Edit tour

Windows Analysis Report
https://cddehakdhe32cnherf.blob.core.windows.net/cddehakdhe32cnherf/unsb.html

Overview

General Information

Sample URL:	https://cddehakdhe32cnherf.blob.core.windows.net/cddehakdhe32cnherf/unsb.html
Analysis ID:	1396492

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Creates files inside the system directory

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cddehakdhe32cnherf.blob.core.windows.net/cddehakdhe32cnherf/unsb.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6460 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1892,i,10257301829801954005,4929932543938282074,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.leaveinbox.com/o-twxs-o55-b80ecaedd7c705b2b70842d14c5d809b#634245/undefined

HTTP Parser: Number of links: 0

Source: https://www.leaveinbox.com/o-twxs-o55-b80ecaedd7c705b2b70842d14c5d809b#634245/undefined

HTTP Parser: Title: Unsubscribe does not match URL

Source: https://www.leaveinbox.com/o-twxs-o55-b80ecaedd7c705b2b70842d14c5d809b#634245/undefined

HTTP Parser: No <meta name="author".. found

Source: https://www.leaveinbox.com/o-twxs-o55-b80ecaedd7c705b2b70842d14c5d809b#634245/undefined

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49756 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49756 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_6276_1720154089

Source: classification engine

Classification label: clean2.win@16/27@28/238

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cddehakdhe32cnherf.blob.core.windows.net/cddehakdhe32cnherf/unsb.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1892,i,10257301829801954005,4929932543938282074,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1892,i,10257301829801954005,4929932543938282074,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://cddehakdhe32cnherf.blob.core.windows.net/cddehakdhe32cnherf/unsb.html	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.leaveinbox.com	94.237.47.134	true	false	unknown
surfacebeat.com	37.44.198.129	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
static.cloudflareinsights.com	104.16.56.101	true	false	unknown
accounts.google.com	142.251.163.84	true	false	high
googleads.g.doubleclick.net	142.250.80.66	true	false	high
api.optoutsystem.com	18.236.24.149	true	false	unknown
sentry.io	35.186.247.156	true	false	high
www.google.com	142.251.40.196	true	false	high
clients.l.google.com	142.250.65.206	true	false	high
clients1.google.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.leaveinbox.com/o-twxs-o55-b80ecaedd7c705b2b70842d14c5d809b#634245/undefined	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.251.40.227	unknown	United States	15169	GOOGLEUS	false
35.186.247.156	sentry.io	United States	15169	GOOGLEUS	false
142.251.40.206	unknown	United States	15169	GOOGLEUS	false
142.250.81.226	unknown	United States	15169	GOOGLEUS	false
20.209.1.1	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.40.202	unknown	United States	15169	GOOGLEUS	false
142.250.80.66	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false
18.236.24.149	api.optoutsystem.com	United States	16509	AMAZON-02US	false
142.251.40.138	unknown	United States	15169	GOOGLEUS	false
142.250.65.206	clients.l.google.com	United States	15169	GOOGLEUS	false
37.44.198.129	surfacebeat.com	Russian Federation	57271	BITWEB-ASRU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.16.56.101	static.cloudflareinsights.com	United States	13335	CLOUDFLARENETUS	false
142.251.40.196	www.google.com	United States	15169	GOOGLEUS	false
142.251.40.163	unknown	United States	15169	GOOGLEUS	false
142.250.72.99	unknown	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
94.237.47.134	www.leaveinbox.com	Finland	202053	UPCLOUDFI	false
142.251.35.162	unknown	United States	15169	GOOGLEUS	false
142.251.163.84	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1396492
Start date and time:	2024-02-21 21:29:49 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://cddehakdhe32cnherf.blob.core.windows.net/cddehakdhe32cnherf/unsb.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@16/27@28/238

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.72.99, 20.209.1.1, 34.104.35.123
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://cddehakdhe32cnherf.blob.core.windows.net/cddehakdhe32cnherf/unsb.html

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 21 19:30:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.990277882835608
Encrypted:	false
SSDEEP:
MD5:	A7202364F2D87D9C238AFB4506FBC347
SHA1:	0F4DDA3FF9C9C2D0590D82BA97AC9357A62FA12F
SHA-256:	EC6790CF8B7573CC9519C5BFAC2CCCF59CE848AC580E28C0DDC1123E4F931567
SHA-512:	32AB7543B749358877EC3C7617B390A9DDA9207C2C0972F53AA24532CF0EA3FC7ED1659A5CA232A7E73EC28B7A777BD4F25032B6DFB24567445432D99A0F1327
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....n...e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IUX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VUX............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 21 19:30:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.005863653071092
Encrypted:	false
SSDEEP:
MD5:	976DAD0601E012B2D343C63F0CA32ADE
SHA1:	C69F86F72FF91EB329B5FEC8565AAF38A29021B8
SHA-256:	2E1D1FBA2313E64EA8D939494643CD281EFF8EF54C6249FBFCD01EABE907458A
SHA-512:	E06E52CB122FAF63EF5AE7F7410D3846E635D8543E6AC03F6247668551C56941BEC09604F0B442D8C852B947A6209329972612DC9B2B09E949C53E850A923AB7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....C...e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IUX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VUX............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.013343198812315
Encrypted:	false
SSDEEP:
MD5:	BCBE4CC0AB58570E8DCFC50C88D5F666
SHA1:	1AAF3A6C803DC0F056BB375F17DC073A32DC9565
SHA-256:	A819B15C168DDA46F9BAE981F0FF54D83C15F358EB08828497E6F4879885824C
SHA-512:	04A8B0AE8AC5F35DFA41828E276E7B1DEC1F3B1D00E36E4824748F82D3626CC7BF1D07A1C05D13AD35E99CFBDD1C110205758030B778F7FDB97D14B4660DA57A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IUX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 21 19:30:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.00582789076353
Encrypted:	false
SSDEEP:
MD5:	7569FD823CE680CB19D968219BC0A820
SHA1:	3C0A471A2AF61828B6CF44E8D5BB3056CCE516C3
SHA-256:	D05D3411D289537ECE5869043AEE8FEDD418D2558BDFE4CDBF7CA0FD3E39134D
SHA-512:	174B87C630066D8F87961003C4A5A56197FDA96092DE40436F4D85FEBC806004708B1AF7B5B1880B44A3037F241C3F321060BC8E74937DD15F95A96363D2A3C7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....3....e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IUX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VUX............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 21 19:30:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9935157502291987
Encrypted:	false
SSDEEP:
MD5:	CF8B11F1B57911EB8B660A8848B9E167
SHA1:	573815B0DA92524258D25EF186281F32BDC69E9C
SHA-256:	039CF4CAD534E5A5E10594DDEF09C1AD5202E0F3F16504B4AB0F0EF4605BB125
SHA-512:	BE565248D0D40538D98C6CF51981AC91006287F9FE662373E2C8DA9E7899D2E3819ED2EB1E4EF8B9052ED5B93227B8439027E943579D3A91EE8D27BAB169D01D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IUX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VUX............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Feb 21 19:30:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.004232443049999
Encrypted:	false
SSDEEP:
MD5:	D0E0EB56EC94541877DA0C203DFF9721
SHA1:	F14AA277758C21EA550EB37F311F4426E78AB960
SHA-256:	853F2FC27FF8BDBEDCDE3A9766CA0DE9BD7FA9E1484F6A9DF2350A932A9CB0D7
SHA-512:	F4750FF228162403D0C2F673EC9F9A404FC4927C25E1368CB535AA9088F57489C3C663A19ABD7EF57A6A426DE4023F53B6DAFC88871FB9F020F4C7E8EEB8C15E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....1.\|..e..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IUX......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUX.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUX.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUX............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VUX............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2442
Entropy (8bit):	5.433750282812215
Encrypted:	false
SSDEEP:
MD5:	F93FFE3E7659336BDBABD70A7D00A995
SHA1:	24E4ACC6239D78C313521A4B3795E6B18E4DAF72
SHA-256:	6B8A445DBDDFB9B7C56FFD4F34B6CA628A0D2C85B6A8F4DA1EDA376694377C3C
SHA-512:	377BAEB23702D4EE906116BE7271D46C7A82963A1643B3A86D194242FBABDED0720FE939EC66AE68302BD910C6627F025FDB8D134A78DE41288B8A8DAF5EFA25
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css2?family=Inter:wght@100..900&display=swap
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2JL7SUc.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2ZL7SUc.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. f

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (19986), with no line terminators
Category:	downloaded
Size (bytes):	19986
Entropy (8bit):	5.253227111919225
Encrypted:	false
SSDEEP:
MD5:	DD1D068FDB5FE90B6C05A5B3940E088C
SHA1:	0D96F9DF8772633A9DF4C81CF323A4EF8998BA59
SHA-256:	6153D13804862B0FC1C016CF1129F34CB7C6185F2CF4BF1A3A862EECDAB50101
SHA-512:	7AEA051A8C2195A2EA5EC3D6438F2A4A4052085B370CF4728B056EDC58D1F7A70C3F1F85AFE82959184869F707C2AC02A964B8D9166122E74EBC423E0A47FA30
Malicious:	false
Reputation:	unknown
URL:	https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Preview:	!function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n\|\|0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]]].join("")}},944:function(e){"use strict";var t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto)\|\|"undefined"!=typeof msCrypto&&"function"==typeof window.msCrypto.getRandomValues&&msCrypto.getRandomValues.bind(msCrypto);if(t){var n=new Uint8Array(16);e.exports=function(){return t(n),n}}else{var r=new Array(16);e.exports=function(){for(var e,t=0;t<16;t++)0==(3&t)&&(e=4294967296*Math.random()),r[t]=e>>>((3&t)<<3)&255;return r}}},508:function(e,t,n){"use strict";var r=n(944),i=n(343);e.exports=function(e,t,n){var o=t&&n\|\|0;"string"==typeof e&&(t="binary"===e?new Array(16):null,e=null);var a=(e=e\|\|{}).random\|\|(e.rng\|\|r)();if(

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (384)
Category:	downloaded
Size (bytes):	1236
Entropy (8bit):	5.3618580450026725
Encrypted:	false
SSDEEP:
MD5:	29E743F985F8E0FF72A62DE37E8B7D77
SHA1:	D6CB89535E0843405D4143534FD9C908474CDB78
SHA-256:	E81233E22BBCDCA6DC573A7C27F5FE47C512387A07F490389B1E38B4DEAA94A4
SHA-512:	3F3835CCFEE4B10B409016F078ECD2C77C6E353BF21B067534C43B529A45F2E721C67451D3E38B18C3996B56232A8A637DA92E35FF65A46B52D0EE4B7A33A5AB
Malicious:	false
Reputation:	unknown
URL:	https://www.leaveinbox.com/o-twxs-o55-b80ecaedd7c705b2b70842d14c5d809b
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="utf-8" />. <meta name="viewport" content="width=device-width, initial-scale=1" />. <title>Unsubscribe</title>. <link rel="icon" type="image/svg+xml" href="/favicon.svg" sizes="any" />. <link rel="alternate icon" href="/favicon.ico" />. <link rel="preconnect" href="https://fonts.googleapis.com" />. <link rel="preconnect" href="https://fonts.gstatic.com" />. <link. href="https://fonts.googleapis.com/css2?family=Inter:wght@100..900&display=swap". rel="stylesheet". />. <script type="module" crossorigin src="/assets/index-uaL7UfZR.js"></script>. <link rel="stylesheet" crossorigin href="/assets/index-rXJICDJD.css">. </head>. <body>. <noscript>You need to enable JavaScript to run this app.</noscript>. <div id="root"></div>. <script defer src="https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317" integrity="sha512-euoFGowhlaLqXsPWQ48qSkBSCF

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Category:	downloaded
Size (bytes):	190185
Entropy (8bit):	5.476986591076414
Encrypted:	false
SSDEEP:
MD5:	DD4109156321A608AFBB2486ECDB1C88
SHA1:	728BFAD4CA8E3715CDED21468A2A75107B57C372
SHA-256:	65B3B6339AF150BD718A7028EC728E2B5760D6A95B480A13FCAF94889A855696
SHA-512:	8573DDEAE9A7F3424FE6C6D2688FCAA5E3ABD1C028D860EC59A5376E04852A7C2AC4D9F38615F709204755F6EDD55E8B832F6D7941EDAF3E149F9B5A9ABC0C16
Malicious:	false
Reputation:	unknown
URL:	https://www.leaveinbox.com/assets/index-s1vj2YYI.css
Preview:	@charset "UTF-8";@media only screen and (min-width: 1224px){._container_wm4b9_6{margin-top:64px;max-width:1000px}}@media only screen and (min-width: 480px) and (max-width: 1224px){._container_wm4b9_6{margin-top:64px;width:80%}}@media only screen and (max-width: 480px){._container_wm4b9_6{margin-top:24px;width:100%}}._container_wm4b9_6{background-color:#fff;max-width:1000px;margin-left:auto;margin-right:auto;border-radius:10px;padding:0;box-shadow:0 4px 6px #0003}._content_wm4b9_34{display:grid;min-height:300px;padding:16px 24px}._footer_wm4b9_40{align-items:center;background-color:#e7e7e7;border-bottom-left-radius:10px;border-bottom-right-radius:10px;display:flex;justify-content:space-between;padding:16px 24px;overflow:hidden;width:100%}._header_wm4b9_53{background-color:#e7e7e7;padding:24px}._spinner_10ku4_1{animation:_rotation_10ku4_1 1s linear infinite;border-radius:50%;border:4px solid var(--bs-gray);border-bottom-color:transparent;box-sizing:border-box;display:inline-block;height:

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3917)
Category:	dropped
Size (bytes):	149391
Entropy (8bit):	5.596907440659784
Encrypted:	false
SSDEEP:
MD5:	C4E6A10B5F80D69F5FFF5928FFCBBAE0
SHA1:	3FF1CC3CB07F1D293FB906408C22D6B5DF29E9E7
SHA-256:	D81C2BC80F965DAF4381246E386BF2DF6F7591E2D53F5B7A0EA82FADD8DFFDCB
SHA-512:	06BF45E5D1E07EBE211430F956B3491452E7C17805CF009CC9735E4913F7E85EF65CAA52B6933F85320812E85DF1859783FA5210B45DACE160264CD3907EF7F2
Malicious:	false
Reputation:	unknown
Preview:	(function(sttc){'use strict';var aa={};/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 ./ .var p=this\|\|self;function ba(a){a=a.split(".");for(var b=p,c=0;c<a.length;c++)if(b=b[a[c]],null==b)return null;return b}function ca(a){var b=typeof a;return"object"==b&&null!=a\|\|"function"==b}function da(a){return Object.prototype.hasOwnProperty.call(a,ea)&&a[ea]\|\|(a[ea]=++fa)}var ea="closure_uid_"+(1E9Math.random()>>>0),fa=0;function ha(a,b,c){return a.call.apply(a.bind,arguments)} .function ia(a,b,c){if(!a)throw Error();if(2<arguments.length){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}}function ja(a,b,c){ja=Function.prototype.bind&&-1!=Function.prototype.bind.toString().indexOf("native code")?ha:ia;return ja.apply(null,arguments)} .function la(a,b){var c=Array.prototype.slice.call(arguments,1)

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	552
Entropy (8bit):	5.22804407438906
Encrypted:	false
SSDEEP:
MD5:	31B80ED5EEC1550E0EDF662F65482C48
SHA1:	70646D79D67A64D3BF556994F8ACB8EA4F6D188A
SHA-256:	091BB10503146884448A8AF965872F9D26C2F72CDBCEC9153DCEF0F57A13E400
SHA-512:	421D6EE051C7B5F2616C8AC3824AE034B21E69A33954C54A5DC2054A8F0BE4980B7276D3E9CA74B31B350AE0820A7AF2411195300ADB87D3526C48B7564A7477
Malicious:	false
Reputation:	unknown
URL:	https://www.leaveinbox.com/favicon.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><g clip-path="url(#a)"><circle cx="16" cy="16" r="14" fill="#2d4ec2" style="stroke-width:.875"/><g clip-path="url(#b)" transform="matrix(.875 0 0 .875 2 2)"><path fill="#fff" fill-rule="evenodd" d="m16 5-9.523 9.523v9.543h19.046v-9.543zm.026 15.322-3.822-2.851-3.823-2.85 15.238-.013-3.796 2.857z" clip-rule="evenodd"/></g></g><defs><clipPath id="a"><path fill="#fff" d="M0 0h32v32H0z"/></clipPath><clipPath id="b"><path fill="#fff" d="M26 5H6v20h20z"/></clipPath></defs></svg>

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Category:	downloaded
Size (bytes):	46704
Entropy (8bit):	7.994860687757006
Encrypted:	true
SSDEEP:
MD5:	30A274CD01B6EEB0B082C918B0697F1E
SHA1:	393311BDE26B99A4AD935FA55BAD1DCE7994388B
SHA-256:	88DF0B5A7BC397DBC13A26BB8B3742CC62CD1C9B0DDED57DA7832416D6F52F42
SHA-512:	C02C5894DFB5FBF47DB7E9EDA5E0843C02E667B32E6C6844262DD5DED92DD95CC72830A336450781167BD21FBFAD35D8E74943C2817BAAC1E4CA34EAAD317777
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Preview:	wOF2.......p......................................O......^?HVAR.g.`?STAT.8..4/l.....<..6..f.0..\.6.$..H. ..\..>..[`....\|...........7o.)....C81=......g#l..PA.c.......%...$.K.....\|}}....8H.\Yd.....2c.J....0K.....I..k...F..f......,L.....P...JGwj..KM....n..,..o.....n.ck...1...%.<.....;5...9..2....=b.....("4..:.k...K_...`.5v..2@...,_.3..6..@PR.]...f!X.~..b.....-..9.....?.=:kt.'@_...N...8.i......Fo..S.C.=%.........W.@7d..%......,"h...b@.DE.]l.n..(;......E.ng].`....8..C;m....).u8.....4...%..c.A.hc]....s.{.+....J..Rq...f..I;.B..g.....j.@~.........H.........:]Dc.J.6r..].".c...8j...v. M.PXB.,.v...M..NtOO.......Z`-.i..X.....".y....c.....+..e[..(..q...u..kh.k5W..=OK{.;...7...V...I.FMTWv.Dv.[..^`......JY..:.,.. tgKhC..2-...I..S..'...IL..........p......&:..(...g..B.`......%U....-.m.D.b.m..p..26.0D.....$j.r...w..z.9.)`..n.I..B...s"es...;..vY...6.T...**..2o.....W.Lu:wx.?.7..x......C..E.^SE..F.5WcMi..a..n...X...t.........6.j.j..M.9..a.....f<J.....@.&f..'.\|.....p

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17653)
Category:	downloaded
Size (bytes):	726043
Entropy (8bit):	5.689617767346386
Encrypted:	false
SSDEEP:
MD5:	93D4989EF2C2375DBBAF099A0F418809
SHA1:	127DF18A80B1FDF017D02EC1605A9E19D248DDF1
SHA-256:	24B6243CFA734FF9E354C4240312EBCAF3350F28795E5B06D49B9D5BAF04E14E
SHA-512:	D5008A7A14AD45376F3F17376523F4B109442ECB43BBAA2AABC8EA7DB20BF11CC092D046C507605FA78832F9810469C3A8727636F66207DE51F71D0029AB6502
Malicious:	false
Reputation:	unknown
URL:	https://www.leaveinbox.com/assets/index-uaL7UfZR.js
Preview:	function bw(e,t){for(var r=0;r<t.length;r++){const n=t[r];if(typeof n!="string"&&!Array.isArray(n)){for(const i in n)if(i!=="default"&&!(i in e)){const o=Object.getOwnPropertyDescriptor(n,i);o&&Object.defineProperty(e,i,o.get?o:{enumerable:!0,get:()=>n[i]})}}}return Object.freeze(Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}))}(function(){const t=document.createElement("link").relList;if(t&&t.supports&&t.supports("modulepreload"))return;for(const i of document.querySelectorAll('link[rel="modulepreload"]'))n(i);new MutationObserver(i=>{for(const o of i)if(o.type==="childList")for(const a of o.addedNodes)a.tagName==="LINK"&&a.rel==="modulepreload"&&n(a)}).observe(document,{childList:!0,subtree:!0});function r(i){const o={};return i.integrity&&(o.integrity=i.integrity),i.referrerPolicy&&(o.referrerPolicy=i.referrerPolicy),i.crossOrigin==="use-credentials"?o.credentials="include":i.crossOrigin==="anonymous"?o.credentials="omit":o.credentials="same-origin",o}function n(i){if(i

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	202
Entropy (8bit):	5.286824897023046
Encrypted:	false
SSDEEP:
MD5:	2DA1EADA37659879A38213BDA087DE80
SHA1:	84018F64F0FF7B55E2DCFBA7DC33731C32149AA3
SHA-256:	B6FFC06A76C73784F06BB1D8279CA026BE1080770EF9DFF3BCA48DB7287450CE
SHA-512:	BF8B0645A0F691788C38423D03D15E7A724B630D90B770B85514A2CACD0C43E73367396B9972D751840696645D9BACB6D3DCBE5802FE2DE325DF70920531468E
Malicious:	false
Reputation:	unknown
URL:	https://cddehakdhe32cnherf.blob.core.windows.net/cddehakdhe32cnherf/unsb.html
Preview:	<meta http-equiv="refresh" content="3; url=">..<script>..document.location.href = 'https://surfacebeat.com/0/0/0/u88fab4e1c9f934fe5a30ad27d5f1b629#634245/'+window.location.href.split('#')[1];..</script>

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	18
Entropy (8bit):	3.3502090290998976
Encrypted:	false
SSDEEP:
MD5:	E000ACEF32012A650D8C243D77C7302C
SHA1:	50624C2BAE8FE1A6DA065AB4BCA1C96822AE1820
SHA-256:	E3933184560739B70B60E2D0E48A6C7D7E18F76D95362E11F4155267700AC3A7
SHA-512:	D88E2A944FB1B88903CB2B7E207AE289C01770C3FD30A9A76F2031CAECC048AD474603FE393056F9C6E1A34BC6DD6A626CAD90773871095D11CED1241F49C061
Malicious:	false
Reputation:	unknown
Preview:	Method Not Allowed

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	903747EA4323C522742842A52CE710C9
SHA1:	9F806EA4288867A31A4AD53AC171AA4029DF182B
SHA-256:	4BD8B60F91849C936AE45615145A7B7BE2CF803322A30BABBAE7267A142CA5BB
SHA-512:	EEF73DC29A38ED70FFCFC321931BCB5B5A29FAAC356E8F6D84F57C532EEF44AE75021C341CF7DAE26B8211924A1C0E0EC4735F6BFC4AF3970A48EB63BFB7895F
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAna9ibn9ZQ0LxIFDYOoWz0=?alt=proto
Preview:	CgkKBw2DqFs9GgA=

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3917)
Category:	dropped
Size (bytes):	149382
Entropy (8bit):	5.596765937197724
Encrypted:	false
SSDEEP:
MD5:	A6211BE74D7DD1F88FB7C600EAF71F34
SHA1:	9E14176EDF39BDD91EE88764FF4BDEBFE336E5E7
SHA-256:	4D13C0952BF8C0780C61C93ABB5716E02BAE5AE3528537879AFC58E266272AAC
SHA-512:	466973130F18BA845B9FE7A1CEF5E86BFF61E4E84CEBD0DA42FA8CA99B64C17B6441ADA9F80BE17C268E9636E3B2105E2D126CBF22771A96EB6A8605CC3B13FF
Malicious:	false
Reputation:	unknown
Preview:	(function(sttc){'use strict';var aa={};/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 ./ .var p=this\|\|self;function ba(a){a=a.split(".");for(var b=p,c=0;c<a.length;c++)if(b=b[a[c]],null==b)return null;return b}function ca(a){var b=typeof a;return"object"==b&&null!=a\|\|"function"==b}function da(a){return Object.prototype.hasOwnProperty.call(a,ea)&&a[ea]\|\|(a[ea]=++fa)}var ea="closure_uid_"+(1E9Math.random()>>>0),fa=0;function ha(a,b,c){return a.call.apply(a.bind,arguments)} .function ia(a,b,c){if(!a)throw Error();if(2<arguments.length){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}}function ja(a,b,c){ja=Function.prototype.bind&&-1!=Function.prototype.bind.toString().indexOf("native code")?ha:ia;return ja.apply(null,arguments)} .function la(a,b){var c=Array.prototype.slice.call(arguments,1)

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3917)
Category:	dropped
Size (bytes):	149382
Entropy (8bit):	5.596771348345523
Encrypted:	false
SSDEEP:
MD5:	7873A7832A6ED4B883F7A01F3B5FE3FA
SHA1:	4234DC726E96940B73B81110ED6875B569E06913
SHA-256:	11BA546043406A7669BCB2B417BFB745BD362E8CA45E46E9D2C066F424DBCE13
SHA-512:	7C639377E9D79CBBE44AC024F4F92E48832E48275B78849C9E8F28FA168B80586787FD3957BCA44E365A5F05FF9611F3716C4140D6C1759B89AECC408C2D3E13
Malicious:	false
Reputation:	unknown
Preview:	(function(sttc){'use strict';var aa={};/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 ./ .var p=this\|\|self;function ba(a){a=a.split(".");for(var b=p,c=0;c<a.length;c++)if(b=b[a[c]],null==b)return null;return b}function ca(a){var b=typeof a;return"object"==b&&null!=a\|\|"function"==b}function da(a){return Object.prototype.hasOwnProperty.call(a,ea)&&a[ea]\|\|(a[ea]=++fa)}var ea="closure_uid_"+(1E9Math.random()>>>0),fa=0;function ha(a,b,c){return a.call.apply(a.bind,arguments)} .function ia(a,b,c){if(!a)throw Error();if(2<arguments.length){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}}function ja(a,b,c){ja=Function.prototype.bind&&-1!=Function.prototype.bind.toString().indexOf("native code")?ha:ia;return ja.apply(null,arguments)} .function la(a,b){var c=Array.prototype.slice.call(arguments,1)

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3917)
Category:	dropped
Size (bytes):	149391
Entropy (8bit):	5.596912294121297
Encrypted:	false
SSDEEP:
MD5:	1789D817CACB0F2AACF08D3A1D5618E8
SHA1:	6473FA65C1B86E2C55DDF1258D4BB138C33717F2
SHA-256:	E7575F5EE4BFAF1D3A716738A21E452ED171D2EBE85A7AD33E56671E47BE256E
SHA-512:	AA34B38FBB74E2F50857A4625B7A8C127B50626F37599FAE05698572E0A0B2AF35316FD3C7247F2C9360E2FF638AD994AA9278A84895BA1E1B33C70F6B6C2E04
Malicious:	false
Reputation:	unknown
Preview:	(function(sttc){'use strict';var aa={};/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 ./ .var p=this\|\|self;function ba(a){a=a.split(".");for(var b=p,c=0;c<a.length;c++)if(b=b[a[c]],null==b)return null;return b}function ca(a){var b=typeof a;return"object"==b&&null!=a\|\|"function"==b}function da(a){return Object.prototype.hasOwnProperty.call(a,ea)&&a[ea]\|\|(a[ea]=++fa)}var ea="closure_uid_"+(1E9Math.random()>>>0),fa=0;function ha(a,b,c){return a.call.apply(a.bind,arguments)} .function ia(a,b,c){if(!a)throw Error();if(2<arguments.length){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}}function ja(a,b,c){ja=Function.prototype.bind&&-1!=Function.prototype.bind.toString().indexOf("native code")?ha:ia;return ja.apply(null,arguments)} .function la(a,b){var c=Array.prototype.slice.call(arguments,1)

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3917)
Category:	dropped
Size (bytes):	149383
Entropy (8bit):	5.596779263787231
Encrypted:	false
SSDEEP:
MD5:	AA9A5EDDC3E7ECD274A427980A9D9CF0
SHA1:	D7EC3F34F8EC6B6ADF10CCF0007CA33CEE5DFAB1
SHA-256:	F88240ABCEB0B1F808816428510CD71EA6D7525991480417A1B6EB433867003C
SHA-512:	5694494194C3674FBA657CC50338CA3B75E6559397FFF0E87869822B180F212B1015445F2BD4B21C7935280952C15B8663F55FCEE34806DDF2427FCB5E4E5B9C
Malicious:	false
Reputation:	unknown
Preview:	(function(sttc){'use strict';var aa={};/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 ./ .var p=this\|\|self;function ba(a){a=a.split(".");for(var b=p,c=0;c<a.length;c++)if(b=b[a[c]],null==b)return null;return b}function ca(a){var b=typeof a;return"object"==b&&null!=a\|\|"function"==b}function da(a){return Object.prototype.hasOwnProperty.call(a,ea)&&a[ea]\|\|(a[ea]=++fa)}var ea="closure_uid_"+(1E9Math.random()>>>0),fa=0;function ha(a,b,c){return a.call.apply(a.bind,arguments)} .function ia(a,b,c){if(!a)throw Error();if(2<arguments.length){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}}function ja(a,b,c){ja=Function.prototype.bind&&-1!=Function.prototype.bind.toString().indexOf("native code")?ha:ia;return ja.apply(null,arguments)} .function la(a,b){var c=Array.prototype.slice.call(arguments,1)

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	172
Entropy (8bit):	4.024908017576797
Encrypted:	false
SSDEEP:
MD5:	F138AA519C0AF778DA470765AEA3514E
SHA1:	3192FF5F13CCF822A1A4ED5F33D3AC695E26E318
SHA-256:	DD6D49A44DC3392BC0C6B2E93705C201ED8C700962257CD7FB2B516CC0D76E09
SHA-512:	AFF4416A81FE6EBACEF1EE613E064F9525E9A71653B7C9ADC6D0DA6088CB05F22A765E033B0C792277EED79159DC5EF6A53539656F19AFD25B8E8420DDD7C61F
Malicious:	false
Reputation:	unknown
URL:	https://api.optoutsystem.com/campaigns/246378/optout-page
Preview:	{"style":{},"logo":null,"confirmation":{"title":null,"content":null},"landing":{"title":null,"content":null,"contentBelowEmail":null},"privacy":{"url":null,"content":null}}

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1325)
Category:	downloaded
Size (bytes):	1326
Entropy (8bit):	4.907599796513829
Encrypted:	false
SSDEEP:
MD5:	4432855F50071F8B18ED60721E0F51DE
SHA1:	92A4D6637402233AFC5D8CDC081A79E881559FF0
SHA-256:	C0164DD1715C654A661C2F34AC9FC3EE07CABDD8C58E21CBC868E93F7F460909
SHA-512:	0043104821D0FDEE0B0360BD44A75972ADB45B9A147CD0BC44C921DDAE73A087F7FD3088BB96810AB3F8F6E7728436A9AA3013AB4AD0C81D88BC6F1B545E540A
Malicious:	false
Reputation:	unknown
URL:	https://www.leaveinbox.com/assets/index-rXJICDJD.css
Preview:	._app-startup-spinner_ezded_4{left:50%;position:fixed;top:50%;transform:translate(-50%,-50%)}._spinner_ezded_12{animation:_rotation_ezded_1 1s linear infinite;border-radius:50%;border:4px solid #2d4ec2;border-bottom-color:transparent;box-sizing:border-box;display:inline-block;height:44px;width:44px}@keyframes _rotation_ezded_1{0%{transform:rotate(0)}to{transform:rotate(360deg)}}:where(:not(html,iframe,canvas,img,svg,video,audio):not(svg ,symbol )){all:unset;display:revert},:before,:after{box-sizing:border-box}html{-moz-text-size-adjust:none;-webkit-text-size-adjust:none;text-size-adjust:none}a,button{cursor:revert}ol,ul,menu,summary{list-style:none}img{max-inline-size:100%;max-block-size:100%}table{border-collapse:collapse}input,textarea{-webkit-user-select:auto}textarea{white-space:revert}meter{-webkit-appearance:revert;-moz-appearance:revert;appearance:revert}:where(pre){all:revert;box-sizing:border-box}::placeholder{color:unset}:where([hidden]){display:none}:where([contentedit

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3917)
Category:	dropped
Size (bytes):	149383
Entropy (8bit):	5.596732600618586
Encrypted:	false
SSDEEP:
MD5:	CA37A0A93D18C3D77531B9FF9FDA0E6B
SHA1:	40F718154FB847F9911F43E7054EA084D628AF5D
SHA-256:	DB2DAA17662CAACC63DADD3CC25CC2A441B61CB3986CF5A09E4A5CD5E8B5E6F8
SHA-512:	E01482BA4A9F68B9AEB2D96D31A9CD3B9BCF5C022041BA185370796CF5A83622DDCBD81B66DE1AB2F6CD2C7300746BC14193463056EAB30DF4E74875E47E3A3A
Malicious:	false
Reputation:	unknown
Preview:	(function(sttc){'use strict';var aa={};/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 ./ .var p=this\|\|self;function ba(a){a=a.split(".");for(var b=p,c=0;c<a.length;c++)if(b=b[a[c]],null==b)return null;return b}function ca(a){var b=typeof a;return"object"==b&&null!=a\|\|"function"==b}function da(a){return Object.prototype.hasOwnProperty.call(a,ea)&&a[ea]\|\|(a[ea]=++fa)}var ea="closure_uid_"+(1E9Math.random()>>>0),fa=0;function ha(a,b,c){return a.call.apply(a.bind,arguments)} .function ia(a,b,c){if(!a)throw Error();if(2<arguments.length){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}}function ja(a,b,c){ja=Function.prototype.bind&&-1!=Function.prototype.bind.toString().indexOf("native code")?ha:ia;return ja.apply(null,arguments)} .function la(a,b){var c=Array.prototype.slice.call(arguments,1)

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Java source, ASCII text, with very long lines (3039)
Category:	downloaded
Size (bytes):	3040
Entropy (8bit):	5.453390791169292
Encrypted:	false
SSDEEP:
MD5:	6240DA74E546AC17D48CBDE24B94F83E
SHA1:	50E749CB4D58D094ADA4FE671E354D65161D6412
SHA-256:	4B0C5C8C21E16AEC328490DA87859D8236C005C887901C5252B3EE5ACE17FD16
SHA-512:	645686064B41F85986769C2C9877EEC60E9C4B36E971EA9E67150773F2B578041AF1E78F65D731768C4BB35FEFB5C337E25B58545E372D882166B23371D8C62A
Malicious:	false
Reputation:	unknown
URL:	https://www.leaveinbox.com/assets/generate-complaint-forward-email-SX_R5Mle.js
Preview:	import{n as $,p as b,w as I,u as d,r as p,q as h,l as k,f as v,c as O,O as l,m as S,o as w}from"./index-uaL7UfZR.js";function x(){var t=$(arguments),e=t.text,s=t.options,r=t.metadata;return b(e,s,r)}function A(){return I(x,arguments)}const T=t=>/^(([a-zA-Z0-9!#$%&'+/=?^_{\|}~-]+(\.[a-zA-Z0-9!#$%&'+/=?^_{\|}~-]+)*)\|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])\|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/.test(t)&&t.length<=200,_=(t,e=[])=>{let s=t.trim();s[0]!=="+"&&(s=`+${s}`);let r;try{r=A(s)}catch{return!1}return!(!r.isValid()\|\|e.length&&(!r.country\|\|!e.map(c=>c.toUpperCase()).includes(r.country.toUpperCase())))},W=()=>{const{campaignMailer:t,setSubmitting:e}=d();return{redirect:p.useCallback((r,c=!1)=>{e(!0);const i={utm_source:"live",utm_medium:"traffic",utm_campaign:"one"};t!=null&&t.sourceClientId&&(i.sc=t==null?void 0:t.sourceClientId),t!=null&&t.targetClientId&&(i.tc=t==null?void 0:t.targetClientId);const o=new URL(r),f=Array.from(o.searchParams.keys());Object.keys(i).fi

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3917)
Category:	dropped
Size (bytes):	149391
Entropy (8bit):	5.596878459572444
Encrypted:	false
SSDEEP:
MD5:	024468D67424340E3744327615D391C8
SHA1:	B03384EE4B406EE9A41C4B894EF61E6AA516A159
SHA-256:	BE81845BFCBEF714C46CFEFBC1C9CA4BDE02514722D42C7CC527AB1FF106A7B4
SHA-512:	B4E5B2E7AFDEF4977818C75A3D778D996941FBF8AFA782BC0303F3C1CD331D542792E60B5CED4B1D944EEA85AC492DFC5CEB88437BF906DC94D571143D92559B
Malicious:	false
Reputation:	unknown
Preview:	(function(sttc){'use strict';var aa={};/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 ./ .var p=this\|\|self;function ba(a){a=a.split(".");for(var b=p,c=0;c<a.length;c++)if(b=b[a[c]],null==b)return null;return b}function ca(a){var b=typeof a;return"object"==b&&null!=a\|\|"function"==b}function da(a){return Object.prototype.hasOwnProperty.call(a,ea)&&a[ea]\|\|(a[ea]=++fa)}var ea="closure_uid_"+(1E9Math.random()>>>0),fa=0;function ha(a,b,c){return a.call.apply(a.bind,arguments)} .function ia(a,b,c){if(!a)throw Error();if(2<arguments.length){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}}function ja(a,b,c){ja=Function.prototype.bind&&-1!=Function.prototype.bind.toString().indexOf("native code")?ha:ia;return ja.apply(null,arguments)} .function la(a,b){var c=Array.prototype.slice.call(arguments,1)

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (33734)
Category:	downloaded
Size (bytes):	94404
Entropy (8bit):	5.463354405036624
Encrypted:	false
SSDEEP:
MD5:	B61CF15ED4921F9513D3C03654A143A3
SHA1:	62443478D75587B896E4131C05D40141686E466D
SHA-256:	0B50D9CE6B6269C214E26B6E1A60E4F4D1830C2B923C245EA6C1262B1F1EBC39
SHA-512:	4054EB72AFCFC2CE1B2E31A342B167C28F270D65F48F34CD5D165530FE085881DE4A5C4175D8A387D969824A52693BCA39B0F61320D1F9F7947651308CF06D9F
Malicious:	false
Reputation:	unknown
URL:	https://www.leaveinbox.com/assets/index-cRScFNtx.js
Preview:	import{u as Pe,r as v,g as sn,j as u,R as dt,a as tt,L as Ln,O as lt,b as fr,M as En,F as jn,s as pr,c as hr,N as mr,d as yr,e as Vt,f as gr}from"./index-uaL7UfZR.js";import{p as vr,c as Mt,g as br,v as Dn,a as Cr,u as xr,b as _r,d as wr,e as Er,f as jr}from"./generate-complaint-forward-email-SX_R5Mle.js";const Sr=e=>e.replace(/-+/g," ").replace(/\s(.)/,t=>t.toUpperCase()).replace(/\s/,"").replace(/^(.)/,t=>t.toLowerCase()),nt=e=>{if(!e)return{};const t=e.split(/;/),r={};for(const n of t){const i=n.indexOf(":");if(i===-1)continue;const s=n.substring(0,i),d=Sr(s.trim()),p=n.substring(i+1);d!==""&&(r[d]=p.trim())}return r},Tr=e=>{let t=e.trim();t[0]!=="+"&&(t=`+${t}`);let r;try{r=vr(t)}catch{return e.trim()}return r&&r.isValid()?r.formatInternational():e.trim()},Nr=(e,t)=>!(t!=null&&t.length)\|\|e.length>0,kr=()=>{var r;const{pageData:e}=Pe(),t=(r=e==null?void 0:e.style)==null?void 0:r.body;v.useEffect(()=>{if(t){const n=nt(t);for(const i in n)Object.prototype.hasOwnProperty.call(n,i)&&(do

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://cddehakdhe32cnherf.blob.core.windows.net/cddehakdhe32cnherf/unsb.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 88

Static File Info

Windows Analysis Report
https://cddehakdhe32cnherf.blob.core.windows.net/cddehakdhe32cnherf/unsb.html