1C
                SHA1:F9D116E6DA5EF9E933593C4B47D5C11C4ABC560E
                SHA-256:5F06421200D2944FF343FD2E9E6D6CB3FEADA12EBDD35E8CC1EFF6F208599B21
                SHA-512:2867A1FF5E577C0C7AA0421E1B9227BB526010B905A122461ABC0369B068728E9430018A5425DB199852D89826B1BAFE500FE7780C2A288C0A1DAAB3762E16B5
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........@..f.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 22:15:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2677
                Entropy (8bit):3.995710634752911
                Encrypted:false
                SSDEEP:
                MD5:41DFCE7877F4ED3C357DA0F9FABC4C93
                SHA1:B2D34DE19CC2611EB95F40DB76903386031C61AB
                SHA-256:E0C10E55FA9B11647BADED24A2A9884D9206228B448750A4A3947BCD5181B784
                SHA-512:65EB654B11114B24DD0A1C423922CA8968164DE78BDD2DFF665C37F1D5EE1DC2AAD7D4EFD61EFEC64C08C9CA21F88B722EEADCAED6E560763E51A47E0B7465A8
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....E..W...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........@..f.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 22:15:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2677
                Entropy (8bit):3.9861417429718333
                Encrypted:false
                SSDEEP:
                MD5:4C77A1148099B70D64420CD928FF19F3
                SHA1:C51B8D81EA87071E30428E95FE7E8CA8796EFF50
                SHA-256:66AEC0D8A9358BCB804B99FB212AD16E409C0800A2A8409F922FEAB429A2E17B
                SHA-512:D0EE01931F3B32CD363DFB917EA3D399F1937A8B785A54C8BAC2E4D044E1423776469028172835B2FB1E3CBF9C17CE6EE1E980945274D987E353EFD61F862589
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....S!.W...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........@..f.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 22:15:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2679
                Entropy (8bit):3.9945096621875846
                Encrypted:false
                SSDEEP:
                MD5:9B8F6D6BDE5671F390AB21E71D6FC3E9
                SHA1:3A04EF232C8E5A2CFB2986162BE201575A10BA70
                SHA-256:28CC19FDFEF138E6000EB8F6F4E0CEAEEFCC87B99E5C47BFCD07A17A46D8D896
                SHA-512:31D5BAA12E9DEFAD039859A76D9FD3A8B15E5B48CF23630F788C14BD942B9CE0DB4238249893482F89BC3E8AC839007D749196E22C92262EECADA53EFABC0D34
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....;...W...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........@..f.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                Chrome Cache Entry: 72

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text, with very long lines (829), with no line terminators
                Category:downloaded
                Size (bytes):829
                Entropy (8bit):5.390070358468307
                Encrypted:false
                SSDEEP:
                MD5:C074BC0596ABF8F829156250DBC81B35
                SHA1:C8D4494A3A541D7591795DFA3CA4E0F6A21FD2F2
                SHA-256:4D4328E0FDA134C5A18E68CDB2FDB2931F7B4C6960909266BC7EE4DFDCFE3C87
                SHA-512:4F03890DE22B437DD208E3B929D45E99617BD1068B6C2B1A5EB559441892B74BEA1CEAF39FAEE9CA67C8417B683AF62D0EEAB298D2010BC6F648486EFF45D989
                Malicious:false
                Reputation:unknown
                URL:https://www.google.com/recaptcha/api2/aframe
                Preview:<!DOCTYPE HTML><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body><script nonce="bBsWVQTMlx7Ebw91OryesQ">/** Anti-fraud and anti-abuse applications only. See google.com/recaptcha */ try{var clients={'sodar':'https://pagead2.googlesyndication.com/pagead/sodar?'};window.addEventListener("message",function(a){try{if(a.source===window.parent){var b=JSON.parse(a.data);var c=clients[b['id']];if(c){var d=document.createElement('img');d.src=c+b['params']+'&rc='+(localStorage.getItem("rc::a")?sessionStorage.getItem("rc::b"):"");window.document.body.appendChild(d);sessionStorage.setItem("rc::e",parseInt(sessionStorage.getItem("rc::e")||0)+1);localStorage.setItem("rc::h",'1727824522757');}}}catch(b){}});window.parent.postMessage("_grecaptcha_ready", "*");}catch(b){}</script></body></html>

                Chrome Cache Entry: 73

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:gzip compressed data, from Unix, original size modulo 2^32 571
                Category:downloaded
                Size (bytes):188
                Entropy (8bit):6.773769769127259
                Encrypted:false
                SSDEEP:
                MD5:5E78C911BE8B87FAAD0475ADDBDABB0D
                SHA1:0FFB1EC3C09730C6B9B9BF9912C3325DEC3E466A
                SHA-256:1037C7BFA41F306D2E733866B9FDDF3A9EDCCBF92896E9A3350F155F763A0AC4
                SHA-512:2B48F73DA7AB1AFFDB748FB2038628CD60AADF557EBBF3F24F32A53D86E05CC2E780B65E7DE3B0C0017F72F1A00C642570FF9B9D7DFE00DC69A80FFA6FF2C76F
                Malicious:false
                Reputation:unknown
                URL:http://passback.free.fr/favicon.ico
                Preview:.............!..w...x.Fd1.8...pG.......gb...........DXTZ..G.,.8P.-]......D2...5.y...f].(:......6.D.]veh..q...y..../K.....1...Jk..$........n.*hX.H=.):....1R.......+~...2..;...

                Chrome Cache Entry: 74

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (1382)
                Category:downloaded
                Size (bytes):17945
                Entropy (8bit):5.330388445341784
                Encrypted:false
                SSDEEP:
                MD5:3B071D5606CC1CF92AE307F5BDB4E540
                SHA1:E191068CC90E5489130489A1CF173FE50BBA28B8
                SHA-256:FF3DE130872FE0FB5B770DFA2BC9F0DAF8AB320403A34A60D089436F08D24F99
                SHA-512:8A1287D7528B2B65D61D6E0A639F2CBE5658AFC3EDB5E2AF9494E8CC876AA6C8060A55D3BD4AA85A0B3B82733E64F7F7A6B4A5F2597FD99FD37136A83A6BBCAD
                Malicious:false
                Reputation:unknown
                URL:https://tpc.googlesyndication.com/sodar/sodar2.js
                Preview:(function(){'use strict';function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var k=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var n=ba(this),p=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",r={},u={};function w(a,b,c){if(!c||a!=null){c=u[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}}.function x(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var g=d[0],f;!a&&g in r?f=r:f=n;for(g=0;g<d.length-1;g++){var e=d[g];if(!(e in f))break a;f=f[e]}d=d[d.length-1];c=p&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?k(r,d,{configurable:!0,writable:!0,value:b}):b!==c&&(u[d]

                Chrome Cache Entry: 75

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (32027)
                Category:dropped
                Size (bytes):107790
                Entropy (8bit):5.617801374831913
                Encrypted:false
                SSDEEP:
                MD5:5EE9E0776F546C58891989E14C61B600
                SHA1:A87A5C3711C44C1318D680C0D45B55BAF87C62B3
                SHA-256:09E84AA0B2955D370F2AA763610894FA62E7D9B2F11E678F84393F9AC7CA58B5
                SHA-512:B332AD5F2465874C11245B3E23A2F345226DE4717F985FC1C734085DE911DCAD14AE4D3E6D3440170A898DE46F47508D276148858074D99D8909358F6D81149C
                Malicious:false
                Reputation:unknown
                Preview:(function(sttc){var window=this;if(window.googletag&&googletag.evalScripts){googletag.evalScripts();}if(window.googletag&&googletag._loaded_)return;var n,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");},da=ca(this),ea=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",t={},fa={},v=function(a,b,c){if(!c||a!=null){c=fa[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}},w=function(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in t?f=t:f=da;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))brea

                Chrome Cache Entry: 76

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:gzip compressed data, from Unix, original size modulo 2^32 3304
                Category:downloaded
                Size (bytes):1264
                Entropy (8bit):7.8497922579386765
                Encrypted:false
                SSDEEP:
                MD5:8B137EEB7A93A5AC0915764A95BDD6FB
                SHA1:455A4956EE76C1F563D4C6DF8E115EFD65DDC502
                SHA-256:EA84B3B39A0AE82486BF6EFDEAAE6FFFBBD26D0F7B3FEE91BC471D4F2269FCE0
                SHA-512:053AD545710EE79A69F7C32008C530B4BA040BB86716A1BD588E1CFAF3BFC97E55987974482C608003F141B718FECFB797786579DD7FD98B84A779362E358831
                Malicious:false
                Reputation:unknown
                URL:http://passback.free.fr/pub/pp_120x600.html
                Preview:...........W.n.H..M...$..v..!m.P5.4.J..%._.....4..;3..<P../....l..j.*R.1....w......u..C.6...#.....g1W.....S.."...{ 3oi...O.#....^...W._..=O..j...H.y...I(cq..<|..$.3.|.c....?.G.b.U....\.,e=6.......G.;......7...v....L.=..<......e..s........p.....].#)...}v..pr....~..(..!.y.!,..25...J%".K.Vx1N....b1..~jL..=o6...)'..>..D...d...U{.._......g....d.!.|..|..._..[Ch." .....^.AL...?.QZI.sH@q.B.f,.Mc<..a.)$`fR..E8....^.sxx.:.r.)..#\......R.a.'.SPZ.g0...S.Q.....k%.....:.F.......4.S{.w..O.Ve\.4.a...`v....2.q.d}zy..........B.Q.h\z....l4....o...M.....7;...`.........;..2.(...2./84@]..~sV..........eRM..7+U....v...l..#..,w.T..Y.......9..@..}..A.F<......x..%/...V.....Q.7..-.K....0TR.hMx.m....qZ[v..y..5.:..s......m.R[.U......h........8....i....l.C..8R<........Pk....%..<j.O.Rm..KXj.~..?..};..X....Z}..l..........N...B.Q..P.....P...f.l......mT..Y..m ....>....;$'rs.KH(.5:..........z....,..;.:+b<.X..x=)......e.5 ...z..q.(e:C.....q.T4O.....Y..E....R.Ny.G

                Chrome Cache Entry: 77

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (32027)
                Category:downloaded
                Size (bytes):108595
                Entropy (8bit):5.623237520169202
                Encrypted:false
                SSDEEP:
                MD5:BC3BBD6FA509423641A60FD366216338
                SHA1:AFB751BB5F358F5A9D1128122CA813D0CC1D9D4F
                SHA-256:04D5F5023C49E04A5F9C28FF3A7EB0718B300254248777B263898C9D1D59F82A
                SHA-512:C5E61565C080E20BA7138F795D143172F2CB3DDCA45F8F839B91F35FDD3993EB633CDD290284644FA7DBB567E8BA9EABD803D27E9AB34B26B01807AE903C7759
                Malicious:false
                Reputation:unknown
                URL:https://www.googletagservices.com/tag/js/gpt.js
                Preview:(function(sttc){var window=this;if(window.googletag&&googletag.evalScripts){googletag.evalScripts();}if(window.googletag&&googletag._loaded_)return;var n,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");},da=ca(this),ea=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",t={},fa={},v=function(a,b,c){if(!c||a!=null){c=fa[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}},w=function(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in t?f=t:f=da;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))brea

                Chrome Cache Entry: 78

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text, with very long lines (5657)
                Category:downloaded
                Size (bytes):6162
                Entropy (8bit):5.599076700545423
                Encrypted:false
                SSDEEP:
                MD5:6AAAF8E11A32FD37FB419E3A4CE9696C
                SHA1:1FD88F2EE4DE5422E0C344DEBEFE3F2B5ABB2592
                SHA-256:468959E93F9B4E6F07C6A8F8D0E93D8FCB37D76A8615A93EC153F5842247BA99
                SHA-512:748B27BDB7C7FA082D7BE6C69F56DC33302105784391320A5CF960531C594097BC406FD3F4690E4CF74F4016F4D56804A4296E9BD885562EB66699E1318F7000
                Malicious:false
                Reputation:unknown
                URL:https://694cee689938c0cd433987a04dadb15e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
                Preview:<!DOCTYPE html>.<html>. <head>. <meta charset="UTF-8">. <title>SafeFrame Container</title>. <script>.(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var f=this||self,h=function(a){return a};var n=function(a,b){this.h=a===l&&b||"";this.g=m},p=function(a){return a instanceof n&&a.constructor===n&&a.g===m?a.h:"type_error:Const"},m={},l={};var r=void 0;/*.. SPDX-License-Identifier: Apache-2.0.*/.var t,aa=function(){if(void 0===t){var a=null,b=f.trustedTypes;if(b&&b.createPolicy){try{a=b.createPolicy("goog#html",{createHTML:h,createScript:h,createScriptURL:h})}catch(c){f.console&&f.console.error(c.message)}t=a}else t=a}return t};var ca=function(a){this.g=ba===ba?a:""};ca.prototype.toString=function(){return this.g+""};var ba={},da=function(a){var b=aa();a=b?b.createScriptURL(a):a;return new ca(a)};var ea={},u=function(a,b){this.g=b===ea?a:""};u.prototype.toString=function(){return this.g.toString()};var ha=function(){var a=v,b={messa

                Chrome Cache Entry: 80

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JSON data
                Category:downloaded
                Size (bytes):17046
                Entropy (8bit):6.015567229797348
                Encrypted:false
                SSDEEP:
                MD5:9E0653CDF3694AA39D89F863F5C42410
                SHA1:6D6159AA96E6BE94B59384971DB006BC4A012431
                SHA-256:EB29807FA8E624B312D067D61651220967876F0C3B9425B2D56E9D5D1A9D0D0C
                SHA-512:76EB4958E7737262524FFC4FD8A141B422B2AC0239EA40A85F7CCE2236CC16040D2E18019E70F5C04FE7F4A3C68BDA9870BEA9786C7EC1E9DD6108495478576C
                Malicious:false
                Reputation:unknown
                URL:https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202409260101&st=env
                Preview:{"sodar_query_id":"iIL8ZoPcMK2t9u8Pz-aDgA4","injector_basename":"sodar2","bg_hash_basename":"Devx3hDm0MKrWP67astUL3hHWU-k2AcPhnVtcQeFvnY","bg_binary":"qGlniISirMPTV1hntqE6fBN8Hv4NRC4Ypt10b+/SizcdGXwnBGqJAWab83BjwWkUkkmFTpx99TLoqCw3tNB043SyYk3rmru42VhLIAbhan+4paGVmTd2+PEmJ28ME63EYhyqmwMfTdiKT8rXlvhMBAXv9PD/oxhsMoxcEM59Js32YK9++kROmG4NZS79leYhz6Duk4RPQPq2KMKlzWM5Cng2tFnAGFbhyGYVdhoxBjiJP/nqeNy5DCxwNXErgNiUP7Ydjr2/wHAbleR7t+SYE3EtHC7q/R7aCj6im4l+AkhWNNd3ClwPkixDNy5+NLL6OFc7LuiDsYviMJBHw6H5pdvPWRkuwUAw5xOupUKmnYhtEWjFVogXfVlIXBAKPptxQECMTs9cOcIhhWIx5Me9LdXf6s+Z9d3ClTxYK6Mvm0WWEqxqhy8z9bQJfoSEE+LlQmEPAwiFeLJ59wuus44dt7yr5bmDZHb4SOjrCe3PxBATNJz5ELdw5nCF0pQn4N3z+P3R1r01lpIPlx1uaWR3GmpMGUGadnL60Rn6xYnWAWRZkBKdOMRu9WxBStTmZSnq1rfC9ZDUNKI36Ym3LtmHlVFMnWZoCXUUUo012YSEs96fVPeL90kwteK/OtDhuVzcqJ0/iHiD1SVSFSY0VO5XmIVnk403dkvHmTWsFfzD4hzQE/I2Xliog2LjRN3no1x+3pW0x5j5SoBIGCh9nxj/tEX/BuUasCqYWruXJmfW9P+ZTTS7mmahwfDRu+Pet3nm+MocxmWzhbCgvlZnfDQh1cGRa/ug/LaOAnYZy6o9pxqYKN2/v5+TFYYzPR2vdi6PyUYAoesF6OR1jM8na

                Chrome Cache Entry: 81

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (64561)
                Category:dropped
                Size (bytes):489262
                Entropy (8bit):5.507637646851932
                Encrypted:false
                SSDEEP:
                MD5:5486E95F576CF8FA4252E907DDD4335F
                SHA1:0600338B0626BDE9CA988A26ABA680662B40768F
                SHA-256:9A373AE6214168509DC4FE047F320B9D27BD87ED907D66806CE9B865CA55042A
                SHA-512:F2A9F0B8CC67259FEE0BD4770AAF1AA7FC28F8E30AD7D5919636F5DCF0EFCCBC29D7CC55FC6E0C86D4C5BC8434DAAC34F065595E72A9B91D17D29F489D66866D
                Malicious:false
                Reputation:unknown
                Preview:(function(_){/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ ./* . . Copyright Google LLC . SPDX-License-Identifier: Apache-2.0 .*/ ./* . . . Copyright (c) 2015-2018 Google, Inc., Netflix, Inc., Microsoft Corp. and contributors . Licensed under the Apache License, Version 2.0 (the "License"); . you may not use this file except in compliance with the License. . You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software . distributed under the License is distributed on an "AS IS" BASIS, . WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. . See the License for the specific language governing permissions and . limitations under the License. .*/ ./* . .Math.uuid.js (v1.4) .http://www.broofa.com .mailto:robert@broofa.com .Copyright (c) 2010 Robert Kieffer .Dual licensed under the MIT and GPL licenses. .*/ .var ba,da,ia,ua,xa,Aa,Ia,

                Chrome Cache Entry: 82

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):16958
                Entropy (8bit):6.017443865928516
                Encrypted:false
                SSDEEP:
                MD5:7786384B31000EB1173B3CB5FF698A4E
                SHA1:583CB5AABDE49477204AA6BDD1302CDDE9EA8574
                SHA-256:F7463BFAE62ABD5A29EC3B8482D0AFF827CB57D70BBF27DFA80A860A661AE65D
                SHA-512:7AB1ECBCB05734DD29688EE0FE4A7EE0E5995062018CAC7483414B55BB1349711E086E63504132041DE0D4E6B28A5ED848C96713C63E224F780F7A3A370B16B3
                Malicious:false
                Reputation:unknown
                Preview:{"sodar_query_id":"iYL8ZpOUMLWl9u8PzqqtiQ4","injector_basename":"sodar2","bg_hash_basename":"Devx3hDm0MKrWP67astUL3hHWU-k2AcPhnVtcQeFvnY","bg_binary":"qGlYR0SW0KSEX+vTSxIvaDp3rYfPIguio9wbSA0Lvj4Yu3NexjvSubp3q4yC7WKeukqLvHMbztAuu+rP5HLvYXZ16wHXdFpKgaPY5TiSdsqhdOV4gKzQ5q0WnObtHKtzNCe8B1JyoR6UwrLUT9aYzq0eSnr3rfdhIvXDeT0MqjnJrmMpYfYyvvwgjdDPjFpAzafd9LQegAGy4JK/cMtpUWN2x2oWQvYS9mImrgvmLrTIYi0V5ogjRnBXtNm4G+0Q0aZeusSdLpm8DWR91pe7B8CbGSwoiSVH1Ha9pZfy/oc2PIe0zzeghQPzzAMlDubdFbFxuawS+Q48+53O1mfuLbw4PpNZrJyIu2+fp5C5+O1I0qfp5rYjy/C4coHI3k4//K0B276ZqesHHfUEpBQ5euAgd/1uAIIVJjuAUzCLO3P7t98K32z6EVnu3EAiTzJeDfyEGUAzW+NTAAhAAJpmJ1ZfcODsaXFAyCQKRhO1xhjyrjdj6CVYDrZtxnWmW6UtY7HGQwmtIPnZLMqgk1GPpKKV82WTVFE8ZKO8mlhMjcQhPjUszeh5s4bTej3xQcUJj9tqmNAAQJ1Uas9CayIht/5AJcOaYJFf/DFaSXa2N88Dis1iawZypdKyk+pmzrw4vnEsJAWdHYQJS5Cn5OmF56toZXIBA2v7qs8o1C5Z9KPMzeFXY5W9OyXgCzk1FWgkqL4sVCG3SKxQAJqP3KPKkJ9H9jh/zk7ivPdGA1YUdn/RqtEl7LRrif1FaqKChdyfjKBq2FUpu9NvLOKDizFAPenbmtzMTRRyd1Bft9mTYuM/QOyKAO6hng+K6X3QQpVFb3brZZlI/KadGgPZc

                Chrome Cache Entry: 84

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (52915)
                Category:dropped
                Size (bytes):54181
                Entropy (8bit):5.682167594635107
                Encrypted:false
                SSDEEP:
                MD5:ACBCBB660EBC92A6766BA72457065851
                SHA1:7BC2CA2EA734A0490E24D745C0F1AF580B3521F5
                SHA-256:0DEBF1DE10E6D0C2AB58FEBB6ACB542F7847594FA4D8070F86756D710785BE76
                SHA-512:D0806361CFE8DFE79A8BA2493ED304B4DAE01F61C6E773A9B91B12CAB4E040226CEE1E6A436D56D2BDABF6E9F78B8A7A9EF1C7BD612A5DA86B742638C253E341
                Malicious:false
                Reputation:unknown
                Preview://# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjogMywic291cmNlcyI6WyIiXSwic291cmNlc0NvbnRlbnQiOlsiICJdLCJuYW1lcyI6WyJjbG9zdXJlRHluYW1pY0J1dHRvbiJdLCJtYXBwaW5ncyI6IkFBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEifQ==.(function(){function g(e){return e}var x=function(e){return g.call(this,e)},Z=function(e,J,K,U,n,Y,E,F,I,S,h,d){for(h=(S=89,J);;)try{if(S==11)break;else{if(S==U)return h=J,F;if(S==98)return F;S==33?(c.console[n](d.message),S=U):S==e?(h=e,F=I.createPolicy(Y,{createHTML:x,createScript:x,createScriptURL:x}),S=U):S==89?(F=E,I=c.trustedTypes,S=42):S==K?(h=J,S=17):S==42?S=I&&I.createPolicy?e:98:S==17&&(S=c.console?33:U)}}catch(l){if(h==J)throw l;h==e&&(d=l,S=K)}},c=this||self;(0,eval)(function(e,J){return(J=Z(53,77,26,19,"error","bg",null))&&e.eval(J.createScript("1"))===1?function(K){return J.createScript(K)}:function(K){return""+K}}(c)(Array(Math.random()*7824|0).join("\n")+['//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW

                Chrome Cache Entry: 85

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JSON data
                Category:downloaded
                Size (bytes):861
                Entropy (8bit):5.306680628536177
                Encrypted:false
                SSDEEP:
                MD5:69E31A61FC960BC076671A401AB5DED3
                SHA1:DE0B4B72DA7AC9F6B50B33C8151C9087EC42E34D
                SHA-256:46807D9E79A08CF5CE8980EA9D1D0AE6FB9A66DF3F2EB0B49B6D65683CABC8BA
                SHA-512:1FACEC9B3ADC24D23E891FC9A6916A6FE4EDED2A113D8B13A024A4546F83356455495234236CC221ED63CF77B009B6DFC64C3390C9A2DF5341E2949D50343A74
                Malicious:false
                Reputation:unknown
                URL:https://securepubads.g.doubleclick.net/gampad/ads?pvsid=484293759234835&correlator=1125198604124670&eid=31087357%2C31087482&output=ldjh&gdfp_req=1&vrg=202409260101&ptt=17&impl=fifs&iu_parts=22336046%2C03_lowcost_pagesperso_web%2Crg_sky&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=120x600&ifi=1&sfv=1-0-40&eri=1&sc=0&cookie_enabled=1&abxe=1&dt=1727824517520&lmt=1507733879&adxs=580&adys=0&biw=1280&bih=907&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&u_tz=-240&bc=23&nvt=1&url=http%3A%2F%2Fpassback.free.fr%2Fpub%2Fpp_120x600.html&vis=1&psz=1280x907&msz=1280x0&fws=0&ohw=0&dlt=1727824514762&idt=2717&prev_scp=pos%3Ddroite-sky%26ad_group%3Dad_ex1&cust_params=env%3Dprod&adks=837864984&frm=20&eoidce=1
                Preview:{"/22336046/03_lowcost_pagesperso_web/rg_sky":["html",0,null,null,0,600,120,1,0,null,null,null,null,[["ID=fac9742ac38abd4b:T=1727824518:RT=1727824518:S=ALNI_MZiSqTSUf10e2gN-_P259ddO3PATg",1761520518,"/","free.fr",1],["UID=00000f00ca34939c:T=1727824518:RT=1727824518:S=ALNI_MZ0AjOucsSCcIPRdnboCHwerZv__Q",1761520518,"/","free.fr",2]],null,null,null,null,null,null,null,null,null,null,null,0,null,null,null,null,null,null,"AOrYGslXqzWxZnMwa10HhsoG5C0a","CPf5tfWn7ogDFSiqgwcdiFcKrw",null,null,null,null,null,null,null,null,null,null,null,null,null,null,"1",null,null,null,null,null,null,null,null,null,null,null,"AA-V4qNur3t32F6Z944C70OyXgDqRAWS8SXRI7ys5b2EGskecDHTxS-D9x2Nqzwt2JsHzuXEqF09BIby8xfbWrXrgalS5AccrP6O4HPpS_E",null,null,1,null,null,null,[["ID=d80c6368ea5d1935:T=1727824518:RT=1727824518:S=AA-AfjbnLg2keJ8qjLMuJqLszD66",1743376518,"/","free.fr"]],[]]}..

                Chrome Cache Entry: 87

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):29098
                Entropy (8bit):6.238185890178726
                Encrypted:false
                SSDEEP:
                MD5:FFFC6ED7100858178BD7F7951867344F
                SHA1:5B7A9765CDA75A69D128A6222D3D951383D26BC4
                SHA-256:D51F684E4CB0B1447AA259B860C8F32841E9E4FE679A27C215A2EFC8C42686F8
                SHA-512:36224A9FBB7F3DCB80150632CA930D9F5094D60EC568694AF99FEF9B00E66049D479B3685F129387B060178CD0B191AB5DD6658611D3F0A1D18E46BBA1C5CF82
                Malicious:false
                Reputation:unknown
                Preview:{"/22336046/03_lowcost_pagesperso_web/rg_sky":["html",0,null,null,1,600,120,0,1,null,null,1,1,[["ID=e1e53c5e52ea53ac:T=1727824520:RT=1727824520:S=ALNI_MbPQyxnONGKRD9Pa4i0GWe7E6aTiA",1761520520,"/","free.fr",1],["UID=00000f00c9d2854c:T=1727824520:RT=1727824520:S=ALNI_MbFZx4Xlf5SVde2KWNBvCtU8EnjUQ",1761520520,"/","free.fr",2]],[138448339594],[4512032051],[4432117583],[2140358844],[331528],null,null,null,null,null,null,1,null,null,null,null,null,null,null,"CLm3rfan7ogDFR6qgwcdAqYLPg",null,null,null,null,null,null,null,null,null,null,null,null,null,null,"1",null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,[["ID=a7b91609c2ca8582:T=1727824520:RT=1727824520:S=AA-AfjYRXoYzWEl42EKk1S26yGkB",1743376520,"/","free.fr"]],[]]}.<!doctype html><html><head><script>var jscVersion = 'r20240930';</script><script>var google_casm=[];</script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><div class="GoogleActiveViewInnerContainer"id="avic_CLm

                Chrome Cache Entry: 88

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text, with very long lines (2008)
                Category:downloaded
                Size (bytes):13020
                Entropy (8bit):5.338335125035746
                Encrypted:false
                SSDEEP:
                MD5:D1F231B50B152372A6C3100F4AED1973
                SHA1:1BF10951BE06DA03D1371A904E19C0419F2A3637
                SHA-256:9DEC95894AF322B087AB6E87F9C8CE66D849646CF33B375D33C957F4569ED081
                SHA-512:00093B7FC4AFFA2D2230622F5D7DA69730246B74620AD4DE30AC64E41FB9AC927AFD2AB426034D71DC85A3DFEE9A46E73DF48DA7E2636A54579EA9AAAC4CAFF6
                Malicious:false
                Reputation:unknown
                URL:https://tpc.googlesyndication.com/sodar/sodar2/232/runner.html
                Preview:<!DOCTYPE html>.<meta charset=utf-8><script>.(function(){'use strict';function m(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var p=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function aa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=aa(this),u=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",v={},w={};function x(a,b,c){if(!c||a!=null){c=w[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}}.function y(a,b,c){if(b)a:{var e=a.split(".");a=e.length===1;var f=e[0],h;!a&&f in v?h=v:h=r;for(f=0;f<e.length-1;f++){var d=e[f];if(!(d in h))break a;h=h[d]}e=e[e.length-1];c=u&&c==="es6"?h[e]:null;b=b(c);b!=null&&(a?p(v,e,{config

                Static File Info

                No static file info