Edit tour

Windows Analysis Report
https://post.spmailtechnolo.com/f/a/_lofmEJxq-9IHF0jCEccBA~~/AAMCAAA~/RgRo3YvnP4QNAWh0dHBzOi8vdHgyMTF0aXJuLmNvbW11bml0eW9zLm9yZy9SVU0tUHVibGljLVJldmlzaW9uL3JlbmRlci9pZC8yNzM0L2Zvcm0vc2VydmljZS9yZWNvcmRfaWQvNzg2My9yZXZ0L201ajhYV200emxUQWNwV3doeHpzMkZRRkppaldMMCI-aHR0cHM6Ly90eDIxMXRpcm4uY29tbXVuaXR5b3

Overview

General Information

Sample URL:	https://post.spmailtechnolo.com/f/a/_lofmEJxq-9IHF0jCEccBA~~/AAMCAAA~/RgRo3YvnP4QNAWh0dHBzOi8vdHgyMTF0aXJuLmNvbW11bml0eW9zLm9yZy9SVU0tUHVibGljLVJldmlzaW9uL3JlbmRlci9pZC8yNzM0L2Zvcm0vc2VydmljZS9yZWNvcm
Analysis ID:	1524991

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1240 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 1276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2004,i,2471392358425296274,1568532972936169098,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6372 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://post.spmailtechnolo.com/f/a/_lofmEJxq-9IHF0jCEccBA~~/AAMCAAA~/RgRo3YvnP4QNAWh0dHBzOi8vdHgyMTF0aXJuLmNvbW11bml0eW9zLm9yZy9SVU0tUHVibGljLVJldmlzaW9uL3JlbmRlci9pZC8yNzM0L2Zvcm0vc2VydmljZS9yZWNvcmRfaWQvNzg2My9yZXZ0L201ajhYV200emxUQWNwV3doeHpzMkZRRkppaldMMCI-aHR0cHM6Ly90eDIxMXRpcm4uY29tbXVuaXR5b3Mub3JnL1JVTS1QdWJsaWMtUmV2aXNpb24vcmVuZGVyL2lkLzI3MzQvZm9ybS9zZXJ2aWNlL3JlY29yZF9pZC83ODYzL3JldnQvbTVqOFhXbTR6bFRBY3BXd2h4enMyRlFGSmlqV0wwPC9hVwNzcGNCCmb45wb7ZhFOc6hSGHNhZGFtc0Bsb25ndmlld3RleGFzLmdvdlgEAAAARg" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.0:443 -> 192.168.2.17:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.140:443 -> 192.168.2.17:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.116.253.168:443 -> 192.168.2.17:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.116.253.168:443 -> 192.168.2.17:49820 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200

Source: global traffic	DNS traffic detected: DNS query: post.spmailtechnolo.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ogs.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.0:443 -> 192.168.2.17:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.140:443 -> 192.168.2.17:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.116.253.168:443 -> 192.168.2.17:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.116.253.168:443 -> 192.168.2.17:49820 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@18/37@16/217

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2004,i,2471392358425296274,1568532972936169098,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://post.spmailtechnolo.com/f/a/_lofmEJxq-9IHF0jCEccBA~~/AAMCAAA~/RgRo3YvnP4QNAWh0dHBzOi8vdHgyMTF0aXJuLmNvbW11bml0eW9zLm9yZy9SVU0tUHVibGljLVJldmlzaW9uL3JlbmRlci9pZC8yNzM0L2Zvcm0vc2VydmljZS9yZWNvcmRfaWQvNzg2My9yZXZ0L201ajhYV200emxUQWNwV3doeHpzMkZRRkppaldMMCI-aHR0cHM6Ly90eDIxMXRpcm4uY29tbXVuaXR5b3Mub3JnL1JVTS1QdWJsaWMtUmV2aXNpb24vcmVuZGVyL2lkLzI3MzQvZm9ybS9zZXJ2aWNlL3JlY29yZF9pZC83ODYzL3JldnQvbTVqOFhXbTR6bFRBY3BXd2h4enMyRlFGSmlqV0wwPC9hVwNzcGNCCmb45wb7ZhFOc6hSGHNhZGFtc0Bsb25ndmlld3RleGFzLmdvdlgEAAAARg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2004,i,2471392358425296274,1568532972936169098,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
post.spmailtechnolo.com	52.38.152.211	true	false	unknown
www3.l.google.com	142.250.185.142	true	false	unknown
plus.l.google.com	142.250.186.110	true	false	unknown
play.google.com	142.250.181.238	true	false	unknown
www.google.com	142.250.184.228	true	false	unknown
ogs.google.com	unknown	unknown	false	unknown
apis.google.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.195	unknown	United States	15169	GOOGLEUS	false
142.250.185.67	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.186.36	unknown	United States	15169	GOOGLEUS	false
172.217.18.14	unknown	United States	15169	GOOGLEUS	false
216.58.206.67	unknown	United States	15169	GOOGLEUS	false
52.38.152.211	post.spmailtechnolo.com	United States	16509	AMAZON-02US	false
172.217.18.3	unknown	United States	15169	GOOGLEUS	false
142.250.185.110	unknown	United States	15169	GOOGLEUS	false
142.250.185.170	unknown	United States	15169	GOOGLEUS	false
142.250.181.238	play.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.174	unknown	United States	15169	GOOGLEUS	false
142.250.185.142	www3.l.google.com	United States	15169	GOOGLEUS	false
142.250.186.110	plus.l.google.com	United States	15169	GOOGLEUS	false
64.233.184.84	unknown	United States	15169	GOOGLEUS	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false
142.250.185.74	unknown	United States	15169	GOOGLEUS	false
142.250.186.99	unknown	United States	15169	GOOGLEUS	false
142.250.184.202	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524991
Start date and time:	2024-10-03 15:08:25 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://post.spmailtechnolo.com/f/a/_lofmEJxq-9IHF0jCEccBA~~/AAMCAAA~/RgRo3YvnP4QNAWh0dHBzOi8vdHgyMTF0aXJuLmNvbW11bml0eW9zLm9yZy9SVU0tUHVibGljLVJldmlzaW9uL3JlbmRlci9pZC8yNzM0L2Zvcm0vc2VydmljZS9yZWNvcmRfaWQvNzg2My9yZXZ0L201ajhYV200emxUQWNwV3doeHpzMkZRRkppaldMMCI-aHR0cHM6Ly90eDIxMXRpcm4uY29tbXVuaXR5b3Mub3JnL1JVTS1QdWJsaWMtUmV2aXNpb24vcmVuZGVyL2lkLzI3MzQvZm9ybS9zZXJ2aWNlL3JlY29yZF9pZC83ODYzL3JldnQvbTVqOFhXbTR6bFRBY3BXd2h4enMyRlFGSmlqV0wwPC9hVwNzcGNCCmb45wb7ZhFOc6hSGHNhZGFtc0Bsb25ndmlld3RleGFzLmdvdlgEAAAARg
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	24
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@18/37@16/217

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 64.233.184.84, 142.250.185.174, 34.104.35.123, 142.250.184.195, 142.250.185.74, 172.217.16.202, 216.58.206.74, 142.250.186.138, 142.250.185.234, 142.250.186.42, 172.217.18.10, 142.250.185.106, 142.250.184.234, 142.250.184.202, 142.250.185.202, 142.250.185.138, 142.250.186.106, 142.250.186.74, 142.250.185.170, 172.217.18.106, 216.58.206.67, 216.58.212.138, 172.217.23.106, 216.58.206.42, 172.217.16.138, 142.250.181.234, 142.250.186.170, 142.250.186.99
Excluded domains from analysis (whitelisted): ssl.gstatic.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, fonts.gstatic.com, clientservices.googleapis.com, ogads-pa.googleapis.com, clients.l.google.com, www.gstatic.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://post.spmailtechnolo.com/f/a/_lofmEJxq-9IHF0jCEccBA~~/AAMCAAA~/RgRo3YvnP4QNAWh0dHBzOi8vdHgyMTF0aXJuLmNvbW11bml0eW9zLm9yZy9SVU0tUHVibGljLVJldmlzaW9uL3JlbmRlci9pZC8yNzM0L2Zvcm0vc2VydmljZS9yZWNvcmRfaWQvNzg2My9yZXZ0L201ajhYV200emxUQWNwV3doeHpzMkZRRkppaldMMCI-aHR0cHM6Ly90eDIxMXRpcm4uY29tbXVuaXR5b3Mub3JnL1JVTS1QdWJsaWMtUmV2aXNpb24vcmVuZGVyL2lkLzI3MzQvZm9ybS9zZXJ2aWNlL3JlY29yZF9pZC83ODYzL3JldnQvbTVqOFhXbTR6bFRBY3BXd2h4enMyRlFGSmlqV0wwPC9hVwNzcGNCCmb45wb7ZhFOc6hSGHNhZGFtc0Bsb25ndmlld3RleGFzLmdvdlgEAAAARg

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 12:08:56 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.980401498451308
Encrypted:	false
SSDEEP:
MD5:	14D8BB45A3CA559A89506B1CA190AFAF
SHA1:	611B4D4360A7C7617F3F95C94678ECAA1E860F08
SHA-256:	DB8AAC5B4129EF1D199B67D315B9A55F0ED96840C3759F5E3E82CF3A2A10F3F4
SHA-512:	5ECEA4F2E40EECA8296B91320F6AAE7E34B6BA345227B2B2AB1217C97D378D121B27AFD5FA49F7189615B6173CF35BD3C122B08362F29B384BC6287DE15B9FDD
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....88g........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ICY.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.i....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VCY.i....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VCY.i...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VCY.i...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........E.r......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 12:08:56 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9953205277067525
Encrypted:	false
SSDEEP:
MD5:	C112CAACEA1D831BDDF94D30C56318CE
SHA1:	2331223863991713AE4394974C9308F19E72525A
SHA-256:	733B6C5314E52072C82C0B24EC6F8B695F4B330512090FA2BA951DDBC122F164
SHA-512:	D9415B98E879B250DC460E8618DA865D107573817A1C8A8217DECD4E054ABB4EC1688F30D5445F46FD9CEF85A06CC8D520EF6500D4E797AAD47F1BE513A17DD7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....l.g........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ICY.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.i....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VCY.i....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VCY.i...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VCY.i...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........E.r......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.007892443934022
Encrypted:	false
SSDEEP:
MD5:	80ADFCC3C247C2F53D170D5D3986687C
SHA1:	D4578D3B59F5FA535ECC3A114DA6534CD525BF97
SHA-256:	8F40C0F40938323D03B093E79F3DAE674F44755A267E360BE05E3157A0A7CF6E
SHA-512:	FB1F0C7E538228FE057477E3D64AD65CC98DC3DCA4546C7D60CBAE3FAA7B97E8AE4B4A4102C5417E89AD5334E3C2AAB8FD243B3D67EF1CC9D04BB3E8CE6F65DF
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ICY.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.i....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VCY.i....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VCY.i...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........E.r......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 12:08:56 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9947577655277255
Encrypted:	false
SSDEEP:
MD5:	471F7C1F30F21D7B4CB2859A625A34F1
SHA1:	F108FCADD7C7BC4D289A63A437773F9340AB5628
SHA-256:	74DB1C40AFFA960D0E622AE5BA2BA9C94DF490ADAEF97549D55ADBA03DBAA8AB
SHA-512:	777D476D6D52BF5AC4E0A5DE9CDC1FE14518851D294BB6CBCBC15D939CD825427C6A02EA9FBF02108F43C484C0C085BEB7BADD2CD3A4A22E1AA9D650794EA13F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......$g........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ICY.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.i....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VCY.i....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VCY.i...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VCY.i...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........E.r......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 12:08:56 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.982133796017298
Encrypted:	false
SSDEEP:
MD5:	AD005219599173570F3CF762BBC35FE7
SHA1:	6746A27C326C95BE1C0994FA2BC8BE0742B7CDF4
SHA-256:	059D44B40B97A07531768574FF3B8B07CE466AA522F3CE94ECA72A2AF7C4AFBF
SHA-512:	EA233C15F606879CF16F8FD4F9131190134C3D98CECC849C8BD5FEEB0BD8510BCB07BBEEA003622F906EBCEC5FC6E129A9155C01359D16E001AAA318FDD5A328
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....?.1g........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ICY.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.i....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VCY.i....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VCY.i...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VCY.i...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........E.r......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 12:08:56 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.992129601116083
Encrypted:	false
SSDEEP:
MD5:	230EF261ACDC81C33D573F9A2DE5C2F6
SHA1:	870ED75C61C33535D88D83D5CD2B9ECBE82F1538
SHA-256:	FBE0446EC8B3EED0B882F2DCD531D23B9FAF996BA36F15E4475A4383F0C5EEA4
SHA-512:	7E75B33FD9BE6060D179462803D86DD6F36D752A35E081BF3651985626C8DF7E4C488FBAC1F2D0C4906FB2E3767FC27AE148F0AF4C447F5BE939B7FA8B258F5A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....3..g........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.ICY.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.i....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VCY.i....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VCY.i...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VCY.i...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........E.r......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (736)
Category:	downloaded
Size (bytes):	3516
Entropy (8bit):	5.552055740061078
Encrypted:	false
SSDEEP:
MD5:	BDF45A6BA57F872963259DA69256A45E
SHA1:	0F6328EA074F20F841EF27871D04F7A61ABFC580
SHA-256:	89474426B70726A283415671A654B2B74E2C9999CAD67BCC2F072856621BC05B
SHA-512:	F35AC64D7D4923B848145FE487BB4E7A93A29C81E6B2BEDE806691D21145B648CC968961E23CEB328AA0DC4D0D6FF2CCD128DBDCAC15461A8AA713F12479F6D7
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.OlyLa8GkuaI.es5.O/ck=boq-one-google.OneGoogleWidgetUi.-thgPwNVrLw.L.B1.O/am=IEAwYGw/d=1/exm=A1yn5d,A7fCU,BVgquf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,P6sQOc,PrPYRd,QIhFr,RMhBfe,RqjULd,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ug7Xab,Ulmmrd,V3dDOb,XVMNvd,Z5uLle,ZDZcre,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,ebZ3mb,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,yYB61,zbML3c,zr1jrb/excm=_b,_tp,calloutview/ed=1/wt=2/ujg=1/rs=AM-SdHsBZGUsqOLkp1tQbc4AdY2xMI9Jeg/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._.q("Wt6vjf");.var Mz=function(a){this.ta=_.y(a,0,Mz.mb)};_.G(Mz,_.C);Mz.prototype.Xa=function(){return _.xl(this,1)};Mz.prototype.oc=function(a){_.Jl(this,1,a)};Mz.mb="f.bo";var Nz=function(){_.Vo.call(this)};_.G(Nz,_.Vo);Nz.prototype.ab=function(){this.Yq=!1;Oz(this);_.Vo.prototype.ab.call(this)};Nz.prototype.j=function(){Pz(this);if(this.lk)return Qz(this),!1;if(!this.js)return Rz(this),!0;this.dispatchEvent("p");if(!this.np)return Rz(this),!0;this.ao?(this.dispatchEvent("r"),Rz(this)):Qz(this);return!1};.var Sz=function(a){var b=new _.tu(a.yx);a.bq!=null&&b.j.set("authuser",a.bq);return b},Qz=function(a){a.lk=!0;var b=Sz(a),c="rt=r&f_uid="+_.Xl(a.np);_.Aq(b,(0,_.E)(a.l,a),"POST",c)};.Nz.prototype.l=function(a){a=a.target;Pz(this);if(_.Hq(a)){this.fn=0;if(this.ao)this.lk=!1,this.dispatchEvent("r");else if(this.js)this.dispatchEvent("s");else{try{var b=_.Iq(a),c=JSON.pars

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10093), with no line terminators
Category:	downloaded
Size (bytes):	10093
Entropy (8bit):	5.302847362869835
Encrypted:	false
SSDEEP:
MD5:	D65E709854C32D756DA316B7FC68A1E0
SHA1:	587C7A88CBC46322868C4BC8F37DDFB0AB2369EE
SHA-256:	FAD93AA382237DA388873AA1288FE98D5BC7774C753ADB9D8A685BB91EED4670
SHA-512:	BCD132EECF608BD77E8780C4A6BE32CCD6BE4DC48804BF4227E035F0424891BB2F35F9A22F0B696FEFD45DBE355D7537461D3A92C2DF77B3C394AD4CC70BFADD
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.fSHv1dvvroY.L.W.O/m=qcwid,d_b_gm3,d_wi_gm3,d_lo_gm3/excm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/ct=zgms/rs=AA2YrTsVA9_hKyGtH1-UzkVaxmvYQjNv7Q"
Preview:	.gb_Q{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ka{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_La{fill:#f9ab00}.gb_F .gb_La{fill:#fdd663}.gb_Ma>.gb_La{fill:#d93025}.gb_F .gb_Ma>.gb_La{fill:#f28b82}.gb_Ma>.gb_Na{fill:white}.gb_Na,.gb_F .gb_Ma>.gb_Na{fill:#202124}.gb_Oa{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1639
Entropy (8bit):	7.827088407784202
Encrypted:	false
SSDEEP:
MD5:	CB4DBA8B4072603CA92EF9CE7B5BE4B6
SHA1:	8C9627AF0544B3D3B8157DF3C8907A0955C71938
SHA-256:	E942BA66A86139548A605135C2D3BEA8F11C43121554FD14465D192B0C43B56E
SHA-512:	A13D4171B8C902D0C245651275E9F46DC72CADA6542E96AFAB520D20AC06C25CBD52AB83CE6874E8ABF994F8726977067C2FD890BD18EC44BE249199D8E2256B
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/images/hpp/swg-gshield-logo-rgb-64px.png
Preview:	.PNG........IHDR...@...@......iq.....pHYs...........~.....IDATx..[olSU.?....l....#C.p.\|...aj.\|..D.df\|1A2.jDL.h...bj..Qd............20lX.v,,.cc[..............%.C_....=.s..K$.0.a..........3[ ...>......-..a.h.+.u.l.<....s..q.-.. ....".R.$d.a.l.....P...u.[!..(.\.....&.8..:..!'s.....@<..>ZL$.:.R....(.9o...._......_S.@N..0^ .M,.E....5....H.;^P. .u.......J.}.H.'!.8^.. (....Xd9#ao....)\|.....M...cS..F\|......E.h..........X%~BU.M.F.[....@.Y.0..'.?.S'C.O.Au..P.g....U.{s.~.MA.....G.\|p...L!..s..^QpCi%....VW...'...0..N.........z.!X]^...lT.....K...#E4..6W/..6,..3....{.!&r.!..#_.@y.../........`.3.h+.H.t4...I.'....u.]44 2'..S............iX.-M..\| .v...#?....L.@......!..?..S\|..w.N.6&...z...)dJ...e...<>.m..j.qm..}m...K.. .......D.....R.T.>...C...<.........q..U....R.z.,...... [..7....}.........y?.6...E9Fw....p..I......%iSN\7P.v..X../.z.......[;-Y....._..=....U..2.a....b......tX!..y.+.$ib....e.S......(/.e0...^...%y.<..;.IN..`..X,...v*...=...A..._0.._......z...,GH{.\|_

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 272 x 92, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5969
Entropy (8bit):	7.949719859611916
Encrypted:	false
SSDEEP:
MD5:	8F9327DB2597FA57D2F42B4A6C5A9855
SHA1:	1737D3DFB411C07B86ED8BD30F5987A4DC397CC1
SHA-256:	5776CD87617EACEC3BC00EBCF530D1924026033EDA852F706C1A675A98915826
SHA-512:	B807694ED1EF6DFA6CB5D35B46526FF9584D9AAD66CE4DC93CDEB7B8B103A7C78369D1141D53F092EDDEA0441E982D3A16DF6E98959A5557C288B580CF5191E6
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......\............IDATx..]...U..:.................].{.A.A.(......\....1........A@6.......$...(.CXX\|..d...IUu..dz...g..u.....sO.1..g..W.....~..fv..+.TL.z.q.c..e..;..{..._"...`V...NwUwg....L.{6...y...]....2yo.x}^\|.....)....444.....r7.f&.<...t.!.l'8.s..LCCcl...t........ ......;..,a..0.xju........\|.. D%.l._..........]Y.. ...&N.r.~$g...&...Z}.w.3q......RKwm.ihh.I.pL.n..7j.W..%..Ld...@......q7x)..A.x.0..M .H..Wq.g.h..k.\|P..-Q.}.Ca...@.A.....D....x.....vOp.....+.z...N...T..o.?...?.%e....&..#..3.....P..Np9...$m.Ne. ..3y?......]....l.).z...g.^.v.!....-...&..M .Eg..w.K. ..;..@.qiP4yhh.....U.l7X-.u...-.tP..X..D.i......p'.T>Y.\o.TM.....xx&...&..M ..{.MQ...@.......C.ihh...]].ws..L.<.1...M ..>/yl...yhh.Yh..y..n...H.iW!..4444.p'8G.<...4444. .!.$'.._`....&....h=@8..........T.Ao..4444..#..i.q.'t.u........T..+j.ASyjT...u..(f.y.uw...-e.B...5.W........m~..5-\|_">.j....c[o..m+....K.v.Tak_.".\.....<........u.....},..02..'.h.v.^.....s..A..Ctw

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1689), with no line terminators
Category:	downloaded
Size (bytes):	1689
Entropy (8bit):	5.640520027557763
Encrypted:	false
SSDEEP:
MD5:	45DD7BD58C9F085DA52FA16A2A150066
SHA1:	9B5CF4B288EDE14AE8834F3EF2A58145B8EC8CBC
SHA-256:	0D5C53FCC37C7A2CE26367BBE6197FCD9272DD7EBC81823D088A4DFFF5AE599B
SHA-512:	520B8DF68524C2CEF393B837D7EAD0168028C94697E1DA0AC4BDDAFAB849D1B26D7E7933082146AE6A220A449F066CBBBA2EBFC6CC30D3F756FBD98EE061C8DF
Malicious:	false
Reputation:	unknown
URL:	"https://www.google.com/xjs/_/ss/k=xjs.hd.a1hzicGOses.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAoADYSQAAgBEAwAYABAAAAACAAABgAAAAAAAAkAAAAAACABUAAAAAACAAABEAAACKAAAAAAgIAQIAEEABhAAFSEBQBPEoBAAAAAMAAIQAMMAwAEEFAKMAAQAAAAAAQACEAAAAQBGAAAEAegQCwAAQEwAAIdADQAAAAAAIAEAACACAmQAMkAEIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKAAAAAAAAAAAAAAAAAAAAQA/d=0/br=1/rs=ACT90oHjxUfCtjgroQA6qvaSnQl871nViQ/m=syjx,syo3?xjs=s4"
Preview:	.MTIaKb,.LwDUdc,.FAoEle,.RlTCPd,.wPNfjb,.caNvfd,.Vnob4b,.bbxTBb,.DpgmK,.YKUhfb,.uNnvb,.aVsZpf,.RoOVmf,.dIfvQd,.V3Ezn,.Enb9pe,.mYuoaf,.kJSB8,.tUr4Kc,.iQMtqe{--Yi4Nb:var(--mXZkqc);--pEa0Bc:var(--bbQxAb);--kloG3:var(--mXZkqc);--YaIeMb:var(--XKMDxc);--Pa8Wlb:var(--Nsm0ce);--izGsqb:var(--Nsm0ce);--todMNcl:var(--EpFNW);--p9J9c:var(--Nsm0ce)}:root{--KIZPne:#a3c9ff;--xPpiM:#001d35;--Ehh4mf:var(--Nsm0ce)}:root{--Yi4Nb:#d2d2d2;--pEa0Bc:#474747;--kloG3:#d2d2d2;--YaIeMb:#f7f8f9;--Pa8Wlb:#0b57d0;--izGsqb:#0b57d0;--todMNcl:#fff;--p9J9c:#0b57d0}.EpPYLd{display:block;position:relative}.YpcDnf{padding:0 16px;vertical-align:middle}.YpcDnf.HG1dvd{padding:0}.HG1dvd>*{padding:0 16px}.WtV5nd .YpcDnf{padding-left:28px}.Zt0a5e .YpcDnf{line-height:48px}.GZnQqe .YpcDnf{line-height:23px}.EpPYLd:hover{cursor:pointer}.EpPYLd,.CB8nDe:hover{cursor:default}.LGiluc,.EpPYLd[disabled]{pointer-events:none;cursor:default}@media (forced-colors:active){.EpPYLd[disabled]{color:GrayText}}.LGiluc{border-top:1px solid;height:0;

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	12159
Entropy (8bit):	1.4012726326407465
Encrypted:	false
SSDEEP:
MD5:	7FADC3D426C66C288A634A9754543E77
SHA1:	1675EDB87CFA0C23EF2B9981EFCFDC66A9BE0AFB
SHA-256:	C46D5D5CCD06385AD226B1543093DF3D70638C7814EC9657131E590FD04B8E2C
SHA-512:	5D4CFD907A1749527B90490270960B1B645B59A1E7EE624603D27331B09C4CC9589CFA519A2A3A81332A8BDD84A7889355262D8258A6E2E04627F14FEB294549
Malicious:	false
Reputation:	unknown
Preview:	{"chunkTypes":"1000011111110011110001000010110100000011111111111111111111111111111110110111111111110101111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111101110111111113101101111111111110111111111111110111111111111111100011011111111111111111111111110101002222222212212212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212122212121212121212122212222221221221212212121212121212121212121212121212221212121212121212121212121212121212121212122221221221222122122122122122122122122122122122122122122122122122122122122122122122122122122122122122122121212121222122222222222121221211212212121212121212212121221212122121121212121212121222222221211121122221121212121221212121212121221212222222122122122122121121212212121212

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3521)
Category:	downloaded
Size (bytes):	21593
Entropy (8bit):	5.4043969828957215
Encrypted:	false
SSDEEP:
MD5:	EF2BE4DC1F0BBEBFF9FDED6E0C05F3E3
SHA1:	1531B7819E6BE8C3D709D5E209B33344FCF07C83
SHA-256:	9CD8E1EBEDBFB992859F20ADC7CF68CD06D0FA1CDF843FB149B7E33D359C1704
SHA-512:	79B739927746E6BACF438609D5600C71DE3795F27239137B95FAB7B22FA98DCEDD8EDA73419B2F58D80D5CAC9F84392CCB016C23A91618DC9F044D1087D70405
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.OlyLa8GkuaI.es5.O/ck=boq-one-google.OneGoogleWidgetUi.-thgPwNVrLw.L.B1.O/am=IEAwYGw/d=1/exm=A1yn5d,A7fCU,BVgquf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ug7Xab,Ulmmrd,V3dDOb,XVMNvd,Z5uLle,ZDZcre,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,ebZ3mb,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,yYB61,zbML3c,zr1jrb/excm=_b,_tp,calloutview/ed=1/wt=2/ujg=1/rs=AM-SdHsBZGUsqOLkp1tQbc4AdY2xMI9Jeg/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=RqjULd"
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._.CF=function(){var a,b,c,d;return(d=BF)!=null?d:BF=Object.freeze({Zb:function(e){return _.of(_.Ee("iCzhFc"),!1)\|\|e===-1},Ig:(a=_.fm(_.Ee("y2FhP")))!=null?a:void 0,eu:(b=_.fm(_.Ee("MUE6Ne")))!=null?b:void 0,eg:(c=_.fm(_.Ee("cfb2h")))!=null?c:void 0,Ze:_.hm(_.Ee("yFnxrf"),-1),Cu:_.lm(_.Ee("fPDxwd")).map(function(e){return _.hm(e,0)}).filter(function(e){return e>0})})};var BF;._.q("RqjULd");.var Uha=function(a){if(_.n&&_.n.performance&&_.n.performance.memory){var b=_.n.performance.memory;if(b){var c=new tG;isNaN(b.jsHeapSizeLimit)\|\|_.uf(c,1,_.gd(Math.round(b.jsHeapSizeLimit).toString()));isNaN(b.totalJSHeapSize)\|\|_.uf(c,2,_.gd(Math.round(b.totalJSHeapSize).toString()));isNaN(b.usedJSHeapSize)\|\|_.uf(c,3,_.gd(Math.round(b.usedJSHeapSize).toString()));_.ul(a,tG,1,c)}}},Vha=function(a){if(uG()){var b=performance.getEntriesByType("navigation");if(b&&b.length){var c=new vG;if(b=b[0

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (524)
Category:	dropped
Size (bytes):	24979
Entropy (8bit):	5.41091004251396
Encrypted:	false
SSDEEP:
MD5:	D9D048BC8D0B5BC7EF410FC9BF9D1CF7
SHA1:	87B2B3C011744829017984C00445C9327E4909DF
SHA-256:	BABBE2764F731D914CC5C58538B088EC5B75FBE058BBDB3081E5D14BE6BD2E85
SHA-512:	2F02E8DDBE4CC2E0E0CB46070C1F92A834DC8CA114567E5848600645D4D6336C328C75A0282F6E423E4D63FAF2729EC20BE168B9B5CE3A51DA6AF748E33BE8F7
Malicious:	false
Reputation:	unknown
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{._.R$c=_.Dd("P10Owf",[_.jq]);.}catch(e){_._DumpException(e)}.try{._.w("P10Owf");.var XD=function(a){_.A.call(this,a.Ma);this.ka=this.getData("cmep").Kb();this.Ob=a.service.Ob;this.data=a.Ud.Hda};_.C(XD,_.A);XD.Ga=function(){return{service:{Ob:_.Ht},Ud:{Hda:_.wD}}};XD.prototype.wa=function(){this.Ob.ka().oa(this.getRoot().el(),1).log(!0)};XD.prototype.ta=function(a){a=a.data?_.Rb(_.wD,a.data):new _.wD;S$c(this,a)};XD.prototype.oa=function(a){S$c(this,a.data)};.var S$c=function(a,b){var c;(b==null?0:b.Pu())&&((c=a.data)==null?0:c.Pu())&&(b==null?void 0:b.Pu())!==a.data.Pu()\|\|a.Ob.ka().oa(a.getRoot().el(),2).log(!0)};XD.prototype.Ia=function(a){this.Ob.ka().ka(a.qb.el()).log(!0);_.Me(document,_.qxc)};XD.prototype.Da=function(a){this.Ob.ka().ka(a.qb.el()).log(!0);if(this.ka){var b;_.Me(document,_.pxc,(b=this.data)==null?void 0:b.Kc())}else _.Me(document,_.oxc,this.data)};_.K(XD.prototype,"kEOk4d",function(){return this.Da});_.K(XD.pro

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1279)
Category:	downloaded
Size (bytes):	202152
Entropy (8bit):	5.475451252598485
Encrypted:	false
SSDEEP:
MD5:	D36D84843A7A62C2FBBE0F6336670534
SHA1:	DF36AC0062B21E6ACFAD7EBD65355EBCA6E239EF
SHA-256:	E00C5CC92538BDC465E3A12E3B874B79DDA37D1B51D0AB5BF180E54FFABAC8AF
SHA-512:	B1445703AD009BC2A3D8DE5308FDC9AAF2A596EA9D3BED5C0EEC1C4BD10625F608461F922A90B776CFF8605D8AF2E28A2ADCD0B0A62CD946866C786A444D4412
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.OlyLa8GkuaI.es5.O/am=IEAwYGw/d=1/excm=_b,_tp,calloutview/ed=1/dg=0/wt=2/ujg=1/rs=AM-SdHsDqokh4SRAQCxfIFSY87a3oGgt8w/m=_b,_tp"
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x20304020, 0x1b1, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT./.var ia,aaa,Ga,baa,Ja,cb,sb,Hb,Mb,Nb,Ob,Pb,Qb,Rb,Tb,Wb,eaa,faa,Yb,$b,gc,jc,lc,gaa,rc,sc,tc,zc,Gc,Hc,Kc,Mc,Oc,Qc,Lc,Tc,laa,hd,ed,jd,maa,naa,sd,rd,oaa,wd,paa,yd,qaa,zd,raa,Gd,saa,Kd,Qd,Rd,Td,Xd,Yd,Wd,$d,we,ze,He,Fe,Ie,z,Me,Pe,Te,$e,ef,yaa,zaa,Aaa,Baa,Caa,Daa,Eaa,Faa,Gaa,Haa,Iaa,Jaa,Kaa,Laa,ag,eg,Raa,Paa,pg,Vaa,wg,zg,Xaa,Yaa,Bg,Qg,bba,cba,Vg,dba,eba,hh,fba,gba,wh,xh,yh,hba,iba,Bh,kba,lba,Fh,Gh,pba,rba,sba,tba,uba,vba,wba,xba,zba,Aba,Bba,Dba,

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4232), with no line terminators
Category:	downloaded
Size (bytes):	4232
Entropy (8bit):	5.531069792601157
Encrypted:	false
SSDEEP:
MD5:	DA43A25BD1F9DD99ABEEE97AE6E6BCA6
SHA1:	FAF739B5A3ACE85BABEF8AF8C123C7B140D5222A
SHA-256:	FC42CAFE3E110C38CB62AB04E51E2F806F308D3ED3F95C9E3AB5D0B7B3C9978A
SHA-512:	CB7ABBCBFF96B0B6C7AA9A674C8DB81FD6D3AD3D1F950B08F6F64AE3BC86E0ECD3DDF05C6542CAD98CE5ED59BBF2C1B510B2598064DE0B42DEB051F1CF368DFD
Malicious:	false
Reputation:	unknown
URL:	"https://www.google.com/xjs/_/ss/k=xjs.hd.a1hzicGOses.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAoADYSQAAgBEAwAYABAAAAACAAABgAAAAAAAAkAAAAAACABUAAAAAACAAABEAAACKAAAAAAgIAQIAEEABhAAFSEBQBPEoBAAAAAMAAIQAMMAwAEEFAKMAAQAAAAAAQACEAAAAQBGAAAEAegQCwAAQEwAAIdADQAAAAAAIAEAACACAmQAMkAEIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKAAAAAAAAAAAAAAAAAAAAQA/d=1/ed=1/br=1/rs=ACT90oHjxUfCtjgroQA6qvaSnQl871nViQ/m=cdos,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl"
Preview:	:root{--COEmY:#1f1f1f;--xhUGwc:#fff}:root{--vZe0jb:#a8c7fa;--nwXobb:#638ed4;--VuZXBd:#001d35;--uLz37c:#545d7e;--jINu6c:#001d35;--TyVYld:#0b57d0;--ZEpPmd:#c3d9fb;--QWaaaf:#638ed4;--DEeStf:#f5f8ff;--TSWZIb:#e5edff;--BRLwE:#d3e3fd;--gS5jXb:#dadce0;--Aqn7xd:#d2d2d2;--EpFNW:#fff;--IXoxUe:#5e5e5e;--bbQxAb:#474747;--YLNNHc:#1f1f1f;--TMYS9:#0b57d0;--JKqx2:#1a0dab;--rrJJUc:#0b57d0;--mXZkqc:#d2d2d2;--Nsm0ce:#0b57d0;--XKMDxc:#f3f5f6;--aYn2S:#f3f5f6;--Lm570b:#dee1e3}.zJUuqf{margin-bottom:4px}.AB4Wff{margin-left:16px}.OhScic{margin:0px}.v0rrvd{padding-bottom:16px}.zsYMMe{padding:0px}.wHYlTd{font-family:Roboto,Arial,sans-serif;font-size:14px;line-height:22px}.yUTMj{font-family:Roboto,Arial,sans-serif;font-weight:400}.VDgVie{text-align:center}.TUOsUe{text-align:left}@keyframes g-snackbar-show{from{pointer-events:none;transform:translateY(0)}to{transform:translateY(-100%)}}@keyframes g-snackbar-hide{from{transform:translateY(-100%)}to{transform:translateY(0)}}@keyframes g-snackbar-show-content{from{op

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (13493)
Category:	downloaded
Size (bytes):	202138
Entropy (8bit):	5.8805871180400455
Encrypted:	false
SSDEEP:
MD5:	B047299C3F9E2EB9EC4A47DA993FF789
SHA1:	ACFAB2DFF41BDBAA3EBAD21860A5022C7C29313C
SHA-256:	AAB2CDC89D7FDBFD532BC7EA52CE21CE8705C220B693484A2084D23609EC5D8D
SHA-512:	8B5FFFE4587DE145FE880F224D3FEABBEBBF3972CD0698E92D80120BD5E211CBC5DC7237078E457B89AD256FBF38EA90A857637F1F52658658D6BF11C60643B7
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/
Preview:	<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="5VTtDeYBqN42oAq4bVM2Mg">window._hst=Date.now();performance&&performance.mark&&performance.mark("SearchHeadStart");</script><script nonce="5VTtDeYBqN42oAq4bVM2Mg">(function(){var _g={kEI:'aZf-ZoOfMfiP7NYPs4_hsQU',kEXPI:'31',kBL:'9Oo8',kOPI:89978449};(function(){var a;((a=window.google)==null?0:a.stvsc)?google.kEI=_g.kEI:window.google=_g;}).call(this);})();(function(){google.sn='webhp';google.kHL='en';})();(function(){.var h=this\|\|self;function l(){return window.google!==void 0&&window.google.kOPI!==void 0&&window.google.kOPI!==0?window.google.kOPI:null};var m,n=[];function p(a){for(var b;a&&(!a.getAttribute\|\|!(b=a.getAttribute("eid")));)a=a.parentNode;return b\|\|m}function q(a){for(var b=null;a&&(!a.getAttribute\|\|!

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (621)
Category:	dropped
Size (bytes):	1046333
Entropy (8bit):	5.720509894239256
Encrypted:	false
SSDEEP:
MD5:	6C2CDCBA604B6A53D3115EC5D4C03456
SHA1:	9AF052D4CB1216F7238719660749DDC91CBC15DE
SHA-256:	E6CEC1584E035303610D9C948D732CB00BB485D31B4288DB5C5E22443A4E96E7
SHA-512:	AF2CB29D43023CDF76DFB37926820F880BDBAAA898FA9B7FE999108EE0A5B28F278C62B4F052B16A9BD992211EB7D957E0B854147FD9CB76BAB14FECD013FED5
Malicious:	false
Reputation:	unknown
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,caa,naa,Aaa,Caa,Iaa,Taa,$aa,iba,kba,mba,nba,rba,sba,xba,Cba,Fba,Hba,Iba,Lba,Kba,Eba,Sa,Oba,Sba,Tba,Uba,Yba,aca,bca,dca,eca,fca,hca,ica,kca,oca,qca,sca,Aca,Bca,Cca,wca,Dca,xca,Eca,vca,Fca,uca,Gca,Ica,Pca,Rca,Sca,Wca,Xca,bda,eda,Zca,dda,cda,ada,$ca,fda,gda,kda,mda,lda,pda,qda,rda,tda,vda,uda,xda,yda,zda,Bda,Cda,Dda,Eda,Fda,Ida,Jda,Kda,Oda,Nda,Rda,Sda,Xda,Yda,Zda,aea,$da,cea,bea,fea,eea,hea,jea,mea,nea,qea,rea,vea,wea,Bea,Dea,Lea,Mea,Oea,uea,yea,Sea,Wea,cfa,gfa,hfa,pfa,mfa,qfa,sfa,wfa,xfa,yfa,.Afa,Bfa,jfa,Dfa,Ffa,Jfa,Lfa,Sfa,Xfa,Zfa,iga,kga,mga,nga,wga,yga,Bga,Dga,Ega,Gga,Iga,Mga,Nga,Pga,dh

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (593)
Category:	dropped
Size (bytes):	1671
Entropy (8bit):	5.316348062497018
Encrypted:	false
SSDEEP:
MD5:	E912357B3A4F53410A07AF8FDE5235F5
SHA1:	E1EA40BF0FF8CB868F2A62594CFC972407ABA949
SHA-256:	38C79D8A2A4A19ABBABB2833381A0B4FB3750215BEF6CE02EFD951E4B520AD8A
SHA-512:	CB15B519D2637221B4FF1282A7E16434734C47F1F89F2EFCEC52C95284634343FB61208668B40820B59827F8E392637AD1FED711BEEA4812F6F6030B1A813924
Malicious:	false
Reputation:	unknown
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{._.w("lOO0Vd");._.nbb=new _.Od(_.oLa);._.y();.}catch(e){_._DumpException(e)}.try{.var xbb;_.ybb=function(a,b,c,d,e){this.qFa=a;this.Zmd=b;this.smb=c;this.Zsd=d;this.EFd=e;this.idb=0;this.rmb=xbb(this)};xbb=function(a){return Math.random()Math.min(a.ZmdMath.pow(a.smb,a.idb),a.Zsd)};_.ybb.prototype.N4b=function(){return this.idb};_.ybb.prototype.ika=function(a){return this.idb>=this.qFa?!1:a!=null?!!this.EFd[a]:!0};_.zbb=function(a){if(!a.ika())throw Error("ze`"+a.qFa);++a.idb;a.rmb=xbb(a)};.}catch(e){_._DumpException(e)}.try{._.w("P6sQOc");.var Abb=function(a){var b={};_.Fa(a.Htb(),function(e){b[e]=!0});var c=a.Csb(),d=a.Psb();return new _.ybb(a.Osb(),c.ka()1E3,a.rjb(),d.ka()1E3,b)},Bbb=!!(_.Xg[30]>>23&1);var Cbb=function(a){_.Hn.call(this,a.Ma);this.logger=null;this.ka=a.service.FEb;this.ta=a.service.metadata;a=a.service.Scd;this.fetch=a.fetch.bind(a)};_.C(Cbb,_.Hn);Cbb.Ga=function(){return{service:{FEb:_.sbb,metadata:_.nbb,Sc

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (786)
Category:	downloaded
Size (bytes):	791
Entropy (8bit):	5.1311982954073505
Encrypted:	false
SSDEEP:
MD5:	2D01897F82456E13815F74520462B050
SHA1:	401029E6D123315E9B982EABB0BFEC8C320C7160
SHA-256:	88BDDDFEAB3DA5EB6346E0BF10FBC1FBC759ED3A410C6E46B5C8CB45FCC490D2
SHA-512:	CFAA62B12CAEDA757CA5031C162A55642C46B34C948AB285A7F176EBBD8790BA5C67EDA28FD8F8B7AF8CC083AD06EB586DA6AF53EABD291821B462C7887AB35E
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["dress to impress creator gigi","boeing workers union strike","baby pygmy hippopotamus moo deng","mlb playoffs","solar flares","ios apple intelligence release date","japanese airport bomb explosion","michael rider fashion designer"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2287)
Category:	downloaded
Size (bytes):	221974
Entropy (8bit):	5.525116818290676
Encrypted:	false
SSDEEP:
MD5:	CA99755538A8D8B1866C97729137BFEE
SHA1:	0949EAA1931E46A95BF1B0674F43D92885B3BEC7
SHA-256:	088314A76E272A02EA40D754DDBA1E839D2C2817C5385CE332A03664C0B45B36
SHA-512:	B07F8E3D1D304CE4B12AF1043A53ED544BAA0ECE5F3ED0ACC12B4AD52C76D0B36346E9255194FB34869748A42AC823889056B097E0A0122C3A1484236AD0BFC5
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.eBPYdy5TlKU.2019.O/rt=j/m=qabr,q_d,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTvCjRZ-bRAiOPLLf0QdNwYcTlfNSg"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{.var He;He=0;_.Ie=function(a){return Object.prototype.hasOwnProperty.call(a,_.Qb)&&a[_.Qb]\|\|(a[_.Qb]=++He)};_.Je=function(a){return _.Pb(a)&&a.nodeType==1};_.Ke=function(a,b){if("textContent"in a)a.textContent=b;else if(a.nodeType==3)a.data=String(b);else if(a.firstChild&&a.firstChild.nodeType==3){for(;a.lastChild!=a.firstChild;)a.removeChild(a.lastChild);a.firstChild.data=String(b)}else _.Ee(a),a.appendChild(_.te(a).createTextNode(String(b)))};var Le;_.Me=function(a,b,c){Array.isArray(c)&&(c=c.join(" "));var d="aria-"+b;c===""\|\|c==void 0?(Le\|\|(Le={atomic:!1,autocomplete:"none",dropeffect:"none",haspopup:!1,live:"off",multiline:!1,multiselectable:!1,orientation:"vertical",readonly:!1,relevant:"additions text",required:!1,sort:"none",busy:!1,disabled:!1,hidden:!1,invalid:"false"}),c=Le,b in c?a.setAttribute(d,c[b]):a.removeAttribute(d)):a.setAttribute(d,c)};var Qe;_.Pe=function(a,b,c,d,e,f){if(_.qc&&e)return _.Ne(a);if(e&&!d)re

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2091
Entropy (8bit):	7.8938748179764
Encrypted:	false
SSDEEP:
MD5:	6282A05D151E7D0446C655D1892475E2
SHA1:	B2B05F319DA0E73250200AE9BB518A318D6B4C5D
SHA-256:	4CAB9CF78FD7C85AE2236CDD47B905FA4173F664946DFAB008591B3CFE4280B7
SHA-512:	DF0C4C01555430BD2AFAD409E40A422F5EFB0ED9B6E86168874B46312FFC0BA7CA2B5503E49858035056C342A83CBC42721AA89077BD2E1F698692AF4277BAB5
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/images/hpp/ic_wahlberg_product_core_48.png8.png
Preview:	.PNG........IHDR...0...0.....W.......IDATx........m.tm.86.m.m...m.Xo..._~..Mm.&..x....v.....?... .~^.TV....z.wK.....-.`..w.............4....."...z6Z."....`;@....!...S.Q..E...L$..`01..S(.v...vn._...H.......H.fs.8).....q....\....9B>...)>#2...A....z..8.#+A.V-..hh....3.......c.......F. 3.......~.^Q......c.....a.1...gZ....y....wU..2...].-.0b].......[......w...&K..$..K..\.t..QoY..O?....u.Sa.-...na.Z..}..._s..~[.Ue.M.!#Y.....%.t.7y....J......Q.0fC.Fo..@..&...B.....&..}.ld....O.#+...<.z..,."?vC....Y.....<d..."b.D.(sX..c..5.z,..!...oV.. .....>O.#..pHG..y.j.7.-@.K.s..,...&.%6.. O=dj....S..;.O..ylc.O.~....Tn.F.\|.Y..X..@........e..O.Z......}(H...vp.... ...y..&..:.......8y...{n..R^...:.q.......>....C.....^P..C..%..<. 6...9..,.$0x.M.=.`\..MI..\|.........^...W-"...@..J........K.m...h...x.H.>.c.>.w!......:X.b%.v....)..[R..-..>.+!..?...?.....Q.G:F...k..A.)`*.^N$...{9.<.PD...7`).3.d........h.k..{]&.;^.h.s>BREP.X.O.~P\|[....R].m,.......Z..Pk.g0.yl...Z.qp..

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (768)
Category:	downloaded
Size (bytes):	1425
Entropy (8bit):	5.352015286891893
Encrypted:	false
SSDEEP:
MD5:	F989AA4A304254FE7C53F1A299D3E3C7
SHA1:	0A6BBF0E3C59855D6CBE269B3AD991C8848F4288
SHA-256:	47F3A84A8B30F8380C7DDB46F5F753174626C6A7D1A17F482C202F457397E393
SHA-512:	3DD76D30ABDA12DB3F85BC6DFDE67243C8BD3C818D0F3BAC5C9E9D4E7B39454C2F178844F70286B643F3BBCCB73954E1612428B4DAA89745B0FDCDF83FE9BF49
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.OlyLa8GkuaI.es5.O/ck=boq-one-google.OneGoogleWidgetUi.-thgPwNVrLw.L.B1.O/am=IEAwYGw/d=1/exm=A1yn5d,A7fCU,BVgquf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,RqjULd,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ug7Xab,Ulmmrd,V3dDOb,XVMNvd,Z5uLle,ZDZcre,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,byfTOb,e5qFLc,ebZ3mb,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,yYB61,zbML3c,zr1jrb/excm=_b,_tp,calloutview/ed=1/wt=2/ujg=1/rs=AM-SdHsBZGUsqOLkp1tQbc4AdY2xMI9Jeg/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=P6sQOc"
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._.q("P6sQOc");.var rpa=!!(_.Bi[0]>>26&1);var spa=function(a,b,c,d,e){this.o=a;this.N=b;this.v=c;this.O=d;this.ha=e;this.j=0;this.l=QY(this)},tpa=function(a){var b={};_.Ea(a.Lq(),function(e){b[e]=!0});var c=a.Dq(),d=a.Fq();return new spa(a.Eq(),c.j()1E3,a.yq(),d.j()1E3,b)},QY=function(a){return Math.random()Math.min(a.NMath.pow(a.v,a.j),a.O)},RY=function(a,b){return a.j>=a.o?!1:b!=null?!!a.ha[b]:!0};var SY=function(a){_.S.call(this,a.oa);this.l=a.service.Zr;this.o=a.service.metadata;a=a.service.hE;this.fetch=a.fetch.bind(a)};_.G(SY,_.S);SY.W=function(){return{service:{Zr:_.OY,metadata:_.KY,hE:_.FW}}};SY.prototype.j=function(a,b){if(this.o.getType(a.wb())!==1)return _.vp(a);var c=this.l.Gr;(c=c?tpa(c):null)&&RY(c)?(b=TY(this,a,b,c),a=new _.up(a,b,2)):a=_.vp(a);return a};.var TY=function(a,b,c,d){return c.then(function(e){return e},function(e){if(rpa)if(e instanceof _.yf){

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	660
Entropy (8bit):	7.7436458678149815
Encrypted:	false
SSDEEP:
MD5:	C3DFF0D9F30EC0BCF4DEC9524505916B
SHA1:	4B378403ACBEBC3747E08C69B5FD7770A850C9EB
SHA-256:	73D788F86BE22112BB53762545989C0F1BBDB7343161130952C9BA3834FF81E3
SHA-512:	677EA304D00D176ACF61FF68BF23BD5F77AD2928D7DE9F4B842292BC9D3FB7029FE9F578B62F142DCE689230F392E828098EED3484FE2DBEE6E1A7AA5378E2C6
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp
Preview:	RIFF....WEBPVP8L..../'....Hv.=n.......Q...a..(Rv.o..U.....l..m........0l.6l..f.......A?B.C.A...2h..Ag0....G8.n#)R.j.x..P.F..I;.Ox......7-...bX./..]...3..T....5...x...G.C....%.u.....u/._.=....<!q.\...9.....\....p:..P.4.aS.N).>.>.."..9..Vh ....no....l.1..#6p\c..2..>..=8...........FP.^....+/.~......hs..D.Jm..9...r....t*.H..~T^\|.....l..l......he..}f....d.."....K...&1..................pl.Pf.%6...2X..I...eXQ(.K..1%c..w.s._..._K`K.1}..D.E=...<..ytM..>.q'.e.L.~$...b..;k.M.....t\O..m.I._..F....'........z.]..u?~..P.zJM.. k...p~9..D....".Zl$?f..+...\.Pg..%...;.[R>N.#.W.e..@q...(....]&......K.......?.\|.z..(...:&m.V.C.'...D^.R....

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1885)
Category:	downloaded
Size (bytes):	126135
Entropy (8bit):	5.498654960721984
Encrypted:	false
SSDEEP:
MD5:	C299A572DF117831926BC3A0A25BA255
SHA1:	673F2AC4C7A41AB95FB14E2687666E81BC731E95
SHA-256:	F847294692483E4B7666C0F98CBE2BD03B86AE27B721CAE332FEB26223DDE9FC
SHA-512:	B418A87A350DBC0DEF9FAF3BE4B910CB21AE6FFFC6749EECEA486E3EB603F5AF92F70B936C3D440009482EDE572EE9736422CF89DCDD2B758DFA829216049179
Malicious:	false
Reputation:	unknown
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);.var ba,fa,ha,na,oa,sa,ua,wa;ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};fa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.ma=ha(this);na=function(a,b){if(b)a:{var c=_.ma;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&fa(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	BEEDCB4EB0A559E6CE2D1E20D38CB330
SHA1:	A04EE9801770C0E81B170D7992EC3735E878AA58
SHA-256:	6E9D99B87595B07B10676B68EBE9AA8B63DF7D9A74F59CC91EED60EA1FBDC6EF
SHA-512:	BD101CDF7FDF1210127D83CE76E3F6F6F1378259F0A55C112E39C49A9131B8636FB020E07E985B8427A35B62A544F2F7C5F75B11AD69EF2C4AE67A41BD5898B2
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto
Preview:	CgkKBw1pSEdHGgA=

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1136)
Category:	dropped
Size (bytes):	1555
Entropy (8bit):	5.249530958699059
Encrypted:	false
SSDEEP:
MD5:	FBE36EB2EECF1B90451A3A72701E49D2
SHA1:	AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D
SHA-256:	E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
SHA-512:	7B1FD6CF34C26AF2436AF61A1DE16C9DBFB4C43579A9499F4852A7848F873BAC15BEEEA6124CF17F46A9F5DD632162364E0EC120ACA5F65E7C5615FF178A248F
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 400 (Bad Request)!!1</title>. <style>. {margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px} > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//ww

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1518)
Category:	dropped
Size (bytes):	268207
Entropy (8bit):	5.480155158674957
Encrypted:	false
SSDEEP:
MD5:	DBC94F2D77F7997B897B8B76406AF8DB
SHA1:	C5B2A27C6F1293F21EFE21652EB958BEB8F30F81
SHA-256:	5024B51982F837B244F8EE664B6C618A2820B0868B29D797A772518EEB3F9C26
SHA-512:	22D578E5585CBF73CB11BA517796BDBD499E49341FAE3EF355D500F4440A3E95742E28D7193773474F327FFBE921E184CEE14CF5004E2E016E9A89CA713FC956
Malicious:	false
Reputation:	unknown
Preview:	"use strict";_F_installCss(".KL4X6e{background:#eee;bottom:0;left:0;opacity:0;position:absolute;right:0;top:0}.TuA45b{opacity:.8}sentinel{}");.this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._.Uz=function(a,b,c,d,e,f,g){var h=(0,_.Jd)(a.ta);_.Ac(h);a=_.ke(a,h,c,b,2,f,!0);c=d!=null?d:new c;if(g&&(typeof e!=="number"\|\|e<0\|\|e>a.length))throw Error();e!=void 0?a.splice(e,g,c):a.push(c);(0,_.yc)(c.ta)&2?(0,_.jl)(a,8):(0,_.jl)(a,16)};_.Wz=function(a){if(a instanceof _.Vz)return a.j;throw Error("w");};_.Xz=function(a){return new _.Vz(_.La,a[0].toLowerCase())};._.Yz=function(a,b,c,d){if(a.length===0)throw Error("w");a=a.map(function(f){return _.Wz(f)});var e=c.toLowerCase();if(a.every(function(f){return e.indexOf(f)!==0}))throw Error("ga`"+c);b.setAttribute(c,d)};_.ct.prototype.kc=_.ca(28,function(){return this.rb.length==0?null:new _.M(this.rb[0])});_.M.prototype.kc=_.ca(27,function(){return this});_.ct.prototype.Ia=_.ca(26,function(){retur

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (550)
Category:	downloaded
Size (bytes):	1521
Entropy (8bit):	5.102907972885366
Encrypted:	false
SSDEEP:
MD5:	C3D6BE99756A7C5D04C0EF0436E09E1B
SHA1:	8CDA512A63D82A3A4674A3658A7F5E48E9732292
SHA-256:	F1A1A2C5F14BB0EB9A703D369F86B918B294B7071BCB4B2F9D236BDC68C26472
SHA-512:	7CDC10705D769AC5CDACD65D0FD456B09ADB7B5E08E11D72F4BA1E30F2F6A7B6350D7B01658C93AC3B28CE5A14A89EC60D0C886D8C74202DFCC2DC9B9C122B13
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/xjs/_/js/k=xjs.hd.en.u2c7byrLk4w.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAggAFAAAAAFAAAAAAAAAAAAAAAAAAAECAIAAAkQAAAAEAgAUAAIEAAAgAEBAAAAiQADzKBAAQAcAEAAAAAAABAEBQBAAAQAAAAAMAAIAAAAAAAAAFAAAAAAAAAAAAAAAAAAAQQCAAAAAAAAAAAAAAAQAAANADAAAAAAAAABAAAEAQAAAMkAEIAAAAAAAA6AOA4AEwpLAAAAAAAAAAAAAAAIAAJAjmQgIKAhAAAAAAAAAAAAAAAAAAUtLEhQU/d=0/dg=0/br=1/rs=ACT90oG6Xjw-tZWQRYzmeX8RvZ2EkyEDmQ/m=aLUfP?xjs=s4
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{._.w("aLUfP");.var xqb=function(a){this.Sp=a};var yqb=function(a){_.Hn.call(this,a.Ma);var b=this;this.window=a.service.window.get();this.ta=this.Sp();this.oa=window.orientation;this.ka=function(){var c=b.Sp(),d=b.AYa()&&Math.abs(window.orientation)===90&&b.oa===-1window.orientation;b.oa=window.orientation;if(c!==b.ta\|\|d){b.ta=c;d=_.Ra(b.Od);for(var e=d.next();!e.done;e=d.next()){e=e.value;var f=new xqb(c);try{e(f)}catch(g){_.ca(g)}}}};this.Od=new Set;this.window.addEventListener("resize",this.ka);this.AYa()&&this.window.addEventListener("orientationchange",.this.ka)};_.C(yqb,_.Hn);yqb.Ga=function(){return{service:{window:_.In}}};_.m=yqb.prototype;_.m.addListener=function(a){this.Od.add(a)};_.m.removeListener=function(a){this.Od.delete(a)};._.m.Sp=function(){if(_.na()&&_.ma()&&!navigator.userAgent.includes("GSA")){var a=_.wl(this.window);a=new _.ll(a.width,Math.round(a.widththis.window.innerHeight/this.window.innerWidth))}else a

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7408)
Category:	downloaded
Size (bytes):	508087
Entropy (8bit):	5.615566153381429
Encrypted:	false
SSDEEP:
MD5:	B4C4F7C1D52A6FA7C4FA94BBA1F0A5DB
SHA1:	2C05FE89530303D803E6C8CE5A428A5C7A28C3AC
SHA-256:	78F6FA009CAA54B9FB36C1C9AA71F20168E70B9371CC1DEBE9C90DA4AAF6C6D1
SHA-512:	1A2072FEC03118792B657E6883B531846BFF4E9FAE7962627CE4AE5C1EDA2094AD039BF418AEC555EB04C2AB010498334204EF9A7E5A650BD544B484293D27A5
Malicious:	false
Reputation:	unknown
URL:	"https://www.google.com/xjs/_/js/k=xjs.hd.en.u2c7byrLk4w.es5.O/ck=xjs.hd.a1hzicGOses.L.B1.O/am=JFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAogDdSQAAgFEAwAYABAAAAACAAABgAECAIAAAkQAAAAECgBUAAIEAACgAEBEAAAiaADzKBAgYAcIEEEABhAAFSEBQBPEoRAAAAAMAAIQAMMAwAEEFAKMAAQAAAAAAQACEAAAQQDGAAAEAegQCwAAQEwAAIdADQAAAAAAIAFAACECQmQAMkAEIAAAAAAAA6AOA4AEwpLAAAAAAAAAAAAAAAIAAJAjmQgIKAhAAAAAAAAAAAAAAAAAAUtLEhQU/d=0/dg=0/br=1/ujg=1/rs=ACT90oE96kt5cgmAxEi-ljYvsPyUIepelA/m=sb_wiz,aa,abd,sysm,sysl,sysg,syfy,sysk,sys6,sy10l,syzt,sysb,syzs,sytb,sysh,sysj,sysf,sysz,sys3,syt0,syt1,syss,sysw,sysc,sysq,syst,sysu,syrw,syso,sys7,sys8,sys1,syrk,syri,syrh,sysa,syzr,syta,syru,syt9,async,syw7,ifl,pHXghd,sf,sytq,sytt,sy497,sonic,TxCJfd,sy49b,qzxzOb,IsdWVc,sy49d,sy1f9,sy1bm,sy1bi,syrg,syre,syrf,syrd,syrc,sy47w,sy47z,sy2c8,sy17g,sy147,sy148,syrq,syr8,syfc,sybw,sybz,sybu,syby,sybx,sycq,spch,syup,syuo,rtH1bd,sy1cr,sy18j,sy178,syga,sy1cq,sy14d,sy1cp,sy179,sygc,sy1cs,SMquOb,sy8h,sygj,sygg,sygh,sygk,sygf,sygs,sygq,sygo,syge,sycn,syci,sycl,syal,syad,syb7,syak,syaj,syai,sya6,syb2,syar,sy9t,sy9s,sycj,syc1,syc2,syc8,syap,syba,syc7,syc0,sybt,sybs,syag,syan,syc3,sybo,sybl,sybk,sybm,syaf,syb8,sybf,sybd,sybh,sybe,sybg,syaa,syb5,sycs,syd7,syct,syd8,sya8,syb4,syab,syb6,sya7,syb3,syaq,syac,sycr,sycg,sycc,sycd,sy9w,sya0,sy9x,sya1,sy9y,sy9q,sy9n,sy9p,sya5,syc4,syg4,sygd,syg9,syg7,sy80,sy7x,sy7z,syg6,sygb,syg5,syg3,syg0,syfz,sy83,uxMpU,syfv,syd2,syd0,sycu,syd9,sycw,sycv,sybi,sycy,sycp,sy8z,sy8y,sy8x,Mlhmy,QGR0gd,aurFic,sy98,fKUV3e,OTA3Ae,sy8i,OmgaI,EEDORb,PoEs9b,Pjplud,sy8t,sy8m,A1yn5d,YIZmRd,uY49fb,sy7u,sy7s,sy7t,sy7r,sy7q,byfTOb,lsjVmc,LEikZe,kWgXee,Ug7Xab,U0aPgd,ovKuLd,sgY6Zb,qafBPd,ebZ3mb,dowIGb,sy1cx,sy1ct,syuu,sy1cw,syz7,d5EhJe,sy1dd,fCxEDd,sywc,sy1dc,sy1db,sy1da,sy1d6,sy1d1,sy1d3,sy1d2,sy1d5,sy1ag,sy1a9,sy17p,sywb,syys,syyr,T1HOxc,sy1d4,sy1d0,zx30Y,sy1de,sy1d8,sy18w,Wo3n8,sys2,loL8vb,syt4,syt3,syt2,ms4mZb,syq8,B2qlPe,syvp,NzU6V,sy10x,syw6,zGLm3b,syxk,syxl,syxc,DhPYme,MpJwZc,UUJqVe,sy7n,sOXFj,sy7m,s39S4,oGtAuc,NTMZac,nAFL3,sy8f,sy8e,q0xTif,y05UD,sy14q,sy1c8,sy1c2,syyq,sy1bu,sy168,syyp,syyo,syyn,syyt,sy1c1,sy160,sy1bq,sy165,sy1c0,sy14l,sy1bv,sy1br,sy166,sy167,sy1c3,sy14a,sy1bz,sy1by,sy1bw,syno,sy1bx,sy1c5,sy1bk,sy1bs,sy1bj,sy1bp,sy1bl,sy173,sy1bt,sy1bf,sy16a,sy16b,syyv,syyw,epYOx?xjs=s3"
Preview:	_F_installCss("c-wiz{contain:style}c-wiz>c-data{display:none}c-wiz.rETSD{contain:none}c-wiz.Ubi8Z{contain:layout style}.jbBItf{display:block;position:relative}.DU0NJ{bottom:0;left:0;position:absolute;right:0;top:0}.lP3Jof{display:inline-block;position:relative}.nNMuOd{animation:qli-container-rotate 1568.2352941176ms linear infinite}@keyframes qli-container-rotate{from{transform:rotate(0)}to{transform:rotate(1turn)}}.RoKmhb{height:100%;opacity:0;position:absolute;width:100%}.nNMuOd .VQdeab{animation:qli-fill-unfill-rotate 5332ms cubic-bezier(0.4,0,0.2,1) infinite both,qli-blue-fade-in-out 5332ms cubic-bezier(0.4,0,0.2,1) infinite both}.nNMuOd .IEqiAf{animation:qli-fill-unfill-rotate 5332ms cubic-bezier(0.4,0,0.2,1) infinite both,qli-red-fade-in-out 5332ms cubic-bezier(0.4,0,0.2,1) infinite both}.nNMuOd .smocse{animation:qli-fill-unfill-rotate 5332ms cubic-bezier(0.4,0,0.2,1) infinite both,qli-yellow-fade-in-out 5332ms cubic-bezier(0.4,0,0.2,1) infinite both}.nNMuOd .FlKbCe{animation:qli

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Category:	downloaded
Size (bytes):	15344
Entropy (8bit):	7.984625225844861
Encrypted:	false
SSDEEP:
MD5:	5D4AEB4E5F5EF754E307D7FFAEF688BD
SHA1:	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
SHA-256:	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
SHA-512:	7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h\|.l....A....b6........(......@e.]...:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P\|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].\|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)\|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed..'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (32553)
Category:	downloaded
Size (bytes):	48891
Entropy (8bit):	5.80251721317395
Encrypted:	false
SSDEEP:
MD5:	EEB09ABC77B85CDE6339D103B0F2336D
SHA1:	8B7818BA960583A257935731A64ED418F37BAAE1
SHA-256:	23125305CBF866B5E63DE84F75D6C2E35AF5F609534F108B68B68EC1D63B656F
SHA-512:	C036D646B3D78938777D8FF7774400093EFBA6A62C0C7CBB6E7A424AF1B42989C2BAD431E978BEB2DEF0E0354DAB9C31E3EF71FE0233D41B31115C07F2746D82
Malicious:	false
Reputation:	unknown
URL:	https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&eom=1&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en
Preview:	<!doctype html><html lang="en" dir="ltr"><head><base href="https://ogs.google.com/"><link rel="preconnect" href="//www.gstatic.com"><meta name="referrer" content="origin"><link rel="canonical" href="https://ogs.google.com/widget/callout"><link rel="preconnect" href="https://www.gstatic.com"><link rel="preconnect" href="https://ssl.gstatic.com"><script data-id="_gd" nonce="Qr6isSlASQg0gH_OBZ2kvg">window.WIZ_global_data = {"DpimGf":false,"EP1ykd":["/_/*"],"FdrFJe":"3730072818363649640","Im6cmf":"/_/OneGoogleWidgetUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"MUE6Ne":"OneGoogleWidgetUi","NrSucd":false,"OwAJ6e":false,"QrtxK":"","S06Grb":"","S6lZl":128566913,"TSDtV":"%.@.[[null,[[45459555,null,false,null,null,null,\"Imeoqb\"]],\"CAMSDx0K99WlEPaumhAKs5wNCg\\u003d\\u003d\"]]]","Vvafkd":false,"Yllh3e":"%.@.1727960942220451,151690868,388834285]","ZwjLXe":538,"cfb2h":"boq_onegooglehttpserver_20240929.01_p0","eptZe":"/_/OneGoogleWidgetUi/","fPDxwd":[48802160,97517168,97684531],"gGcLoe":false,"iCzhFc"

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	102
Entropy (8bit):	5.14857945611426
Encrypted:	false
SSDEEP:
MD5:	C65B0E14BA85E93D67BFD012EFABD362
SHA1:	C4E78F24E860FDF3DB68368BCDA4E9C13ADD8521
SHA-256:	99311CCF43128392B8F4913A5BA1EDCC6D48C7253EFC4537AE771957479D44A9
SHA-512:	133BC3C9718298AF3ABA3085709DF96D6E47089DEB56E0F2B0B4027AD38F849CD6558633A385DD505471304B74405501CAF0E2A809DB1480E51C5A5DD481AF21
Malicious:	false
Reputation:	unknown
URL:	"https://www.google.com/async/hpba?vet=10ahUKEwjD94iPpPKIAxX4B9sEHbNHOFYQj-0KCBU..i&ei=aZf-ZoOfMfiP7NYPs4_hsQU&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.u2c7byrLk4w.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAggAFAAAAAFAAAAAAAAAAAAAAAAAAAECAIAAAkQAAAAEAgAUAAIEAAAgAEBAAAAiQADzKBAAQAcAEAAAAAAABAEBQBAAAQAAAAAMAAIAAAAAAAAAFAAAAAAAAAAAAAAAAAAAQQCAAAAAAAAAAAAAAAQAAANADAAAAAAAAABAAAEAQAAAMkAEIAAAAAAAA6AOA4AEwpLAAAAAAAAAAAAAAAIAAJAjmQgIKAhAAAAAAAAAAAAAAAAAAUtLEhQU%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oG6Xjw-tZWQRYzmeX8RvZ2EkyEDmQ,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.a1hzicGOses.L.B1.O%2Fam%3DJFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAoADYSQAAgBEAwAYABAAAAACAAABgAAAAAAAAkAAAAAACABUAAAAAACAAABEAAACKAAAAAAgIAQIAEEABhAAFSEBQBPEoBAAAAAMAAIQAMMAwAEEFAKMAAQAAAAAAQACEAAAAQBGAAAEAegQCwAAQEwAAIdADQAAAAAAIAEAACACAmQAMkAEIAAAAAAAAIAMAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKAAAAAAAAAAAAAAAAAAAAQA%2Fbr%3D1%2Frs%3DACT90oHjxUfCtjgroQA6qvaSnQl871nViQ,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.u2c7byrLk4w.es5.O%2Fck%3Dxjs.hd.a1hzicGOses.L.B1.O%2Fam%3DJFUAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAgAAAABAAAAAAAAAAogDdSQAAgFEAwAYABAAAAACAAABgAECAIAAAkQAAAAECgBUAAIEAACgAEBEAAAiaADzKBAgYAcIEEEABhAAFSEBQBPEoRAAAAAMAAIQAMMAwAEEFAKMAAQAAAAAAQACEAAAQQDGAAAEAegQCwAAQEwAAIdADQAAAAAAIAFAACECQmQAMkAEIAAAAAAAA6AOA4AEwpLAAAAAAAAAAAAAAAIAAJAjmQgIKAhAAAAAAAAAAAAAAAAAAUtLEhQU%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oE96kt5cgmAxEi-ljYvsPyUIepelA,_fmt:prog,_id:_aZf-ZoOfMfiP7NYPs4_hsQU_8"
Preview:	)]}'.22;["b5f-ZoS5GuKU9u8P6KuKwAs","2091"]c;[2,null,"0"]1b;<div jsname="Nll0ne"></div>c;[9,null,"0"]0;

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (970)
Category:	downloaded
Size (bytes):	975
Entropy (8bit):	4.923005893825363
Encrypted:	false
SSDEEP:
MD5:	7431C352ABCBE7C1EA74973D35EA19E6
SHA1:	1C8E80A5872F2EE37A95E93489D08AF1FFBFA8DF
SHA-256:	FC6970661661F288655F0FD39759D52D3D74D061D5D341CFC503945C67068455
SHA-512:	36757BEC03BA8D13C22FD6FC5D75D3819A343F22694DBE5CD9D45347F9E91ECDAC3FD57D6B92EF37EFD124F2FCC7818CAD8203C3E088EB29E101FBEB8262F895
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=aZf-ZoOfMfiP7NYPs4_hsQU.1727960939155&dpr=1
Preview:	)]}'.[[["auburn football deuce knight",0,[3,357,362,396,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["nyt strands october 3",0,[3,357,362,396,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["companion movie trailer",0,[3,357,362,396,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["2025 social security cola increase",0,[3,357,362,396,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["green bay packers kickers",0,[3,357,362,396,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["big lots stores closing",0,[3,357,362,396,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["san jose state volleyball blaire fleming",0,[3,357,362,396,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["wwe nxt grades",0,[3,357,362,396,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["comet a3 tsuchinshan atlas",0,[3,357,362,396,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["wendy spongebob krabby patty",0,[3,357,362,396,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}]],{"ag":{"a":{"8":["Trending searches"]}},"q":"bHkfwla9_6P-k7LjD_2lCAn8HaA"}]

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	102
Entropy (8bit):	5.14955852935063
Encrypted:	false
SSDEEP:
MD5:	8F64A83754926D4252CE5542396BE731
SHA1:	2508D8986CE61C53BC1D75FD1EE06289606881B6
SHA-256:	26652768AF76D32009C8CDF89C21D207F137F505D49B63246A57E08368ED69E5
SHA-512:	7398C4A3B0C9850BE48DF2A4845AC4D981DF5F158A8CA584B357C7676F55E691D359A86B138EC3CB00564FA05654CF4D24924A47E04A4F5721C19F90EA517912
Malicious:	false
Reputation:	unknown
Preview:	)]}'.22;["cJf-ZvuHEraE9u8Pw4CQ-AE","2091"]c;[2,null,"0"]1b;<div jsname="Nll0ne"></div>c;[9,null,"0"]0;

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 127

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 138

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 147

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Static File Info