Edit tour

Windows Analysis Report
factura - ztcpyqiqtfiewxjhesna.msi

Overview

General Information

Sample name:	factura - ztcpyqiqtfiewxjhesna.msi
Analysis ID:	1432095
MD5:	5ede14585e55b6b67660efb6237e2e85
SHA1:	d3ff6c89920dbcb3a858fbf897ea2d6d56fdd9dc
SHA256:	9fd784ffe3affccb06b50be9d5f41802adea4215810d88422e941af581bc602a
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Checks for available system drives (often done to infect USB drives)

Creates files inside the system directory

Deletes files inside the Windows folder

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Found dropped PE file which has not been started or loaded

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

msiexec.exe (PID: 7040 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\factura - ztcpyqiqtfiewxjhesna.msi" MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7076 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 3704 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 39393B6C38323B6C97032D06A163F332 MD5: 9D09DC1EDA745A5F87553048E57620CF)

msiexec.exe (PID: 6188 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 6B28C881FB6086C6F85AB1B5204484BE MD5: 9D09DC1EDA745A5F87553048E57620CF)

msiexec.exe (PID: 6888 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\factura - ztcpyqiqtfiewxjhesna.msi" MD5: E5DA170027542E25EDE42FC54C929077)

chrome.exe (PID: 3868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1812,i,158655733991971823,1310956718146386951,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Windows\Installer\54adcb.msi	Avira: detection malicious, Label: TR/Dldr.Banload.onkid
Source: C:\Windows\Installer\MSIB05E.tmp	Avira: detection malicious, Label: HEUR/AGEN.1328318
Source: C:\Windows\Installer\54adcb.msi	Avira: detection malicious, Label: TR/Dldr.Banload.onkid
Source: C:\Windows\Installer\MSIB05E.tmp	Avira: detection malicious, Label: HEUR/AGEN.1328318

Multi AV Scanner detection for dropped file

Source: C:\Windows\Installer\MSIB05E.tmp	ReversingLabs: Detection: 73%
Source: C:\Windows\Installer\MSIB05E.tmp	Virustotal: Detection: 62%			Perma Link

Multi AV Scanner detection for submitted file

Source: factura - ztcpyqiqtfiewxjhesna.msi	ReversingLabs: Detection: 65%
Source: factura - ztcpyqiqtfiewxjhesna.msi	Virustotal: Detection: 65%			Perma Link

Source: unknown

HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49840 version: TLS 1.2

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: bbva.com
Source: global traffic	DNS traffic detected: DNS query: www.bbva.com
Source: global traffic	DNS traffic detected: DNS query: d3l7jhiu2gy1zw.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: tools.eurolandir.com
Source: global traffic	DNS traffic detected: DNS query: cdn.cookielaw.org
Source: global traffic	DNS traffic detected: DNS query: privacyportal-eu.onetrust.com
Source: global traffic	DNS traffic detected: DNS query: id.google.com
Source: global traffic	DNS traffic detected: DNS query: www.besmartee.com
Source: global traffic	DNS traffic detected: DNS query: api.besmartee.com
Source: global traffic	DNS traffic detected: DNS query: assets.adobedtm.com
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: snap.licdn.com
Source: global traffic	DNS traffic detected: DNS query: px.ads.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: www.linkedin.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900

Source: unknown

HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49840 version: TLS 1.2

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\54adcb.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAEC5.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAF24.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{53CFFB45-057F-4439-816F-97CF504AFF47}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAF73.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIB05E.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\54adce.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE3F.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE8E.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{53CFFB45-057F-4439-816F-97CF504AFF47}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEBE.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFD8.tmp

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIAEC5.tmp

Source: classification engine

Classification label: mal64.winMSI@41/88@44/173

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\CMLAFFE.tmp

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF5C1A373E8F2E241F.TMP

Source: factura - ztcpyqiqtfiewxjhesna.msi	ReversingLabs: Detection: 65%
Source: factura - ztcpyqiqtfiewxjhesna.msi	Virustotal: Detection: 65%

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\factura - ztcpyqiqtfiewxjhesna.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 39393B6C38323B6C97032D06A163F332
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 39393B6C38323B6C97032D06A163F332
Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\factura - ztcpyqiqtfiewxjhesna.msi"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6B28C881FB6086C6F85AB1B5204484BE
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6B28C881FB6086C6F85AB1B5204484BE
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1812,i,158655733991971823,1310956718146386951,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1812,i,158655733991971823,1310956718146386951,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: winmm.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wsock32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: olepro32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: winmm.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wsock32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: olepro32.dll

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: factura - ztcpyqiqtfiewxjhesna.msi

Static file information: File size 2461184 > 1048576

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAF24.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIB05E.tmp			Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAF24.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIB05E.tmp			Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIAF24.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIB05E.tmp			Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	21 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	1 Process Injection	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Security Account Manager	11 Peripheral Device Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File Deletion	NTDS	11 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
factura - ztcpyqiqtfiewxjhesna.msi	65%	ReversingLabs	Win32.Downloader.BanLoad
factura - ztcpyqiqtfiewxjhesna.msi	66%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Windows\Installer\54adcb.msi	100%	Avira	TR/Dldr.Banload.onkid
C:\Windows\Installer\MSIB05E.tmp	100%	Avira	HEUR/AGEN.1328318
C:\Windows\Installer\MSIB05E.tmp	100%	Joe Sandbox ML
C:\Windows\Installer\MSIAF24.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIAF24.tmp	0%	Virustotal		Browse
C:\Windows\Installer\MSIB05E.tmp	73%	ReversingLabs	Win32.Downloader.BanLoad
C:\Windows\Installer\MSIB05E.tmp	63%	Virustotal		Browse
C:\Windows\Installer\54adcb.msi	100%	Avira	TR/Dldr.Banload.onkid
C:\Windows\Installer\MSIB05E.tmp	100%	Avira	HEUR/AGEN.1328318
C:\Windows\Installer\MSIB05E.tmp	100%	Joe Sandbox ML

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
tools.eurolandir.com	0%	Virustotal		Browse
ne-web-arr.eurolandir.com	0%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bbva.com	23.44.94.139	true	false		high
googleads.g.doubleclick.net	172.217.15.194	true	false		high
id.google.com	172.217.3.67	true	false		high
privacyportal-eu.onetrust.com	104.18.32.137	true	false		high
www.google.com	192.178.50.68	true	false		high
d3l7jhiu2gy1zw.cloudfront.net	108.157.172.145	true	false		high
ne-web-arr.eurolandir.com	13.79.120.98	true	false	0%, Virustotal, Browse	unknown
td.doubleclick.net	142.251.35.226	true	false		high
analytics.google.com	142.250.217.174	true	false		high
cdn.cookielaw.org	104.19.177.52	true	false		high
d2vk5bl24vn97n.cloudfront.net	65.8.178.77	true	false		high
stats.g.doubleclick.net	173.194.216.155	true	false		high
www.besmartee.com	unknown	unknown	false		high
www.bbva.com	unknown	unknown	false		high
assets.adobedtm.com	unknown	unknown	false		high
www.linkedin.com	unknown	unknown	false		high
api.besmartee.com	unknown	unknown	false		high
px.ads.linkedin.com	unknown	unknown	false		high
snap.licdn.com	unknown	unknown	false		high
tools.eurolandir.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.189.142	unknown	United States	15169	GOOGLEUS	false
192.178.50.78	unknown	United States	15169	GOOGLEUS	false
192.178.50.35	unknown	United States	15169	GOOGLEUS	false
104.19.177.52	cdn.cookielaw.org	United States	13335	CLOUDFLARENETUS	false
172.217.15.194	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false
108.157.172.145	d3l7jhiu2gy1zw.cloudfront.net	United States	16509	AMAZON-02US	false
74.125.196.84	unknown	United States	15169	GOOGLEUS	false
13.79.120.98	ne-web-arr.eurolandir.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.217.163	unknown	United States	15169	GOOGLEUS	false
104.18.32.137	privacyportal-eu.onetrust.com	United States	13335	CLOUDFLARENETUS	false
172.217.165.194	unknown	United States	15169	GOOGLEUS	false
142.251.35.234	unknown	United States	15169	GOOGLEUS	false
172.217.3.67	id.google.com	United States	15169	GOOGLEUS	false
172.217.2.206	unknown	United States	15169	GOOGLEUS	false
65.8.178.77	d2vk5bl24vn97n.cloudfront.net	United States	16509	AMAZON-02US	false
23.196.176.224	unknown	United States	16625	AKAMAI-ASUS	false
172.217.2.200	unknown	United States	15169	GOOGLEUS	false
192.178.50.67	unknown	United States	15169	GOOGLEUS	false
192.178.50.68	www.google.com	United States	15169	GOOGLEUS	false
142.250.64.228	unknown	United States	15169	GOOGLEUS	false
192.178.50.42	unknown	United States	15169	GOOGLEUS	false
23.44.94.139	bbva.com	United States	16625	AKAMAI-ASUS	false
142.250.217.226	unknown	United States	15169	GOOGLEUS	false
13.107.42.14	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.217.232	unknown	United States	15169	GOOGLEUS	false
142.250.217.174	analytics.google.com	United States	15169	GOOGLEUS	false
142.250.217.196	unknown	United States	15169	GOOGLEUS	false
184.28.75.161	unknown	United States	20940	AKAMAI-ASN1EU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.217.234	unknown	United States	15169	GOOGLEUS	false
142.251.35.226	td.doubleclick.net	United States	15169	GOOGLEUS	false
20.118.56.6	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
173.194.216.155	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
142.250.217.195	unknown	United States	15169	GOOGLEUS	false
142.250.217.170	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432095
Start date and time:	2024-04-26 12:55:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	factura - ztcpyqiqtfiewxjhesna.msi
Detection:	MAL
Classification:	mal64.winMSI@41/88@44/173
Cookbook Comments:	Found application associated with file extension: .msi

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 142.250.217.163, 142.250.189.142, 74.125.196.84, 34.104.35.123, 172.217.2.206, 23.44.94.139
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Config.Msi\54adcd.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	2179391
Entropy (8bit):	6.659298112298766
Encrypted:	false
SSDEEP:
MD5:	BB72FF6883CA2169A76CC9989C9993E2
SHA1:	A23BFD5818DF95AFDFC4BB292147582AD54DBF4B
SHA-256:	771CA603520804A3722791069BE63A0637D428D0F714EA33AE5E58DF3DA257E8
SHA-512:	243779AC478709F5D103579C596BD945EBAC2CC223A17D9ADC0BCFF440DA6ECB9F03ED34BC2E2B57CD24BF1FA06BD3399D88CDF9DB7BD1BB4413E1DF77CE94BA
Malicious:	false
Reputation:	unknown
Preview:	...@IXOS.@.....@.f.X.@.....@.....@.....@.....@.....@......&.{53CFFB45-057F-4439-816F-97CF504AFF47}..ERRO FILE".factura - ztcpyqiqtfiewxjhesna.msi.@.....@..:..@.....@........&.{25351790-C36F-44E0-8F66-D671A1B9FD6F}.....@.....@.....@.....@.......@.....@.....@.......@......ERRO FILE......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{9C9B71A5-3D2A-436B-854E-E13FF8050D68}&.{53CFFB45-057F-4439-816F-97CF504AFF47}.@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]$..@......Software\ERRO FILE\ERRO FILE...@....(.&...Version..1.58.487.33'.&...Path2.C:\Users\user\AppData\Roaming\ERRO FILE\ERRO FILE\....edwrgwehweK...edwrgwehwe.@.......>!.MZP.....................@...............................................!..L.!..This program must be run under Win32..$7...........................................................................................................

C:\Config.Msi\54add0.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	2179699
Entropy (8bit):	6.659239215325455
Encrypted:	false
SSDEEP:
MD5:	57CEEFB277655EE55EB81EFFD3E1F8C9
SHA1:	15C18FCDED3B0E9D8899761AF251D0E94AA7046A
SHA-256:	E71912F62478C23581C5E198EB0A00DE53DD4267CDD5789247AA6ADE83765C27
SHA-512:	0E1C4F686DB250C3BE0A4EFFB5E78DBF7E9854093AD459D866FF84C7A15BB1CF1DA6544C2259A1A11608B12228928566CCB54713B9A45820C28A1C99EDD63962
Malicious:	false
Reputation:	unknown
Preview:	...@IXOS.@.....@.f.X.@.....@.....@.....@.....@.....@......&.{53CFFB45-057F-4439-816F-97CF504AFF47}..ERRO FILE".factura - ztcpyqiqtfiewxjhesna.msi.@.....@..:..@.....@........&.{25351790-C36F-44E0-8F66-D671A1B9FD6F}.....@.....@.....@.....@.......@.....@.....@.......@......ERRO FILE......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{9C9B71A5-3D2A-436B-854E-E13FF8050D68}(.01:\Software\ERRO FILE\ERRO FILE\Version.@....&.{53CFFB45-057F-4439-816F-97CF504AFF47}...@.....@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]$..@......Software\ERRO FILE\ERRO FILE........................l.......$.?...................$.N..........?...................?........... ... ............................... ... ...................$.N.......@....%...Version..1.58.487.33&...Version..1.58.487.33%...Path2.C:\Users\user\AppData\Roaming\ERRO FILE\ERRO FILE\&...Path2.C:\Users\

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 09:56:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9831127555488486
Encrypted:	false
SSDEEP:
MD5:	75DA6B7E3DEBFAF469181FC5661CBAFB
SHA1:	DA1594FFF1D0CA56D3E27D39612573B69062D62F
SHA-256:	5DFD27BBBD4F14F421722D126FDAE42212A56F4CFC5C82627E88F5DCD0B6CB7F
SHA-512:	03EF36B5C201A1ACD9A18D530DB7C485D14F0ABD1938AAB02F65E1321DB8B51E956ECC1D81CAA308C0903F08B2C77451650B30D9AB633C53E77F2F37655FFF9B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....5.V...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.V....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.W....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.W....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.W..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.W...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 09:56:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9993353818261763
Encrypted:	false
SSDEEP:
MD5:	7D47C417D1771766D3D9B9F1B1F65354
SHA1:	54CB074B0467E22A56AAD7B87D7A51AF3DF56EF5
SHA-256:	5F081773A08E73BD2BAD4441DBC45DD149284F9EDC5BB1387499B14CD20DEA0A
SHA-512:	C76D9CD2093FA160C13E2A789BF23ECCF6B675867AFA85287E7214A1C3564C8FB1137B7FD2F85C7C185B7740E024C2E18978A4A1779B062AC28B843CBDE9B4BB
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....1.V...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.V....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.W....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.W....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.W..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.W...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.007610635879493
Encrypted:	false
SSDEEP:
MD5:	C219CA08BCA897D44F53FC9D11274F18
SHA1:	2A6B632F064F5E644F7B2001A74B4E6198866B9D
SHA-256:	97908AC06B044821978AB9B13C0B767E2518B3D00FBF7FBD2C969AD1B9F8CD71
SHA-512:	E8E13395AE1A6243ED150454A0A295D05DD113B76C18E8A74565F1C721C573856FE3F1DE87B03C1AE1215C065F30D36AE7DA26BE90B87D2D62580ADD594128B5
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.V....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.W....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.W....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.W..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 09:56:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.998637063770973
Encrypted:	false
SSDEEP:
MD5:	9E6E7CA14EC307D42B5DD59EDAA0F568
SHA1:	E3AD3D813CECCCDD09BDC4FB2508D8D234406A36
SHA-256:	29ABB270E203E3985C645F45778D97170FF543A0A1DB4BFC72BAFFAE79A0DDA6
SHA-512:	5DCA9754C48E2CBD231EDCEE58B1693D1427CBC26E5649EFE856496BDDCA18BAB25A9E895C55B5278444FE60E0E3EDE1FF292688460F7DECC0A21E4362F44481
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....}(.V...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.V....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.W....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.W....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.W..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.W...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 09:56:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9868270341397882
Encrypted:	false
SSDEEP:
MD5:	94E184F75E57C52F55977B165A29F07C
SHA1:	52503B3987698BCF7F2F70311FA7E43AE50C4F19
SHA-256:	42D9051968F98F4164EC98360A6026E739E27CF6CB518727282F3900691FC571
SHA-512:	F9F41FDCAA45AD977714456F5177D722A73122906315952750CB9FF1B2C9030BCCD882F42971DFCAEBF665A5E905BAC5DDF5FC610C6532C62E8D769DB9542441
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....&.V...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.V....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.W....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.W....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.W..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.W...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 09:56:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9963092106731617
Encrypted:	false
SSDEEP:
MD5:	C17F9819D088C7DFF9AE8164CE51115E
SHA1:	01FA55D81D3150066BACF212B1C7A2E092D275A3
SHA-256:	F1B77A37559225BE9CB41B8068C2F54E96798D314A0B90440D48E7AD3D679101
SHA-512:	C2B1A093163A6F2C0188428B44C6A7DC40FFBB7785B4D4FCDB01D9E7E5F02F97A913922C24547D386BDA8E63578C39D1D69E283E0D41BEA9EB0C4F9A3B771FBD
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....59.V...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.V....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.W....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.W....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.W..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.W...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Windows\Installer\54adcb.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Code page: 1252, Revision Number: {25351790-C36F-44E0-8F66-D671A1B9FD6F}, Number of Words: 10, Subject: Installer, Author: Installer, Name of Creating Application: Installer 64247, Template: ;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Security: 0, Number of Pages: 200
Category:	dropped
Size (bytes):	2461184
Entropy (8bit):	6.665690917349129
Encrypted:	false
SSDEEP:
MD5:	5EDE14585E55B6B67660EFB6237E2E85
SHA1:	D3FF6C89920DBCB3A858FBF897EA2D6D56FDD9DC
SHA-256:	9FD784FFE3AFFCCB06B50BE9D5F41802ADEA4215810D88422E941AF581BC602A
SHA-512:	65D4C8DB9DAE03EC46C68EB43BC7609750234B27EF79B3D8F4D7801A1377091DB8FF8DC5DE82548B34C8817DF080BD84C16535B787696A247CF178B90DBA9AAE
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100%
Reputation:	unknown
Preview:	......................>...................&...................................z...{...\|...}...~.......................................................................................................................B...................................................................................................................................................................................................................................................................................................................;...............k.......c....................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...l...d...e...f...g...h...i...j...r...u...m...n...o...p...q...y...s...t...<...v...w...x...a..._...

C:\Windows\Installer\MSIAF24.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	93496
Entropy (8bit):	6.228722547207755
Encrypted:	false
SSDEEP:
MD5:	9F1E5D66C2889018DAEF4AEF604EEBC4
SHA1:	B80294261C8A1635E16E14F55A3D76889FF2C857
SHA-256:	02A81AEA451CDFA2CD6668E3B814C4E50C6025E36B70AB972A8CC68ABA5B3222
SHA-512:	8F8CBBA79D2B6541E8B603A4A395CB938D77C358563BD745449BFEE107EE64B88254A79CA5DD72FA05798A75C1464E7CCA52556829F258009A3D33C9C3C5D39B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Lc..Lc..Lc..R1r.Oc..E.u.Mc..E.e.Cc..Lc...c..E.\|.pc..E.d.Mc..R1b.Mc..E.g.Mc..RichLc..................PE..L......U...........!................................................................).....@..........................@.......9.......`...............R..8....p...............................................................2.......................text............................... ..`.rdata...h.......j..................@..@.data...d....P.......:..............@....rsrc........`.......>..............@..@.reloc..j....p.......D..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIAF73.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	2179469
Entropy (8bit):	6.659218428954119
Encrypted:	false
SSDEEP:
MD5:	AB80FD1732056EE546DAF87D23CD7B2C
SHA1:	2A8AFB0B63D00B47AEDD40DB7B7083E6890ADA90
SHA-256:	B9FBBCDF17B70BFF4A6DBCEE928CF73C99FA74B954ED8992CB3CF2EDAEE2CD39
SHA-512:	247CC2056A89CB4EE6195D74C91A6FB47639D6217A2121F7B4E4A4E71C38789B95E43A7086571BF4E85DA43FCAC53129446DADC0626575323820AAAA0A82D65E
Malicious:	false
Reputation:	unknown
Preview:	...@IXOS.@.....@.f.X.@.....@.....@.....@.....@.....@......&.{53CFFB45-057F-4439-816F-97CF504AFF47}..ERRO FILE".factura - ztcpyqiqtfiewxjhesna.msi.@.....@..:..@.....@........&.{25351790-C36F-44E0-8F66-D671A1B9FD6F}.....@.....@.....@.....@.......@.....@.....@.......@......ERRO FILE......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{9C9B71A5-3D2A-436B-854E-E13FF8050D68}(.01:\Software\ERRO FILE\ERRO FILE\Version.@.......@.....@.....@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]...@.....@.....@.3..$..@......Software\ERRO FILE\ERRO FILE...@....%...Version..1.58.487.33%...Path2.C:\Users\user\AppData\Roaming\ERRO FILE\ERRO FILE\....edwrgwehwe....J...edwrgwehwe.@.......>!.MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.............................

C:\Windows\Installer\MSIB05E.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	2178560
Entropy (8bit):	6.659170844464475
Encrypted:	false
SSDEEP:
MD5:	7B032DEF906917FFA828C74D5CDD99CC
SHA1:	EF15A3BF437F5C207CFCB326C195014F84806EEB
SHA-256:	B05437FDBC48647D0FB37BD72102047C87EF8AFA48938D5241FCA1E75ABB5CD1
SHA-512:	F14B1977013E2B527A8F2C01AB73B17458AA826506D0716068B4C488393064BD14E40DA827C216378237CF62AF0DA4815B765A545D9A8C170EDED72B8D9D9DFF
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 73% Antivirus: Virustotal, Detection: 63%, Browse Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................x..........l.............@...........................!.........................................d....p..................................L...................................................................................CODE.....w.......x.................. ..`DATA....\............\|..............@...BSS..........P.......4...................idata.......p...0...4..............@....edata..d............d..............@..P.reloc..L............f..............@..P.rsrc...............................@..P..............!......>!.............@..P................................................................................................................................................................................

C:\Windows\Installer\MSIEBE.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	2179469
Entropy (8bit):	6.659218219003006
Encrypted:	false
SSDEEP:
MD5:	A108F3CD45B53DAC78E5B6A285822607
SHA1:	F07362208D4777F8CB40A41E44BE58487A5AC905
SHA-256:	7E9B9202586582226A457F630B79C91348D545091A998499ADEB4B191B5C6D33
SHA-512:	0AA8561F464F630697320238D25F5D8EEF00CC1827888E45FDE6EA1222807A7C834E5AAF3EAC4C237EFD4E444E86ED423DA46CC183CF7C27242A91A0386F739B
Malicious:	false
Reputation:	unknown
Preview:	...@IXOS.@.....@.f.X.@.....@.....@.....@.....@.....@......&.{53CFFB45-057F-4439-816F-97CF504AFF47}..ERRO FILE".factura - ztcpyqiqtfiewxjhesna.msi.@.....@..:..@.....@........&.{25351790-C36F-44E0-8F66-D671A1B9FD6F}.....@.....@.....@.....@.......@.....@.....@.......@......ERRO FILE......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{9C9B71A5-3D2A-436B-854E-E13FF8050D68}(.01:\Software\ERRO FILE\ERRO FILE\Version.@.......@.....@.....@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]...@.....@.....@.3..$..@......Software\ERRO FILE\ERRO FILE...@....%...Version..1.58.487.33%...Path2.C:\Users\user\AppData\Roaming\ERRO FILE\ERRO FILE\....edwrgwehwe....J...edwrgwehwe.@.......>!.MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.............................

C:\Windows\Installer\SourceHash{53CFFB45-057F-4439-816F-97CF504AFF47}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.1750491996653878
Encrypted:	false
SSDEEP:
MD5:	BC7538AA5E81B000A279E807E7D90044
SHA1:	5034B3FDC1253E3E58204900C0FF46D571C77021
SHA-256:	935581DF21E5400E7FB3FE4E9C925AB6C70C74A7C1EADBD04FC4461F130A45E7
SHA-512:	3431B70406FCD1AB0DE5C346EA01C38BCA39D866CA52AF5C5DBA75C0BF950CA3496747106D6437D4D849619A7570BE5ABC037669B2B6E1B88A0637E21E04D0F3
Malicious:	false
Reputation:	unknown
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	454234
Entropy (8bit):	5.35616997113664
Encrypted:	false
SSDEEP:
MD5:	AEBCF4DE050DD7D8D2127A47CF6F8CD4
SHA1:	5A1832C7C313359B6FE39F8726FD0B1EB23E23E6
SHA-256:	94A9A01D367EABA94456E71F7E16AEA4848643916DFAC3D753AB788F6342DED8
SHA-512:	538E690622608ED86B274CBD6F5EFE3377F9306A859F24B71DFD0ABA42C3E6FC99BBF142CBC6A635C67AD7B50F08126576BAB5F8908485C44DD8A9CFF867413B
Malicious:	false
Reputation:	unknown
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

C:\Windows\Temp\~DF1080C2F894881055.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2321376682290601
Encrypted:	false
SSDEEP:
MD5:	ACF337A2045776F1043E076A6013D060
SHA1:	345AB5CF685477C9CCA6D53520540E031BCF45B3
SHA-256:	25DF4667D8366FE86C8720546AD469076D4CAB2A4B4059A030E64F1F0F3306C6
SHA-512:	ECBAE162F2956F8DFDD4AAE5CD611FB89132C463D20833542F91897FC1EADB9DFC5093C6BA40F4E4366320460E8D0953C6821FBAF08C862AD798339F78781310
Malicious:	false
Reputation:	unknown
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF411F7E8CF6667194.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	0.12585380182008588
Encrypted:	false
SSDEEP:
MD5:	8A5324DDF5F5C18E80B4EC718D7A9959
SHA1:	BBDF0F28ADC9F1E635EAA88246227E83E0A5C1A0
SHA-256:	B2D65907F808E27AE53AD682C2E3AF834CDA618DA1784C66EB01EEDE58E1F7DA
SHA-512:	54BCBC84760201BC4911446631CBC088A7DD40FA7D1FE7DA4D466BA4C524F4D1DA2BCF98AB4060CBACC57D1BD51B13A74708730EF4958523BAEEA893D6D110B3
Malicious:	false
Reputation:	unknown
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF5C1A373E8F2E241F.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	0.1257669504800284
Encrypted:	false
SSDEEP:
MD5:	AC7A5F5DDCC6701CD964D989B603A95F
SHA1:	BC1D19E8C2065CB6D616E2500D7BBB51830EB942
SHA-256:	BDDAAF3493E06DDC39971B1905F0548E2295192B20E84215BCDC813A63F1C718
SHA-512:	F89B8F6E7090035D8E498F7735A7677388D574F20914DD0B24F827482EBB90A759D4E925E7F171252E68D864CC6ACE1D7A5983F355F5C12FB166E0D59C97D449
Malicious:	false
Reputation:	unknown
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF5DC33C3D0D26CA89.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5349204829149476
Encrypted:	false
SSDEEP:
MD5:	E41127974A7241207056FF04E6B600C3
SHA1:	684AE2AD4F8DA6EA8AC8920AE13AF1CA79AFC061
SHA-256:	704B24D5D44268C137A0224BC501CBB00C04755904857509A91E79A056EB5194
SHA-512:	E3D0A303C0BEE5877C83C2125F190CDEF4EDD878423A7C40957569E231C0D735ECB5B5A82FC9EE67BAA8D25F2C43423C30D0D84FDBED26BCB160E6B07892EAB3
Malicious:	false
Reputation:	unknown
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF641850FA97708156.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.07987212063007428
Encrypted:	false
SSDEEP:
MD5:	A99B2E9D4550B3DE16F3FBB4F8F5BF39
SHA1:	7833438DC2D570539EA35424A4345B8C11F8639B
SHA-256:	842D8E9F675F79DE6E96208B5B1E10F054C52F1094122037E38B28E9A4A1712F
SHA-512:	8FC8C1AC1D6C9402FF7D228ABEF9917D54AE616A8AB091A978C2755774EB5A46BA706389BDE2B2AF9DE0D39DD6AD06CC6F540AE6EA24A05D36B4EE05EB6B15AA
Malicious:	false
Reputation:	unknown
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFBDFC1D5A3CC8B4CB.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.535130724969945
Encrypted:	false
SSDEEP:
MD5:	7E2330F108EF260182A1915964384532
SHA1:	DF1EB4C80B3CAD756EA6722BB63C154840B0667B
SHA-256:	59C5A8A218367575E29CEE2BF6DF83F8B5D786DD6C51D24A9824AB6EFB4EA24C
SHA-512:	49B3BDDD44023144A8AA8067FCB5F38C56833CB20E79CEF6CB104E3E05521B7B6CE70CAD01BC79F79B9A0BAE9E4524EA306713A4C1F4BC240C60C54714B0E908
Malicious:	false
Reputation:	unknown
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFE3030A96B9BC4BB8.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.232494515646
Encrypted:	false
SSDEEP:
MD5:	9343FA18F06A969992777F66A944A5DB
SHA1:	11001D3DFB0985789B9F8E7C74607A82538C2E74
SHA-256:	9629BDD311404DC334F5152B3498AC8176C9223052F8E61E7617D788747846A6
SHA-512:	CF92BBFEACCCFB29D55C9309A606A40809D0317C6CAAEF993183B5A771117DCCC0A2658F61264AAC95D2EF2492D81A5E01F88C69257EE7F3B37AF888D310206C
Malicious:	false
Reputation:	unknown
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFFE622C466A75FE3A.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Reputation:	unknown
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 319

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (21778), with no line terminators
Category:	downloaded
Size (bytes):	21778
Entropy (8bit):	4.769188103585108
Encrypted:	false
SSDEEP:
MD5:	73BC4067D312180A1B19A4D883F42D6A
SHA1:	AD328A9A572FBEA43F295E7769835FF08F6FF1FD
SHA-256:	D3F7B0EC4DE079928A999641E781E80F33597A392A561BC460276DFB4EFB6EEC
SHA-512:	20B89462521684C258A8CE15E94DA67182C66397B0DE528357E01294FF06883C1AD96037A9D739E4575DB8722B1A1967578709A0C844CD45A49E6A51E1B6479D
Malicious:	false
Reputation:	unknown
URL:	https://cdn.cookielaw.org/scripttemplates/202401.1.0/assets/otCommonStyles.css
Preview:	#onetrust-banner-sdk{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}#onetrust-banner-sdk .onetrust-vendors-list-handler{cursor:pointer;color:#1f96db;font-size:inherit;font-weight:bold;text-decoration:none;margin-left:5px}#onetrust-banner-sdk .onetrust-vendors-list-handler:hover{color:#1f96db}#onetrust-banner-sdk:focus{outline:2px solid #000;outline-offset:-2px}#onetrust-banner-sdk a:focus{outline:2px solid #000}#onetrust-banner-sdk #onetrust-accept-btn-handler,#onetrust-banner-sdk #onetrust-reject-all-handler,#onetrust-banner-sdk #onetrust-pc-btn-handler{outline-offset:1px}#onetrust-banner-sdk.ot-bnr-w-logo .ot-bnr-logo{height:64px;width:64px}#onetrust-banner-sdk .ot-tcf2-vendor-count.ot-text-bold{font-weight:bold}#onetrust-banner-sdk .ot-close-icon,#onetrust-pc-sdk .ot-close-icon,#ot-sync-ntfy .ot-close-icon{background-size:contain;background-repeat:no-repeat;background-position:center;height:12px;width:12px}#onetrust-banner-sdk .powered-by-logo,#onetrust-banner-sdk .ot-pc-fo

Chrome Cache Entry: 320

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	64205
Entropy (8bit):	5.446554301482213
Encrypted:	false
SSDEEP:
MD5:	F87A49ADF0071A1866ABCD9F1F4CA26F
SHA1:	9D8E405BF1CA54F02D7664DEB916F4960E4A2C02
SHA-256:	D18F313F2489ED91CD15CF94A1E5668B8B0DA8318F593D980228000A1757702F
SHA-512:	1CB2106EA261D1E90D81C5BE5A2A2355C0A4564CA2682A7F054233B42207D15025E04EF5B0BF06C4E06A2FE160AA5FAAABB21F003708DC7519522EACD1FC3AF2
Malicious:	false
Reputation:	unknown
URL:	https://cdn.cookielaw.org/scripttemplates/202401.1.0/assets/v2/otPcTab.json
Preview:	. {. "name": "otPcTab",. "html": "PGRpdiBpZD0ib25ldHJ1c3QtcGMtc2RrIiBjbGFzcz0ib3RQY1RhYiBvdC1oaWRlIG90LWZhZGUtaW4iPjxkaXYgcm9sZT0iYWxlcnRkaWFsb2ciIGFyaWEtbW9kYWw9InRydWUiIGFyaWEtZGVzY3JpYmVkYnk9Im90LXBjLWRlc2MiPjwhLS0gcGMgaGVhZGVyIC0tPjxkaXYgY2xhc3M9Im90LXBjLWhlYWRlciIgcm9sZT0icHJlc2VudGF0aW9uIj48IS0tIEhlYWRlciBsb2dvIC0tPjxkaXYgY2xhc3M9Im90LXBjLWxvZ28iIHJvbGU9ImltZyIgYXJpYS1sYWJlbD0iQ29tcGFueSBMb2dvIj48L2Rpdj48ZGl2IGNsYXNzPSJvdC10aXRsZS1jbnRyIj48aDIgaWQ9Im90LXBjLXRpdGxlIj5Qcml2YWN5PC9oMj48ZGl2IGNsYXNzPSJvdC1jbG9zZS1jbnRyIj48YnV0dG9uIGlkPSJjbG9zZS1wYy1idG4taGFuZGxlciIgY2xhc3M9Im90LWNsb3NlLWljb24iIGFyaWEtbGFiZWw9IkNsb3NlIj48L2J1dHRvbj48L2Rpdj48L2Rpdj48L2Rpdj48IS0tIGNvbnRlbnQgLS0+PCEtLSBHcm91cHMgLyBTdWIgZ3JvdXBzIHdpdGggY29va2llcyAtLT48ZGl2IGlkPSJvdC1wYy1jb250ZW50IiBjbGFzcz0ib3QtcGMtc2Nyb2xsYmFyIG90LXNkay1yb3ciPjxkaXYgY2xhc3M9Im90LXNkay1jb250YWluZXIgb3QtZ3Jwcy1jbnRyIG90LXNkay1jb2x1bW4iPjxkaXYgY2xhc3M9Im90LXNkay1mb3VyIG90LXNkay1jb2x1bW5zIG90LXRhYi1saXN0IiBhcmlhL

Chrome Cache Entry: 321

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65451)
Category:	downloaded
Size (bytes):	439522
Entropy (8bit):	5.3553291806096235
Encrypted:	false
SSDEEP:
MD5:	57D2860333F4960EF943EE8F2B5F5B19
SHA1:	EE1BF2816C1E6FAF567EFB8E7EC473A1CA4E8428
SHA-256:	830965DE01C4D254283A843311ADCC3301522D2D60F6289C05B2DEE015D3DACB
SHA-512:	09B6AD9C2C859EBAF59037B4839FFEF1F388DFB00D90A47A2E890BEFA21C9F1421B9CAC5B341AF351A6FA76D4653C09196BC6729DE25D2137C01AB64DC766487
Malicious:	false
Reputation:	unknown
URL:	https://cdn.cookielaw.org/scripttemplates/202401.1.0/otBannerSdk.js
Preview:	/** . * onetrust-banner-sdk. * v202401.1.0. * by OneTrust LLC. * Copyright 2024 . */.!function(){"use strict";var N=function(e,t){return(N=Object.setPrototypeOf\|\|({__proto__:[]}instanceof Array?function(e,t){e.__proto__=t}:function(e,t){for(var o in t)Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o])}))(e,t)};function D(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+String(t)+" is not a constructor or null");function o(){this.constructor=e}N(e,t),e.prototype=null===t?Object.create(t):(o.prototype=t.prototype,new o)}var H,F=function(){return(F=Object.assign\|\|function(e){for(var t,o=1,n=arguments.length;o<n;o++)for(var r in t=arguments[o])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e}).apply(this,arguments)};function R(e,s,a,l){return new(a=a\|\|Promise)(function(o,t){function n(e){try{i(l.next(e))}catch(e){t(e)}}function r(e){try{i(l.throw(e))}catch(e){t(e)}}function i(e){var t;e.done?o(e.value):((t=e.value)instanceof a?t:new a(fun

Chrome Cache Entry: 322

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (26415)
Category:	downloaded
Size (bytes):	26416
Entropy (8bit):	5.220449445322987
Encrypted:	false
SSDEEP:
MD5:	D3869857597E5B568B49C85904500D1C
SHA1:	079556964782F03ABDBAF4EAB6995F9E67ADEBE8
SHA-256:	738C7AE4380A0DD2CEF652A84C0363E639A0E014DDB0E8893D2BE55F77F6A8D9
SHA-512:	94BE8CDFB3293CA5034189E20D071F97CA896A48C5B1A1E51F058962B6EEEE348775D23759ADB5D616DA1D193585CBB77E89E1A431722F70CAD06527440BFBBF
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/themes/coronita-bbvacom/assets/js/bbva_com.min.js?ver=12.1.1
Preview:	"use strict";var __extends=this&&this.__extends\|\|function(){var o=Object.setPrototypeOf\|\|({__proto__:[]}instanceof Array?function(e,t){e.__proto__=t}:function(e,t){for(var n in t)t.hasOwnProperty(n)&&(e[n]=t[n])});return function(e,t){function n(){this.constructor=e}o(e,t),e.prototype=null===t?Object.create(t):(n.prototype=t.prototype,new n)}}(),initTextfields=(this.fitie=function(r){function c(){m.call(r,h+y,c);var e,t,n={boxSizing:"content-box",display:"inline-block",overflow:"hidden"},o=("backgroundColor backgroundImage borderColor borderStyle borderWidth bottom fontSize lineHeight height left opacity margin position right top visibility width".replace(/\w+/g,function(e){n[e]=f[e]}),p.border=p.margin=p.padding=0,p.display="block",p.height=p.width="auto",p.opacity=1,r.videoWidth\|\|r.width),i=r.videoHeight\|\|r.height,a=o/i,l=document.createElement("object-fit");for(e in l.appendChild(r.parentNode.replaceChild(l,r)),n)l.runtimeStyle[e]=n[e];"fill"===v?E?(p.width=s,p.height=u):(p["-ms-tra

Chrome Cache Entry: 323

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ISO Media, AVIF Image
Category:	downloaded
Size (bytes):	1915
Entropy (8bit):	7.6674858946247
Encrypted:	false
SSDEEP:
MD5:	D6159ADC64967B04C55E34235C4C63E0
SHA1:	F71F0E10DB4F7749D07D6EC5303CD69C5C5344A0
SHA-256:	17E5CB27567D1FCFBEA5F6028A8848B7BDB48046DD97402C3ACBB5FAA5DAE7D2
SHA-512:	F801F367AE4F7E411B650ED1455D949F5DFFFF273CE74E552F76C469822672CD87BEE63F97C6E91E36A17816F654E00ADE39534183394F48BE7553437D6DF444
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/uploads/2020/06/jesus-lozano-bbva-perfil-150x150.jpg
Preview:	....ftypavif....avifmif1miaf....meta.......!hdlr........pict.................pitm........."iloc....D@...................m...#iinf..........infe........av01....jiprp...Kipco....colrnclx...........av1C........ispe................pixi............ipma..................umdat.......eX !..2...@...A@.x...Z.$.u..D......\.a....m:.7..R......V+.w..E.?.m..~..........mfdH;.c...I...C...+.z.....C../..\|".f.4..T...C.ND.d\|"u.].."..QM..I.....v...}.N.s....X...C.....fK..t.UI."....E....B...CFD..u.Y&....mbj.x..f.0..&.2.z..bhp.........?.^.Q.....S..qL1.hal......}.Y.....mk...8V.....(....[..D.x..A{w...l..o..2......a......g.h2e.U.v..w.......u....+...89N.....$..?,\1......v(..%B.,u.q.V.a..J.6.?/~#.>.k...P.>?..$H.9.P.H.=A.W0q\|.F..V........1......P..7..,I..8.B...J.=.4.....B..<.....U.b....E.i.y.?..)..~s#ew0..R..`2....0..zH._ M.A..F........<......{..O7f<u.....a..!.l?@N.N`.(N...."T......+r.N.)....3.UGR..E3.......7...k.D2...)..U...=Po......S.C...S...x..C~9.......k&*........;c...o....n..\|c(.

Chrome Cache Entry: 324

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 73720, version 1.0
Category:	downloaded
Size (bytes):	73720
Entropy (8bit):	7.991859675443766
Encrypted:	true
SSDEEP:
MD5:	D8009BB535060C62C0366CC6442369C5
SHA1:	1EF22B3D1849EA5F09DC30ABF096BE0638ED3646
SHA-256:	26132E59577D145981DD192FD7A8822A8CFB6E35CB82EB334A74013F08DFE4B1
SHA-512:	37B845A8F2FD358FAF043014C10F5591E8DD4B74BB8A2AAC17A338DF131225702B4735B21DE4A74305DD088EFB34FA02227FCAB5ED0AA4CEEA999D9D08A57942
Malicious:	false
Reputation:	unknown
URL:	https://tools.eurolandir.com/tools/ticker/Solutions/ScrollingTicker/es-boy/fonts/BentonSansBBVA-Bold.woff
Preview:	wOFF...............l........................GPOS.....&....N.b..GSUB...<.......J...0OS/2.......`...`.=n.cmap.......v....l...cvt ...l...0...0.X.kfpgm...`..........gasp...............glyf..........=..3Y.head.......6...6.^.hhea.......$...$....hmtx...\.......\|.I.{kern...`..,w..]T...loca...........B_...maxp....... ... ....name.............2g)post...\...L....Y..\prep.......o...otH..........:..._.<...........U.......(s.H.............................q.H.............................d...y.....(.5.h.....................3.......3.......2..................P..[........FBI . . ...L.L...... ........D..... ..x....D.i...w..y..C.5$I......Y.XF.HF.8#I....5....HN..Z...u.$9.r{g....W.:..Z...JV.Is..;Sf.....y..<...<..y>..`t.j.._.Y......~.r.....X6......d.`.X)..?.5.J..7..Z.atk..i...9.8^.5....T...U+..R......+..l.^.z...C..a.9...{..\.j...{.d.aC..}(~...7.....M...9.e.A..t..\|mD.1;.^q.o.....7F..X.X.D[..?h..iY..\|.J}m...1..B.f.e.!.p..V.G$0]...e..u.......k..4-.W..4.h."..Jb.Q......^...!.....{y..Bn

Chrome Cache Entry: 326

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	660
Entropy (8bit):	7.7436458678149815
Encrypted:	false
SSDEEP:
MD5:	C3DFF0D9F30EC0BCF4DEC9524505916B
SHA1:	4B378403ACBEBC3747E08C69B5FD7770A850C9EB
SHA-256:	73D788F86BE22112BB53762545989C0F1BBDB7343161130952C9BA3834FF81E3
SHA-512:	677EA304D00D176ACF61FF68BF23BD5F77AD2928D7DE9F4B842292BC9D3FB7029FE9F578B62F142DCE689230F392E828098EED3484FE2DBEE6E1A7AA5378E2C6
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp
Preview:	RIFF....WEBPVP8L..../'....Hv.=n.......Q...a..(Rv.o..U.....l..m........0l.6l..f.......A?B.C.A...2h..Ag0....G8.n#)R.j.x..P.F..I;.Ox......7-...bX./..]...3..T....5...x...G.C....%.u.....u/._.=....<!q.\...9.....\....p:..P.4.aS.N).>.>.."..9..Vh ....no....l.1..#6p\c..2..>..=8...........FP.^....+/.~......hs..D.Jm..9...r....t*.H..~T^\|.....l..l......he..}f....d.."....K...&1..................pl.Pf.%6...2X..I...eXQ(.K..1%c..w.s._..._K`K.1}..D.E=...<..ytM..>.q'.e.L.~$...b..;k.M.....t\O..m.I._..F....'........z.]..u?~..P.zJM.. k...p~9..D....".Zl$?f..+...\.Pg..%...;.[R>N.#.W.e..@q...(....]&......K.......?.\|.z..(...:&m.V.C.'...D^.R....

Chrome Cache Entry: 327

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon
Category:	downloaded
Size (bytes):	37452
Entropy (8bit):	6.4455645834684825
Encrypted:	false
SSDEEP:
MD5:	39576D0EC2F3E5630E63CFCDFA18F070
SHA1:	3C01FC186E35478EB3ABE553EF2993B6B3583D82
SHA-256:	633AF09D87050C595D8D55ADB69B5EC6056ED6777FCFBF4BA448A57CAD3B25B1
SHA-512:	2F711AB4B53F7C5B10E54093C074AB0453085BFC9AE11FB92611D9CD9424D16A97A51824A88FF976C8197DD21BCB04A03F3C2FA52FF6FB7B6F5DEE4774E5A77E
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/themes/coronita-bbvacom/assets/fonts/icon-bbva/fonts/icon-bbva.ttf?6hjv6d
Preview:	...........0OS/2...........`cmap...........\gasp.......x....glyfI..z....... head,;[........6hhea...5.......$hmtx............loca...l........maxp........... name.J..........post.......,... ...........................3...................................@........@...@............... .................................@............. ........... .....................................................79..................79..................79...........K.......".3.F.W.b...#.37!.3...#...#%7676&'&#!.!27>.'&'.#.32...........#.7676&'&#!.!27>.'&'.#.32...........#.....+..3.#....q0../.....cd...$...!%$8...0d??""!].3]"1..</:WA.R$...!%%8...0d@?"""].3\"2..=/:W@..... %...s.W.,....-..2.K...4)B...,23.KK0....1!...[.KCRI.W4)*B...,23.KK0....1!...[.KCRI.s....=!.,....................%12..1..#"&5467#....&"....3!26...##..##?NN...i....i...."...#..""..#N.<O.,.$....................../...1"&514632.....3.'.27>.7654'..'&#"......1......3...##..##?NN'bVV.%&&%.VVbbVV.%&&%.VVb.^"..##.."O..O..&%.VVbbVV.%&&%.VVbbVV.%&.

Chrome Cache Entry: 328

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1141
Entropy (8bit):	5.171512217128152
Encrypted:	false
SSDEEP:
MD5:	EA47926CAB46D7540FE1C057B0EBC63C
SHA1:	E36533CB5EA277BFA5159C8F5F33D722AFEAB941
SHA-256:	B5052E339B5B6902D4663B01B416A6F2C244910B43BB26AF4D9A2C4859235B2A
SHA-512:	63BB18E9E73535FADA6DDBCFE04605EE64743D88CD18765F0537289F44567CC2F14A7CD5ADB87DE9909BCE315CF47DCE8DFF5FA5FC002755824BB24A58090054
Malicious:	false
Reputation:	unknown
URL:	https://api.besmartee.com/images/bbva/icons/Unflilled-symbol-X.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg width="24px" height="24px" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: Sketch 53.2 (72643) - https://sketchapp.com -->. <title>Symbols/X/Unflilled</title>. <desc>Created with Sketch.</desc>. <defs>. <polygon id="path-1" points="18.5460496 4 11.9345489 10.6105657 5.45488546 4.13183731 4.13277232 5.45395044 10.6124357 11.9336138 4 18.5451145 5.45488546 20 12.0663862 13.3875643 18.6778869 20 20 18.6778869 13.3894343 12.0654511 20 5.45395044"></polygon>. </defs>. <g id="Symbols/X/Unflilled" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <polygon id="Bounding-Box" points="0 0 24 0 24 24 0 24"></polygon>. <mask id="mask-2" fill="white">. <use xlink:href="#path-1"></use>. </mask>. <use id="Mask" fill="#FFFFFF" xlink:href="#path-1"></use>. <g id="Primary/Medium-Blue/Medium-Blue"

Chrome Cache Entry: 329

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	4529
Entropy (8bit):	4.534740789823294
Encrypted:	false
SSDEEP:
MD5:	ED2AA9494659E37F8CCF084CCB2FF9E5
SHA1:	A693EC0D7C851A69ADA1834AE6059051577C00F2
SHA-256:	769C209798815A274BA12AF40DBFD145E24F382095F38E8ABA19B77954CB42D6
SHA-512:	026BE277A82EB4AD6E90AD50B38169A23228F974DF06B1852EBDC806E2A98FC7D9B32B134DE21BE0F5254348A4BC948ADBE49B45F8BB10F22CD0DCD0754A8D99
Malicious:	false
Reputation:	unknown
URL:	https://api.besmartee.com/js/global-ajax-handlers.js?v=2022122000
Preview:	var bsmAlert = {. ajaxError: function() {. $(document).ajaxError(function(event, jqxhr, settings, thrownError){. if (settings.suppressError \|\| jqxhr.status == 0 ){. return;. }. if ( $("#lender-body").length > 0 && jqxhr.status != 200 ) {. bsmAlert.ajaxErrorHandler(jqxhr.status);. try {. throw new Error(jqxhr.status + ":" + thrownError);. } catch (e) {}. }. });. },. ajaxErrorHandler : function ( statusCode, defaultMessage ) {. defaultMessage = defaultMessage \|\| '';. switch (statusCode) {. case 403:. var message = verbiage.get('ErrorMessageStatusCode403');. message = message ? message : (defaultMessage.length ? defaultMessage : "There was a problem with your request. Please refresh the page and try again.");. if ( !$("#container-alertNotifications .modalNotificationsAlert").f

Chrome Cache Entry: 330

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (21044)
Category:	downloaded
Size (bytes):	21049
Entropy (8bit):	6.084863420179437
Encrypted:	false
SSDEEP:
MD5:	E9F15A938521B59B0B565EF4871383BE
SHA1:	7BF0CA13471573FCDCC7AE46F61247F4E85E5EF5
SHA-256:	77CBBC1939A3B54937114895429F2BE16996EFD9EE19499BBBFE46244797D22F
SHA-512:	0F48C94E2D4344EC04E09C5E90105034572A5FA6DCAFC3692E802A44056164D7434D8495228D515D965874A68C0F653F6748A1B18A042369B88DD568AE04804A
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?q&cp=0&client=gws-wiz-serp&xssi=t&gs_pcrt=2&hl=en&authuser=0&pq=login%20bbva&psi=hogrZrPXNt-QwbkPnIao-AY.1714129033379&dpr=1&ofp=GIbx6qjx4u-MyQEY-fb_gte7k6VdGK7PqdvDs7rfjgEYyqSBhfiJ0rWKARi124a1yeaC14kB&nolsbt=1
Preview:	)]}'.[[["philly pretzel factory free pretzel day",0,[3,308,357,362,396,143],{"zf":33,"zl":90000,"zp":{"gs_ss":"1"}}],["ucsd bomb threat today",0,[3,308,357,362,396,143],{"zf":33,"zl":90000,"zp":{"gs_ss":"1"}}],["velma season 2 review",0,[3,308,357,362,396,143],{"zf":33,"zl":90000,"zp":{"gs_ss":"1"}}],["lufthansa 747 rough landing lax",0,[3,308,357,362,396,143],{"zf":33,"zl":90000,"zp":{"gs_ss":"1"}}],["cicadas",46,[3,308,357,362,396,143],{"lm":["https://encrypted-tbn0.gstatic.com/licensed-image?q\u003dtbn:ANd9GcQ_k-XkGEeKEB29JOwvlguyhMLajledwvWDa8ug9zPdHkCs2PITj9PKFSKmVBGAgk13cUwmJGfp7EYdYT9Dpsizx6pqDAAs\u0026s\u003d19","https://encrypted-tbn0.gstatic.com/licensed-image?q\u003dtbn:ANd9GcTkwYR7tf5GxWSCjJd93bOjhlJcwW06k6cGBPO5pkCL2dwnN9t_cE54jboIYt1kxdA_hKeLWaX-xBPL5t5jpEQ0Xf0kUwFh\u0026s\u003d19","https://encrypted-tbn0.gstatic.com/licensed-image?q\u003dtbn:ANd9GcSF4Fz4MjCgs4reO4Bj5wFD5AFUw4DRJ2UCkofo8q2ZfUErkuqpP-6lRuFOUdbCYlKirwuCC3aCVClXhzJjmDeZpvqCb450\u0026s\u003d19"],"zf":33,"zh":

Chrome Cache Entry: 331

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (9462)
Category:	downloaded
Size (bytes):	209738
Entropy (8bit):	5.165350348790485
Encrypted:	false
SSDEEP:
MD5:	94CFE5246E1527CE610B960274AC2C18
SHA1:	62DC85C3F02E96DD78CC8F0E3E892CF3F5F49ABB
SHA-256:	0E9DC456D323E053B6A64455D9C2D6D45BB4F9F02EC99967EC97FB75AEF97F3F
SHA-512:	495421C83867F2FBFE9FC3AAF6427EC9E1A8157490F1EAAFA8BFB3389BFF3976C4341299BDD0511902E2842CEE997520EBE76C2BC9A4DE6B8E2EE89A8FDB65C6
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/en/
Preview:	.<!DOCTYPE html>.<html lang="en" prefix="og: http://ogp.me/ns#">..<head>. <meta charset="UTF-8">. <title>BBVA \| The digital bank of the 21st century</title>. <link rel="schema.DC" href="http://purl.org/dc/elements/1.1/" />.<link rel="schema.DCTERMS" href="http://purl.org/dc/terms/" />.<meta http-equiv="X-UA-Compatible" content="IE=edge">.<meta content="width=device-width, initial-scale=1" name="viewport">.<meta name="author" content="BBVA">.<meta name="owner" content="BBVA">.... <script type="application/ld+json">. {. "@context": "http://schema.org",. "@type": "CollectionPage",. "publisher": {. "@type": "Organization",. "name": "BBVA",. "logo": {. "@type": "ImageObject",. "url": "https://www.bbva.com/wp-content/themes/coronita-bbvacom/assets/images/logos/bbva-logo-900x269.png",. "width": "900",. "height": "269".

Chrome Cache Entry: 332

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ISO Media, AVIF Image
Category:	downloaded
Size (bytes):	44762
Entropy (8bit):	7.994199754873528
Encrypted:	true
SSDEEP:
MD5:	584CEECE2AF17ADF52C22C2B78EB7FCA
SHA1:	D6A04BCE3BBCF757A94310FEF2C18FB7127649B3
SHA-256:	1E6AFA0E7387843C3C734BC1CEB8019537A8EF222B3709772171982B05419EEC
SHA-512:	ECBE93B451258EE851696F2117E0B37EAB53AB94F6292F531F67BB5795281E219604C57808FFA44F9325D228180FAE51D96E3AB8298A36A4D3289ED74D6059B4
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/uploads/2024/04/CarlosTorresVila_WakeUpSpain_Abril2024-768x431.jpg
Preview:	....ftypavif....avifmif1miaf....meta.......!hdlr........pict.................pitm........."iloc....D@.......................#iinf..........infe........av01....jiprp...Kipco....colrnclx...........av1C........ispe................pixi............ipma...................mdat.....&/.s..4..2....@...A@.+@.Q$...Ti.....L..8T.}..Ke.b..E...4.s..nk...DESH.Fn.p...@.Zj....t...f.. .@.8..@...2c..0.f...^..7...=z'".=r..W.....v..p..c........xij...spe.D.x7d.5........j[.B.w!..Q...o....Pd.,Ua\|..3a1 ......TU.]=.-.>p..0...I..h.b?g..l..<..f........6..`..F^O.=..Z....u4...,....X..7.z......C\{......B.G._....t.^.>.......g.u..y.L-.Y.E[..P..R.....:.~?..s.A.~Di..NI.N...c.D5m.x.QS....?.%.5.....E[...z...o.....=u..Cg6.].........R..q!..1..w..x.H.W..r.%\~ie......Ab....#R.Tc3....X....;.9....U+7....b3'...-.yw.Q.{/..6..U.jp.;..x\|.:.7...H`.C.....YS.j....v....f....8_Ug.}}..6gBk.....lV......xwF...../..wk.jh..M..[........P..p..X.x..*9.`..;..Q.E&\|L.{..O.\......P.]{I.A0...i....iK.U.....x.).n..../X#.

Chrome Cache Entry: 333

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	713
Entropy (8bit):	4.886279259745532
Encrypted:	false
SSDEEP:
MD5:	B09C25846C02CD0B33306CC0CC8F344A
SHA1:	A3149F6EC899CED0BB243B03489C3FBC2AC6CDE5
SHA-256:	540DDF388E720263918CC5B60037754A9ECB3156AEC3F273FEE71AE954446A89
SHA-512:	20132F3B051E344989E700B27A4B145AE3D891EA8E36D484E9C3CED0EFB771F774FCB89EECFE3F6EB0501F65A9B9E7129B4E7C896DC2CEDF114A23691D85650D
Malicious:	false
Reputation:	unknown
URL:	https://api.besmartee.com/js/analyticsTrackingCustomScript.js?v=2024042603
Preview:	(function () {. if (document.querySelectorAll('script[src*="googletagmanager.com/gtag/js"]').length > 0) {. // If Gtag was already injected, the do nothing.. console.warn('GTag was already loaded.');. return;. }.. // Load gtag script from Google and append into HTML Document. const gtag_id = 'G-KCQTVET1NT';. const e = document.createElement('script');. e.async = 1;. e.src = "https://www.googletagmanager.com/gtag/js?id=" + gtag_id;. document.querySelector('head').prepend(e); // Append right after `<head>`.. window.dataLayer = window.dataLayer \|\| [];. function gtag(){dataLayer.push(arguments);}. gtag('js', new Date());. gtag('config', gtag_id);.})();

Chrome Cache Entry: 334

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1015
Entropy (8bit):	4.473688911419605
Encrypted:	false
SSDEEP:
MD5:	E7FE655BF6D93AC9F8C97AD028DF81E5
SHA1:	A2DD692D0BED65367B8DD7ACDEFF2D6D24C38CB4
SHA-256:	9D03E7D0B0A569FD911BB84DE3F20C974F8868DD33E7198AC330FD3A9805EAF8
SHA-512:	F602285B059BA4E864ECE6CAE4F032DBC39B61316D159CA295CD5CE0F090167E734FAD15C21FB4B64A7E44487682538EA84BDD9A06C7841702A57A99BC037568
Malicious:	false
Reputation:	unknown
URL:	https://api.besmartee.com/js/bsm-feature-management.js?v=2022122000
Preview:	const BsmFeatureManagement = {. supportedFeature: {. 'chatting': "chatting",. 'cobrowsing': 'co-browsing',. 'multiple-lo': 'multiple LO (getEditMode request)'. },.. isValid(name) {. return typeof name !== 'undefined' && this.supportedFeature.hasOwnProperty(name.toLowerCase());. },.. disable(name) {. if (this.isValid(name)) {. localStorage.setItem(this.buildStorageKey(name), 'yes'). }. },.. enable(name) {. if (this.isValid(name)) {. localStorage.removeItem(this.buildStorageKey(name)). }. },.. isEnabled(name) {. if (this.isValid(name)) {. return localStorage.getItem(this.buildStorageKey(name)) !== 'yes';. }.. return false;. },.. getStatus(name) {. if (this.isValid(name)) {. return this.isEnabled(name) ? 'On' : 'Off';. }.. return 'n/a';. },.. buildStorageKey(name) {. return 'bsm-disable-' + name.toLowerC

Chrome Cache Entry: 335

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 100 x 100, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	92
Entropy (8bit):	4.7940407087415595
Encrypted:	false
SSDEEP:
MD5:	394DBDE41D2EBA5E13995FA580128BB7
SHA1:	838BA1C30B3F32CB4E3649595DF084E60FF9F7B7
SHA-256:	9EFC98A8D0798BAD90F20FAAF0751BDD6AC0D2620009E5D2111665BDD37884AA
SHA-512:	642C993FCE3322A6024C4DF1776C716E3F5E10115F82ECA5284E06505C15CD988C240620CDBE733D40687B4E01E6514E6C9799A023E7AD1E70984A1B429340C1
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/themes/coronita-bbvacom/assets/images/comun/bg_white_lazy_load.png
Preview:	.PNG........IHDR...d...d.....J,......PLTE...........IDAT8.c`...`...Q@O...x..)q......IEND.B`.

Chrome Cache Entry: 336

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	116
Entropy (8bit):	4.899477273126546
Encrypted:	false
SSDEEP:
MD5:	D2AB8ADE050C85D48DEEA319D55AB4DE
SHA1:	CCC622417D52DC588BE1C0D108E2EFF8F89EFCA8
SHA-256:	2447F13A7948628A0D959A0BBC6F44A7C84686B91BA71C575236D5D11A69C753
SHA-512:	17AEC185A874089D8031A3D2F33C0148CD53C9C22E3F5A77B122CF187C825ED50CED13713AB012226FEE0BA86EA1BAC03F03B255D0D9ACBAB8ACA4FA50CDFD24
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISSAm3YTEjlBRNuBIFDXhvEhkSBQ3OQUx6EgUN40hmvRIFDe2Qb-kSBQ39CQn2EgUNnxaP3xIFDWtomm4SBQ1Pnif4EgUN3o5s0g==?alt=proto
Preview:	ClUKCw14bxIZGgQICRgBCgcNzkFMehoACgcN40hmvRoACgcN7ZBv6RoACgcN/QkJ9hoACgcNnxaP3xoACgcNa2iabhoACgcNT54n+BoACgcN3o5s0hoA

Chrome Cache Entry: 337

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	123
Entropy (8bit):	4.823270064600849
Encrypted:	false
SSDEEP:
MD5:	757398980701C612C19AAA387E218A31
SHA1:	B1B3145FE698EBE2A368C50E6D8E2FF1053501BF
SHA-256:	12E8B1FFB973DEBB2E2A179A7CB8E571FFE024A472ED411D91FB7D379132F031
SHA-512:	D56209F3B98ACF8FD5CC238B3263AB7898B370BCF4663B2E35B566A49FCC4F57B696F2487EA37EA8A9B6A82EAAE536B6919ADD59507948E96881D5F96FA58A4C
Malicious:	false
Reputation:	unknown
URL:	https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/scripts/satellite-5b620e0b64746d06cb002332.js
Preview:	_satellite.pushAsyncScript(function(event, target, $variables){. s.eVar54 = _satellite.getVar("BeSmartee ID");.s.t();.});.

Chrome Cache Entry: 338

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17673)
Category:	downloaded
Size (bytes):	18268
Entropy (8bit):	5.619856960314813
Encrypted:	false
SSDEEP:
MD5:	9FBB8606566EBF96C502666BFFFD254A
SHA1:	FEB80CB296B30432EC659D7EEDFE3C6022A450E2
SHA-256:	9644D7AB8F581B9FDE8F5C3B9B84FD370FF52F1D4E71DD60B5E590A6C7D5FD39
SHA-512:	7C9C38D0710B52EE4761EEAC4E50BB8F5E319C5AFA49253888D0F45B42DB03DE244181AF62A0BC0431D0AB963AB04A5FD2263907CE0B1188BCB1F6954622204C
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/js/bg/lkTXq49YG5_ej1w7m4T9Nw_1Lx1Ocd1gteWQpsfV_Tk.js
Preview:	/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t / (function(){var f=function(R,N){if(!(N=(R=e.trustedTypes,null),R)\|\|!R.createPolicy)return N;try{N=R.createPolicy("bg",{createHTML:p,createScript:p,createScriptURL:p})}catch(P){e.console&&e.console.error(P.message)}return N},p=function(R){return R},e=this\|\|self;(0,eval)(function(R,N){return(N=f())&&1===R.eval(N.createScript("1"))?function(P){return N.createScript(P)}:function(P){return""+P}}(e)(Array(7824Math.random()\|0).join("\n")+['(function(){/',.'',.' SPDX-License-Identifier: Apache-2.0',.'/',.'var Re=function(R,N){return R[N]<<24\|R[(N\|0)+1]<<16\|R[(N\|0)+2]<<8\|R[(N\|0)+3]},d=function(R,N,p){if(438==R\|\|331==R)N.X[R]?N.X[R].concat(p):N.X[R]=N_(p,N);else{if(N.ri&&247!=R)return;466==R\|\|163==R\|\|161==R\|\|301==R\|\|172==R\|\|120==R\|\|59==R\|\|298==R\|\|344==R?N.X[R]\|\|(N.X[R]=PR(N,p,R,142)):N.X[R]=PR(N,p,R,49)}247==R&&(N.h=q(false,32,N),N.R=void 0)},eZ=function(R,N,p,e){W((e=V((p=V(R),R)),e),R,z(N,Z(p,R)))},sH=

Chrome Cache Entry: 339

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	39718
Entropy (8bit):	5.129471610684057
Encrypted:	false
SSDEEP:
MD5:	2AF4CE5F937B7DFAC5EECE9A4821702E
SHA1:	B9302C4ADD8FCE9E777654F85F06C0773DFE46D8
SHA-256:	2F48A0094E8DEF16CAE2EF3633F17396EDA7F18EA21865299C651788E30D1698
SHA-512:	7C78F162D61327364157997462DD3272D0EB30176F0ECF781EECEF5237665F6A8157AC890FA4C6A7083DBAB18DB2387B22BCB249A78C8AEAA7D93EFE6A14054A
Malicious:	false
Reputation:	unknown
URL:	https://api.besmartee.com/css/styles-4Y23D1C0.css
Preview:	/******************. Fonts. *****************/.@font-face {. font-family: 'BentonSansBBVA-Bold';. src: url('../fonts/bbva/BentonSansBBVA-Bold.eot'); / IE9 Compat Modes /. src: url('../fonts/bbva/BentonSansBBVA-Bold.eot?#iefix') format('embedded-opentype'), / IE6-IE8 /. url('../fonts/bbva/BentonSansBBVA-Bold.woff2') format('woff2'), / Super Modern Browsers /. url('../fonts/bbva/BentonSansBBVA-Bold.woff') format('woff'), / Pretty Modern Browsers /. url('../fonts/bbva/BentonSansBBVA-Bold.svg#svgFontName') format('svg'); / Legacy iOS /.}.@font-face {. font-family: 'BentonSansBBVA-Bold';. src: url('../fonts/bbva/BentonSansBBVA-Bold.eot'); / IE9 Compat Modes /. src: url('../fonts/bbva/BentonSansBBVA-Bold.eot?#iefix') format('embedded-opentype'), / IE6-IE8 /. url('../fonts/bbva/BentonSansBBVA-Bold.woff2') format('woff2'), / Super Modern Browsers /. url('../fonts/bbva/BentonSansBBVA-Bold.woff') format('woff'), / Pretty Modern Browsers *

Chrome Cache Entry: 340

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (29189)
Category:	downloaded
Size (bytes):	30778
Entropy (8bit):	5.207453987841186
Encrypted:	false
SSDEEP:
MD5:	938109D2B5F9778C8D9EEC5884ED0A64
SHA1:	7F6C4397D33A9A268D80E26B9336C7D6A35C99AB
SHA-256:	54DC71796BFBF1F069559DDC33C2E8992EFEC541F621797A849D442A69822696
SHA-512:	10B57EC728BC221100A4F4BFA528FAEBE262C3EB0E4F532A933961F04C578A17B8CDFA9B5A4C4F462F30A6D5C83BD83BDC54A5866AAE16550EB8C4A85F3E4847
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/themes/coronita-bbvacom/assets/css/jquery-ui_base.min.css?ver=6.4.3
Preview:	/! jQuery UI - v1.13.2 - 2022-07-14. http://jqueryui.com.* Includes: core.css, accordion.css, autocomplete.css, menu.css, button.css, controlgroup.css, checkboxradio.css, datepicker.css, dialog.css, draggable.css, resizable.css, progressbar.css, selectable.css, selectmenu.css, slider.css, sortable.css, spinner.css, tabs.css, tooltip.css, theme.css.* To view and modify this theme, visit http://jqueryui.com/themeroller/?ffDefault=Arial%2CHelvetica%2Csans-serif&fsDefault=1em&fwDefault=normal&cornerRadius=3px&bgColorHeader=e9e9e9&bgTextureHeader=flat&borderColorHeader=dddddd&fcHeader=333333&iconColorHeader=444444&bgColorContent=ffffff&bgTextureContent=flat&borderColorContent=dddddd&fcContent=333333&iconColorContent=444444&bgColorDefault=f6f6f6&bgTextureDefault=flat&borderColorDefault=c5c5c5&fcDefault=454545&iconColorDefault=777777&bgColorHover=ededed&bgTextureHover=flat&borderColorHover=cccccc&fcHover=2b2b2b&iconColorHover=555555&bgColorActive=007fff&bgTextureActive=flat&borderColorActiv

Chrome Cache Entry: 341

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	395
Entropy (8bit):	4.930153429032634
Encrypted:	false
SSDEEP:
MD5:	530E9EDA62AC9A33927F05E093C12AEF
SHA1:	FB9B42932454C23690164E80A13DBEAC20CE5C09
SHA-256:	C50EBF514147ABAF521EC13B7E90A8FAC34C773CEEB3D07ABD632B690FA83D82
SHA-512:	B3C3819C598D5366F12858456D9B6975737A13CFCDF3F9DD0406A8FCFF2720ED0AD4E42AA54A15D33C5F508A05732396C6AC0314FA7910FBDB790AF9FC04A39F
Malicious:	false
Reputation:	unknown
URL:	https://api.besmartee.com/js/app/global-ajax-handlers.js?v=2024042603
Preview:	$(document).ajaxError(function( event, jqXHR, ajaxSettings, thrownError) {. if (jqXHR.status === 401) {. // Not logged in. window.location.replace( '/app/logout' );. }.});..$('a.app-logout').click(function () {. // Prevent all XHR calls once clicking on log-out link. var xhr = window.XMLHttpRequest \|\| window.ActiveXObject;. xhr.prototype.send = function () {};.});

Chrome Cache Entry: 342

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 36, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	536
Entropy (8bit):	7.297340220180783
Encrypted:	false
SSDEEP:
MD5:	9D3F3E6C2FD48DFF7AD3354198E51EBC
SHA1:	01DC0416C2E280DE1B87239FDF1F492C9EA89AA5
SHA-256:	7EA900F5AD086C1BF5A01A892BC034EE681C0BDEF351DA62F985C935F2F65CE7
SHA-512:	E84CA53946588573815B4CB3071E0D586663C912ACDC809D435CF7765FF7401776408D9A003FCE6C46C16C5EFBFA0BF3E2383826A9F342AFBAD4BFF106CC4C01
Malicious:	false
Reputation:	unknown
URL:	https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcS0lmKKUadXUCBw0ojKMjPRiGf4VbwTl2-3wQV2gek&s=10
Preview:	.PNG........IHDR...@...$...........~PLTE...........n......z....m.........o...#r....,v.(u..............pd}.Tq..A../w..q....8{.E...lz...........M.0Y....Df...c..i.....fb?....UIDATH..Q..0.. @ ....h......a.Q.Ti%....x.8.........Y`.z%=\|a..Z.0\.P..2!rk@..BdA..mM.w..~,`i..%Bk.f.0]..=5..1..........H.....r(PFq..&....i-n...1..I.@ 0..#..H.I}..A)....y....U....F..-.p.%..;..k.. L...r..5...o.Z......H..[.g..z...j..d....3.....ko.....p.H)..rV.S....Yz.)../.../..dlb,!`.gu..).K.jbd3K.....:%;.....&H.{..;Or...N.Op..G..\....].....IEND.B`.

Chrome Cache Entry: 343

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 47212, version 0.0
Category:	downloaded
Size (bytes):	47212
Entropy (8bit):	7.994440127534174
Encrypted:	true
SSDEEP:
MD5:	381D8503FD307606A8D6EBA836479D50
SHA1:	CD07C60F9AAC3833CC924F512328800017C4231B
SHA-256:	FE9478C3062C20141118549DB658DC3BAB2BE67B26677B30AE71C4672E608D3C
SHA-512:	F4090C808C79E2905C55A3D6F43522DAF2E14BB356BDE75AFBC3EBF3C8379AE8EE6381227128957A6F3AB9A523FFD465D3A4DBC274E939C45812F19EE59BAD5F
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/themes/coronita-bbvacom/assets/fonts/BentonSans/BentonSansBBVA-Light.woff2
Preview:	wOF2.......l......i................................X..J.`..B.0..}........1.6.$..\|......B.. .....c.o[7K......f.LI).c....!.Z...#..s...d./..x.M5...RjQ.................. .P\U.N..N...1.2WYu.5..9g.k+...mWU}..........>&.1.)l^L..m....HS.`Q$.....e..P./.L.9[\.v..u.vFR.5.=.F.{m.....]......k.Xe.r.Ek.....S.v....l.`."....gk].$_~^.....=4.g....@.qv..!yzz.......p...b..Y.........n)G.'f.I..).]l.)'./2......d.....WAC..J0..p..r.o..t.[...p%$.H..'.l?@........_.q...`...!.~.......~......r.w4YF...E.oqk...6.@y.......C..<./.}...p........Y.........y...eo0...,...N../T.3...ds.... p...g?0R.O...z.-.[...up...........k..Q+.1...5"B.Q1P@.D.....<.......=w...&.....I.Mj6...@.......?.T..... ......[.u..5.'........".{...U..)..M..8Ij.{.a.}....}...8;Oh..N.A.i%....P.u....=..8.D.i...}.........ON.x..v..">..>..N..B#d..\|...V.C.ilD.....G.aD..#.q..i..".#.e.0{c..........}. .>S...A.x.....0.e....{...!@.4v......{k....#..f\|.#%...#...{]..Sf..E.).=T...:j..f.)d.P.?X..ht&..g...2?.

Chrome Cache Entry: 344

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2642)
Category:	downloaded
Size (bytes):	168137
Entropy (8bit):	5.5550531419638025
Encrypted:	false
SSDEEP:
MD5:	3CE6F1E414C3436F8B0FBB4553D9F0F5
SHA1:	C3BAF2B04A332202998432C63C634D60D7CC927A
SHA-256:	54B08C7ACFB3A7269344C9B4733A647925529326219FE3CF75F688585368DA09
SHA-512:	8E0038C61748F8913E01951BC2A171CC0D5E9769DD0EF1A4AC9477B88F572F260E840B4E4BE53FDFDDC39269400888925C717955BE8399D294893C320E195AAA
Malicious:	false
Reputation:	unknown
URL:	https://www.googletagmanager.com/gtag/js?id=AW-1002011784
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__rep","vtp_containerId":"AW-1002011784","vtp_remoteConfig":["map","enhanced_conversions",["map","z0gZCI6fvasBEIj55d0D",["map","enhanced_conversions_mode","off","enhanced_conversions_automatic_settings",["map"]],"uxqJCLaKx5cBEIj55d0D",["map","enhanced_conversions_mode","off","enhanced_conversions_automatic_settings",["map"]],"S3AqCPChyaUBEIj55d0D",["map","enhanced_conversions_mode","off","enhanced_conversions_automatic_settings",["map"]],"yllACNmivasBEIj55d0D",["map","enhanced_conversions_mode","off","enhanced_conversions_automatic_settings",["map"]],"m2AkCMCmx5cBEIj55d0D",["map","enhanced_conversions_mode","off","enhanced_conversions_automatic_settings",["map"]],"4BD0CK7h5osBEIj55d0D",["map","enhanced_conversions_mode","off","enhanced_conversions_automatic_settings",["map"]]]],"tag_id":1}],. "predicates":[{"function

Chrome Cache Entry: 345

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15340, version 1.0
Category:	downloaded
Size (bytes):	15340
Entropy (8bit):	7.983406336508752
Encrypted:	false
SSDEEP:
MD5:	19B7A0ADFDD4F808B53AF7E2CE2AD4E5
SHA1:	81D5D4C7B5035AD10CCE63CF7100295E0C51FDDA
SHA-256:	C912A9CE0C3122D4B2B29AD26BFE06B0390D1A5BDAA5D6128692C0BEFD1DFBBD
SHA-512:	49DA16000687AC81FC4CA9E9112BDCA850BB9F32E0AF2FE751ABC57A8E9C3382451B50998CEB9DE56FC4196F1DC7EF46BBA47933FC47EB4538124870B7630036
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
Preview:	wOF2......;........d..;..........................d..z..J.`..L.Z..<.....\..`..^...x.6.$..6. ..\|. ..8..z%......Q.{..q...FF.kd .8.(..d..).!C...Y.JA...r. ..GH8F......nW...".2&....2<..+C...p...b..SC.......J......z.-..Q..#6&1zUe../\...l.....<.....9s...E~.]B-..B.wY..o......Q..A.F..1j.......-.`P% .. ,..@1.0..~.....WWW.d.u<c{..^.R.+..w....&.........A......+C....(.N.....0.~..0.J.;.Nu..7....]..m.H.....[h.GL3....?)....c.H...2.3.}y........SXI\|..iVN'%E.D.W....r..<`....i....6;E$.....U.$j.@...._.......R2....WS...k.vz.R.'a9!^...N....h.._.....c.%."..S.2.16B...o.2}.pmU[.\|.LI....2.....OWQLO1-....s..8.(...".\|6...6R.. ..M-.zO.}w)..v..mXxX...c..3#.+.v....F`.Z;.zQ.......r,....Yo.....g.h....+.....O.3Y..)Y.8.!....elX......._.3.}k~u.{ C..H.z..FP........@...d..)T.R...L.H.J.j.@..............$...E......y...3.b...I.h u.+%.HA.\..9..8..X.!....gx...].:..V..C...._..X..!....6..)...GM:E.....O.Z.}k.;.T.k..D.k.O..D5.r..."......?..T.Q.A...CF...3g.5.Dn<.QPy..G..1.9..Q..0..

Chrome Cache Entry: 346

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	52
Entropy (8bit):	4.92611928532397
Encrypted:	false
SSDEEP:
MD5:	FD67FE68BEE4C38C8A7E8FB45158E014
SHA1:	869B55C8FD62943ED4271F1970355A108B64BB6E
SHA-256:	F84D029CAC438BB64D628D4A2D8640FDBD0921415BC19389FEF500EF1A2B22B3
SHA-512:	3A867A0C606E0D8B336EAC477155A43E068E6D36F42539DCA2156CE45829342D6B52A3B300FB8B44973A428E37E821D3CEB89D2133130228C5A7352F603832A8
Malicious:	false
Reputation:	unknown
URL:	"https://www.google.com/async/asyncContextualTask?vet=12ahUKEwizsvGf3N-FAxVfSDABHRwDCm8Q4dMLegQIChAA..i&ei=hogrZrPXNt-QwbkPnIao-AY&opi=89978449&yv=3&cid=10573264095219074460&cs=0&async=_k:xjs.s.en_US.DNHITQOYOgk.O,_am:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIgggJ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAAAYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.s.GGin1mxRzvU.L.W.O%2Fam%3DgB1QCAAABAYNCAAAAAAAAAAAAAAAAAkAgBAAAABAKACAmXAAAsCGAADgg0MAAIAAAAACAACAwgEAABAgIABgAAAgAAAAAAAAHAABAAAgBAACBECAAJIQkIEAAEQwwQCkAgDDjwAAAIAEAAAAIEAAAAEDESA8hAABgAAQAAQCAIIAACAHCAEAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAQ%2Fbr%3D1%2Frs%3DACT90oETl64bPM5RxjNrOJxKSdO-YwRlBw,_fmt:prog,_id:rNi7Zc"
Preview:	)]}'.22;["jYgrZvroFaSrwbkPmIWH0AE","1995"]3;[1]3;[5]

Chrome Cache Entry: 347

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3358)
Category:	downloaded
Size (bytes):	196039
Entropy (8bit):	5.512503961685282
Encrypted:	false
SSDEEP:
MD5:	878A30ED051ECFF9E54FA507C857AFF3
SHA1:	48B15B7D623B4B1C533F2C07042CA0FB954C0B22
SHA-256:	FCBA42D51AB544FF9EA5F0B41EFE9B7A7F8B3C15168A0617E98E93FF4A614DA0
SHA-512:	9B82575BA7E464DB744F5C5C220D99B31C43DB8E41542297D46394C54F4F6B6F300D52E11F4DA7966224A02BBC22F04CAAE7EF900914F6BC88962D79F4C5C3CC
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/og/_/js/k=og.asy.en_US.kBLMVDKX4fE.2019.O/rt=j/m=_ac,_awd,ada,lldp/exm=/d=1/ed=1/rs=AA2YrTva3rN3u6PWebBoOFggZ2s8VJZvhA"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);.var aa,ba,ca,da;aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};ba=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};ca=ba(this);.da=function(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&aa(c,a,{configurable:!0,writable:!0,value:b})}};da("globalThis",function(a){return a\|\|ca});da("Promise.prototype.finally",function(a){return a?a:function(b){return this.then(functio

Chrome Cache Entry: 348

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (29778)
Category:	downloaded
Size (bytes):	31606
Entropy (8bit):	5.22770917569088
Encrypted:	false
SSDEEP:
MD5:	49A24C10F11B9B67D5D164125781A22A
SHA1:	F0FF57962BCA0A507449964426AFE225DA0FD96E
SHA-256:	1C94CFB59A4155DFD3D1650E49D4CE1456B612657F82896823B5248490E800EC
SHA-512:	6F6567BB8011816B73E3B731BCD32726D7A55B3B081E7C0B7FC6255566B9FA448F6D49D6CEBFA383AC47706D9A8746A6C769D9F780BD730CFFF91D3A7C5CE5EA
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/themes/coronita-bbvacom/assets/css/jquery-ui_lightness.min.css?ver=6.4.3
Preview:	/! jQuery UI - v1.13.2 - 2022-07-14. http://jqueryui.com.* Includes: core.css, accordion.css, autocomplete.css, menu.css, button.css, controlgroup.css, checkboxradio.css, datepicker.css, dialog.css, draggable.css, resizable.css, progressbar.css, selectable.css, selectmenu.css, slider.css, sortable.css, spinner.css, tabs.css, tooltip.css, theme.css.* To view and modify this theme, visit http://jqueryui.com/themeroller/?ffDefault=Trebuchet%20MS%2CTahoma%2CVerdana%2CArial%2Csans-serif&fwDefault=bold&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=f6a828&bgTextureHeader=gloss_wave&bgImgOpacityHeader=35&borderColorHeader=e78f08&fcHeader=ffffff&iconColorHeader=ffffff&bgColorContent=eeeeee&bgTextureContent=highlight_soft&bgImgOpacityContent=100&borderColorContent=dddddd&fcContent=333333&iconColorContent=222222&bgColorDefault=f6f6f6&bgTextureDefault=glass&bgImgOpacityDefault=100&borderColorDefault=cccccc&fcDefault=1c94c4&iconColorDefault=ef8c08&bgColorHover=fdf5ce&bgTextureHover=glass&bgImgOp

Chrome Cache Entry: 349

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	3718
Entropy (8bit):	4.917199856687584
Encrypted:	false
SSDEEP:
MD5:	01307C2190F755C3FFDDAA502F5F6AC8
SHA1:	2352D78236A661411DC272A15E67A3622B2F8197
SHA-256:	81E8FDAEA35CF614B682474276F0C5A206F62045032A851AD31D44943808C098
SHA-512:	ED3783F2C58D0403BE73561F2827D3E5B397CFA06D3F001DBA75917D89FAA2D773518B7A82D65967EE95AE0A566F8A21D2EDB5CCD9C801C61B14563CD3FE5812
Malicious:	false
Reputation:	unknown
URL:	https://cdn.cookielaw.org/consent/c51b748e-b025-4745-b557-bea5889202ce/c51b748e-b025-4745-b557-bea5889202ce.json
Preview:	{"CookieSPAEnabled":false,"CookieSameSiteNoneEnabled":false,"CookieV2CSPEnabled":false,"MultiVariantTestingEnabled":false,"UseV2":true,"MobileSDK":false,"SkipGeolocation":true,"ScriptType":"PRODUCTION","Version":"202401.1.0","OptanonDataJSON":"c51b748e-b025-4745-b557-bea5889202ce","GeolocationUrl":"https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location","BulkDomainCheckUrl":"https://cookies-data.onetrust.io/bannersdk/v1/domaingroupcheck","RuleSet":[{"Id":"6c48c0d3-185c-44c6-b658-3e648103e3a0","Name":"Global","Countries":["pr","ps","pw","py","qa","ad","ae","af","ag","ai","al","am","ao","aq","ar","as","au","aw","az","ba","bb","rs","bd","ru","bf","rw","bh","bi","bj","bl","bm","bn","bo","sa","sb","bq","sc","br","bs","sd","bt","bv","sg","bw","sh","by","sj","bz","sl","sn","so","ca","sr","ss","cc","st","cd","cf","sv","cg","ch","sx","ci","sy","sz","ck","cl","cm","cn","co","cr","tc","td","tf","cu","tg","cv","cw","th","cx","tj","tk","tl","tm","tn","to","tr","tt","tv","tw","dj","tz","d

Chrome Cache Entry: 350

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2162
Entropy (8bit):	5.405438032905692
Encrypted:	false
SSDEEP:
MD5:	E90E36C9FCF4283439F0C2BB5BB96254
SHA1:	ABE9B8FEEFFCBFF899A67603CDCCB93065C0480D
SHA-256:	44004199012159C073F8C965213F9E0AECD633DFE1D58641D7F497D3C7423A61
SHA-512:	0CA1D8840D764DE1A1ECA2ACFBC2ABA0A73624D2E5DFC636BA773F075CD967BC235111731B47FF4547F30F674AAFDC28FC39372B3B8FFC6B2E2730A07FD3E59D
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css?family=Roboto
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKOzY.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKOzY.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKOzY.woff2) format('woff2');. unicode-range: U+0370-0377

Chrome Cache Entry: 351

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	212
Entropy (8bit):	4.7821765960716895
Encrypted:	false
SSDEEP:
MD5:	4FCD0D93376A8F69923427CB42C43D7F
SHA1:	3571F11E0FC0A2EC7CB14D56752E37E6E2EC1B7B
SHA-256:	A02A801DF96E3CE89385666294AB89CEF29F8AFC4EEE7F7F21F93A5EADD292DB
SHA-512:	861A5096433D7299F9C1ED6140A59DF46A410697E3A5B576DA2B6594F431024D941D28386038B6870F7DF3A5F9EB297F049124710E90B650547E33EA2658F94A
Malicious:	false
Reputation:	unknown
URL:	https://tools.eurolandir.com/tools/ticker/Scrolling/GetInstrumentData/?sid=0.7918559861917278&instrumentID=60127&lang=en-GB&decimalMarket=.&thousandGroupMarker=%2C&timeZone=Romance%20Standard%20Time&defaultNumberFormat=%23%2C%23%230&companycode=es-boy&getCleanData=false&IsCard=false&PeriodJumpValue=0&CurrencyConvert=&v=v2.1
Preview:	{"e":0,"Values":[{"name":"last","Formats":[{"format":"0_#,##0.00","value":"10.78"}]},{"changeIndicator":1,"name":"changePer","Formats":[{"format":"0_+ #,##0.00\\%;- #,##0.00\\%;#,##0.00\\%","value":"+ 2.62%"}]}]}

Chrome Cache Entry: 352

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	717
Entropy (8bit):	5.299013596664044
Encrypted:	false
SSDEEP:
MD5:	11B8F27B7E5B7848389F4D869C11ACC4
SHA1:	C6D90C5B580D6049FFD37EF3A990BCE80DB73433
SHA-256:	77D9907CA853AB885FD7A35A29FAAF4206B8FE47347CD9C12391D64451AD6F37
SHA-512:	E5F60B3B5DECEBF8876A99AD845557FADB278C400C82F7C2009C5171A621281B4647CE9B5F25E4D5A4F99055FDC6FE85976C2D6A98FF0803D7E763C9B393F3FE
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css?family=Lato
Preview:	/* latin-ext /.@font-face {. font-family: 'Lato';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjxAwXjeu.woff2) format('woff2');. unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./ latin */.@font-face {. font-family: 'Lato';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}.

Chrome Cache Entry: 353

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ISO Media, AVIF Image
Category:	downloaded
Size (bytes):	9225
Entropy (8bit):	7.960976605459417
Encrypted:	false
SSDEEP:
MD5:	DDE17C7AB1B58826D189358EBEC781CD
SHA1:	DE9D487642A341FEB4F12D047F3E0D2E26059B55
SHA-256:	8AFA06FF0165A7BA4BF5BD23F7257D3D4F48D70BCB58B2843D6C735E24801108
SHA-512:	9673CB79462494F7F18C6CB652C0BF91EC6EE7AFD3CC20A195E5AE9029E65826A77A90EDAC16F387E13345A847CCE79D602CED12117D6725AB05C3C28E1602DC
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/uploads/2024/04/RESULTADOS-Banners-1T2024_ENG-PRESS-1536x709.png
Preview:	....ftypavif....avifmif1miaf....meta.......!hdlr........pict.................pitm........."iloc....D@.................."....#iinf..........infe........av01....jiprp...Kipco....colrnclx...........av1C........ispe................pixi............ipma.................#.mdat.....o.......2.E.@...A@...6.r0...e.b.$....X..Mr{.+.-j.[R%....A..D.....[.^Y(...07g......X..qO..e..%.;/..\|....E.........e...lk...7'.q........}.]):.....:...u.....8..N.u...{C...h...w(.4~u..p./....-..!..s.......e=.U>X....)...H.. ...'......m.._-..R..E.rvgKG.k.\|'.:.t...9....&...$.z.l....G...........x.{.H.]...i..,...w.Vu.!...C...._.Z........%..g..,v..Z1..Y..zP5...O......6..6A..RG.n.R-.?..I..G...P..Z....\g).......Io...c..%......!....]...qv.h..O.&.[\g.1S..} Yz.oP.1}I....,.tC3./.o..lL.....'.9...H06...w0eS..3.7.Bj.2a.C..@J.)'.>2.D]...~.9.BHM.Z..G7.YK..&g.R'5-..C..X...PF.h.M..6..i.@H_s....Ev..^V<.7.5....u[p".6..._q.0......a....C@n.z.]...Q....WR....D.\.i...<...Z.O......0...}v.....&..T2.

Chrome Cache Entry: 354

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (49273)
Category:	downloaded
Size (bytes):	49276
Entropy (8bit):	5.46054574462855
Encrypted:	false
SSDEEP:
MD5:	FB2E085CDC32D0BC97C24A8A82C12946
SHA1:	194A95809592E6984151A465946EF7EDB7A47959
SHA-256:	6CC4C722A50B4152194B13E7E3C8A1A5A5F23B17988F8FA85404394EFC5C0984
SHA-512:	D9399F04E6965CC59C6A730F85E10DAF949A0BDA30DDE85710A27380650F8194362CA51E28C8D751B3B4F23C451715B14F2A3A1AB9F872DE8B3202F8F1698B0A
Malicious:	false
Reputation:	unknown
URL:	https://snap.licdn.com/li.lms-analytics/insight.min.js
Preview:	!function(){"use strict";function t(t,n,e){return n in t?Object.defineProperty(t,n,{value:e,enumerable:!0,configurable:!0,writable:!0}):t[n]=e,t}var n,e,r,o,i={ADVERTISING:"ADVERTISING",ANALYTICS_AND_RESEARCH:"ANALYTICS_AND_RESEARCH",FUNCTIONAL:"FUNCTIONAL"},a="GUEST",u="MEMBER",c=0,l=1,s=2,f=(t(n={},a,"li_gc"),t(n,u,"li_mc"),n),d=function ar(){var t=arguments.length>0&&arguments[0]!==undefined?arguments[0]:null,n=arguments.length>1&&arguments[1]!==undefined?arguments[1]:null,e=arguments.length>2&&arguments[2]!==undefined?arguments[2]:null,r=arguments.length>3&&arguments[3]!==undefined?arguments[3]:null;for(var o in function(t,n){if(!(t instanceof n))throw new TypeError("Cannot call a class as a function")}(this,ar),t=t\|\|{},this.consentAvailable=!1,this.issuedAt=n,this.userMode=e,this.optedInConsentMap={},i)t[o]=t[o]\|\|c,t[o]!==c&&(this.consentAvailable=!0),this.optedInConsentMap[o]=t[o]===l\|\|t[o]===c&&r===l},v=(e=[i.ADVERTISING,i.ANALYTICS_AND_RESEARCH,i.FUNCTIONAL],r=[c,l,s,c],o=new R

Chrome Cache Entry: 356

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3616)
Category:	downloaded
Size (bytes):	3617
Entropy (8bit):	5.176549873344375
Encrypted:	false
SSDEEP:
MD5:	FDCD8EA9B3F814341482809EB831EEC0
SHA1:	E27EF6BFBCE1248AC87982A1674DE8FB4424C08A
SHA-256:	3FC3D8E153C67AED32FB3F0314D12F2C0A102DCB251F4AD707DF329BAFE237F5
SHA-512:	20096BB8776A7652FBA9411196E07EA735FB9333D88B0E7BC99263ABCAB598435E85553729FC9E456D3EEC098E543B9A1759AC32F857BBF3A9B066B8AF874BB4
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/themes/coronita-bbvacom/assets/js/modules/020-data-sticker.min.js?ver=12.1.1
Preview:	var idEnvio,adobeDataPosJsonLayers=[],autoScrollDisabled=!1,scrollDataStickerEnabled=!0;function isInAdobeDatalayers(a,t,e){var o,i=!1;void 0!==adobeDataJsonLayers[t]&&(adobeDataLayer=adobeDataJsonLayers[t],o=adobePosConcat,adobePosConcat=adobeDataPosJsonLayers.indexOf(t)+1,flagBack=o>adobePosConcat?"B":"","function"==typeof digitalView&&(dbg.log("actualizarDigitalData anterior",e),actualizarDigitalData("",""),digitalView("Page View",digitalData)),i=!0),i\|\|(adobePosConcat=Object.keys(adobeDataJsonLayers).length,flagBack="",void 0===adobeDataJsonLayers[t]&&(o=adobeDataLayer,adobeDataJsonLayers[t]=o,adobeDataPosJsonLayers.push(t)),"function"==typeof digitalView&&(dbg.log("actualizarDigitalData siguiente",e),actualizarDigitalData("",""),digitalView("Page View",digitalData)))}function isInDatalayer(t,a){var e,o=!1;a+=" \| BBVA",void 0!==window.ga&&(e=dataLayer.find(a=>isSinglePost(t,a)))&&window.ga.getAll()[0]&&(window.ga.getAll()[0].set({page:e.PostURL,title:e.postTitle+" \| BBVA"}),window.

Chrome Cache Entry: 357

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (2749)
Category:	downloaded
Size (bytes):	2755
Entropy (8bit):	5.19690260821011
Encrypted:	false
SSDEEP:
MD5:	9E3BBE4907CFA53B0578F7755670B1C1
SHA1:	97DCDE13604A34FFCF55C62BE6178617871D3BB4
SHA-256:	CC0E4E81E833B889448E939FF980073855A9E467C2B15513573AA53E6B6B7327
SHA-512:	DED1B1752A63053345D5B898D35C5DBFEDB7422C8CC17C89EA690D0A65A73A0039555792291BA485A0B2B58E93022A2BE883A6476E64B075D0960AC42F0170D3
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/themes/coronita-bbvacom/assets/js/modules/redirections-home-pais.min.js?ver=12.1.1
Preview:	jQuery(document).ready(function(){if("prod"==cb_options.env\|\|"pre"==cb_options.env){var a=jQuery(".headerLogo_titular a").attr("href");try{var e="",t=function(){var a=new XMLHttpRequest,a=(a.open("GET",cb_options.site_url+"/bbva-components/utils/info?&project="+cb_options.code_webs_publicas,!1),a.send(null),JSON.parse(a.response));if(200===a.code&&a.data&&a.data.country)return cb_options.user_country=a.data.country,a.data.country.toLowerCase();return!1}()\|\|!1;if(e=t,"es"==cb_options.language&&(!t\|\|"string"!=typeof t\|\|(t=t.toLowerCase(),-1===["ar","co","mx","pe","uy","us","ve"].indexOf(t))?t="":t+="/",jQuery(".col-md-1.hidden-sm.hidden-xs.logo-container").attr("data-href",a+"/"+t),jQuery(".home-redirec").attr("href",a+"/"+t)),e&&"string"==typeof e){var e=e.toLowerCase(),n="",r="",o="";switch(e){case"ar":n="https://www.bbva.com.ar/",o=r="Argentina";break;case"be":n="https://www.bbva.be/",r="B.lgica",o="Belgium";break;case"co":n="https://www.bbva.com.co/",o=r="Colombia";break;case"es":n=

Chrome Cache Entry: 358

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1176)
Category:	downloaded
Size (bytes):	1177
Entropy (8bit):	5.145153610201413
Encrypted:	false
SSDEEP:
MD5:	EBAA985ED3E0D1B87C798C08BE7941C3
SHA1:	8EABBE76E337ADB497045329C64C3D0702D2E659
SHA-256:	BCEB25651747D76C3330CDB7E1E08240D83FA782DD13331C6137FABB15187F72
SHA-512:	B676E1D73E952B689891DA13B401E35E0343A566E16FEF23C9F597711D91933B1F6033ED23D571D7CC30AC1F8F749F4C4CC4D655134EBE11B9621D0331EC6DCA
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/themes/coronita-bbvacom/assets/js/module.min.js?ver=12.1.1
Preview:	var modules={},initialized=!1,module=function(e,i){var l=$\|\|jQuery;if(initialized\|\|(l(document).ready(function(){for(var e in modules){e=modules[e];e.triggerOn&&"ready"!=e.triggerOn\|\|e.exec()}}),l(window).on("load",function(){for(var e in modules){e=modules[e];"load"==e.triggerOn&&e.exec()}var o=null,n=null,i=function(){if(n&&(clearTimeout(n),n=null),o&&+new Date-o<100)n=setTimeout(i,125);else for(var e in o=+new Date,modules)modules[e].exec()};l("body").on("DOMNodeInserted",i)}),initialized=!0),!e)return{exec:function(){for(var e in modules)modules[e].exec()}};if("function"==typeof e)return l(function(){e.apply(this,[l,l,{}])});if(!i){if(e in modules)return modules[e];throw new Error("module "+e+" doesn't exists.")}var o="Module loaded: "+e,n=void 0;if(console&&"object"==typeof console)void 0!==n?console.log("[MODULE] "+o,n):console.log("[MODULE] "+o);var t=null,t=e.match(/^[#\.]/)?e:"*[data-"+e+"]",r={exec:function(n){l(t).each(function(){var e,o=l(this);o.hasClass("initialized")&&!n

Chrome Cache Entry: 359

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	576
Entropy (8bit):	4.689915338880359
Encrypted:	false
SSDEEP:
MD5:	EAD358643BA0AD2333E68D32E0A096F1
SHA1:	413AAB33DC0AAFC93650C9898931E5CA67A11756
SHA-256:	45EE0AF80559295460086544E69A43A9919F526A461D6C1B1E9A66C89DA38CF6
SHA-512:	558182C5CA554E45BCC08D75BDDCBC288CAC2070C7B41CA37FA8F15D85FEB1CACBAE4CF9770EBABAFE1A1932AA04D979724C99BFA43F10E240FE70772C4205C2
Malicious:	false
Reputation:	unknown
URL:	https://api.besmartee.com/js/passwordShow.js
Preview:	$( "#passwordShow" ).click( function() {.. if ( $( "#passwordShow" ).prop( "checked" ) == false ). $( "#password" ).prop( "type", "password" );. else. $( "#password" ).prop( "type", "text" );.} );...$('.btn-show-hide-password').click(function () {. var currentType = $('#password').prop('type');. var switchType = currentType === 'password' ? 'text' : 'password';. $('#password').prop('type', switchType);.. if (switchType === 'password') {. $(this).addClass('is-hiding');. } else {. $(this).removeClass('is-hiding');. }.});

Chrome Cache Entry: 360

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	213
Entropy (8bit):	4.77108245824291
Encrypted:	false
SSDEEP:
MD5:	D1EA8A644FA2A748907DE8B1FAD9EB4F
SHA1:	310B43A1AEDC656873D14C1DA8204CAF04E96988
SHA-256:	C7689A0F9BB387C81CC8CEA256221BDB0DAF51551FC0A41A4F7FB698988E0377
SHA-512:	68DB46E4086130BFDC63DD7C8272B13567882F8502A110E3B03D21E560E551A6C3BA2F9465ADF72D44718A59B8084A13C3A0A429E245DBDE5A398AA10C274778
Malicious:	false
Reputation:	unknown
URL:	https://tools.eurolandir.com/tools/ticker/Scrolling/GetInstrumentData/?sid=0.48455657247549877&instrumentID=17684&lang=en-GB&decimalMarket=.&thousandGroupMarker=%2C&timeZone=Romance%20Standard%20Time&defaultNumberFormat=%23%2C%23%230&companycode=es-boy&getCleanData=false&IsCard=false&PeriodJumpValue=0&CurrencyConvert=&v=v2.1
Preview:	{"e":0,"Values":[{"name":"last","Formats":[{"format":"0_#,##0.00","value":"11.25"}]},{"changeIndicator":-1,"name":"changePer","Formats":[{"format":"0_+ #,##0.00\\%;- #,##0.00\\%;#,##0.00\\%","value":"- 0.18%"}]}]}

Chrome Cache Entry: 361

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
Category:	downloaded
Size (bytes):	15552
Entropy (8bit):	7.983966851275127
Encrypted:	false
SSDEEP:
MD5:	285467176F7FE6BB6A9C6873B3DAD2CC
SHA1:	EA04E4FF5142DDD69307C183DEF721A160E0A64E
SHA-256:	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
SHA-512:	5F9BB763406EA8CE978EC675BD51A0263E9547021EA71188DBD62F0212EB00C1421B750D3B94550B50425BEBFF5F881C41299F6A33BBFA12FB1FF18C12BC7FF1
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Preview:	wOF2......<...........<Z.........................d..z..J.`..L.\..<.....<.....^...x.6.$..6. .... ..S..}%.......\|....x..[j.E...d..-A...]=sjf$X.o.5......V....i?}.\...;...V......5..mO=,[.B..d'..=..M...q...8..U'..N..G...[..8....Jp..xP...'.?....}.-.1F.C.....%z..#...Q...~.~..3.............r.Xk..v..7t.+bw...f..b...q.W..'E.....O..a..HI.....Y.B..i.K.0.:.d.E.Lw....Q..~.6.}B...bT.F.,<./....Qu....\|...H....Fk.-..H..p4.$......{.2.....".T'..........Va.6+.9uv....RW..U$8...p...........H5...B..N..V...{.1....5}p.q6..T...U.P.N...U...!.w..?..mI..8q.}.... >.Z.K.....tq..}.><Ok..w.. ..v....W...{....o...."+#+,..vdt...p.WKK:.p1...3`. 3.......Q.].V.$}.......:.S..bb!I...c.of.2uq.n.MaJ..Cf.......w.$.9C...sj.=...=.Z7...h.w M.D..A.t.....]..GVpL...U(.+.)m..e)..H.}i.o.L...S.r..m..Ko....i..M..J..84.=............S..@......Z.V.E..b...0.....@h>...."$.?....../..?.....?.J.a,..\|..d...\|`.m5..b..LWc...L...?.G.].i...Q..1.:..LJV.J...bU.2.:\.kt.......t.....k....B..i.z+...........A.....

Chrome Cache Entry: 362

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Category:	downloaded
Size (bytes):	15344
Entropy (8bit):	7.984625225844861
Encrypted:	false
SSDEEP:
MD5:	5D4AEB4E5F5EF754E307D7FFAEF688BD
SHA1:	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
SHA-256:	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
SHA-512:	7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h\|.l....A....b6........(......@e.]...:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P\|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].\|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)\|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed..'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

Chrome Cache Entry: 363

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52648, version 0.0
Category:	downloaded
Size (bytes):	52648
Entropy (8bit):	7.994852429999761
Encrypted:	true
SSDEEP:
MD5:	E65584ACF8AFAC18B2CD796B5D87A26A
SHA1:	14E2D4F852451934F50802F3E2DD8CDC3D954232
SHA-256:	5AD9905E946CA98B15A519996A8F675F31A421ED56A526A4212A8AF6B4E79432
SHA-512:	4FC94082E07CB506637BE95F99E0ED7752466E9F3E77F97E98510A954C62DF64E1EB15A0E0023C3F4B307AE2F3F6063235DE6AB9EC898D01DFB916F00370DCAA
Malicious:	false
Reputation:	unknown
URL:	https://api.besmartee.com/fonts/bbva/BentonSansBBVA-Book.woff2
Preview:	wOF2..............H...B...........................R..J.`..B.0..}..........6.$..\|...l..B.. .....c.o[.r....s.\>\|do.j.t.m...U8,.......-.Ja...mS...q...............G.gof....$....O].J..p.a...b.ruU..k.c-.4I}M...Az..;e...0.F.......q@D...(.4...vqVli.v..............).G.G."B..i...\|(..]T.R........[._.}3.b..L..<?q.Y...=..O....Z3.0H...yK.Z.;.:..1e..a....$.^.x.....%\q8M....FI.S<...-..a")H....!{...4$....p.L.f....{6......+.....5.`.hHi..k...%}R/.v1u.Jj7..R.6.l......U....}%nr(.K..o.H._.;...j..:=..e\........5.....6)......I?.........I.j..W.....P".Xb..z.Bv...E.`...v........wZ.3.pw.5.K....}.:..dd.V...)RI.....J.4.s+d00.E%j.`.5...`U....0B............J......_..d1.: U.l....M...[-')....@...ws;..V..:=.~..u4G!....\...=....@.3..[......g.nV..N...0.)H....z.3._.T.m...T.?...{....l. .+q...I.^..x..v...v..W..>..N...T.EM..q..z.......@.OX....h&@...LRP.k.N..VW]m.N].\|......!e.f.gL.2.....[.F..,$...BG........(.].r.....f,...........f..-].`1.....%.ufj.W^.......]W.\...V.m-h..

Chrome Cache Entry: 364

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (342)
Category:	downloaded
Size (bytes):	1544
Entropy (8bit):	4.802392366043134
Encrypted:	false
SSDEEP:
MD5:	9166DA36572048F184C4CC327AFC538D
SHA1:	721D4C33903FE65C64FE2D55C4E4E0BCD6688635
SHA-256:	2209498170BDF5F821CE98152F71488D019276DB0914D74E315A0F25A2C075B6
SHA-512:	907B6554121C64B96A070A7903487E4CAF949CEDA470221758429F836F4AE9C413AFA361359CBEB8C4BA3995DBC3EC384F63E459D7A0787B47F51F77AEDCB2AE
Malicious:	false
Reputation:	unknown
URL:	https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/scripts/satellite-5ba5108c64746d426d000df6.html
Preview:	<!doctype html>.<html>. <body>. <script>. (function(){. function escapeForHtml(str){. if (!str) return str. return str. .replace(/\&/g, '&'). .replace(/\</g, '<'). .replace(/\>/g, '>'). .replace(/\"/g, '"'). .replace(/\'/g, '''). .replace(/\//g, '/'). }.. var regexChars = /[.*+?^${}()\|[\]\\]/g;. function escapeForRegex(str) {. return str.replace(regexChars, "\\$&");. }.. function parseQueryString(){. var ret = {}, parts = location.search.substring(1).split('&');. for (var i = parts.length; i--;) {. var vardef = parts[i].split('='), varname = vardef[0], value = vardef[1];. ret[varname] = unescape(value);. }. return ret;. }.. var queryParams = parseQueryString();.. var markup = " Global site tag (gtag.js) - Google Ads: 1002011784 --> <scrip

Chrome Cache Entry: 365

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Category:	downloaded
Size (bytes):	530
Entropy (8bit):	7.2576396280117494
Encrypted:	false
SSDEEP:
MD5:	88E0F42C9FA4F94AA8BCD54D1685C180
SHA1:	5AD9D47A49B82718BAA3BE88550A0B3350270C42
SHA-256:	89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
SHA-512:	FAFF842E9FF4CC838EC3C724E95EEE6D36B2F8C768DC23E48669E28FC5C19AA24B1B34CF1DBCBE877B3537D6A325B4C35AF440C2B6D58F6A77A04A208D9296F8
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/api2/audio_2x.png
Preview:	.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX...JBA.....E-R... (#..-*$.}.%.Kt.A..Dx.I...AF.Q.4.......-.6..?.m:.,.......Q..D.L..e4..2.D..8)j4:......&>.s......p?......9.o5>.][H.}...&L.%.xh{~K.J\|.b..N..HMp....f.}dd..S..4%...$dK..!..Z..NNs.W&g..Fn....p...w..Ut...E\.e.......6......M.F...X.L......em.....R#'..%....j$/..-......@.l."..M.\|....OtW.H.,.-.~W`Z.s8..W...B...C-.8"H....6......9...A..aO.1`.M..A..eA.{...-...U.,.W........IEND.B`.

Chrome Cache Entry: 366

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2685), with no line terminators
Category:	downloaded
Size (bytes):	2685
Entropy (8bit):	5.864035561735087
Encrypted:	false
SSDEEP:
MD5:	884970200746E901E6963B4012A62183
SHA1:	7FB83D02D76A5760E1F78BE92738087A8B2B51A0
SHA-256:	5F50F7549584BBE9276EAC9C876269C230743E53E01CD8D1339CDF552E55A953
SHA-512:	039E092A5261A2EE10094E3F67B364BE32606A096DC1FFC054E00C0C041DE57CBDB93147DF1DC8BA040E015B3DED131F68F4E0E7376860016298A0BC685EEC35
Malicious:	false
Reputation:	unknown
URL:	https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1002011784/?random=1714129042378&cv=9&fst=1714129042378&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapi.besmartee.com%2Fapp%2Flogin%2Fpartner%2F4Y23D1C0&ref=https%3A%2F%2Fwww.google.com%2F&tiba=Login%20-%20BBVA%20Compass&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Windows&uapv=10.0.0&uaw=0&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&async=1&rfmt=3&fmt=4
Preview:	(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this\|\|self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],null==p){k=null;break a}k=p}var r=k&&k[610401301];g=null!=r?r:!1;var t,v=f.navigator;t=v?v.userAgentData\|\|null:null;function w(d){return g?t?t.brands.some(function(a){return(a=a.brand)&&-1!=a.indexOf(d)}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return-1!=a.indexOf(d)};function y(){return g?!!t&&0<t.brands.length:!1}function z(){return y()?w("Chromium"):(x("Chrome")\|\|x("CriOS"))&&!(y()?0:x("Edge"))\|\|x("Silk")};!x("Android")\|\|z();z();!x("Safari")\|\|z()\|\|(y()?0:x("Coast"))\|\|(y()?0:x("Opera"))\|\|(y()?0:x("Edge"))\|\|(y()?w("Microsoft Edge"):x("Edg/"))\|\|y()&&w("Opera");var A=/#\|$/;function B(d){var a=d.search(A),b;a:{for(b=0;0<=(b=d.indexOf("fmt",b))&&b<a;){var c=d.charCodeAt(b-1);if(38==c\|\|63==c)if(c=d.charCodeAt(b+3),!c\|\|61==c\|\|38==c\|\|35==c)br

Chrome Cache Entry: 367

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	14726
Entropy (8bit):	4.683181549098918
Encrypted:	false
SSDEEP:
MD5:	3B3B3D73C9793C013672AE308A5B9E2E
SHA1:	F0E1E1197F36614279A13E0841F39026BF011D69
SHA-256:	DBAFC48C1C434E47930F7715B4FB9F20D5F3C6BAF0EE530F93839F350F076617
SHA-512:	6949538FD798CCA54F5AD352232B8993BE247B26E212AF359851ED87C6E3CE70F0F5FF4040D724DBDF70DED8EAF0561B295BED4C493915C76B9F3E8CC63450CD
Malicious:	false
Reputation:	unknown
URL:	https://api.besmartee.com/js/csrfprotector.js?v=2024042603
Preview:	/*. =================================================================. * Javascript code for OWASP CSRF Protector. * Task it does: Fetch csrftoken from cookie, and attach it to every. * ..POST request. ..Allowed GET url. ...-- XHR. ...-- Static Forms. ...-- URLS (GET only). ...-- dynamic forms. =================================================================. */..if (!Array.prototype.includes) {. Object.defineProperty(Array.prototype, 'includes', {. value: function(valueToFind, fromIndex) {.. if (this == null) {. throw new TypeError('"this" is null or not defined');. }.. // 1. Let O be ? ToObject(this value).. var o = Object(this);.. // 2. Let len be ? ToLength(? Get(O, "length")).. var len = o.length >>> 0;.. // 3. If len is 0, return false.. if (len === 0) {. return false;. }.. // 4. Let n be ? ToInteger(fromIndex)..

Chrome Cache Entry: 368

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (64986)
Category:	downloaded
Size (bytes):	773830
Entropy (8bit):	5.045742758948707
Encrypted:	false
SSDEEP:
MD5:	9FE41F3A9B35F66B345BA56B0011AA8A
SHA1:	2A63F83AFD2DE76A825974E8125CE26B635DB122
SHA-256:	6FE9BF349714DEFCFFBE3D4179FD2F44F003A86297FFBB8FF57FF26C1429F514
SHA-512:	3B989412615D9244B2023041B681E4B001941743E1CDAE26B7676160F5762200697DB523374977CF8A220E3DC54A73E64496B05DFA2661E09DA20BB705A09720
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/themes/coronita-bbvacom/assets/css/coronita_home.css?ver=12.1.1
Preview:	./!. Bootstrap v3.4.1 (https://getbootstrap.com/). * Copyright 2011-2019 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). //! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:rgba(0,0,0,0)}a:active,a:hover{outline:0}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{bo

Chrome Cache Entry: 369

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	13186
Entropy (8bit):	5.230333531204009
Encrypted:	false
SSDEEP:
MD5:	4D4429A2DFAA8A27FBE9659E8E717F74
SHA1:	28AD4885FF33594FA46ECED61BD42874926AA17C
SHA-256:	EA5DB5581E262D77D1A43FBB3F0FA3661B51D097B40CA38F584B4943F47CF2E0
SHA-512:	708D4DE5F9147040A26202060CEC1199E36A16AACD1CE967E0A4ED8FAE34081DC1584E4E490B57C2A430259EDFD7EF84F050F275487D2496FB824A787CBF8AC4
Malicious:	false
Reputation:	unknown
URL:	https://cdn.cookielaw.org/scripttemplates/202401.1.0/assets/otFlat.json
Preview:	. {. "name": "otFlat",. "html": "PGRpdiBpZD0ib25ldHJ1c3QtYmFubmVyLXNkayIgY2xhc3M9Im90RmxhdCI+PGRpdiByb2xlPSJhbGVydGRpYWxvZyIgYXJpYS1kZXNjcmliZWRieT0ib25ldHJ1c3QtcG9saWN5LXRleHQiPjxkaXYgY2xhc3M9Im90LXNkay1jb250YWluZXIiPjxkaXYgY2xhc3M9Im90LXNkay1yb3ciPjxkaXYgaWQ9Im9uZXRydXN0LWdyb3VwLWNvbnRhaW5lciIgY2xhc3M9Im90LXNkay1laWdodCBvdC1zZGstY29sdW1ucyI+PGRpdiBjbGFzcz0iYmFubmVyX2xvZ28iPjwvZGl2PjxkaXYgaWQ9Im9uZXRydXN0LXBvbGljeSI+PGgyIGlkPSJvbmV0cnVzdC1wb2xpY3ktdGl0bGUiPlRpdGxlPC9oMj48ZGl2IGlkPSJvbmV0cnVzdC1wb2xpY3ktdGV4dCI+dGl0bGU8YSBocmVmPSIjIj5wb2xpY3k8L2E+PC9kaXY+PGRpdiBjbGFzcz0ib3QtZHBkLWNvbnRhaW5lciI+PGgzIGNsYXNzPSJvdC1kcGQtdGl0bGUiPldlIGNvbGxlY3QgZGF0YSBpbiBvcmRlciB0byBwcm92aWRlOjwvaDM+PGRpdiBjbGFzcz0ib3QtZHBkLWNvbnRlbnQiPjxwIGNsYXNzPSJvdC1kcGQtZGVzYyI+ZGVzY3JpcHRpb248L3A+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PGRpdiBpZD0ib25ldHJ1c3QtYnV0dG9uLWdyb3VwLXBhcmVudCIgY2xhc3M9Im90LXNkay10aHJlZSBvdC1zZGstY29sdW1ucyI+PGRpdiBpZD0ib25ldHJ1c3QtYnV0dG9uLWdyb3VwIj48YnV0dG

Chrome Cache Entry: 370

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32758)
Category:	downloaded
Size (bytes):	233418
Entropy (8bit):	5.3900850916157355
Encrypted:	false
SSDEEP:
MD5:	C0B5B70C968E41E6AE06B476B024E9D3
SHA1:	A74E2B8A089EF5E617425853F9552279B6B81738
SHA-256:	18FFE2E3C6CA1F15AED973AF03F9A4C82362A215ECAC43CABC6C50879306424D
SHA-512:	815AF76A52BA81F0246100E58784A8379CC2E5BDF5BFEC3F145410E51BC23EF0B278BE589C2D24A1024CBF4E913C78480452E68139975267576B973A9777944E
Malicious:	false
Reputation:	unknown
URL:	https://assets.adobedtm.com/95bb966a4c61b200a089c37679aaf96e22114787/satelliteLib-f516ffe729454f82a22ff6c7b4e78587db69b27f.js
Preview:	// All code and conventions are protected by copyright.!function(e,t,i){function n(){C.addEventHandler(e,"orientationchange",n.orientationChange)}function r(e){this.delay=250,this.FB=e,C.domReady(C.bind(function(){C.poll(C.bind(this.initialize,this),this.delay,8)},this))}function o(){this.rules=C.filter(C.rules,function(e){return"videoplayed"===e.event.substring(0,11)}),this.eventHandler=C.bind(this.onUpdateTime,this)}function c(){this.rules=C.filter(C.rules,function(e){return"elementexists"===e.event})}function l(){C.getToolsByType("nielsen").length>0&&C.domReady(C.bind(this.initialize,this))}function p(){this.lastURL=C.URL(),this._fireIfURIChanged=C.bind(this.fireIfURIChanged,this),this._onPopState=C.bind(this.onPopState,this),this._onHashChange=C.bind(this.onHashChange,this),this._pushState=C.bind(this.pushState,this),this._replaceState=C.bind(this.replaceState,this),this.initialize()}function u(){var e=C.filter(C.rules,function(e){return 0===e.event.indexOf("dataelementchange")});t

Chrome Cache Entry: 371

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (581)
Category:	downloaded
Size (bytes):	587
Entropy (8bit):	4.75917709602438
Encrypted:	false
SSDEEP:
MD5:	039E06B4D78DC78EC668F7CF13043A56
SHA1:	2C810892B0F27117156B952D72F7ED081C14B49F
SHA-256:	EFD4D92E26D72648D98AE2B5F4F98B7296414CCBD80B71C430565B68C6E6B0C5
SHA-512:	430E6A6FC0FEE66A4BA26DEFE62D449ECB04F5ADB165D6A60EF65EE7236B1CBF21C62E363B42D9A1E9F8362B3D77D952723FEA60D588AED1ABD8637E0F32092A
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?q=login%20bbva&cp=0&client=desktop-gws-wiz-on-focus-serp&xssi=t&gs_pcrt=3&hl=en&authuser=0&pq=login%20bbva&psi=hogrZrPXNt-QwbkPnIao-AY.1714129033379&dpr=1&ofp=EAEYhvHqqPHi74zJARj59v-C17uTpV0Yrs-p28Ozut-OARjKpIGF-InStYoBGLXbhrXJ5oLXiQEypQEKFAoSYmJ2YSBtw6l4aWNvIGxvZ2luChAKDmJidmEgdXNhIGxvZ2luChUKE2JidmEgY29sb21iaWEgbG9naW4KEAoOYmJ2YSBwbmMgbG9naW4KCwoJYmJ2YSBiYW5rCg0KC2JidmEgb25saW5lCiQKImJidmEgbW9iaWxlIGJhbmtpbmcgbG9naW4gcGFzc3dvcmQKDgoMYmJ2YSBjb21wYXNzEEc
Preview:	)]}'.[[["bbva\u003cb\u003e m.xico\u003c\/b\u003e login",0,[432,598,71]],["bbva\u003cb\u003e usa\u003c\/b\u003e login",0,[432,598,71]],["bbva\u003cb\u003e colombia\u003c\/b\u003e login",0,[432,598,71]],["bbva\u003cb\u003e pnc\u003c\/b\u003e login",0,[432,598,71]],["bbva\u003cb\u003e bank\u003c\/b\u003e",0,[432,598,71]],["bbva\u003cb\u003e online\u003c\/b\u003e",0,[432,598,71]],["bbva\u003cb\u003e mobile banking\u003c\/b\u003e login\u003cb\u003e password\u003c\/b\u003e",0,[432,598,71]],["bbva\u003cb\u003e compass\u003c\/b\u003e",0,[432,598,71]]],{"q":"302xazXHIEgxw2VqeNsLH8qDYT4"}]

Chrome Cache Entry: 372

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (638)
Category:	downloaded
Size (bytes):	639
Entropy (8bit):	5.0117154361210146
Encrypted:	false
SSDEEP:
MD5:	8B1522A823D8648C3FD5E88C00934A7D
SHA1:	F17F73E4DDEF1920671942026527555332F8D38A
SHA-256:	BDA6248520DD51D2C92A14A7AFEB8271B59248765E19ED956C59D6D0AAEB5E84
SHA-512:	C5BA22A15626D3BE9A6AB367C5AD7A1F11462BA710E6A700C6517A8620959E8C000B77440B7C23BFF2D7FFF85B4084CCEEA275E88EE9016673EEA59D7E4279E8
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/themes/coronita-bbvacom/assets/js/funciones-intersection-observer.min.js?ver=12.1.1
Preview:	var lazyLoadImages=function(){var e;"IntersectionObserver"in window&&"IntersectionObserverEntry"in window&&"intersectionRatio"in window.IntersectionObserverEntry.prototype?(e=function(e,r){e.forEach(function(e){var n;e.isIntersecting&&(""!==(n=(e=e.target).getAttribute("data-lazy-bg"))&&(e.style.backgroundImage="url("+n+")"),r.disconnect())})},jQuery(".lazyBackground").each(function(){new IntersectionObserver(e,{threshold:0}).observe(this)})):jQuery(".lazyBackground").each(function(){var e=jQuery(this).data("lazy-bg");""!==e&&jQuery(this).css("background-image","url("+e+")")})};jQuery(document).ready(function(){lazyLoadImages()});.

Chrome Cache Entry: 373

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6625), with no line terminators
Category:	downloaded
Size (bytes):	6625
Entropy (8bit):	5.021395915232743
Encrypted:	false
SSDEEP:
MD5:	FD7EF2E4737ACD74FD0DCDC3B515E304
SHA1:	0D792B33F12A48EE8AAAF2560A63A5682470645B
SHA-256:	1D52E1AC7D3BC25A8B0FFC257153F9DD50249F96FE9A4DF5E0D771241A69062C
SHA-512:	3C4358F9605F1CCE097F36689099B8364C43CC360C3D4F5CA77BE5CEE43BB818C6562496F26AD57CE44C34C474FE4CCB6DEED01A14ED259D498F5BC17F9532C7
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.0
Preview:	var runtime=function(t){"use strict";var e,r=Object.prototype,n=r.hasOwnProperty,o=Object.defineProperty\|\|function(t,e,r){t[e]=r.value},i=(w="function"==typeof Symbol?Symbol:{}).iterator\|\|"@@iterator",a=w.asyncIterator\|\|"@@asyncIterator",c=w.toStringTag\|\|"@@toStringTag";function u(t,e,r){return Object.defineProperty(t,e,{value:r,enumerable:!0,configurable:!0,writable:!0}),t[e]}try{u({},"")}catch(r){u=function(t,e,r){return t[e]=r}}function h(t,r,n,i){var a,c,u,h;r=r&&r.prototype instanceof v?r:v,r=Object.create(r.prototype),i=new O(i\|\|[]);return o(r,"_invoke",{value:(a=t,c=n,u=i,h=f,function(t,r){if(h===p)throw new Error("Generator is already running");if(h===y){if("throw"===t)throw r;return{value:e,done:!0}}for(u.method=t,u.arg=r;;){var n=u.delegate;if(n&&(n=function t(r,n){var o=n.method,i=r.iterator[o];return i===e?(n.delegate=null,"throw"===o&&r.iterator.return&&(n.method="return",n.arg=e,t(r,n),"throw"===n.method)\|\|"return"!==o&&(n.method="throw",n.arg=new TypeError("The iterator

Chrome Cache Entry: 374

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 37, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	531
Entropy (8bit):	7.4285516222564185
Encrypted:	false
SSDEEP:
MD5:	E451FAA11CF185F0D734BA9A4C90CBF3
SHA1:	802F743BB5DEDE6DE5D2AD17828EF70B9F23AEF2
SHA-256:	088AEF60E694E853B1C198D05675373A1619FEBF7A3508FAAE9B8953B7D647E6
SHA-512:	D7737E70920F69393A56C591A45F1A719745AF4CA61D958EE0656B585A0C67BB13645B1562A24F3A905773A2F6970511D8BC8AE08FBB84E12FCB5B5F536C4183
Malicious:	false
Reputation:	unknown
URL:	https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRl8X8FzmQpmSVLi-yHinqpodoE9QFXe1WjeLgX-go&s=10
Preview:	.PNG........IHDR...@...%............PLTE.....{h..Pt..B...t;]..,z.#w.6~.)y....4}!T..8..0\|.............y.......v..._..q..Y.....,Q.?i.....J.n......e.!Z.....=.....P......$...MIDATH..[.. ....L..a.-..bf...6..u....x./.%....E...~.x....R..:......Ng;...9..Y4......m.I?....../1.8..s...V......7.p.{...$r_.......w.H.O.....2R.-k....@.eM.v..._hlL(.4.&.........k..n.Oo... ..Y%...Qb9..=...E.y.:.%:p].F}\|.......~pT.6...1.W=>... ....p....P......Z.....`7.0..n"..._m..x..v..[.."...CA._/7n..1..Z.2.\|......2Uq.E............IEND.B`.

Chrome Cache Entry: 375

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (9103), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	16172
Entropy (8bit):	5.142366947021816
Encrypted:	false
SSDEEP:
MD5:	455DCA3398E17749B041AF1096F4D33B
SHA1:	88CC88798414CA20B02E9EE579F75C7D0183EFAE
SHA-256:	83F38CEE5A9A9C516BF9FCDC93602854320911BBE4B3F6929ADCC618F6E35961
SHA-512:	5CA086026747F03CD20B642DD8570C5C3E1A2F271F04CC3D0B724A08DA0A7E4BC972B62865292741D7F342F89147ACC03767BBE52F07C20D3AEDC6B7E708EF06
Malicious:	false
Reputation:	unknown
URL:	https://tools.eurolandir.com/tools/ticker/html/?companycode=es-boy&v=tabs_redesign&lang=en-gb
Preview:	..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>. <meta http-equiv="X-UA-Compatible" content="IE=9,10,11" />. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes" />. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />. <title>Scrolling Ticker</title>.. <style rel="stylesheet" type="text/css">. body {. background-color: transparent;. }. </style>.. <script type="text/javascript" src="/tools/common/EurolandIFrameAutoHeight/EurolandToolAutoSizeObject.js"></script>.. <script type="text/javascript">. var True = true, False = false;. </script>.. ... <script src="/tools/ticker/bundles/tabs.js?v=8MD78q_87odz9FhjqCeRbgJswHsRaa4xGnV8gWOy1cU1"></script>.. .. <script type="text/javascript">.. ScrollingTickerInstrumentObject.prototype.allowsBrea

Chrome Cache Entry: 376

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 1372, version 1.0
Category:	downloaded
Size (bytes):	1372
Entropy (8bit):	7.351846733980056
Encrypted:	false
SSDEEP:
MD5:	9081044EFC0215242429A5B1A7B8B713
SHA1:	8C1B2A0935BCD45A62C875E18A3216D32CF201DE
SHA-256:	5BA4356AD12AFEB8E02C833C5F0D9CD87DE05B273243A58BF57A64E1F279D016
SHA-512:	6A5CEDDD077857D785D9B0F1AF7EF0B9430A1A9B9745C45AA95B3C32EBDEEE9F44F7F1C925A3CE935E3261EF266A0EE471A828EFB2005EA846C372817D926C55
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/themes/coronita-bbvacom/assets/fonts/icon-bbva/fonts/ico-logo.woff?me40do
Preview:	wOFF.......\.......T........................GSUB.......;...T .%zOS/2...D...>...V<cI.cmap.......Q...~.H..glyf...........\|.J.%head...\|...2...6.y..hhea...........$.#.nhmtx.............5..loca...............>maxp........... ....name.......+......(post...,.../...G...fx.c`d``.b0`.c`rq..a..I,.c.b`a...<2.1'3=.......i. f....&;.H.x.c`d.b..........$%.t..'.>....+3.V.......#..N W.a.X..D..T..h..x....0....@.AA.0T...$o.1x.N..+....%.....Z...V{p.M..z......\|~..O....>........x...Mk.P...=s>.$.....R.k.b...SZJ........."....?B../....?...".=..........9....4.......^.+zG..[...n.p..96.t...A.Se..U..i..V.l.4....T..c..E8........,U.k[l....&.?.........&..<.ZO..Pa[j._..g..2r.q...<S.Q*l~au/....+..G#..$..s.....y...Vl.xMg.PN..!=.7........tR .y.~...6]..{.fb.,.7..{9q...rU.<,....n^.o@...`...@#-..6..X....Qz.... v....1&...'.4K._s^0....D.\|.}B....... .q.......\|..u.\.........E....x.c`d``....+..6_...v.E.n.\|`....g``.d...r00.D.rt.W..x.c`d``....L....)..$.................k.........>x.c`d```

Chrome Cache Entry: 377

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (479)
Category:	downloaded
Size (bytes):	731
Entropy (8bit):	5.325658977004964
Encrypted:	false
SSDEEP:
MD5:	97669983F6540F2BADEEF6AB07E5B637
SHA1:	B6F0084F6747DA64CF24334B2C0027E57CBF7F23
SHA-256:	FA7B84BB6E37FBA06F79793937E55BAF6EBC1BEE051E350E11C7CA681A9F3DB7
SHA-512:	2594A8D21E5338D1589B22CCAA9F24E283E1BA8EB2364F661CCF85639D1A063A72A5FA1FAAD116B008110D09BDE0898B0B349A1DEA8DBD8B83F77F360849F6CF
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/themes/coronita-bbvacom/assets/js/jquery.ba-throttle-debounce.min.js?ver=12.1.1
Preview:	/. jQuery throttle / debounce - v1.1 - 3/7/2010. * http://benalman.com/projects/jquery-throttle-debounce-plugin/. * . * Copyright (c) 2010 "Cowboy" Ben Alman. * Dual licensed under the MIT and GPL licenses.. * http://benalman.com/about/license/. */.(function(b,c){var $=b.jQuery\|\|b.Cowboy\|\|(b.Cowboy={}),a;$.throttle=a=function(e,f,j,i){var h,d=0;if(typeof f!=="boolean"){i=j;j=f;f=c}function g(){var o=this,m=+new Date()-d,n=arguments;function l(){d=+new Date();j.apply(o,n)}function k(){h=c}if(i&&!h){l()}h&&clearTimeout(h);if(i===c&&m>e){l()}else{if(f!==true){h=setTimeout(i?k:l,i===c?e-m:e)}}}if($.guid){g.guid=j.guid=j.guid\|\|$.guid++}return g};$.debounce=function(d,e,f){return f===c?a(d,e,false):a(d,f,e!==false)}})(this);

Chrome Cache Entry: 378

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:
MD5:	AFB69DF47958EB78B4E941270772BD6A
SHA1:	D9FE9A625E906FF25C1F165E7872B1D9C731E78E
SHA-256:	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
SHA-512:	FD92B98859FFCCFD12AD57830887259F03C7396DA6569C0629B64604CD964E0DF15D695F1A770D2E7F8DF238140F0E6DA7E7D176B54E31C3BB75DDE9B9127C45
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAk8dqZYMe7mkRIFDVNaR8U=?alt=proto
Preview:	CgkKBw1TWkfFGgA=

Chrome Cache Entry: 379

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (43014)
Category:	downloaded
Size (bytes):	43015
Entropy (8bit):	4.826584979398337
Encrypted:	false
SSDEEP:
MD5:	63FCF118A467C7437B2A73EB61DA673F
SHA1:	AE73467AC3C78E5760A35501C217F4D5F463AC15
SHA-256:	EDDF619DD7CABD9986AF892BE44E3A42BEB45721A90EF553814C23F100EB908D
SHA-512:	D66D3DD94CCB25EBD43B12264DFB5AA5CC41FD1CF638D92815774B205D471746101549E3FBB46257765E3C1E6FAE22866B083EC4497F667A08BBFAB972D5CA2A
Malicious:	false
Reputation:	unknown
URL:	https://www.bbva.com/wp-content/plugins/highlight-and-share/dist/has-themes.css?ver=4.6.0
Preview:	@keyframes hasFadeIn{from{opacity:0}to{opacity:1}}@keyframes hasFadeOut{from{opacity:1}to{opacity:0}}.has-icon:not(.components-button){width:25px;height:25px;vertical-align:middle}.highlight-and-share-wrapper:not(.has-admin-theme-preview-list){display:none;width:0;height:0}.highlight-and-share-wrapper:not(.has-admin-theme-preview-list)>div{display:inline-flex !important;justify-content:center;align-items:center}.highlight-and-share-wrapper{position:relative}.highlight-and-share-wrapper div,.highlight-and-share-wrapper div:hover{transition:ease-in-out .35s;z-index:1000}.highlight-and-share-wrapper.has-no-margin-bottom>div{margin-bottom:0 !important}.highlight-and-share-wrapper.has-no-margin-bottom:after{display:none !important}.highlight-and-share-wrapper .fa{font-size:14px}.highlight-and-share-wrapper.hide-has-labels .has-text{clip:rect(0 0 0 0);clip-path:inset(50%);height:1px;overflow:hidden;position:absolute;white-space:nowrap;width:1px}.highlight-and-share-wrapper.show-has-labels>di

Chrome Cache Entry: 380

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8478), with no line terminators
Category:	downloaded
Size (bytes):	8478
Entropy (8bit):	5.162670033776272
Encrypted:	false
SSDEEP:
MD5:	2B6E494F00DE071FFA385E06CB6B171C
SHA1:	0E98C9D3A6B23673E867140D690A54CBD2CB134F
SHA-256:	67E576D9CE560B0FFBECDEA9C99161A00D593ECDDB6A959CB77A2E8A9A038C29
SHA-512:	02CFEFBE0A23D6CE88768037CE1B8C2B1AEE9D30E4C6F369CE4A103DE7459D8CF42858F1E5BAFC13B49725289B88F71459596FFCCC44E15EEC2E243B4BB9CF12
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/og/_/ss/k=og.asy.bIA1CpwlB5E.L.W.O/m=ll_tdm,adc,ll_fw/excm=/d=1/ed=1/ct=zgms/rs=AA2YrTvRnupN-0aaYyofXIRtLK72TOHuJQ"
Preview:	.gb_3e{background:rgba(60,64,67,.9);-webkit-border-radius:4px;border-radius:4px;color:#fff;font:500 12px "Roboto",arial,sans-serif;letter-spacing:.8px;line-height:16px;margin-top:4px;min-height:14px;padding:4px 8px;position:absolute;z-index:1000;-webkit-font-smoothing:antialiased}.gb_Hc{text-align:left}.gb_Hc>*{color:#bdc1c6;line-height:16px}.gb_Hc div:first-child{color:white}.gb_d:after{content:"";position:absolute;inset:-4px}.gb_d{-webkit-border-radius:50%;border-radius:50%}.gb_d:hover{background-color:rgba(60,64,67,.08)}.gb_d:focus,.gb_B[aria-expanded=true]{background-color:rgba(60,64,67,.1)}.gb_d:active{background-color:rgba(60,64,67,.12)}.gb_d:focus-visible{outline:1px solid #202124}.gb_i .gb_d:hover{background-color:rgba(232,234,237,.08)}.gb_i .gb_d:focus,.gb_i .gb_B[aria-expanded=true]{background-color:rgba(232,234,237,.1)}.gb_i .gb_d:active{background-color:rgba(232,234,237,.12)}.gb_i .gb_d:focus-visible{outline-color:#f1f3f4}.gb_c:hover{background:#1b66c9;-webkit-box-shadow:0

Chrome Cache Entry: 381

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (836)
Category:	downloaded
Size (bytes):	841
Entropy (8bit):	5.150194512922091
Encrypted:	false
SSDEEP:
MD5:	35EB80C3C6295D90F8330A2EFB9F1C68
SHA1:	B830C534DA6F1DD8716EFB3356CF84F79C53311F
SHA-256:	827FDEFCCF02079EE0F94D40546471D026DB1E7C24E4467EE7BE2FE15EFCACDA
SHA-512:	18768D9C2D4C66691C8C885B78C14CAE7B8D6296A05DDF9192B1462DD796B0DBB65DF0C36F699778A11467E018C26C847413554E32A0CD736152A5A8FD5EF6A6
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["flagship megatron auto converting robot","the ftc has issued a final rule banning noncompete agreements","2025 ram 1500 rho","lufthansa 747 rough landing lax","nfl draft picks first round","the exorcism russell crowe trailer","clear userfornia airports","weather storms tornadoes"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 382

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (547)
Category:	downloaded
Size (bytes):	1025609
Entropy (8bit):	5.6119105994722265
Encrypted:	false
SSDEEP:
MD5:	570077919389488EC908FB987AC1ABC2
SHA1:	60009D047344CBAAE7CCD08028E19F9732E45391
SHA-256:	5E2DFB2B1EE490C62B6C8B3A21104DC535928D5362258F65BD7FFA5A18445D0A
SHA-512:	6378C808F3B308D0D9A652BDA3DD63E5CB9E8C3266146B1999597C42C0E0AFDD27699CE789D45E61CFEDA08C95871029293A2A35E69729C8382FDB8162FE5741
Malicious:	false
Reputation:	unknown
URL:	"https://www.google.com/xjs/_/js/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIgggJ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAAAYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/d=1/ed=1/dg=2/br=1/rs=ACT90oGQf-x9krI5aUsVUgCBhVXmEsHpUQ/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;Afksuc:wMx0R;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DM55c:imLrKe;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KeeMUb:HiPxjc;KpRAue:Tia57b;LBgRLc:XVMNvd;LEikZe:byfTOb,lsjVmc;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;PqHfGe:im2cZe;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;TxfV6d:YORN0b;U96pRd:FsR04;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aZ61od:arTwJ;bDXwRe:UsyOtc;bFZ6gf:RsDQqe;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:VruDBd;eHDfl:ofjVkb;eO3lse:nFClrf;fWLTFc:TVBJbf;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;p2tIDb:tp1Cx;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qGV2uc:HHi04c;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uknmt:GkPrzb;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;xbe2wc:uRMPBc;yGxLoc:FmAr0c;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=attn,cdos,gwc,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl"
Preview:	this._s=this._s\|\|{};(function(_){var window=this;.try{./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var eaa,faa,oaa,qaa,raa,saa,taa,uaa,vaa,waa,xaa,yaa,Caa,Aaa,zaa,Daa,Baa,Eaa,Gaa,Faa,Haa,Iaa,Jaa,Laa,Maa,Saa,fba,lba,uba,wba,Aba,Bba,Gba,Hba,Kba,Oba,Pba,Rba,Uba,Tba,Wba,Lba,Ya,Xba,$a,bca,cca,ica,mca,pca,qca,db,tca,vca,xca,Aca,Cca,Dca,Fca,Lca,Nca,Wca,Xca,Yca,Uca,Zca,Tca,$ca,Sca,ada,bda,cda,ida,kda,lda,sda,tda,uda,xda,yda,zda,Ada,Bda,Eda,Fda,Ida,Gda,Nda,Oda,Uda,Vda,Xda,Wda,Zda,aea,$da,cea,bea,fea,eea,hea,jea,lea,mea,qea,sea,tea,vea,xea,Fea,Gea,Hea,rea,uea,Jea,Kea,Oea,Tea,Uea,cfa,Zea,efa,ffa,Wea,ifa,.jfa,gfa,ofa,pfa,qfa,tfa,ufa,Xea,sfa,wfa,yfa,Cfa,Dfa,Ffa,Kfa,Ofa,Qfa,bga,dga,fga,gga,tga,vga,yga,Aga,Cga,Ega,Gga,Iga,Jga,Lga,

Chrome Cache Entry: 383

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	51388
Entropy (8bit):	4.455427839553277
Encrypted:	false
SSDEEP:
MD5:	7B25CBCA7324FC25C8F516A835A69457
SHA1:	99C90297CEC6F687809DDB9EFC07030704145DF0
SHA-256:	FED3158D9B4D819A0AB3D11DB624A2BC5450BA921910963A7AC6CFEC2B8BCB0E
SHA-512:	F16DFC4F532708B8BC04A75A3B1CABB4E3709233A798724F7E758B3BF3C8D462AB8CB3B895F685225489F9FFD12D9681913D2242F5DBD70FE274E5CBD05EC670
Malicious:	false
Reputation:	unknown
URL:	https://api.besmartee.com/js/bsm-helper.js?v=2022122000
Preview:	/*. . * Overide jQuery or new helper funtion here. */.//example <input type='text' id ='test' data-freeze='true'>.//if an input has attr data-freeze='true', value itself cannot be changed by jquery function val().const originalValJqueryFunction = jQuery.fn.val;.jQuery.fn.val = function(){. if(jQuery(this).data('freeze')){. if ( arguments[0] == undefined ) {. // calling val(). return originalValJqueryFunction.apply(this,arguments);. } else {. // calling val(value). return this;. }. } else {. return originalValJqueryFunction.apply(this,arguments);. }.};..function appendQueryString( sourceURL, key, value ){. sourceURL += (sourceURL.split('?')[1] ? '&':'?') + key + '=' + value;. return sourceURL;.}..function removeQueryString( sourceURL, key ) {. var rtn = sourceURL.split("?")[0],. param,. params_arr = [],. queryString = (sourceURL.indexOf("?") !== -1) ? sourceURL.split("?")[1]

Chrome Cache Entry: 384

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	291714
Entropy (8bit):	5.199442518733921
Encrypted:	false
SSDEEP:
MD5:	80FF50A38BC500802B1ABB2FFF818B8A
SHA1:	32DF2387EF3BA4C63FFCE7AD913591DC8D5688FC
SHA-256:	E3ADF4598D23486CA8181C950C4141648ECE4C14B42DF32C009200051528A371
SHA-512:	3D5D93A1C26100A4563C2F3A4514CEFEF1E4704342D05DA0F2E40CF734913AF8E99BD2A8B190E110513730D451B3474998778D36D4AFE2CFD28D8688FCE2640D
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/xjs/_/js/md=3/k=xjs.s.en_US.DNHITQOYOgk.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAIYEgAAAACgAAIAAAAAAAAMAQAABCAAjA5oEKAQQhIABgAIgggJ__BAAAAACBAQAgYAIAAAC4AIAQAIIAAEAAAACAAgAAAAAAAAAAAAAcIIB-AAAAAAAAAAAAAAAYIPgBgAAAIAQHCAEAIAAAAIA8AM8DhoMUFgAAAAAAAAAAAABAABIEc0D6CwKAAAAAAAAAAAAAAABIpROXxwAACQ/rs=ACT90oGQf-x9krI5aUsVUgCBhVXmEsHpUQ
Preview:	{"chunkTypes":"1000011111111001111000100001011010000001111111111111111111111111111111111111111011110111111111110101111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111101110111111111131011011111111111101111111111111110111111111111111111000110101111111111111111111111111111111111111111111111111111010100111121212121212121222222222212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121222121212121212121212212212121222121212221221212121212121212121212121212121212121212121212121212121212122121222221212221222222222221212111111111011011111111111111111111111111111111111111111111111111111111111101110101122311110101111110111131111111111111111111111111110111111111111111111111111111111

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Dec 11 11:47:44 2009, Code page: 1252, Revision Number: {25351790-C36F-44E0-8F66-D671A1B9FD6F}, Number of Words: 10, Subject: Installer, Author: Installer, Name of Creating Application: Installer 64247, Template: ;1033, Title: Installation Database, Keywords: Installer, MSI, Database, Security: 0, Number of Pages: 200
Entropy (8bit):	6.665690917349129
TrID:	Windows SDK Setup Transform Script (63028/2) 38.65% Microsoft Windows Installer (60509/1) 37.11% Microsoft PowerPoint document (31509/1) 19.32% Generic OLE2 / Multistream Compound File (8008/1) 4.91%
File name:	factura - ztcpyqiqtfiewxjhesna.msi
File size:	2'461'184 bytes
MD5:	5ede14585e55b6b67660efb6237e2e85
SHA1:	d3ff6c89920dbcb3a858fbf897ea2d6d56fdd9dc
SHA256:	9fd784ffe3affccb06b50be9d5f41802adea4215810d88422e941af581bc602a
SHA512:	65d4c8db9dae03ec46c68eb43bc7609750234b27ef79b3d8f4d7801a1377091db8ff8dc5de82548b34c8817df080bd84c16535b787696a247cf178b90dba9aae
SSDEEP:	49152:aO2Id8SNudebzRKmlBtaGnxATPmvLYLEA:SIdNIdeM6wwxSmvLYAA
TLSH:	40B58E22B2C18437C0772A3C9C5BA7ADA9397E112D38994B3FE41D4C5F396817E292D7
File Content Preview:	........................>...................&...................................z...{...\|...}...~.......................................................................................................................B......................................

File Icon


Icon Hash:	2d2e3797b32b2b99

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report factura - ztcpyqiqtfiewxjhesna.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Config.Msi\54adcd.rbs

C:\Config.Msi\54add0.rbs

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Windows\Installer\54adcb.msi

C:\Windows\Installer\MSIAF24.tmp

C:\Windows\Installer\MSIAF73.tmp

C:\Windows\Installer\MSIB05E.tmp

C:\Windows\Installer\MSIEBE.tmp

C:\Windows\Installer\SourceHash{53CFFB45-057F-4439-816F-97CF504AFF47}

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

C:\Windows\Temp\~DF1080C2F894881055.TMP

C:\Windows\Temp\~DF411F7E8CF6667194.TMP

C:\Windows\Temp\~DF5C1A373E8F2E241F.TMP

C:\Windows\Temp\~DF5DC33C3D0D26CA89.TMP

C:\Windows\Temp\~DF641850FA97708156.TMP

C:\Windows\Temp\~DFBDFC1D5A3CC8B4CB.TMP

C:\Windows\Temp\~DFE3030A96B9BC4BB8.TMP

C:\Windows\Temp\~DFFE622C466A75FE3A.TMP

Chrome Cache Entry: 319

Chrome Cache Entry: 320

Chrome Cache Entry: 321

Chrome Cache Entry: 322

Chrome Cache Entry: 323

Chrome Cache Entry: 324

Chrome Cache Entry: 326

Chrome Cache Entry: 327

Chrome Cache Entry: 328

Chrome Cache Entry: 329

Chrome Cache Entry: 330

Chrome Cache Entry: 331

Windows Analysis Report
factura - ztcpyqiqtfiewxjhesna.msi