Edit tour

Windows Analysis Report
https://p0kecoin.github.io/coin

Overview

General Information

Sample URL:	https://p0kecoin.github.io/coin
Analysis ID:	1429082

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 7008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://p0kecoin.github.io/coin MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2004,i,17186941593068353626,11648540170674498243,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://p0kecoin.github.io/coin/	HTTP Parser: No favicon
Source: https://p0kecoin.github.io/coin/	HTTP Parser: No favicon
Source: https://p0kecoin.github.io/coin/	HTTP Parser: No favicon
Source: https://p0kecoin.github.io/coin/	HTTP Parser: No favicon
Source: https://p0kecoin.github.io/coin/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.33.136.127:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.33.136.127:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49746 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.136.127
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: unknown

DNS traffic detected: queries for: p0kecoin.github.io

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.33.136.127:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.33.136.127:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49746 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@14/28@16/190

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://p0kecoin.github.io/coin
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2004,i,17186941593068353626,11648540170674498243,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2004,i,17186941593068353626,11648540170674498243,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://p0kecoin.github.io/coin	1%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
browser.sentry-cdn.com	0%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
browser.sentry-cdn.com	151.101.66.217	true	false	0%, Virustotal, Browse	unknown
p0kecoin.github.io	185.199.111.153	true	false		unknown
d13pxqgp3ixdbh.cloudfront.net	54.239.153.159	true	false		high
d3khua7ksvxesx.cloudfront.net	18.165.80.12	true	false		high
www.google.com	74.125.136.104	true	false		high
db81lfl43r06.cloudfront.net	3.163.95.178	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://p0kecoin.github.io/coin/	false		unknown
about:blank	false		low

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.163.95.178	db81lfl43r06.cloudfront.net	United States	16509	AMAZON-02US	false
74.125.136.94	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
74.125.136.104	www.google.com	United States	15169	GOOGLEUS	false
64.233.176.84	unknown	United States	15169	GOOGLEUS	false
172.217.215.138	unknown	United States	15169	GOOGLEUS	false
54.239.153.159	d13pxqgp3ixdbh.cloudfront.net	United States	16509	AMAZON-02US	false
64.233.176.97	unknown	United States	15169	GOOGLEUS	false
185.199.111.153	p0kecoin.github.io	Netherlands	54113	FASTLYUS	false
172.253.124.94	unknown	United States	15169	GOOGLEUS	false
172.253.124.95	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.165.80.12	d3khua7ksvxesx.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
64.233.176.113	unknown	United States	15169	GOOGLEUS	false
151.101.66.217	browser.sentry-cdn.com	United States	54113	FASTLYUS	false
142.250.9.102	unknown	United States	15169	GOOGLEUS	false
74.125.138.94	unknown	United States	15169	GOOGLEUS	false
64.233.185.138	unknown	United States	15169	GOOGLEUS	false
172.217.215.95	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1429082
Start date and time:	2024-04-20 17:29:35 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://p0kecoin.github.io/coin
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@14/28@16/190

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.253.124.94, 64.233.176.84, 64.233.176.113, 64.233.176.101, 64.233.176.100, 64.233.176.102, 64.233.176.139, 64.233.176.138, 34.104.35.123, 172.217.215.95, 74.125.138.94, 172.253.124.95, 64.233.185.138, 64.233.185.102, 64.233.185.113, 64.233.185.101, 64.233.185.100, 64.233.185.139, 64.233.185.95, 142.250.9.95, 142.250.105.95, 64.233.176.95, 142.251.15.95, 74.125.138.95, 108.177.122.95, 74.125.136.95, 64.233.177.95, 173.194.219.95, 172.217.215.138, 172.217.215.113, 172.217.215.139, 172.217.215.102, 172.217.215.100, 172.217.215.101, 64.233.176.97, 199.232.214.172
Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, fonts.gstatic.com, ajax.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients2.google.com, edgedl.me.gvt1.com, www.googletagmanager.com, clients.l.google.com, www.google-analytics.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Apr 20 14:30:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9908502511702397
Encrypted:	false
SSDEEP:
MD5:	6B617C592D38B9E1B300BC9E71138C36
SHA1:	416D484B02ABD84FADD2117B5401B0BDE7E51BD8
SHA-256:	4FD7408D517DC53F0719AC4214D531203093443D530D5BBE87330F933DE5AD35
SHA-512:	5A200FE0C069B7E5C94E3880CC6569BA49C851B886733BB34B20389C68158C8DCC40F5CF06B7BC37D4C35D68BBF9876CB36281FE97A92EEF7F76BD92E0D06D18
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......6.7...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.{....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.{....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.{..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.{...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........T........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Apr 20 14:30:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.008847203648335
Encrypted:	false
SSDEEP:
MD5:	AABD7299B089E80A8B25D0D53E76AB29
SHA1:	7BA87457364D518D087FDA5D4560CBF5FA5A6B11
SHA-256:	120BDEB52D85AE0BAC78B254F2E0919ECE831D30328F45CD98B00FBB9C0DFAD3
SHA-512:	DEB70041EA92E5DB17B1D8AE8AE8315A095B87AFEFB1F57C92B6BC6D5C8ACA4200A250B67FF83D7B4C5E9D039EBF3390DF9A5C337268C0B473D2A068CF4B5C1D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......+.7...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.{....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.{....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.{..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.{...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........T........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.01535428803723
Encrypted:	false
SSDEEP:
MD5:	2F5B79A297A746039DB9486608DAF5A6
SHA1:	E88F0B110C2E4D1AA68CECB348386428E0F8E556
SHA-256:	7DBB8D34FEAEEEB7B456F8125794F76A4673394958781234B856BF13EC7B34F3
SHA-512:	3169B77BDF842756118295952773EEFC87412F1E5C4271C463902D93D7E5853B0B1E8668B1E0A2D55FC59CD779DB2DDD8981EDC6FC89F515C2F8E4C6E43BE254
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.{....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.{....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.{..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........T........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Apr 20 14:30:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.007193337331865
Encrypted:	false
SSDEEP:
MD5:	2F37BE9F70A56E03C5B6FD0D5704BFA6
SHA1:	6919AE3F483DB6CF3749BD88CF1C9478F18FBB3E
SHA-256:	5EF9AADE4190F7BA973BBBF76A9D618C5882DEF1000E435BC8D01B9C67BBE5B9
SHA-512:	FDBE8435ABE3D54AF425F4C014BE77088B599324E6D0108BEB2B8F29087D6A53DD0245A8EDD78DF7068BBEF4550B7FD7987A452C5A72B3294A09F7907BD3C724
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......&.7...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.{....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.{....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.{..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.{...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........T........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Apr 20 14:30:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.994623641369695
Encrypted:	false
SSDEEP:
MD5:	197C09D41E008E5BB567F31DA873EFC5
SHA1:	3F361644D46C366C3493FABBC8D3D7B597463ED9
SHA-256:	FA70E8ED55FC148C1A02B10C2B5674E875134B3CF5F891C6ABE718890F006A82
SHA-512:	30CCDC1FDBD77C4B805ADCEEDC727E0A0E058B9D2F4B7DAB9065BF2B57E4BB66B5A3AA656E2C13EB254BC303B6D8156FA4C55C0B4F460AABDE92A3464CC7B4C7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....1.7...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.{....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.{....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.{..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.{...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........T........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Apr 20 14:30:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.005122615932363
Encrypted:	false
SSDEEP:
MD5:	73834F9BA1A1E0BBC5AF7A75BF9E00BC
SHA1:	D7942C89848E3A7695F8EA910194FE5FADCA5F00
SHA-256:	110D4F23528180860AEE8F0E04BD3C4090C7699A44C0DA546E960045418CCE32
SHA-512:	3248E3DAD89BE69745425A2A8AC72443379D9BF329E9D0373FE27ECB876EB6DB9FF2E4409BEAEC4A29F7733696477B0701C5A9DFE77AFAF39BA5514FD0F61E56
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....:...7...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.{....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.{....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.{..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.{...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........T........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	737
Entropy (8bit):	5.307945881663951
Encrypted:	false
SSDEEP:
MD5:	EB12FD8CF0373A5C30C3E018174117C2
SHA1:	AC47D9784D9171BD2D62720FCF5EFB42BC2179C8
SHA-256:	977B2BA617C26FC931319DE6265247EBB115A6A53CA7F720405AB73B1783B48B
SHA-512:	E1E4192F17F7EC89362DB5A85E26563252D4A7CB6B061288CDED7E93A89721BE2C170A654D044C67132556EA117C59E3F804125E8471983BE80A8F099FC4E602
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css?family=Poppins
Preview:	/* latin-ext /.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJnecmNE.woff2) format('woff2');. unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./ latin */.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}.

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7896), with CRLF line terminators
Category:	downloaded
Size (bytes):	9181
Entropy (8bit):	5.274451653673419
Encrypted:	false
SSDEEP:
MD5:	E00C14C3975F9E1A74CD76E3537DEF06
SHA1:	E437FE4B249105F9EBE50AD6949B84D33147800A
SHA-256:	43B6616FE578D47482E423341D7A9E874AA6A049F3D91B10F77996352A9292C8
SHA-512:	A0FE1605013ADE78AA6066EE9CE6E7B57DD1A79DCB5CDBCB33F69561C6A37F1728BF8C85EF263B5EFE2C3ED551E5E0D85146999603E61C0D308B76858BCC3A13
Malicious:	false
Reputation:	unknown
URL:	https://d3khua7ksvxesx.cloudfront.net/public/external/v2/htmlxf.2545612.8e0b4.0.js
Preview:	(function () {var it_id=2545612;var html="<div id=\"xf_MODAL\">\r\n <div id=\"xfMODALCONTENT\">\r\n <div id=\"xfMODALHEADER\">\r\n <div id=\"xfMODALTITLE\"><\/div> <\/div>\r\n <div id=\"xfMODALBODY\">\r\n <iframe id=\"xfOFFERS\" style=\"overflow:hidden;\" src=\"\"><\/iframe>\r\n <\/div>\r\n <div id=\"xfMODALFOOTER\">\r\n <p id=\"xfMODALFOOTERTEXT\"><\/p>\r\n <\/div>\r\n <\/div>\r\n<\/div>\r\n";var css="\/content_lockers\/CustomButton\/css.css";var cssDIR="CustomButton";var defaultSettings={"%button_color_1%":{"title":"Button Color 1","default":"#378bdc","type":"color","small":"Buttons will use top to bottom gradient."},"%button_color_2%":{"title":"Button Color 2","default":"#1c66bd","type":"color","small":"Buttons will use top to bottom gradient."},"%main_button_text%":{"title":"Main Button Text","default":"Verify","type":"text"},"%main_button_icon%":{"title":"Main Button Icon","default":"lock","type":"icon"},"%m

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 320, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	101393
Entropy (8bit):	7.994711563462047
Encrypted:	true
SSDEEP:
MD5:	59394CE3435C5A0F191F6A4535D600D8
SHA1:	2CA227E53BD73240AB0FD0CD8DD22E768ED48ADC
SHA-256:	3A5CA8E9694E1DDD560100A1AA20D63E4BCB2C831180563908C13A63CBB07BA5
SHA-512:	1526719D8A42F08494C77E13CB171391AC168B66C8E26126FA2306B603B9CA2FAB4EBB4437E44C63A7DA553C4FF0FC7DAFAF3D567091BD845829F81CD4A52519
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...,...@......KAT....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v....IDATx...w.eU.......r..n...JP.Q...<.Q..u.3fGe.1gG.....I..(........+....q..{.}oC..........Uu.9;...{......................................._^.po.?t..@+P:.)..h..O....F....T.T(..h-.B.._T..0.......%.....5.....~.QZ..h....Z\|...<o..B.g.g .O.v.....]..#.DFJ.AR.&...r=....U.@r.....$......../.{V..M.SIK.......%........&.S.D.........3...j........rcP.m..:.S.>ON..l...(}.v....}....x.=...s.pL.........e.o..F.4S.?#{_R....QX...V..@.2.$Z.4.J....TJ.....RRB..N..".}V%....R...T.;%.F...~e.&....+.....\.NfJ....}..l-d+W.B..L..uks.V.}.i..JC....h1....}.s.....qS.\S.....F...D......].C'u'...m!....g..!8Y}.$...`L.....B.sz..zm..u.Z..ek...l+....]..X...Pm......6..2....Ul.-U.t.H.....g.A.r..9U.. f@...v.i~W.A.J....V?.@.........v...:.T+".w.,$.Q>`H.*1^U...pm12.RN..$.X....:v..G...v.M;..}..e9....&;..u-(..,U3V.4...8J...X.o.Q

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2343)
Category:	downloaded
Size (bytes):	52916
Entropy (8bit):	5.51283890397623
Encrypted:	false
SSDEEP:
MD5:	575B5480531DA4D14E7453E2016FE0BC
SHA1:	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
SHA-256:	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
SHA-512:	174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
Malicious:	false
Reputation:	unknown
URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var n=this\|\|self,p=function(a,b){a=a.split(".");var c=n;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r\|\|u();v=v\|\|q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2\|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240\|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192\|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING\|\|[];w.TAGGING[a]=!0};var ba=Array.isArray,c

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7711)
Category:	downloaded
Size (bytes):	264823
Entropy (8bit):	5.577452789732423
Encrypted:	false
SSDEEP:
MD5:	BE801DF61C8DFF5F5D718B72B290213B
SHA1:	73B0C9C646D5B4A87202E933F40C812DFCE827E3
SHA-256:	367789FF7097BCDAF12167109428BD44EAF58F4126FC430F5694264A9802F1E4
SHA-512:	E4EBEF4207F0AFE0438CEB8FE2B7B070526190E0AE81E7E04C89C58631A246510F727E0F084C352900947E8DCF04EDF5F7CE4546A98AB3AA4A0BAFCFF64EFABB
Malicious:	false
Reputation:	unknown
URL:	https://www.googletagmanager.com/gtag/js?id=G-EL9WPX8S0Z&cx=c&_slc=1
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":8,"vtp_value":true,"tag_id":16},{"function":"__ogt_referral_exclusion","priority":8,"vtp_includeConditions":["list","cpabuild\\.com"],"tag_id":18},{"function":"__ogt_session_timeout","priority":8,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":19},{"function":"__ogt_1p_data_v2","priority":8,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_autoEmailEnabled":true,"vtp_autoPhoneEnabled":false,"vtp_autoAddressEnabled":false,"vtp_isAutoCollectPiiEnabledFlag":false,"tag_id":20},{"function":

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 320, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	106562
Entropy (8bit):	7.9955517214589475
Encrypted:	true
SSDEEP:
MD5:	343999E7E30566E8E8CA28F9575E67C7
SHA1:	69BC2EB9509E527AA1D470060CA3FA62E4766ACE
SHA-256:	FB9EBFF95EED1DCB1164E8DE2871751FAE16C423A76E899FAD757F4F6C918D1A
SHA-512:	2CD722F028C40A1E7979117ACC245ABC18BB23A92407AE61371D0AB0E7DAE2EE471A3EE7A2CF446C04FA0D15CC94B4E3B861B1330B0C051A71681D3DAA606A32
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...,...@......KAT....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v....IDATx..g.eU........sn..9.......f..u.Q'8c.Q.`..YG...EP@@r..:.P......={.....3...8<tU.{..k.._..v8...................................................................K.......h.J'~..5......t...Q<.5..-."..\|.4Z..P.....l;L...F.d}.s.....m.F.kj.j.V.;Z...e........i.P......cy.]......V.L...L,#%. .\....C..{...@r.....$......&../.{V%D.....SS.QI.K...-Foc.sMn..bi.......y.` }9....N\|..J+7...f.m.?.....m.......C...,......9c8.U....p.....x#`..../.Si..(.].rk..!F.{b.V.@.O...%Z`..H))!V[..q..>...l..H).......e#.\_..h........Tl.F..^'3%.Yt...N.....I!.T......U+.>.ET%.!....h1....}.s.....qS.\S.....F.b........].C.u....m!...g..Ip..&I....1i..c..Jb..[..kKO._....Y.V...r..?.u...N...B.`...F....Fb..uK.5]0.!%.u...`...\|N.:%......q..UmP.R..j..J....p.q.A..Z].e.f....q...(.0.t......F....k)'.\|.{...^{...#quk;..N..Y....]...%u-Qf.Y.n.$h...q.F.....8...

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 431 x 150, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	71645
Entropy (8bit):	7.99320200645534
Encrypted:	true
SSDEEP:
MD5:	1246446E08CA5259AC1BF6A10ACCDA8C
SHA1:	C0C2CBD14000F911A1406BE6071A357A0D0162DA
SHA-256:	7A2344D5DE798E812B7986C31B7D343AD9C5BE385882925FF257F767E7B64962
SHA-512:	E658E78C1B107497472D2AD95C3D0EF6077F9C4024DBB6D9957CC352106CEF79F5E307BDFB5B301E3AA537EC3F5E1C3DAD0C05F062B7BB18FD55ED93F2D31C85
Malicious:	false
Reputation:	unknown
URL:	https://d13pxqgp3ixdbh.cloudfront.net/uploads/16170095823933ac1ad6582fa98e547955ea85348f.png
Preview:	.PNG........IHDR.............ii......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...........~.....IDATx..g.$Wu....V.8==y6.UZi.@".!....6.8a....6...&..0.d.E.!P@..,!..J.s..g:W.}^..43+.@...3G...TWW.\|.....@..{M........=.d.c.......n..-.....yh..-..~....?}x..5'.=..@./....h.~O........+.X..L......6-.......Z...=...S]..U....G.g..3....>.m[...}...@..{F3.b....k...6.6h..B.,...z..m....6....lZ`^..@.Gtt`.....+~n._..,.......V__...].._...X...=..\W......y.oM..<t(u..w........LZ`^..@.'...q...{c.B....cY\.)......d.y...d...Z...=...z..oK~^...Q..(.)....M.....'....@'.....-.I.{.L...~a}-....".K....Bh....aW.z..o..>.._..:.....h.N"mz..i....z.wp...(!....1h.1..9..7...MC...~,..=....h.N.m...sW..,$.U...i.....^..-....2/)4....Y_;xh..d.g...$u...@...G..H.s?w.yh,s..D.B.Zh,G2..W..=Hf..D....+.A.s....33....Nv..h..*Z..h..b...N\|.F......z.4LK.2.%..[.q.{.z..+\|:2c..=....i.l..Z....._{...@..T...Z..z......u..g..5!@Z...Qv.....Q.,...X...P......R.

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65448)
Category:	downloaded
Size (bytes):	67961
Entropy (8bit):	5.204481432930862
Encrypted:	false
SSDEEP:
MD5:	C2BCB2B153E152BA850057A843064C5F
SHA1:	CDB5E35CF2C53FEC13A111579EEA73B08BB86BB3
SHA-256:	22ECE4DDD583540C08CCADF82D18658E2ED0EBA5DD7FDCA806AA259667EDBA56
SHA-512:	77CE58A3DB7CC89D9FEC799DA3E3222ED51473BE0D86DF42DD7FA9E6894281C399376438509202DAAA826BC1633BE042FECA278DE20EC1DED949129055CE56A4
Malicious:	false
Reputation:	unknown
URL:	https://browser.sentry-cdn.com/6.4.1/bundle.min.js
Preview:	/! @sentry/browser 6.4.1 (f9434ed) \| https://github.com/getsentry/sentry-javascript /.var Sentry=function(t){var n=function(t,r){return(n=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,n){t.__proto__=n}\|\|function(t,n){for(var r in n)n.hasOwnProperty(r)&&(t[r]=n[r])})(t,r)};function r(t,r){function i(){this.constructor=t}n(t,r),t.prototype=null===r?Object.create(r):(i.prototype=r.prototype,new i)}var i,e,o,u,s,c,a=function(){return(a=Object.assign\|\|function(t){for(var n,r=1,i=arguments.length;r<i;r++)for(var e in n=arguments[r])Object.prototype.hasOwnProperty.call(n,e)&&(t[e]=n[e]);return t}).apply(this,arguments)};function f(t){var n="function"==typeof Symbol&&t[Symbol.iterator],r=0;return n?n.call(t):{next:function(){return t&&r>=t.length&&(t=void 0),{value:t&&t[r++],done:!t}}}}function h(t,n){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var i,e,o=r.call(t),u=[];try{for(;(void 0===n\|\|n-- >0)&&!(i=o.next()).done;)u.push(i.value)}catch(t){e={er

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 320, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	110281
Entropy (8bit):	7.996075398886854
Encrypted:	true
SSDEEP:
MD5:	333774C78ED4C71CF63422EC3B4BE996
SHA1:	F40725DB13D5A131F1DD7D3A3AD587467FC23932
SHA-256:	6995CE9187A370588A105D4794FEEA37ECD3D7E8862259ECBEB7CBDC10C0FE23
SHA-512:	1054CADC271836201A79E904B2FD569730E196932DB88236F04E7D621B11A6195A9B545650D4FBFDF911B19874F12EB26583E5CB63D52E50BABB46118E1EB3AD
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...,...@......KAT....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v....IDATx...g.%G......m......{......-v...........YX<,..........#7#.f4.uO{.mU._....w..s.w..B....{..DF\|....Q....................................................................:.........N...j4P.'.B..oY.xHkP.[jE..Xi..E../ju.v.b....F....@._.Zi.......>.(.\w.....->....7m.J..3.3....TZ.bM....]..#.XFJ.A\.&...r=....UR..P[97.I..'&.{Mt._...J.6.L.-.......F...~[......H.c..Z7....@.r.+,.%..8Y.Vn......@.....)!3.n..J..]...k..g.E<.....s.pL.........e.o..F.4S.?.{_\....QX......C.2..Z.4.....TJ.....RRB..N..".}V.....R...T.;%.F...~e.&....+.....\.NfJ....}..l-d+W.B..L.kuks.V.}.i..JC...5.b.k...Z..v...f...z..=$6z.. ..UV.N.R.:.;. ....pj^{.}..'.o..x.....?16 .$.9..^....u.z..ek...l+....]..X........F).l$@.rl$V.].T]..#.RRZ.....-.1..T.S....;.....]...*.N......z(-.....T.k..5Y6`.Z.....B.........U.1....#c-.d.O\|..>..^.nu<.....s..'C.,dYN....N....(..,U7V.4...8J...X.o&

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1302)
Category:	downloaded
Size (bytes):	21186
Entropy (8bit):	5.351053514100177
Encrypted:	false
SSDEEP:
MD5:	0D3610EE44EDC040CBBA826B482ACDC7
SHA1:	30AAFCC3B7FAFEEE0E44DFBCD5E10BBA53E82EB0
SHA-256:	0C64EF885D014C1426504211407E4D0D516B6504489C50812ACCDF69361F9726
SHA-512:	7ADAFED0F773C29E447B1D1A8C83F986794B76EEDC4F0DF07F7000AAD3FB896847C67DF60423FEACA77DED1A3DF5BCA709D5D85F95884E4832C5185DDB5544B4
Malicious:	false
Reputation:	unknown
URL:	https://p0kecoin.github.io/coin/
Preview:	<!DOCTYPE html>. .T: 2022-05-18 06:48:20.Api: 986c86afb1bdc4f22fa4.It: 2545612..-->.<html><head>. <title>POKEMON GO Generator 2024 New</title>.<meta name="description" content="POKEMON GO Generator 2024 New"/>.<meta property="og:title" content="POKEMON GO Generator 2024 New"/>.<meta property="og:description" content="POKEMON GO Generator 2024 New"/>.<meta name="referrer" content="no-referrer">.. Analytics -->..<script. src="https://browser.sentry-cdn.com/6.4.1/bundle.min.js". integrity="sha384-THoc7rflwZFKTdZNgv6jLFFDn299Uv3t1SW5B4yGLvLiCRTYP9ys6vXZcMl95TQF". crossorigin="anonymous".></script>.<script>. Sentry.init({. dsn: 'https://e0e6a104cb354a09bf094a90e676ea13@o425163.ingest.sentry.io/5780930',. tracesSampleRate: 0.01. });.</script>.<script>. (function (i, s, o, g, r, a, m) {. i['GoogleAnalyticsObject'] = r;. i[r] = i[r] \|\| function () {. (i[r].q = i[r].q \|\| []).push(arguments). }, i[r].l = 1 * ne

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	unknown
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:
MD5:	A40360C3F179594C5E9468BD1B22072E
SHA1:	A3C8ED6919DC6C1BFCC4DABFFD79A21F23F9F0B7
SHA-256:	584EB485D7062DBFDBC2E38874CD6CCF1E4051EFE22F6442C377C0241B8FE71B
SHA-512:	AC94CCD79C931DDA04BD956DA9AB9912E2E71A31A2294968EC46616DBC0F2C0277EEF32D1122285B8E1499CBD5DBCCA8B40618882E7ACA1813294CD1834CFEE5
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmMLQ771oelsxIFDYRYiwg=?alt=proto
Preview:	CgkKBw2EWIsIGgA=

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 7884, version 1.0
Category:	downloaded
Size (bytes):	7884
Entropy (8bit):	7.971946419873228
Encrypted:	false
SSDEEP:
MD5:	9212F6F9860F9FC6C69B02FEDF6DB8C3
SHA1:	AC6D71B4D5FDD2B3DABC9A06FF6C001E4251DA0B
SHA-256:	7D93459D86585BFCDBB7E0376056226ADB25821EE54B96236FE2123E9560929F
SHA-512:	67317495F4B53E20A9F31C034E456E6C37F387DFFB2C092CAA5159BC441CFCADD02749FFE5BBED1D580D5300A59E48A767EF2C6D9978B474F84C1A2CD095C126
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2
Preview:	wOF2..............?....x.............................`..T..L.6..6..6.$..h. ..\....~2.".8. .w.Q.Y,.?$pC.....)bT(i..@X.m...+...D.Q.O.\-?g.U..Z..._...l..!.lKD.Q..>.9v..V..<...Td$.E..,...o..c.t....!...#..8.A..3..cx~n=Di#....U......K.5jXH.].....j.(.6..]{..IDhZ.......R.....[..X".B~.(Su2..../.I.E...T.l%....'.N.aN.2\,70.....V.RQ..k~..".1. Lg.zd....}.yyys&D.K.g....)....2&%$.nm.\.._.e.tU..I.w;W.\|..6..XUv...!......>@.V..'..`.H`...5.7.X.?..@#..:..<.R.\|.;K..}.6..IA.C.....z.n.G............[.....z........`.X....D..{<..j...).......FQ..T..m.&s_k[%ZILV.8.l.o.z$.)/]......}..Kg.}..O...o\|..>.,U..?..{b<........._.._.06.........R01.@..[......a8..7.V%..B.0F...4 ....q..u#.lg....x....a.=w...8..A6.>f.+.8..Xm@`.m....G.....i..^R}9.aB...?._#.[f.d,V....bG.]...iED.@[.:.....P...........~.{,.x...~.!...C....b.....ze..).:+N....2sd..s..MEp.?^[.k........p..nz...[-.XI.%.."..`..<.2b\.w.VS.a.+......~..J..uGq..)..1...4o3v.Sb......5.w7...-....Wd>..B....R^.4'..B.2G>.en.q..._.@s......

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	72
Entropy (8bit):	4.761812807202671
Encrypted:	false
SSDEEP:
MD5:	69D77690ED201ACD0627E99DD35C96EB
SHA1:	05FFC794BE6DAE3836EE5DF72D82D917323B2941
SHA-256:	577D248638C57941B7E35D9A19EF4B5D88D52482F6E59254142D4266C57BAD38
SHA-512:	06AAF36275B0C4DE82580319878333D973D3CD464F4C09DF4281551F4381940DC792EB28C2C84B3A94196B53EDF41751B01976AD77C5E393C0B62574C4B214BF
Malicious:	false
Reputation:	unknown
URL:	https://d3khua7ksvxesx.cloudfront.net/public/external/check.php?it=2545612&time=1713627116560
Preview:	(function () {//Visitor not found.setTimeout(xfCheckForLead,15000);})();

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C source, ASCII text, with very long lines (1637), with CRLF line terminators
Category:	downloaded
Size (bytes):	26988
Entropy (8bit):	4.9019598301174065
Encrypted:	false
SSDEEP:
MD5:	6617E2A53BC867F7D11BD1ADB496A48B
SHA1:	EF84EFFAFAAEDBDEE6BF24FD0A9EAA4A68197E48
SHA-256:	66420B4528C7A6A4EF725839E66475529EB5B6DA0F3ED334318099C8ED230579
SHA-512:	CF162D347DA260571B95661F6BD4926CAF3B3D8028015963447E47B63DBA35CD5658764E6CB2C9848B69DCB5E1A537E01F29B1050A79249D47DFC0B194135852
Malicious:	false
Reputation:	unknown
URL:	https://db81lfl43r06.cloudfront.net/67ad9e3.js
Preview:	var xfContentLocker;..var __cfRLUnblockHandlers = 1;....function CPBContentLocker() {.. this.constructed = false;.. this.referrer = document.referrer ? this.encode(document.referrer) : '';.. this.protocol = ("https:" === document.location.protocol ? "https://" : "http://");.. this.settings = this.getSettings();.. this.extraParams = {};.. this.uid = '';.. this.urls = {};.. this.screenHeight = window.screen.availHeight ? window.screen.availHeight : 0;.. this.screenWidth = window.screen.availWidth ? window.screen.availWidth : 0;.. this.isMobile = this.mobileCheck();.. this.callbacks = [];.. this.d2 = ["EUQeBxISTBsdQgMPDRJbFhkaABETBxobAVsbEAE=","EUYGBw0RRwIDHgYYBBFbFhkaABETBxobAVsbEAE=","EUcfDRcdGRodDARDAEBbFhkaABETBxobAVsbEAE=","EUQPExkUDRETGgQXQQ9bFhkaABETBxobAVsbEAE=","EUYYHR4FHUQGAE0dRhZbFhkaABETBxobAVsbEAE=","EUYeHQAUQh4GAw0QBg1bFhkaABETBxobAVsbEAE=","EUYZBkNATQENGRkcAhpbFhkaABETBxobAVsbEAE=","ER0ABwxHAgYPQRMQR1sWGRoAERMHGhsBWxsQAQ==","EUcMD0IREQECA

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 250 x 290, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	41538
Entropy (8bit):	7.987172324792956
Encrypted:	false
SSDEEP:
MD5:	17D2332ED4BE5710D62CAA5D42E605C6
SHA1:	5780340848DD16BC82CA9FBFCC8238E815ED9C69
SHA-256:	217281C3F172B653BB791B65C176A2F249B6DE659F46D760EBFFC92DA44FE487
SHA-512:	55F879FEAAC8EC527C36ADA99D17B101E098A326DF55D6CE860ED83DDAB00DE6E5EFE32B1BBA30F0849BE08F68B22D9FACC84ED455A4533D88857C1A11CA2459
Malicious:	false
Reputation:	unknown
URL:	https://d13pxqgp3ixdbh.cloudfront.net/uploads/16170095807c4d34b1809a848f5b679294019ea826.png
Preview:	.PNG........IHDR.......".............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...........~.....IDATx..w.-WY..~...r........HBM.^.!...*".W....E..X..b.HSP."%...!..I/7...~..3k=.?.Z3..9.$$9..y..9.LY3......<0.!.iHC...4.!.iHC...4.!.iHC...4.!.iHC...4.!.iHC...4.!.iHC...4.!.iHC...4.!.iHC...4.!.iHC...4.!.iHC...4.!.iHC...4.!.iHC...4.!.iHC...4.!.iHC...4.!.iHC...4.!.iHC...4.!...!9..........6..f..-.ng....f....k.\z....._..k..B.4.!......?.............8.EQ.a.:FGGY.r...j.=..4..?....Z.....T.A.}...=.q..{...W..9E.o...z9 d..W.j.f....~.G>../..W}r./pHC..!0:._........O...j.e.D.w38.(..T.t;.\....>.....<..O....._]...;.!..tH...+.......m......~.8....hxUdpN..=z..+V.s..Gq.g...O\|...g^...!..p.Cbt....W...\|.;:.F..Pct.T=....?...,EQ.j.Q<.I.].._^..>n..I.-K}..4...nx.1..../....q.0t. .J...ST..a\|t.^....w.........].^uM1.......K}..4..N...~.......n...9........_2.(...Ga.`.p......V./...\|....K>.w^....C..r.Cft.....W..o..p.;....rE.

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	6134
Entropy (8bit):	5.27446341602001
Encrypted:	false
SSDEEP:
MD5:	8CF8DA7DC6B5D43AE6872B4FE5564C38
SHA1:	CC3C14CE8BCCF427B4A777449876EB722381CB18
SHA-256:	60A0F85900CF8E56C1607C8C120F68064A4F8D22A40637B224774CB611E93C2F
SHA-512:	E719AA872285169D609B29810CF8B4D748BAE32BB08CEB4122EA4CD08345F7FB1F688EB03F55C10AD145E414920DE88FFDC02F6B77BE46E2D9106D80438F7826
Malicious:	false
Reputation:	unknown
URL:	https://d3khua7ksvxesx.cloudfront.net/public/external/css_frontXF.css
Preview:	body.xfBodyModalOpen {.. overflow:hidden;..}..#xf_MODAL.fadeOut {.. opacity: 0;.. transition: visibility 0s 0.5s, opacity 0.5s linear;.. -webkit-transition: opacity 0.5s ease-in-out;.. -moz-transition: opacity 0.5s ease-in-out;.. -ms-transition: opacity 0.5s ease-in-out;.. -o-transition: opacity 0.5s ease-in-out;..}..@media screen and (orientation:portrait) {.. #xf_MODAL_CONTAINER #xfMODALCONTENT {.. margin: 35% auto !important;.. }..}..#xf_MODAL_CONTAINER #xf_MODAL {.. display: none; /* Hidden by default /.. position: fixed; / Stay in place /.. z-index: 9999999999999;; / Sit on top /.. left: 0;.. top: 0;.. width: 100%; / Full width /.. height: 100%; / Full height /.. overflow: auto; / Enable scroll if needed /.. background-color: rgb(0,0,0); / Fallback color /.. background-color: rgba(0,0,0,0.4); / Black w/ opacity /..}../ The Close Button */..#xf_MODAL_CONTAINER .close {.. float: right;.. font-size:

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1862x1047, components 3
Category:	dropped
Size (bytes):	109512
Entropy (8bit):	7.228949780603702
Encrypted:	false
SSDEEP:
MD5:	A31DDCE22134AA7E915A4EAAA6B8460E
SHA1:	479FC8E41DB1144902D6CEC3EABB0D963294DDDF
SHA-256:	133326A88D5F032C5FBC121B00CB98BA35648C1AD8E8F8A36AE48FBA2620A753
SHA-512:	81558C7A1DC60EF717D6DCEB18D88D97840BB4B29D7F811A6856F299BA745EDBA3CEDE87269ADDB98C17F39546393F184134BD2B9CF11425E7AF6BEA6B3AB8E1
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`.....C....................................................................C.........................................................................F...........................................9..........................!.1A"Qa..q24.#...35Br.R$..Sb..................................+........................!.1.2."AQ.3a.#B.R............?..2.}...................{......;?.v................+......o...........h+..h..v...h..v...h..v...h..v...h..v...h..v...h..v...h..v...h..v...h..v...h..v...h..v...h..v...h..v...h........8..+.8y..C....8y..C....8q?p....p...8......p.*.........p...8....T8.p...8......p...8..?p..8y..C....8y..C.q?p8...O..'..l...v...h..v...h..v...h..v...h..v...h..v...h..v...h..v...h..v...h..v...h..v...h..v...h..v...h..v...h..v..~.........2v........;..;..;..;..;..;FN....v...`..........-..O.....i..8....?....Q.s+............................................................................................................................................................

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	896
Entropy (8bit):	5.351772913549398
Encrypted:	false
SSDEEP:
MD5:	4C31E2E879FDA3248E38F318494D6676
SHA1:	9F74294CA7491752F72EA705E6FC992549E1ADE9
SHA-256:	01054AE4581776870B0514BFB9607E8764927456F14D8EB6DE6BA84F12F9C3D6
SHA-512:	A45F2C608B170EF62C2FC9F403DAEDD85D40A668E9D34583CCE514D0A62CBB5BA92692CE0A523DA42E8EAF94BA1E3DD139B92A39C5B0CB1C08970A9495D9E2CC
Malicious:	false
Reputation:	unknown
URL:	https://d3khua7ksvxesx.cloudfront.net/public/clockers/CustomButton/cssXF.css
Preview:	#xf_MODAL_CONTAINER .xfmodal-header {.. border-bottom: 1px solid #e5e5e5;..}..#xf_MODAL_CONTAINER #xfMODALFOOTER {.. display:none..}..#xf_MODAL_CONTAINER #xf_MODAL {.. background-color: rgb(0,0,0); /* Fallback color /.. background-color: rgba(0,0,0,0.4); / Black w/ opacity /..}..#xf_MODAL_CONTAINER #xfMODALTITLE {.. display: none;..}..#xf_MODAL_CONTAINER .fa {..}..#xf_MODAL_CONTAINER #xfMODALCONTENT {.. border: none;..}..#xf_MODAL_CONTAINER #xfMODALCONTENT{.. width:90%;.. height:700px;.. max-width: 500px;.. background: none;..}..#xf_MODAL_CONTAINER #xfMODALBODY {.. height:100%;.. -webkit-overflow-scrolling: touch;..}..#xf_MODAL_CONTAINER #xf_MODAL{.. /overflow:hidden;*/..}..#xf_MODAL_CONTAINER #xfMODALCONTENT {.. width: 100% !important;.. height:100%;.. margin: 0 !important;.. background: none;.. max-width: none !important;..}

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 268 x 173, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	37493
Entropy (8bit):	7.985578010039174
Encrypted:	false
SSDEEP:
MD5:	EDF341242F10E82B6531F1911692A844
SHA1:	20EF37D570D75747D670B06973F83947B24A98D4
SHA-256:	F0C7B4C94393C75F8D1FBB6137EFBB3A0F3969A1E1B593A38D47111A5E321B67
SHA-512:	02CB85BCB41DE1DFFE6CB4B5C8AD5BCDC8AA0C4CA56DD9178D49EA69329F4F40D0576725AE204582B055EB7F65AB7A145FC7A46F42A25FCB54FE288E97DE67A1
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............E.Al....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...........~.....IDATx...w.ekv.....}......k...J !.Z.8i.F...#.............~.a`..n<B..$!$....#/J%.eT.V.......g........i@.....}....'......]p.K\.....%.q.K\.....%.q.K\.....%.q.K\.....%.q.K\.....%.q.K\.....%.q.K\.....%.q.K\......r..~..j....I.....F.$.z#..........".JY.Y1s...f.D.5...^....CJ...f......;g',...:.s.o...4~......../q..$.. \|....Iyd^;=Lo....K.5...U..^Q.#.dO....L...`A-&....HL...>...\.x.....n..2.K1.....>._Z............K\.............z...,..l.....'.).w..0".X.8#.h.."j!BJ.(.D... b......[.j.5...D.!......../...Q....m....{.y..u..........K<..$....'.r....t...me..w.^..j..j.....!....zH...S.HY`........#J.%..1.sHQ`\......%.....(1..3...#.4...Yx..'.......O...x......_{.a...xu.&....?1.>...<99......j{......#.BRT.....#.5..'....T.n>.-......1....Hh&..IC.Z.Z.4%b...W.n.Nf....#....[.H9.5.-....i.j..n.......?~.....G0r{.K...a...x..$....?....:..99......W1..SI*..

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 529 x 375, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	166526
Entropy (8bit):	7.995323272821177
Encrypted:	true
SSDEEP:
MD5:	F5C3834FD80ADF10EEA6929809148AC4
SHA1:	F0D45AB3B893C53D8B681410D06FCEEC3CAB215C
SHA-256:	AA9928DDD3939ECF36820589858DC5036B53E7B56D9BEAD284B956BC2FD76B1A
SHA-512:	9E250AA43D360750C42E7FB09B2357AC1A2054FE43E206E396E7D8154389A070E368E7C9BB27D50205F25155422BEF5AE312A366AACBDCFD0710E56655531640
Malicious:	false
Reputation:	unknown
URL:	https://d13pxqgp3ixdbh.cloudfront.net/uploads/16170095817fd9d76ef7432f7dd5c67814619dc180.png
Preview:	.PNG........IHDR.......w.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...........~.....IDATx..w.$Wu..9.B...y.V.!... ..&.$..AB. ....g?...p . r.Qd...1.B.1A. ...j..N..P...U.].32`$......t..u..\|`.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!..b.!.X.r..0..C...._x........G>v...i....1..w...=.!...7.....#].=._..+.(o^.A.o...p.k.!..{0.D.1..w;..~.Z..8.^.q.QG..?.}..1....+.....^...=.!.....P..b.!.Vl}......w...[.l........hL.9l....,Fg.......1......!...n..3_.t..2...vC.n.Z..?.ej....`\._...v..j./.....b._.CK..C..kc.C.}5._)Z.........N....jC..T...eSw.;.\<....G.{.C.1....p.`.!....m.{..T..U..G.N..C.m'..<3am .....(>....R...w........C.._.P..b.!...v..<..7..Rlc...Y.z....:.k$Fm...."..b.[....h.u.....b..:..=.!....&.>.......M...B4..h..a.HW..M...I.....PC...........+.....b.!~u.-.C.1..#..'S.\|A..i5..6l..v6o.6..UT.....$2..I..`.\...J.}....8..4..C.....C.1..-..

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (3909)
Category:	downloaded
Size (bytes):	9115
Entropy (8bit):	6.0587900718391925
Encrypted:	false
SSDEEP:
MD5:	1EB970CE5A18BEC7165F016DF8238566
SHA1:	9EFD1514AF80FE14DB4ED28E9BC53975B9EE089C
SHA-256:	70D613E3ACFBA24FD2876FCBACAF639E1E111EF4D54BAF70761C47673F37D6A3
SHA-512:	21B4D800CC282CA452F7394E95D5382340AC3481A002C21DA681005A44F18EA6CF43959990CD715B4657F180E0E96D6087FE724F3200E909F9FD70EBCD5511BD
Malicious:	false
Reputation:	unknown
URL:	https://p0kecoin.github.io/favicon.ico
Preview:	<!DOCTYPE html>.<html>. <head>. <meta http-equiv="Content-type" content="text/html; charset=utf-8">. <meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'">. <title>Site not found · GitHub Pages</title>. <style type="text/css" media="screen">. body {. background-color: #f1f1f1;. margin: 0;. font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;. }.. .container { margin: 50px auto 40px auto; width: 600px; text-align: center; }.. a { color: #4183c4; text-decoration: none; }. a:hover { text-decoration: underline; }.. h1 { width: 800px; position:relative; left: -100px; letter-spacing: -1px; line-height: 60px; font-size: 60px; font-weight: 100; margin: 0px 0 50px 0; text-shadow: 0 1px 0 #fff; }. p { color: rgba(0, 0, 0, 0.5); margin: 20px 0; line-height: 1.6; }.. ul { list-style: none; margin: 25px 0; padding: 0; }. li { d

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://p0kecoin.github.io/coin

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 101

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 109

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 87

Chrome Cache Entry: 89

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 98

Static File Info

Windows Analysis Report
https://p0kecoin.github.io/coin