Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://m.exactag.com/ai.aspx?tc=d9886728bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Aempireglass.ae/real/60920//anJhZGtlQGdwYWxhYi5jb20=

Overview

General Information

Sample URL:https://m.exactag.com/ai.aspx?tc=d9886728bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Aempireglass.ae/real/60920//anJhZGtlQGdwYWxhYi5jb20=
Analysis ID:1438588

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

LLM detected suspicious URL
LLM detected suspicious webpage text
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 5700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://m.exactag.com/ai.aspx?tc=d9886728bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Aempireglass.ae/real/60920//anJhZGtlQGdwYWxhYi5jb20= MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 5648 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1872,i,16412441582020803288,5321101291447823665,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
LLM detected suspicious URL
Source: https://gopowerssolutions.com/?abnhljlk&email=jradke@gpalab.comLLM: Score: 7 Reasons: The URL in question shows signs of typosquatting, with the domain name 'gopowerssolutions.com' differing slightly from the legitimate domain 'gopowertools.com'. Additionally, the presence of a suspicious parameter 'abnhljlk' in the URL may indicate an attempt to obfuscate the true intent of the site. The email address 'jradke@gpalab.com' may also be a target of phishing or other malicious activities. It is recommended to exercise caution when accessing this URL. DOM: 1.1.pages.csv
LLM detected suspicious webpage text
Source: https://gopowerssolutions.com/?abnhljlk&email=jradke@gpalab.comLLM: Score: 7 Reasons: The text contains indicators of a potential phishing site. The text mentions the need for email address verification and the modification of contact details, which is a common tactic used by phishers to trick users into providing sensitive information. The URL provided also has suspicious parameters and does not match the name of the company mentioned in the text. DOM: 1.2.pages.csv
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.151.7:443 -> 192.168.2.17:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.192.208.109:443 -> 192.168.2.17:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.192.208.109:443 -> 192.168.2.17:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.7
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.7
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.7
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.7
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.7
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.7
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.7
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.88
Source: global trafficDNS traffic detected: DNS query: m.exactag.com
Source: global trafficDNS traffic detected: DNS query: empireglass.ae
Source: global trafficDNS traffic detected: DNS query: gopowerssolutions.com
Source: global trafficDNS traffic detected: DNS query: static.nc-img.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: www.namecheap.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.151.7:443 -> 192.168.2.17:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.192.208.109:443 -> 192.168.2.17:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.192.208.109:443 -> 192.168.2.17:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: classification engineClassification label: mal48.phis.win@16/22@16/148
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://m.exactag.com/ai.aspx?tc=d9886728bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Aempireglass.ae/real/60920//anJhZGtlQGdwYWxhYi5jb20=
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1872,i,16412441582020803288,5321101291447823665,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1872,i,16412441582020803288,5321101291447823665,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://m.exactag.com/ai.aspx?tc=d9886728bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Aempireglass.ae/real/60920//anJhZGtlQGdwYWxhYi5jb20=0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
empireglass.ae
198.54.126.64
truefalse
    		unknown
    www.google.com
    		142.251.211.228
    		truefalse
      		high
      gopowerssolutions.com
      		198.54.117.242
      		truetrue
        		unknown
        tp-emea.exactag.com
        		85.14.248.91
        		truefalse
          		high
          www.namecheap.com
          		unknown
          		unknownfalse
            		high
            static.nc-img.com
            		unknown
            		unknownfalse
              		unknown
              m.exactag.com
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://empireglass.ae/real/60920//anJhZGtlQGdwYWxhYi5jb20=false
                  		unknown
                  https://gopowerssolutions.com/?abnhljlk&email=jradke@gpalab.comtrue
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    104.16.99.56
                    		unknownUnited States
                    		13335CLOUDFLARENETUSfalse
                    172.217.14.227
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    1.1.1.1
                    		unknownAustralia
                    		13335CLOUDFLARENETUSfalse
                    142.250.217.99
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    142.251.211.228
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    74.125.142.84
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    104.18.172.57
                    		unknownUnited States
                    		13335CLOUDFLARENETUSfalse
                    85.14.248.91
                    		tp-emea.exactag.comGermany
                    		24961MYLOC-ASIPBackboneofmyLocmanagedITAGDEfalse
                    198.54.126.64
                    		empireglass.aeUnited States
                    		22612NAMECHEAP-NETUSfalse
                    142.250.217.110
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    142.251.215.238
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    198.54.117.242
                    		gopowerssolutions.comUnited States
                    		22612NAMECHEAP-NETUStrue

                    Private

                    IP
                    192.168.2.17
                    192.168.2.4

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1438588
                    Start date and time:2024-05-08 21:39:17 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                    Sample URL:https://m.exactag.com/ai.aspx?tc=d9886728bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Aempireglass.ae/real/60920//anJhZGtlQGdwYWxhYi5jb20=
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:16
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • EGA enabled
                    Analysis Mode:stream
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal48.phis.win@16/22@16/148

                    Warnings

                    • Exclude process from analysis (whitelisted): SIHClient.exe
                    • Excluded IPs from analysis (whitelisted): 142.250.217.99, 142.251.215.238, 74.125.142.84, 34.104.35.123, 104.18.172.57, 104.18.173.57
                    • Excluded domains from analysis (whitelisted): static.nc-img.com.cdn.cloudflare.net, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                    • Not all processes where analyzed, report is missing behavior information
                    • VT rate limit hit for: https://m.exactag.com/ai.aspx?tc=d9886728bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Aempireglass.ae/real/60920//anJhZGtlQGdwYWxhYi5jb20=

                    LLM Input / Output

                    InputOutput
                    URL: https://gopowerssolutions.com/?abnhljlk&email=jradke@gpalab.com
                    {
"riskscore": 7,
"reasons": "The text contains indicators of a potential phishing site. The text mentions the need for email address verification and the modification of contact details, which is a common tactic used by phishers to trick users into providing sensitive information. The URL provided also has suspicious parameters and does not match the name of the company mentioned in the text."
}"
                    namecheap Whois&erifiqtion -is pending Since January 2014, all ICANN accredited registrars (like Namecheap) have been required to verify the contact information (Registrant Whois) of customers registering domain names. This includes modifications to the contact details. Why this domain has been suspended We need email address verification Other domain contact details have from the owner recently been modified, but are not This might be because the owner has yet verified registered, but has not clicked the This data might be their first name, last verification link in the email sent to name, organisation name or email them. address.
                    URL: https://gopowerssolutions.com/?abnhljlk&email=jradke@gpalab.com
                    {
"riskscore": 7,
"reasons": "The URL in question shows signs of typosquatting, with the domain name 'gopowerssolutions.com' differing slightly from the legitimate domain 'gopowertools.com'. Additionally, the presence of a suspicious parameter 'abnhljlk' in the URL may indicate an attempt to obfuscate the true intent of the site. The email address 'jradke@gpalab.com' may also be a target of phishing or other malicious activities. It is recommended to exercise caution when accessing this URL."
}"
                    https://gopowerssolutions.com/?abnhljlk&email=jradke@gpalab.com

                    Created / dropped Files

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 18:39:48 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):3.9987355355100984
                    Encrypted:false
                    SSDEEP:
                    MD5:0E4A980A4071AF02FD2E85CD2A21A98B
                    SHA1:61FD21C7749F6870FC3B1F5CADB206E586F6DA9D
                    SHA-256:B0FA4C829B3E35AD05D37E92A18DE8B351763CE98F82802DFAB3649CED6C0CC1
                    SHA-512:FA10D583D38694371EC0D795635D38F28E1700F86610A0EA64AB8DC05E34DBE755E2836FC456529F5203084B6AF3B5A0A946C5452C8D6F49E308740F503FC735
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,.....w.|........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>1......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 18:39:48 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2679
                    Entropy (8bit):4.015962984945168
                    Encrypted:false
                    SSDEEP:
                    MD5:B27A0A72ECECED5B5F601BA73E5DDF66
                    SHA1:54376889C150EC921AAAC6347638F06CA01A6EDE
                    SHA-256:56ADDED660ECA4AE2E3C675F0B74A2DB8C8338A0C7A2DB4CDA0684ADF3A10C62
                    SHA-512:F5AA479844854D9F4077B2BAC5E6B31647F5FFB0D8041E3A4B2F77FD7532E74F878C3B427DE85149D3F2A6B9552AA07285355CCAFFE751E67E46B490F95E5682
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,......}|........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>1......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2693
                    Entropy (8bit):4.01882153279122
                    Encrypted:false
                    SSDEEP:
                    MD5:F321C152E93C91313191E049B8140398
                    SHA1:8DC3BF7BD6AC67CD87117AE431FF6797A50A4BD6
                    SHA-256:7060EDA4AE337A3F84F8C7BA2BE425E63057732D68C4296367EF4EB9836CDD81
                    SHA-512:CC235D1EC79AF613E72E7BDD27FF6AA80B4294531BC59904E54CFA36C8941A3E9DA882A778020D45016DDB05DE79AD6F6F15842CDB032D399A21BE15D0A6E5CA
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>1......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 18:39:48 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2681
                    Entropy (8bit):4.010575750947534
                    Encrypted:false
                    SSDEEP:
                    MD5:35C9A8E6658E21E5D81B75200776931D
                    SHA1:AC2C808E914B1103F1A3EBEECAE6A1956C65E5A9
                    SHA-256:26EEB93E28BEF33235CCE4B992D903ADB80B160D1724A222A9999356EE972E85
                    SHA-512:6F400B2725D4404F719A43E209F45166A92A1BF5A34EFEC46F1BE248849A31856B04B880DF47DDFDA6A29980660576DC10D3041C9A57AB26AA78A5E96C609CBC
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,......w|........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>1......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 18:39:48 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2681
                    Entropy (8bit):4.000764560628323
                    Encrypted:false
                    SSDEEP:
                    MD5:CCA249F7F56936C413EB0809652D813A
                    SHA1:89A334C5CE1CA57EB36E02F4481C661DB3412CFC
                    SHA-256:9F0B1D5BA28A3E4F06CA2C2CA30BEB3C4B3968B57CB9B67C5D2CB0B334FE3E8D
                    SHA-512:5166668910AC77533306DA7C95928D61062EC9B223D4DBC5C7343D80A1E925BBC25E561B520607DF7BBB11B3BA1CF24AB17D6A9D90F28ECEEB93BCF73367039C
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,....{\.|........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>1......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 18:39:48 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2683
                    Entropy (8bit):4.011171456613587
                    Encrypted:false
                    SSDEEP:
                    MD5:399ED6FBB774F534DD27DCAD9A8DE321
                    SHA1:32CC3E70514F8B5D42556FCE9193307EEAD469B7
                    SHA-256:BDA2E1CA77177FE71D425E526BB1EB43109B56A167121CDF7B4E4455E2214C0F
                    SHA-512:D57D24573BEA81F6522D9169F15B98CA8B153960C53C29142E1D3AC62FBD3C38843CE2144B058D1CCCD265BD9CBA3AB1D2930B04498ED6500D3273E3B02D2374
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,....b.n|........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>1......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    Chrome Cache Entry: 76

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:Web Open Font Format (Version 2), TrueType, length 20848, version 1.0
                    Category:downloaded
                    Size (bytes):20848
                    Entropy (8bit):7.989570290634169
                    Encrypted:false
                    SSDEEP:
                    MD5:96DD56EBB50AA0150F6630360D8D69CF
                    SHA1:8ADA6284514DB2F56A084733EED649B9C7D41F1F
                    SHA-256:93467F75842330C3502FC0268A7A62151F3744221CA7FFA6DC5057DAC4A64CEE
                    SHA-512:C1520987DE442AFD02377E520AD0294004ECB48861E24008EB06621FA088F09FF336A867532294165AF3AC0AEC9C64AF759DFA601635195BEF0C93F05DE5974D
                    Malicious:false
                    Reputation:unknown
                    URL:https://static.nc-img.com/pp/nc-ui-globalenv/museo-sans-300-webfont.96dd56ebb50aa0150f6630360d8d69cf.woff2
                    Preview:wOF2......Qp..........Q.........................?FFTM..$..<..R.`..b.6..e.....4....6.$.. ..R.. ..T..X..9?webf.....6.........d..q;...D......b...'$'c..`S-....2[r&..F.9..u....5.=..Q..{.U_.;_o9..g.....U+u.V.U.^....N.$.E.\nd.....T..v"...kC...#.x...[...a.L#3.6......<.....A!us....A7;5y......y.......%.L..8`.H.....-.....6;..M...Vb`$JZ."F.e!!XS,tv3{..tU:W.....>y.o?X...G,.$.H.Di....'N.....s. ..X...vz..RS.gX..'...v..C........IL..X.!.loU-.......j....|.4.............{O`xWc.?E.|z...4...D.....4..N..>0..E.pU..s{C..`0....l....r7.Pmr4........)..7..kY.E..B.s.o......?......N"2..b..1.*...]B.....!.K[*....0.....2@.......Vz0Q.g_g}.`....`..6%.'m..XT.u.6.E...ax.jn.E..........._.4Z.V....p..=...^.<%.k.t[R...~P.Ck..>..Gib.BM.....`.gZ.U..x;.~.4.b.P...J...BQ..+.le_}+.ef2.f.......&..(.[BR..B..vree.j.?.......I......YP....C..{);........... ...u ...3...(.`.%..../...B..w.B.M...R.u.k.Q..B*~@.j...{...w....-...W....F...U.{w.m.MA/..P.Z$......~....W...*.....=...........}......./..

                    Chrome Cache Entry: 77

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:Unicode text, UTF-8 text, with very long lines (36846)
                    Category:downloaded
                    Size (bytes):187309
                    Entropy (8bit):5.577839450474143
                    Encrypted:false
                    SSDEEP:
                    MD5:BBB0A7562A948CA06BCEBB419B7B31FA
                    SHA1:C2BF2B3B01D60231D96D422FB1E93EB9871A1F78
                    SHA-256:9C0BD44B3D16140158EB5F52B28E48CBDFDB7215B06DFEEB2CD07078361E1016
                    SHA-512:1BE8AF861173C4A5C8EFBC620A4143A6690FF1042DF50FD6DD9FE79D8687AC598A1592A870ED600B9D9B43BC24673E2ECF0BE07865121A72CE700B389275EFFA
                    Malicious:false
                    Reputation:unknown
                    URL:https://static.nc-img.com/uiraa/libs/polyfills_469970f8ffedace1b5b8.js
                    Preview:(function(t,n){"object"==typeof exports&&"object"==typeof module?module.exports=n():"function"==typeof define&&define.amd?define("__nc_polyfills",[],n):"object"==typeof exports?exports.__nc_polyfills=n():t.__nc_polyfills=n()})(this,function(){return function(t){function n(r){if(e[r])return e[r].exports;var o=e[r]={i:r,l:!1,exports:{}};return t[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}var e={};return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{configurable:!1,enumerable:!0,get:r})},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},n.p="",n(n.s=0)}({"+CM9":function(t,n,e){"use strict";var r=e("Ds5P"),o=e("ot5s")(!1),i=[].indexOf,a=!!i&&1/[1].indexOf(1,-0)<0;r(r.P+r.F*(a||!e("NNrz")(i)),"Array",{indexOf:function(t){return a?i.apply(this,arguments)||0:o(this,t,arguments[1])}})},"+vXH":function(t,n,e){e("77Ug")("Float64",8,functio

                    Chrome Cache Entry: 78

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:Web Open Font Format (Version 2), TrueType, length 26180, version 1.0
                    Category:downloaded
                    Size (bytes):26180
                    Entropy (8bit):7.992640591018438
                    Encrypted:true
                    SSDEEP:
                    MD5:C1D44D108721DDDBCC98281FE137CDA6
                    SHA1:D98C5F9985A4DF573BF8E406E84152A5AC94B186
                    SHA-256:7BE1913E58996BC81CB052E9914CB492D0ACF125434ED1DDF0144D8A93189DFF
                    SHA-512:A6ACCF6A5B996A96985F9A56453E05B8B5E41A6D6C60C60FB8684D4D57F61D36EE49AFE2EB2BA75082E94DDB45B0D14D450373CE60F6D5EF9A6EBA3F750890F1
                    Malicious:false
                    Reputation:unknown
                    URL:https://static.nc-img.com/pp/nc-ui-globalenv/gb-icon.c1d44d108721dddbcc98281fe137cda6.woff2
                    Preview:wOF2......fD..........e..........................T.V..8...,..C.6.$..t..|.. .........'..c.. ..<.LD..!>.f#".8.@.x...'%.!c.c.....p..DQ.,...%..H.Kl.../..;...\....d.3._6........7....}hD.w..9..i..*..u.*.^........f...GU....pkO..h..f.0i...F6m..i.(bg..".j..BB.&.$......4.h..H.$....J.HTP,@....w...X.h.".`...{.;l.....nk.....L0 .....ag....'.....u.W.f..".q..v.6.i...?.!.H.............2cp^.#.b`..#1...;.......T.b...>.N.`...Ny%....n;.....s$J.\....~.......Jd.w.*#i.R!a.{......0@*+.W4M..@........F..SQ.Md.i.....H.....\..f.. ..x.....K...v..|.......Hj.V.4.....Fx..9..t...Vx...7..r....$......)r..cV$...`...u.d..o...H.*.R.K+..=uZ~9...P..Xp8P...........AY.(..[kw.........@..t.L.m....V.N..............Z.i&0a^)......H...W...u....$....Q....4...M..H..2(....F.E;............C[C.ui....x$B.eo...T.3....j...d.B.a0.I..X..F.S,{..6...n........m..K..b!.X.....#.a.n.... ...'.....@.p..Z;V...c..s:....Sa.......T3;J|..d..H....O.0..X.1.q.`........|..u......e`........J..|.Fq.fyQVu.v.0N.n.q^.

                    Chrome Cache Entry: 79

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (34346)
                    Category:downloaded
                    Size (bytes):44404
                    Entropy (8bit):5.3475738490001365
                    Encrypted:false
                    SSDEEP:
                    MD5:A48BEA4C3F4EDA08651339E896681DF3
                    SHA1:E15E530C98402D2209B5892208AEA6CBEC62C4F6
                    SHA-256:3DF613821B24AC57470CA4EAA3F494BBFF19FC6D0A28DE3950065FB1ABF9117D
                    SHA-512:FF35EBDED2A18CBB7436687983789B5208493D92971BD4A8238170657D74E8B36A13B11EFBCFCCDA0D61B02644DC9EED0606D1A91D0D94508FBA444236DE0862
                    Malicious:false
                    Reputation:unknown
                    URL:https://gopowerssolutions.com/?abnhljlk&email=jradke@gpalab.com
                    Preview:<html>..<head lang="en">...<meta charset="UTF-8"/>...<title>Registrant WHOIS contact information verification | Namecheap.com</title>...<meta name="viewport" content="width=device-width, initial-scale=1"/>...<link rel="shortcut icon" href="https://www.namecheap.com/assets/img/nc-icon/favicon.ico"/>...<script type="text/javascript">var nc_main=function(e){function t(n){if(r[n])return r[n].exports;var i=r[n]={i:n,l:!1,exports:{}};return e[n].call(i.exports,i,i.exports,t),i.l=!0,i.exports}var r={};return t.m=e,t.c=r,t.d=function(e,r,n){t.o(e,r)||Object.defineProperty(e,r,{configurable:!1,enumerable:!0,get:n})},t.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return t.d(r,"a",r),r},t.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},t.p="",t(t.s=270)}({0:function(e,t,r){var n=r(3),i=r(15),o=r(10),u=r(11),a=r(16),s=function(e,t,r){var c,f,p,l,h=e&s.F,d=e&s.G,v=e&s.S,m=e&s.P,y=e&s.B,g=d?n:v?n[t]||(n[t]={}):(n[t]||{}).prototype,b=d?i:i[t]

                    Chrome Cache Entry: 80

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):3286
                    Entropy (8bit):7.9048842883131485
                    Encrypted:false
                    SSDEEP:
                    MD5:168AA475EC312D6C7A976BA66EF4E982
                    SHA1:32C327AE4CA72AAE61CF5FE5929A8950503F28D5
                    SHA-256:CBBDA36462BD705A3377CC1A607DB2382C033161E16C56A8AADFE93F292874E0
                    SHA-512:5526BAE0ABD7B4D27A2BFEC23F11DFDCEFA2B7E813A6FF4799B0FA93A75BE59FF94692E7C2F25AE6E87B5DA0D8B1A6040E0DC7382C610908553F0885BC5D67C9
                    Malicious:false
                    Reputation:unknown
                    Preview:.PNG........IHDR...P...P............sRGB.........IDATx..].pUW........BB..$.......v.......3.fj.-.28.*3..E..8Lk;.XEmq..mu..,].ZJ...IR.B f_I....{....{^......s.s..~g...(2...d.a.4.Z.].-.f@.R..R...2h%...(M8..(..... .P...:.:.:...B.z.y.I(......1l....Z.<Z...%p.....%.........h3....<d.....c.8..W..k.W..0...,.\>.%h.t..e`Y..a.,....}.Vh..........`...H.J.p[`..15.3.z.:.e..i...X..4.3..e.. ....C;......a{..Df&.O.+Zn.M.L....8..D!._@...|.(.....;.7.{k.k..O...~.[..4.(.....M.}..O`p..G..#}.J.b .G...h..`!..V<......[.X..F..N.t/@<..5...<..}..vgd.......k.N.e.............Z.....1..>..b....b.T.2...i..*o.....p.n/CU.n.+.~.....@.X...q` ..Ud./.!...h..d..mg..9..S..P.f..b .....1....vA..../.!.....!....V_..z2v...f.......I1.......g..(.\..b.K.l...MB.ih.~..c[{.......N8`3.`.l...94.2.(.............HB|@...C.._..3>.u..b..Rq..........Ep....Eb...eK...p3......g..~.."===b..w.@....ec.. .J.P.A.)..3P.... ..N+f.....G%2.....sbE.l...9e.]I.....+..3#..e8..p..$.0.u.;...,,..D.......s....2..\X}f......D..:.&

                    Chrome Cache Entry: 81

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (65536), with no line terminators
                    Category:downloaded
                    Size (bytes):173520
                    Entropy (8bit):5.487317789413177
                    Encrypted:false
                    SSDEEP:
                    MD5:6EB4134F13E2F1D3B205B790D90ACBC5
                    SHA1:DB4420C5EE3E21902BB620CF6897E46A31B6B630
                    SHA-256:9436E0161212285124586ACE8780B12FE73D8145F7D3D7B73EF2F352F0E934E4
                    SHA-512:03CA32421BB74F4C55167A1CB764651E8C5D9322AFDFC2A09E76B02FC23450B56584CCC74707973A5F053376DD74EA05CDD55DC03F46523D7D7F406BAE98F411
                    Malicious:false
                    Reputation:unknown
                    URL:https://static.nc-img.com/pp/nc-ui-globalenv/main.6eb4134f13e2f1d3b205b790d90acbc5.css
                    Preview:@font-face{font-family:GB Museo Sans;font-style:normal;font-weight:300;font-display:fallback;src:url(museo-sans-300-webfont.96dd56ebb50aa0150f6630360d8d69cf.woff2) format("woff2"),url(museo-sans-300-webfont.4945bb439921a17a37c2faa28b51cfab.woff) format("woff")}@font-face{font-family:GB Museo Sans;font-style:italic;font-weight:300;font-display:fallback;src:url(museo-sans-300-italic-webfont.1ec5d6b46fb910b7438691a06f535727.woff2) format("woff2"),url(museo-sans-300-italic-webfont.44016bd1ddaaba200fddc9bc701a541f.woff) format("woff")}@font-face{font-family:GB Museo Sans;font-style:normal;font-weight:500;font-display:fallback;src:url(museo-sans-500-webfont.5d9883d92e2eaa724e4e6beb0ef6728a.woff2) format("woff2"),url(museo-sans-500-webfont.7f1a052049d6916bb62580f6ce06ce71.woff) format("woff")}@font-face{font-family:GB Museo Sans;font-style:italic;font-weight:500;font-display:fallback;src:url(museo-sans-500-italic-webfont.873105c6b697915031f4af252a70cc2f.woff2) format("woff2"),url(museo-sans-5

                    Chrome Cache Entry: 82

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                    Category:dropped
                    Size (bytes):8348
                    Entropy (8bit):3.3578682829695006
                    Encrypted:false
                    SSDEEP:
                    MD5:25BBCC12F8B02E6442D1BD713DEFB81B
                    SHA1:CACE8A1C9B2D39718A2965F068982BBF5509C2B9
                    SHA-256:8625166490607FD513AEF4A7B29927F616B8537D2602CB6B4AA00935CD5639F6
                    SHA-512:66B2ECD5DF95D0A97BC2EEA2DD2FEAA6E17FC3E5828E7C78039E48C753173F357FA857638ABD1EF3619189B342501EC8A352D6F62C242126831D96A0E5F617AB
                    Malicious:false
                    Reputation:unknown
                    Preview:...... .... .(...&......... .(...N...(... ...@..... .....................................!`.j!`.!`.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a..!`..!`.!`.j.................d.!"`.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."`...d.!........"`.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."`......!`.j"a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a..!`.j!`."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a..!`.!`.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a..!`.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a.."a

                    Chrome Cache Entry: 84

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 219 x 43, 8-bit colormap, non-interlaced
                    Category:dropped
                    Size (bytes):1418
                    Entropy (8bit):7.7383738492966145
                    Encrypted:false
                    SSDEEP:
                    MD5:4072D8D7BFCA34BE693EB0E573C3B7FE
                    SHA1:6B2D4C85693DAA99C1AB6B1D6134F10EC6C13A88
                    SHA-256:9B69072496FA454B46C2E91EA0BCFEEEDC8A47B268A07863C9EEE88082AA6937
                    SHA-512:7BE9D3FC8EDED7021BC8095D1FC3A6B199E564E496487DB09D6942FFA8DC3411B0BB5C8F471189087307FDDA07EF75BFB830FEE4C2490985B06845893EEB282E
                    Malicious:false
                    Reputation:unknown
                    Preview:.PNG........IHDR.......+........k...xPLTE...noqnoqnoqnoqnoqnoqnoqnoqnoqnoq.n#.i..a.noqnoq.b.noq.V..6'.X..X...C..C..C.P...Cnoq.E&.P..[..T..Q..Y..^..`..^...C..@.h0...G....tRNS..0P..`.@ >...`p~....."......IDATx^.n.0.....!.!Mw[C...o.3......j%".Wz.3...u...;.i_?.y..[.n.tOBV......Z....1o.S.. ...7c...g.k..?.~.p.{...c....c.|..V.a..u.L............@\..m.m^..Bl...k..k..n.nU\y...6...4....<.k7...4...Ly.k....[...`'|=...N.t...v.e.....)]..l?<m.........}@&t.....0......U... ....@..m...6.i.....q....j.8..t...yq/.3..m..M..cl^\........."."....B...^...E..TE.d."X..@.C......Z..<.'P.:...a.>+. G.........,W....Pcjr..h,c.)JD,...Q..)..f..b'..fJ.q....6..mV\{.8..-`K.$IR:...L.(C6.(..R".&).u.b..JP..7.j.lu._e.....Y....K|."6....S....j{(.a.^.'....tb\.r..\...Q.D(A.T...4..k..0.Z...7r9...D7....g..s*Bq....S.#{....21..Th.....3.G.....wd...`.X).N.....q..F...+?......._..-...Qa...e..3...G.<6.&9...n._....e......@\.h..i..yl....l....N..0...la+.Y.(L...~c........"..+..5S6.`B...&,[..$F.S......[

                    Chrome Cache Entry: 85

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:Web Open Font Format (Version 2), TrueType, length 18128, version 1.0
                    Category:downloaded
                    Size (bytes):18128
                    Entropy (8bit):7.988563676048976
                    Encrypted:false
                    SSDEEP:
                    MD5:B125DC012841FA8A23B98C37499CA5E8
                    SHA1:2EA271A80F6A93B9888A34797DB75CEE3E627673
                    SHA-256:177C4F2826CBC2CC24A9D8018E6C9848ED73178A76FD3AABE99B44EE9458514C
                    SHA-512:332816C2DB8F096348C7145479C351EE5BED8ECB7F835C9BE1BEEADFEE7E474128C0E1901989A0D6E51BC1411454F3DDA07C2E9F6262751F36360320D843DB2C
                    Malicious:false
                    Reputation:unknown
                    URL:https://static.nc-img.com/pp/nc-ui-globalenv/museo-sans-700-webfont.b125dc012841fa8a23b98c37499ca5e8.woff2
                    Preview:wOF2......F...........Fp........................?FFTM..6..0..j.`........P........6.$.... .......0.5..K(...b.E2.......#.....&...H:.a..jz_@.F..L.jS. .t.L...[...<?...J.ei.$#D.......7Yw(.....*_.y..AZ.Cb .tX....].....^.>....K.....<..d....M....?........}.{>n..A#..L.I..!......w[.....!..l.q..DD.p0...G.[j...q...UjuV.l\wuu.}...uT.mn.<1N<./..O....$........b...t4}...g...........t.3..OX..........#*J..N:.>".+..(Ky.......;....0.pgj&`.0.......gG......dW..:{<..u1.vI..;...-..S......ZZ}T........6.{)....,..l...miCI.wc.......s>!FV..2..u.7.A,....1Q..?...t~uk.U.4.h..(...{Z.....TN......cU./..........!.............P4.^....'.......,d....2...d..0...U.mI....g.!.=c...bx..E...W....n.{d. ..<.../...G.Y...........e....]x.%)A.Y.q|....~+.*{?..J....?..d..V...C..[...;`D.~..}j.a.w..}6...B......a.0!,f._.06.?.....J..........lRRD.3.8.d.*..zp..~.......S..P4.zVi.....X......R. .-.c....a.....C`. j..8...W...^z..Uxx....F....w...{...8.B....nL.4g...Wq.}...^.G.....wT.U...g.A.....,^.%A...\1M....

                    Chrome Cache Entry: 86

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:Unicode text, UTF-8 text, with very long lines (28860)
                    Category:downloaded
                    Size (bytes):612502
                    Entropy (8bit):5.170572345639975
                    Encrypted:false
                    SSDEEP:
                    MD5:0B789B1DA2AE8DAAFB7DBE161F39B121
                    SHA1:0F6E5D831CCE369B5AB370C48C0CB94C59068D5C
                    SHA-256:1230AD30EA6BBCC22F8E08D8A496C66AAC8266DB7A4B72B2C465E0EC89C2C658
                    SHA-512:B0BE5A942CD3885D69F467E40C35873F3BAD59D2078966BECFD289601241DB567B85889A9149C0A842FC48D14C35E5EA5DEB57FFD90F139A838736E9F4294886
                    Malicious:false
                    Reputation:unknown
                    URL:https://static.nc-img.com/uiraa/libs/vendors_70ac76496c2b0e5ed06c.js
                    Preview:(function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define("vendors_70ac76496c2b0e5ed06c",[],e):"object"==typeof exports?exports.vendors_70ac76496c2b0e5ed06c=e():t.vendors_70ac76496c2b0e5ed06c=e()})(this,function(){return function(t){function e(r){if(n[r])return n[r].exports;var o=n[r]={i:r,l:!1,exports:{}};return t[r].call(o.exports,o,o.exports,e),o.l=!0,o.exports}var n={};return e.m=t,e.c=n,e.d=function(t,n,r){e.o(t,n)||Object.defineProperty(t,n,{configurable:!1,enumerable:!0,get:r})},e.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return e.d(n,"a",n),n},e.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},e.p="",e(e.s=0)}({"+3eL":function(t,e,n){"use strict";function r(){try{return i.apply(this,arguments)}catch(t){return s.errorObject.e=t,s.errorObject}}function o(t){return i=t,r}var i,s=n("WhVc");e.tryCatch=o},"+4ur":function(t,e,n){"use strict";function r(t)

                    Chrome Cache Entry: 88

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):3384
                    Entropy (8bit):7.926999198695985
                    Encrypted:false
                    SSDEEP:
                    MD5:9C3B83FD37AB617BBE55D0FDC0222FA9
                    SHA1:880E8419E745EA307CFD7B813B4C53590A893373
                    SHA-256:7307FF8FCE6BE70DBD3C6EC226910961F863B26F4ABCE662A7F757821E7B9B1F
                    SHA-512:9BC3D91E7B9F78EB14E44951E96CD95DB581B9FB1915B45DE0B9037228357B92E113E6EA4B920D7D757E7ED6379CD6D2C1ECE3BA5198DB2104270A7BA2A36A45
                    Malicious:false
                    Reputation:unknown
                    Preview:.PNG........IHDR...P...P............sRGB.........IDATx....U...O.8. (".E.\.h...%j...qa..b.Zj.qO...\...(.,5&.KL,c.K@..b.R.Q..@4#"*;. 2..|.}......f.T....r...u..>}..gm....`J.xWx7..nJ[xX...W;..5.l.{.....'z..G.#.a.po...G..\./.......;.Z..T6..M.k,|.|.<...~..Zx.<.~.0Wsm..p..;...r.t.....O..j.i..n-.n.P.nP..1.3p.n+$[d.6.$...5l...*.6..M..A5.{p{!.Z.. bDwx:...7...{K...e...B...-1...}...e....M...!({...-J.`.E.t. .^.mE..x.....#....?!i2 ....R....D\..".u...?...C..x.#|...z^.O\=.D@|.yF..P...&...!.t.......N,....x....;.x.Dm}0.v=..Rs.<......6..y)....8..O.].J..4m.CyF.&....4....U.........:..f.4&.....2...._....xL..$..g.YOE..N..x.|..AY{ .o4%..Wf.*a.:./........|...uk\[W>.^}..f.4f..1..z...%...<..z.Fd.e..xJ{...V2....C..._...A.5.tMZ...Xx.:p..o\kn.9<..f.i. ..%ML%..f...TbT7_l2....g...\.]. ....]p..=..ji......9M.....}.P...".....e.oO.uCC.%94jNL...S..&.Q..j..IM{a...x....;Dm........R...>...D.,.`._..e....K.].......kIU.g.s..<[0....=/iI..z...;.fN.{.%.....}...>.......3.-..a..0...

                    Chrome Cache Entry: 90

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:Web Open Font Format (Version 2), TrueType, length 20920, version 1.0
                    Category:downloaded
                    Size (bytes):20920
                    Entropy (8bit):7.990943807516946
                    Encrypted:true
                    SSDEEP:
                    MD5:5D9883D92E2EAA724E4E6BEB0EF6728A
                    SHA1:3E36376942825AAAA32279175FDB34A4B7BC9435
                    SHA-256:9C0749DC1DEB3275E1846A462C0DCB83DF2B5FEC30112EACDF5530FA51E3160F
                    SHA-512:A8726FDB56E2976F179206340995186544EA9703C1294E1959E24B27630AC1317F11CADFE5EE71B6166B4A13F93843DCF76BCA25368F0632C2C3707921C8DE0F
                    Malicious:false
                    Reputation:unknown
                    URL:https://static.nc-img.com/pp/nc-ui-globalenv/museo-sans-500-webfont.5d9883d92e2eaa724e4e6beb0ef6728a.woff2
                    Preview:wOF2......Q........X..QH........................?FFTM..$..(..R.`..b.6..e.....<....6.$.. ..R.. ..N..X...?webf......6.~.....?W.y.0t.....yD.F......qT.0I.....N..R.`.>.(.y4...wN.>.8a....5.|.gc.E)L.pJ.f|-XY..u]/.~.X.....2.J....$.M.n.,.V._qj.L.C...2...&G.:..V&S&^......d....v..}V.?z..j..?5y.h..b?...v.D......Z....U.w.F...L....4I.M......G....uby<.....^K.P..?....."....=.D...c. .DJ...Aq..x.- H....gc.......N."........!.@.a.C.-....\y..uH..i....24..P..Nb]..I..3..RH6....AN'.....K8v..Bc..;N{../......^....<#`.....`..~........Ix.A~7.Q..x..g......V.^~.dw..3g.......&...U6cg...3;..........4.P...%..\.<G..\.6...vM..E....j...!..i.....e..d.4.{.q~QZ..i)H/. .a....Z..fos...-.q.R.,..Eb.`...%..'..... bAn...V..6.X...:..U..oS].G....pjYE.....y...N....B...(.(......B.Y....!tR..x*.S....c....a......+S..{..f!..3Tv...A....G.wf.....,...I....$,.. .n... .....9....3.'...g.E.~.~=..!.......z....e....p....1..B...c....=Nv..z.}{...*.@..z/[...qb.)$X.....|9&...m......].O+.>0...0..<..A...|p..L.

                    Chrome Cache Entry: 92

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:Unicode text, UTF-8 text, with very long lines (64880), with no line terminators
                    Category:downloaded
                    Size (bytes):76083
                    Entropy (8bit):5.479713416338806
                    Encrypted:false
                    SSDEEP:
                    MD5:A0A0453DC621B1F8D016F838F8C5BFAE
                    SHA1:843CEFD6F474940A2790EDC2B5F02A1374A9AD05
                    SHA-256:7593448EC6C3349C827AAAEB7FD5A8AFBD90B96BE204331C6EB85A31888E9DF8
                    SHA-512:5A9B365E9D2E873932627BF3CD2197C69377B286399778AAF8307DCFC0D939D73E785D221B93C8D47FE08D63F6DB591E54236AC0158B7ECF50633DE0876BFE84
                    Malicious:false
                    Reputation:unknown
                    URL:https://static.nc-img.com/uiraa/app.dd9b282028b09e3d12a6.js
                    Preview:(function(l,n){"object"==typeof exports&&"object"==typeof module?module.exports=n(require("vendors_70ac76496c2b0e5ed06c"),require("__nc_polyfills")):"function"==typeof define&&define.amd?define("nc_uiraa",["vendors_70ac76496c2b0e5ed06c","__nc_polyfills"],n):"object"==typeof exports?exports.nc_uiraa=n(require("vendors_70ac76496c2b0e5ed06c"),require("__nc_polyfills")):l.nc_uiraa=n(l.vendors_70ac76496c2b0e5ed06c,l.__nc_polyfills)})(this,function(l,n){return function(l){function n(t){if(e[t])return e[t].exports;var u=e[t]={i:t,l:!1,exports:{}};return l[t].call(u.exports,u,u.exports,n),u.l=!0,u.exports}var e={};return n.m=l,n.c=e,n.d=function(l,e,t){n.o(l,e)||Object.defineProperty(l,e,{configurable:!1,enumerable:!0,get:t})},n.n=function(l){var e=l&&l.__esModule?function(){return l.default}:function(){return l};return n.d(e,"a",e),e},n.o=function(l,n){return Object.prototype.hasOwnProperty.call(l,n)},n.p="/api/fragment/uiraa/",n(n.s="UVEP")}({"09au":function(l,n){l.exports="data:image/svg+xm

                    Chrome Cache Entry: 93

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (31921), with no line terminators
                    Category:downloaded
                    Size (bytes):31921
                    Entropy (8bit):5.967296971617136
                    Encrypted:false
                    SSDEEP:
                    MD5:AB29BFD164428D10F32BC34DF1CAD4ED
                    SHA1:2429F345B1AF2501E68724A011BE327B63108EDB
                    SHA-256:1C4E83808BF28A02416BFB12EE9FAB3C5C55E075376A472D64FCFDBBFAB01A51
                    SHA-512:C86E13221BCF5B35B384CD9B48DAF442B8D5F592F0C81480CE1BD6B0A8BC5166F7A2371AF522EFEA2CCDDD6A3ED84161D075D4B9CF850BA8129C58D73E79DA54
                    Malicious:false
                    Reputation:unknown
                    URL:https://static.nc-img.com/uiraa/app.ab29bfd164428d10f32bc34df1cad4ed.css
                    Preview:@keyframes gb-btn-loader{0%{transform:rotate(0deg)}to{transform:rotate(1turn)}}.uiraa .gb-raa-fragment .gb-btn{display:inline-block;height:38px;padding:0 1em;border:1px solid #b8b8b8;border-radius:5px;background:#fefefe linear-gradient(180deg,#fefefe,#ededed);color:#6d6e70;font-family:inherit;font-size:1rem;font-weight:700;line-height:36px;text-align:center;text-shadow:0 -1px 1px #ededed;white-space:nowrap;cursor:pointer;vertical-align:middle;touch-action:manipulation}.uiraa .gb-raa-fragment .gb-btn:not([disabled]):hover{background:#ededed linear-gradient(180deg,#ededed,#e0e0e0);color:inherit;text-decoration:none}.uiraa .gb-raa-fragment .gb-btn:not([disabled]):active{background:#fefefe linear-gradient(0deg,#fefefe,#ededed)}.uiraa .gb-raa-fragment .gb-btn:not([disabled]):focus{border-color:#75b9f0;outline:none;box-shadow:0 0 .5em #97cbf4}.uiraa .gb-raa-fragment .gb-btn[disabled]{cursor:not-allowed;opacity:.65}.uiraa .gb-raa-fragment .gb-btn--block{display:block;width:100%}.uiraa .gb-raa

                    Chrome Cache Entry: 94

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 1440 x 225, 8-bit/color RGBA, interlaced
                    Category:downloaded
                    Size (bytes):19182
                    Entropy (8bit):7.942843523660871
                    Encrypted:false
                    SSDEEP:
                    MD5:369B97593FA5F939CFC8FD458C458737
                    SHA1:1BA24E9DCCAD4820D7036D40849F3A3661882B6B
                    SHA-256:F9B75086BD476ABD93292B689DFF7EEF57D037834E7D0926107421492E22FA2C
                    SHA-512:0286EE92E84415638D42EBFEA2E9D9C6E6AA86BB1AF3BDFF674AFC0E02BD1FE2176EAB83958FAC3EA5654FF6839D377FA28D29DFBEC8F8AC452C8B70472D4AEC
                    Malicious:false
                    Reputation:unknown
                    URL:https://static.nc-img.com/uiraa/hero.369b97593fa5f939cfc8fd458c458737.png
                    Preview:.PNG........IHDR.............I."0....pHYs...........~... .IDATx...{p.w...O..w.%K.,..%.%N....I ...-.......g.....-...Z.c.T.pv..-6..j..3..!....I&.@pl..'...*[.d.K....{..%.n.....y..(.]ZO....<......<....(2....t.Bc...`.}PG.?.A.rpwY??..}F.._.ghf.....j...1qp7l@3.W6CV:....L..F?...)..#......J..@..M..~^.].J..5d0_.7....=C;y.>{.X..q...A..o......m.~.J.*0u......Y.D...mJ.z..3..g...se..93..4.%.J..ji.`.;).-...b@{%~..pI......./.S..f......A}..w....K...M.E..4..9..=..&>.....o...o..FH.}...v$.'c#.u..b.~.X.A=z.W...9}..u+.6.8..u..7.........Lm............k.n.[...>..O.~.n...U..#..Q$.M.....d.5.....S.u.>.......L..\.W..I.9.L.,N...:C/5.........U...}..?....G.?....3u.O....R.uV4.g....:.S..?.v.X..Q. ^.6s.^SK...|.V8.{Q-.GM.t.tD....".....Z...:..;..oT.....?.t..z.....j..z...by...y.^9.Z.:...,I._..L....+...;.T|.z/.].U.....st...Iav_.a.....W..[>.......h0..'.U..3......:t......}.3U._.f.j..d.FD.zg.j...iE.g*{.n......|a.:...-./5.q\i..8C..i7j.F..o.>...E...%I....~.VK......J3u......

                    Chrome Cache Entry: 96

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:Web Open Font Format, TrueType, length 35241, version 0.0
                    Category:downloaded
                    Size (bytes):35241
                    Entropy (8bit):7.987376352376166
                    Encrypted:false
                    SSDEEP:
                    MD5:79D75C0208E298DCE66A21F77DE03EF7
                    SHA1:14541A65F08834B16ACA7D79EB78300A65F1EDA2
                    SHA-256:6A382A283C77B7E93E7BB5B0B1902242082A4800DAC20DA3334D641093B33005
                    SHA-512:E23287A1A3F805172827B81A38785715DF3D3CE4616A44DF12C6C4E28AFE0A5E35E27565AB95B2F8BAB571030AEF814C58FF1CA58C23EC9DD5CD3425FDD8CCDB
                    Malicious:false
                    Reputation:unknown
                    URL:https://static.nc-img.com/pp/nc-ui-globalenv/museo-sans-300-webfont.79d75c0208e298dce66a21f77de03ef7.woff
                    Preview:wOFF...............(.......T...U............OS/2.......U...`....cmap...........$...|cvt ...P...........>fpgm...p.......e../.gasp...H............glyf...<..t....#.Y#head...d...2...6.=..hhea.......!...$.y..hmtx.............cf.loca.............+j.maxp...D... ... ...Ename.......T......j.post................prep...$..........+........L...A....................x.c`d``...G2..m.2.3...0.U.?...w..cq`..r9..@..`../..x.c`b<.8.....i.S...C..f..`.........00.w``...+r......~.0......y.#....d...w..@J....;..o...x.c```b```.b. ....(.......1(0.0.1.1,fX.X.8.I..8.].=r..8.D.............\...*.:..(*).).)y(%(..f...h.........%..1...V.P.QP..../Qh@.................k.....g...]..<.|h.....C............G...O..z_..}!...o(......e....x.c`d``^.....K....],..@.d.......(...x..[h\U....Nm.&........./.N.M.\&f.$mR.Xl.8.D....VE...(>.../....... }Q.j./.B@-xK...>N...p....}..._k.+.F.,.......Z..^....C=.L.V.1.r;.z..>....I.].~{V.....+.'..mj.I.{.v.>..kU.w..'..J..>O....,..SMT....QM.7J..h78,r}Q.V.@..At...)../h..L....yV.G..

                    Static File Info

                    No static file info