Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp+UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//klavoclick%E3%80%82com/#qXbgcnNub3dAZGV3YmVycnkuY29t??kypxg44fhlrkaixdobr=cnNub3dAZGV3YmVycnkuY29t/..=Zz68WtI&u=276b8dda4ef94158348d5b6b8&

Overview

General Information

Sample URL:	https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp+UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//klavoclick%E3%80%82com/#qXbgcnNub3dAZG
Analysis ID:	1396487

Detection

HTMLPhisher

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Phishing site detected (based on image similarity)

Creates files inside the system directory

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Invalid 'forgot password' link found

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 5696 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp+UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//klavoclick%E3%80%82com/#qXbgcnNub3dAZGV3YmVycnkuY29t??kypxg44fhlrkaixdobr=cnNub3dAZGV3YmVycnkuY29t/..=Zz68WtI&u=276b8dda4ef94158348d5b6b8&id=6b7205781d MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 4704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1952,i,11564219808537204684,8044639898963131601,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
4.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: 4.6.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://qblogsdocs.info/d41d8cd98f00b204e9800998ecf8427e65d65bf928e7fPASd41d8cd98f00b204e9800998ecf8427e65d65bf928e80

Matcher: Found strong image similarity, brand: MICROSOFT

Source: https://qblogsdocs.info/d41d8cd98f00b204e9800998ecf8427e65d65bf928e7fPASd41d8cd98f00b204e9800998ecf8427e65d65bf928e80

HTTP Parser: Number of links: 0

Source: https://qblogsdocs.info/McnNub3dAZGV3YmVycnkuY29t

HTTP Parser: Base64 decoded: https://qblogsdocs.info/McnNub3dAZGV3YmVycnkuY29t

Source: https://qblogsdocs.info/d41d8cd98f00b204e9800998ecf8427e65d65bf928e7fPASd41d8cd98f00b204e9800998ecf8427e65d65bf928e80

HTTP Parser: Title: 7a6c917f00b0853ce0bce1aed433863765d65bf928c77 does not match URL

Source: https://qblogsdocs.info/d41d8cd98f00b204e9800998ecf8427e65d65bf928e7fPASd41d8cd98f00b204e9800998ecf8427e65d65bf928e80

HTTP Parser: Invalid link: Ftotrtgtottt tmtyt tptatststwtotrtd

Source: https://qblogsdocs.info/d41d8cd98f00b204e9800998ecf8427e65d65bf928e7fPASd41d8cd98f00b204e9800998ecf8427e65d65bf928e80

HTTP Parser: <input type="password" .../> found

Source: https://qblogsdocs.info/McnNub3dAZGV3YmVycnkuY29t	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/l3frn/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/l3frn/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://qblogsdocs.info/McnNub3dAZGV3YmVycnkuY29t?__cf_chl_tk=2Jb8.M0KElknli1E6TQbluSlPJ4V3x6tIvBfNva_qEI-1708547052-0.0-3986	HTTP Parser: No favicon
Source: https://qblogsdocs.info/d41d8cd98f00b204e9800998ecf8427e65d65bf928e7fPASd41d8cd98f00b204e9800998ecf8427e65d65bf928e80	HTTP Parser: No favicon
Source: https://qblogsdocs.info/d41d8cd98f00b204e9800998ecf8427e65d65bf928e7fPASd41d8cd98f00b204e9800998ecf8427e65d65bf928e80	HTTP Parser: No favicon

Source: https://qblogsdocs.info/d41d8cd98f00b204e9800998ecf8427e65d65bf928e7fPASd41d8cd98f00b204e9800998ecf8427e65d65bf928e80

HTTP Parser: No <meta name="author".. found

Source: https://qblogsdocs.info/d41d8cd98f00b204e9800998ecf8427e65d65bf928e7fPASd41d8cd98f00b204e9800998ecf8427e65d65bf928e80

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.152.22:443 -> 192.168.2.17:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49763 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.22
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88

Source: unknown

DNS traffic detected: queries for: pocloudcentral.crm.powerobjects.net

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.152.22:443 -> 192.168.2.17:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49763 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_5696_1641038994

Source: classification engine

Classification label: mal52.phis.win@20/21@28/170

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp+UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//klavoclick%E3%80%82com/#qXbgcnNub3dAZGV3YmVycnkuY29t??kypxg44fhlrkaixdobr=cnNub3dAZGV3YmVycnkuY29t/..=Zz68WtI&u=276b8dda4ef94158348d5b6b8&id=6b7205781d
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1952,i,11564219808537204684,8044639898963131601,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1952,i,11564219808537204684,8044639898963131601,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp+UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//klavoclick%E3%80%82com/#qXbgcnNub3dAZGV3YmVycnkuY29t??kypxg44fhlrkaixdobr=cnNub3dAZGV3YmVycnkuY29t/..=Zz68WtI&u=276b8dda4ef94158348d5b6b8&id=6b7205781d	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false		high
accounts.google.com	172.253.115.84	true	false		high
challenges.cloudflare.com	104.17.3.184	true	false		high
klavoclick.com	104.251.111.203	true	false		unknown
www.google.com	142.250.80.68	true	false		high
pocloudcentral.crm.powerobjects.net	23.99.128.52	true	false		high
clients.l.google.com	142.251.40.174	true	false		high
qblogsdocs.info	104.21.38.233	true	false		unknown
unpkg.com	104.16.125.175	true	false		high
clients1.google.com	unknown	unknown	false		high
clients2.google.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://qblogsdocs.info/McnNub3dAZGV3YmVycnkuY29t	false		unknown
https://qblogsdocs.info/d41d8cd98f00b204e9800998ecf8427e65d65bf928e7fPASd41d8cd98f00b204e9800998ecf8427e65d65bf928e80	true		unknown
https://klavoclick.com/#qXbgcnNub3dAZGV3YmVycnkuY29t??kypxg44fhlrkaixdobr=cnNub3dAZGV3YmVycnkuY29t/..=Zz68WtI&u=276b8dda4ef94158348d5b6b8&id=6b7205781d	false		unknown
https://qblogsdocs.info/McnNub3dAZGV3YmVycnkuY29t?__cf_chl_tk=2Jb8.M0KElknli1E6TQbluSlPJ4V3x6tIvBfNva_qEI-1708547052-0.0-3986	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/l3frn/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.80.68	www.google.com	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
104.21.38.233	qblogsdocs.info	United States		13335	CLOUDFLARENETUS	false
104.17.3.184	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
104.16.125.175	unpkg.com	United States		13335	CLOUDFLARENETUS	false
142.250.64.67	unknown	United States		15169	GOOGLEUS	false
172.67.140.197	unknown	United States		13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.251.41.10	unknown	United States		15169	GOOGLEUS	false
142.251.40.174	clients.l.google.com	United States		15169	GOOGLEUS	false
142.250.72.99	unknown	United States		15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
104.251.111.203	klavoclick.com	Canada		15290	ALLST-15290CA	false
104.17.2.184	unknown	United States		13335	CLOUDFLARENETUS	false
23.99.128.52	pocloudcentral.crm.powerobjects.net	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.253.115.84	accounts.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1396487
Start date and time:	2024-02-21 21:23:46 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp+UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//klavoclick%E3%80%82com/#qXbgcnNub3dAZGV3YmVycnkuY29t??kypxg44fhlrkaixdobr=cnNub3dAZGV3YmVycnkuY29t/..=Zz68WtI&u=276b8dda4ef94158348d5b6b8&id=6b7205781d
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.win@20/21@28/170

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.250.72.99, 34.104.35.123
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp+UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//klavoclick%E3%80%82com/#qXbgcnNub3dAZGV3YmVycnkuY29t??kypxg44fhlrkaixdobr=cnNub3dAZGV3YmVycnkuY29t/..=Zz68WtI&u=276b8dda4ef94158348d5b6b8&id=6b7205781d

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 21 19:24:12 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.990403990562847
Encrypted:	false
SSDEEP:
MD5:	F57FCFDEDB7E4615C9336E5653817EC9
SHA1:	D9CFED24AF251BFECC865456E73E0496003D4B90
SHA-256:	34A08B59FC59A97F0220A1912B32A83B9182FFCB143F9E6F41D6230EFD547B64
SHA-512:	5694AB44BC12171D217FF4CC1DE8AD4C33AEB0DB8E8600E340337CB22D42CAEA146286DDB0016C18A2BC769C102D51DFD3DD7F7E00019AFB9A2F1CAA0FD4A74A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........e......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IUX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VUX......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VUX.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VUX.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 21 19:24:12 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.004604839871964
Encrypted:	false
SSDEEP:
MD5:	34820C7FEBD4CEB4FE711E1315DE5F35
SHA1:	EB728BEFE3A0B4B44B137DF7D2708216DC524388
SHA-256:	093FFA62B283B2AAA5096D055B775F8AAE37D1B59191F5E05390A9FE86C206A5
SHA-512:	149B5F1E69FD8ABFFCC5E8F1BFD1067AFEC36EEA6661F787A57581F01DA71B3F8BE17083DF2A4A7E8BD04FF8491BD29FA33B47EA864BC1C264C7D729328F5950
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....N...e......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IUX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VUX......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VUX.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VUX.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.014801647191962
Encrypted:	false
SSDEEP:
MD5:	47C9C270FEEFF5531661AB379DCD20DE
SHA1:	A839E8D9F45C735447A3C740000B16EBE6900C98
SHA-256:	9F563FDA95E65B5506A34BD8C0346C247F8F6ADDFB566F548F340A857B3E760E
SHA-512:	27A851C14370A72CF1E15303E6DBD8D1AC72FCEF057C0568DC56DDD3976287CC274AFE79FB5E7B466FDE5AC2C3382209D5B3225EFFD971A4D7DCE35473ADE76D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IUX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VUX......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VUX.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 21 19:24:12 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.003033375622938
Encrypted:	false
SSDEEP:
MD5:	A896BDDF0BEF5F0D75B60E1A195EFC0D
SHA1:	C8B0F628915614B8C588C1318A3458E9828966D2
SHA-256:	9184F4CCB18E9361F28BACDDFB2E4735862B9A73FD862F3E6FA070255B8C5750
SHA-512:	ECF13024F0A575B56915BAAC58044A52122DA109FA8A0939EAA05148DB3EAEEBE452F34F65D4112A2658A94E4059C9523216DC80F41653C84A5BC7745B3B73D0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....\|....e......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IUX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VUX......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VUX.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VUX.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 21 19:24:12 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9906727185335154
Encrypted:	false
SSDEEP:
MD5:	977EA0CA592393AD4008F7E9A95672F7
SHA1:	4ED6E07FD96C0BCAA4FEFD65B7DEB63A15EDA27B
SHA-256:	267E65D493558542BF5D37251C2CEA57774BD5E20A9A08220F95691E0981C11A
SHA-512:	6A3B0B2C5B7F4EC71BCDAB08A4471695CADEBC9ED97C1D9C67E4192836C7FBEF0C3D6D3FA0F7EAF370FB38DB872941B0D7D1E50C74C91F1778AC8000A88A8648
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........e......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IUX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VUX......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VUX.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VUX.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 21 19:24:12 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.004437914323978
Encrypted:	false
SSDEEP:
MD5:	6408B4B48FC2B45D0036242E5C013A83
SHA1:	304C9F45BDB4CD1B06232AF1783B42DD1A7C802C
SHA-256:	13E4758589D77D3D29D93934A28073E409059A27556FD0432359517B86049DED
SHA-512:	E2E9185BA22735E708F2CB09ABC534ADB3DF579015350121A66B9F096696D2CC18F55ECCAE8AAC49BA047FBDDE551266BD6D7E2C85010A1CB5C063285362E28D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........e......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IUX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VUX......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VUX.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VUX.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 78

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 17 x 4, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.035372245524405
Encrypted:	false
SSDEEP:
MD5:	3C07C51602D680CC54864AF84F142C77
SHA1:	3FF6FDB0CE7B8D3D84B971D077434EC8BA4AF44D
SHA-256:	9932E9EC463A91E4B867685910ECF4EB4CDA31A67F31BDDE01C93B9F855DD0E1
SHA-512:	F7C8ADFACBD7B087846264FCCB2C0901CE442E2BDD885F07CA984494F35E1D3457FB4F616046E26FB191427D15038C0F6F901673C77987AB07220D36A02B3238
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8591b6301ad172aa/1708547055255/jolV9piFMCpJ9zE
Preview:	.PNG........IHDR...............C.....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 79

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (39034)
Category:	downloaded
Size (bytes):	39035
Entropy (8bit):	5.375965898707714
Encrypted:	false
SSDEEP:
MD5:	683797FBD8ADBC1440DD30F6BD2373D7
SHA1:	EF254785A85FD5C302ED02C1B7CA58FFA23C5E8D
SHA-256:	28F72BC26CB8C6BF06B1B8C706A51B2FB326D11B23D02E7B6F455AB8E20EA3B1
SHA-512:	9E1C0F06E82C16365CA11F011EBD6E5C7EDE6CCCDD820EFB84AE6DC3C27D84AB0EB76E4B1C4B914E45877F0BB3445194D159B98E67FD6BAD5D805E94A9DB5ED4
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/b/0f752fefe334/api.js?onload=SdFnRC2&render=explicit
Preview:	"use strict";(function(){function pt(e,r,t,i,f,s,g){try{var v=e[s](g),y=v.value}catch(u){t(u);return}v.done?r(y):Promise.resolve(y).then(i,f)}function vt(e){return function(){var r=this,t=arguments;return new Promise(function(i,f){var s=e.apply(r,t);function g(y){pt(s,i,f,g,v,"next",y)}function v(y){pt(s,i,f,g,v,"throw",y)}g(void 0)})}}function k(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):k(e,r)}function xe(e,r,t){return r in e?Object.defineProperty(e,r,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[r]=t,e}function Ue(e){for(var r=1;r<arguments.length;r++){var t=arguments[r]!=null?arguments[r]:{},i=Object.keys(t);typeof Object.getOwnPropertySymbols=="function"&&(i=i.concat(Object.getOwnPropertySymbols(t).filter(function(f){return Object.getOwnPropertyDescriptor(t,f).enumerable}))),i.forEach(function(f){xe(e,f,t[f])})}return e}function mt(e){if(Array.isArray(e))return e}function gt(e,r){var t=e==null?null:typeof Symbol!="und

Chrome Cache Entry: 80

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	unknown
URL:	https://qblogsdocs.info/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 81

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (50758)
Category:	downloaded
Size (bytes):	51039
Entropy (8bit):	5.247253437401007
Encrypted:	false
SSDEEP:
MD5:	67176C242E1BDC20603C878DEE836DF3
SHA1:	27A71B00383D61EF3C489326B3564D698FC1227C
SHA-256:	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
SHA-512:	9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
Malicious:	false
Reputation:	unknown
URL:	https://qblogsdocs.info/boot/2444e071eaacb25cf76a8f92c50b6ab065d65bf9b65c7
Preview:	/!. Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

Chrome Cache Entry: 82

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 83

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (40958)
Category:	downloaded
Size (bytes):	40997
Entropy (8bit):	5.31225721128547
Encrypted:	false
SSDEEP:
MD5:	A46FFDABABFAEA9A1D2F8DA24FD43086
SHA1:	A54D5DADE6F704214F6184C815926158C0FC21E0
SHA-256:	3434B67595C68071824E142D077CE7E105D40AC40B15164896D11E54078D0213
SHA-512:	3507C1FDB0DA07C91A49717C13BEC98E11C6E4F33A5D5471BC7CE4662C25DDD7560843C16B6DD3EFA32E592C0025D306267990A8CD15798F6416CCECAC1105AD
Malicious:	false
Reputation:	unknown
URL:	https://unpkg.com/axios@1.6.7/dist/axios.min.js
Preview:	!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e\|\|self).axios=t()}(this,(function(){"use strict";function e(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function t(t){for(var r=1;r<arguments.length;r++){var n=null!=arguments[r]?arguments[r]:{};r%2?e(Object(n),!0).forEach((function(e){u(t,e,n[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(n)):e(Object(n)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(n,e))}))}return t}function r(){r=function(){return e};var e={},t=Object.prototype,n=t.hasOwnProperty,o="function"==typeof Symbol?Symbol:{},i=o.iterator\|\|"@@iterator",a=o.asyncIterator\|\|"@@asyncIterator",s=o.toStri

Chrome Cache Entry: 84

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (18945), with CRLF line terminators
Category:	downloaded
Size (bytes):	21253
Entropy (8bit):	5.532707538002349
Encrypted:	false
SSDEEP:
MD5:	918F10FA004CBD59A459EFD6C99FA247
SHA1:	CF46323B0899C9A5C039E646214F805CA49305D4
SHA-256:	EF0CA7F69A99145F2B23193E8AA499BD090995D0A7A0D14A7379F57FE6D09E16
SHA-512:	89B057F32D59B0BCAA5CF53B8530FC4CFE774D2B4A58C100960101F60CFE1C69ACD1F48219D4AE07D14302C8FF6B42444D6A69BF69A11A384361AC413EE6C013
Malicious:	false
Reputation:	unknown
URL:	https://klavoclick.com/
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>safelinks</title>.. <script>..(function(_0x3a9a05,_0x46f8fe){function _0x11dbdc(_0x2ac003,_0x36f57f,_0x361802,_0x5cf82c){return _0x223a(_0x2ac003-0x39d,_0x36f57f);}var _0x38ced0=_0x3a9a05();function _0x55c000(_0x1bc800,_0x24ff0a,_0x5e4cca,_0x371222){return _0x223a(_0x371222- -0x18d,_0x1bc800);}while(!![]){try{var _0x4ca328=parseInt(_0x55c000(0x1,0x14,-0x7,0x18))/(-0xf5a+0x170x10+0xdeb)+-parseInt(_0x55c000(0x66,0x6a,0x39,0x53))/(-0x16bc+0x12f7-0x2+0x3cac0x1)(parseInt(_0x55c000(0x9,0x48,0x44,0x2f))/(0xbc7+-0xb23+0xa1-0x1))+parseInt(_0x55c000(0x1e,0x40,0x62,0x49))/(0xdb7+-0x66a+-0x50x175)(-parseInt(_0x11dbdc(0x584,0x584,0x5a1,0x5a4))/(-0x1047+0x116b+-0x290x7))+-parseInt(_0x11dbdc(0x579,0x57f,0x5a7,0x596))/(-0x1c360x1+-0xa9-0x2c+-0xd0)+parseInt(_0x11dbdc(0x55e,0x559,0x537,0x53e))/(-0x9-0x15b+-0x13d5+0x7a9)(-parseInt(_0x

Chrome Cache Entry: 87

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	306493
Entropy (8bit):	7.715068170696433
Encrypted:	false
SSDEEP:
MD5:	7D07C247E8DFD5BFAF9A7169B5C402BD
SHA1:	392CC7836CA5418F3E65CC67F5680B2A359399DC
SHA-256:	345F500582FB5CFC20DF5426C6B54BB0BCAA62EB0249A4A661DC9716A9EDC006
SHA-512:	7004443DE5B756F63B9CC5498AE8B33540F82297250DF5996E9510F653D2ACFFC1B6AB0FB5B955131EC9AF60BA33F34C52D277563FE9C78214B0C53DF2DFE541
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......8........C....bKGD..............IDATx...[o].'z~.s.m9O._..'.a.#Y.Ul. .Z.m]bI.t.C..$@.hAF3.C.2/.I.......IP...N.\.....{.=.\.2.c^.x.C.^s.M.....3?..o.{h~....?...?./).......,(2.4....XI..}..l~..s7F~x.....7..9..w.t.....U.s.i..?...{..K....?.....?...$..g.HgL..7....5.....(.Z..`.X.....).3.....y.,....../.q..z....3h..........2........yny...8....G....y.<.c:.:o.s~........R..~3x.k~}.w~......)0...<W.)6owrm......7.,X~....@.m1...Z.9.....?..2o.yc... .M..$...?M.O.....c.v~..9.y\_.n..w...{z...s....?:.....g........o..........`.v...\|e...}.`..7.H;...2.f..Ky#._Q.e.....g...F...g2...K..Z.....s...q... .~..81.....3.Z{..1..I..]..18_...c.;.. ......^.^.....\..?..t..E]..\|..7N.Z......_w..<6........vB`.y...?[0&....`..O......h...2.f.f(f.f.f.......D....w.......w=.........2w..{ma.M..K....\|...".)#.........t..!. ...'..j.3..!p....Z8.+0..:...x9[....>@".....;..K......p/.8o....aV........!p............&F`.9...7.qY G`..p.0.s............6.Li#.a..........S.0.f.......n

Chrome Cache Entry: 89

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 90

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 108 x 24, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1637
Entropy (8bit):	6.669128973210611
Encrypted:	false
SSDEEP:
MD5:	EE236805D05E24861CE1B6B0E7D94B8D
SHA1:	D46828CF9DF268DDAF62FACF15590A447116AEB8
SHA-256:	175986272200FB72DA9A598D30016BBDA9DDCAA9E6E3F07EB94BC74196D4B805
SHA-512:	7AB26F51D3F8F1CAAF208D86A62558593FF6DD99617A5D3D42648F0F4AEA1FCE766BCA8D0D6E2A8AABF82A6F4024CA2C3DCA588EDE6C5973D631B0E575271315
Malicious:	false
Reputation:	unknown
URL:	https://qblogsdocs.info/ASSETS/img/LIMG-65d65bfc6081a.css
Preview:	.PNG........IHDR...l.........(..(...mPLTE.........UUU...fff...mmm...qqq...jjjmmmxxxqqqyyysssmmmooouuupppvvvqqqvvvrrrwwwpppqqqqqquuurrrvvvpppsssqqqtttqqqrrruuusssqqqtttrrrtttuuusssuuusssqqqttttttrrrtttsssuuussssssrrrtttrrrtttsssssssssrrrtttrrrtttsssrrrrrrrrrtttrrrtttssssssrrrsssrrrrrrtttssstttsssssstttssstttssstttsssrrrrrrtttssstttssstttsssrrrrrrsssssstttsssrrrsssssssssttttttsssrrrssssssssstttssstttsssrrrsssssssssttttttsssrrrsssrrrsssssssssssstttssstttrrrsssssssssssstttsssssssssssstttssssssssssssssssssssstttssssssssssssssssss...sss....P!...sssssssssrrrsssssssssssssssssstttssssss...sss....P"...ssssssssssssssssssrrrssssssssssssssssssssssss...sss....P"........%'....tRNS.......................... "$%&')*+,-1236789;<=>?@BCDEFGIJMNOPRTUVWX[\^`abcdfghiklmnosuvwxyz{}...........................................................................................................N>......bKGD.........IDATH....W.e...k.2....(.+c.,....h....1.A......B4Z.L1.l1.r..M-Q36A........}...C.x}}.}~.~n~.;._..O:......

Chrome Cache Entry: 91

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	105369
Entropy (8bit):	5.240719144154261
Encrypted:	false
SSDEEP:
MD5:	8E6B0F88563F9C33F78BCE65CF287DF7
SHA1:	EF7765CD2A7D64ED27DD7344702597AFF6F8C397
SHA-256:	A7057BEBFFF43E7281CA31DA00D40BD88C8D02D1576B9C45891DD56A3853269A
SHA-512:	7DCE31D45ACA40340490B9F437A22ADF212B049DE0D4DDEB908A50C1F5C6C7B5561323B3A93B6ED3E5A7C44D7170460BFF8D8722749191C0F5A8DBD83E093E7F
Malicious:	false
Reputation:	unknown
URL:	https://qblogsdocs.info/APP-TLVTWZ/2444e071eaacb25cf76a8f92c50b6ab065d65bfb4f789
Preview:	html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}

Chrome Cache Entry: 92

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	D6B82198AF25D0139723AF9E44D3D23A
SHA1:	D60DEEF1847EEEF1889803E9D3ADC7EDA220F544
SHA-256:	A5C8CC49FA6649BE393EF22C2B31F1C46B671F8D763F783ED6D7B4E33669BDA3
SHA-512:	B21BEE2EEC588308A9DC3C3C2405377704B39B08AA20CBA40BA6E6834E67CF6F2C086E0701F5B05AEE27E2677E9C5C24FF137318275ACA00DD063DF3DCC07D4D
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAmnOsSCbmc7YRIFDVd69_0=?alt=proto
Preview:	CgkKBw1Xevf9GgA=

Chrome Cache Entry: 93

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	513
Entropy (8bit):	4.720499940334011
Encrypted:	false
SSDEEP:
MD5:	A9CC2824EF3517B6C4160DCF8FF7D410
SHA1:	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
SHA-256:	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
SHA-512:	AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

Chrome Cache Entry: 94

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6357), with no line terminators
Category:	downloaded
Size (bytes):	6357
Entropy (8bit):	5.243003524346767
Encrypted:	false
SSDEEP:
MD5:	82FF6E77E3B8F004B23294185E108264
SHA1:	03C685B50FD4587427495348CD1231882A8C48D0
SHA-256:	0E230A53A5D5ABD125C2A8E1CDD97B32DDD84A9F7FD07C23BFF95413886B05FA
SHA-512:	4A2CE7166010BDAEBFA09A7D7F8F858AB28FFF7128F4EF650D8BD0214E3AECADE963D29A4BC5B27E820FF45B3827B6BE69F519DC890118FD423D5375B3893758
Malicious:	false
Reputation:	unknown
URL:	https://qblogsdocs.info/jm/2444e071eaacb25cf76a8f92c50b6ab065d65bf9b65c8
Preview:	var _0x93a3bf=_0x2d52;(function(_0x547797,_0x18550f){var _0x59203=_0x2d52,_0x4480cd=_0x547797();while(!![]){try{var _0xcc5b57=-parseInt(_0x59203(0xeb))/0x1+parseInt(_0x59203(0x10b))/0x2(-parseInt(_0x59203(0xfa))/0x3)+-parseInt(_0x59203(0xd9))/0x4+-parseInt(_0x59203(0xe4))/0x5(parseInt(_0x59203(0xe0))/0x6)+parseInt(_0x59203(0xfb))/0x7+parseInt(_0x59203(0xe3))/0x8(-parseInt(_0x59203(0xec))/0x9)+-parseInt(_0x59203(0xd7))/0xa(-parseInt(_0x59203(0xcb))/0xb);if(_0xcc5b57===_0x18550f)break;else _0x4480cd['push'](_0x4480cd['shift']());}catch(_0x1f86db){_0x4480cd['push'](_0x4480cd['shift']());}}}(_0x5821,0xf115f));var _0x743837=(function(){var _0x2211cb=!![];return function(_0x41026e,_0x2b42dd){var _0x50a8cc=_0x2211cb?function(){var _0x2a2063=_0x2d52;if(_0x2b42dd){var _0x1cceff=_0x2b42dd[_0x2a2063(0xdb)](_0x41026e,arguments);return _0x2b42dd=null,_0x1cceff;}}:function(){};return _0x2211cb=![],_0x50a8cc;};}()),_0x4a9cd1=_0x743837(this,function(){var _0x3e2c84=_0x2d52;return _0x4a9cd1[_0x3e2c

Chrome Cache Entry: 95

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	unknown
URL:	https://qblogsdocs.info/jq/2444e071eaacb25cf76a8f92c50b6ab065d65bf9b65c3
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Static File Info

⊘No static file info